Risk and Compliance Role in FinTech
The Risk and Compliance function within a FinTech company helps to ensure that the FinTech is conducting its business processes in compliant with law and regulations within the operating country, professional standards, international standards, and acceptable business practices. It also helps to perform audit regularly while executing design control systems to advise on the potential risks that might occur.
Being in the FinTech industry allows startups to enjoy the rapid growth without the burden of strict regulatory oversight like traditional banks. However, as scrutiny on this new and massive industry increases, the need for FinTech companies to get their risk and compliance function in order grows.
Many emerging FinTech startups struggle with their Risk and Compliance function, some of the common misconceptions are:
- Managing Risk and Compliance is extremely costly and its only important for larger companies.
- Risk and Compliance issues can be managed as it comes our way.
- If the Risk and Compliance isn’t revenue-generating, we shouldn’t need to spend a lot on it.
In this article, we will break down what exactly Risk and Compliance does and what you should look out for when building your Risk and Compliance team.
What is Risk?
From a regulatory point of view, FinTechs are extremely reliant on technology and the internet, which increases security threat. Other risks that FinTechs are exposed to are money laundering, cyber security threats, data privacy loopholes and more.
FinTechs operate within a technology-reliant environment, which leads them to be more susceptible to threats that can occur online. Some examples of risks that are more prominent within the FinTech industry and should be properly managed are:
- Fraud Risk
- Merchant Risk
- Regulatory Risk
- Anti-money laundering and terrorist financing risks
- Consumer Risks
- Cybersecurity and Data Privacy Risks
- Credit risk and operational risks
As the FinTech industry continues to evolve over time, it is critical to onboard a strong risk professional to identify the growing risks that could affect the company. The anonymity and speed of FinTechs have significantly increased the risks of terrorists and criminals exploiting FinTech with their illegal activities.
One significant example is the recent OCBC phishing scam with more than 470 people falling to victim resulting in a loss of at least $8.5 million. Singapore’s regulatory entity, Monetary Authority of Singapore is considering supervisory actions to OCBC, emphasizing the expectations towards all financial institutions to have robust measures for fraud prevention, detection and remediation, as well as provide prompt assistance to customers who have been victims of scams.
From a regulatory and compliance standpoint, the focus would be on risk management in the fintech industry. Regulators must be certain that fintech firms are prioritising risk, and are taking actual measures to assess it, mitigate it, and make sure that risk management is a significant part of their self-governing mechanisms.
What is Compliance?
Compliance is defined as the process of ensuring that your FinTech is adhering to any relevant laws, regulations, standards, or ethics. It can vary depends on the FinTech subsector or the geographical location that you are operating in.
Although Compliance can be very straightforward, FinTech is an extremely reactive industry. Due to the novelty and disruptive nature of the industry, regulators are constantly evaluating and determining new regulations to protect both businesses and consumers. This would mean that your Compliance function would have to be on constant lookout to ensure that the company is protected from any potential fines or lawsuits.
In 2021, Bank J. Safra Sarasin Ltd, Singapore Branch (BJS) was fined by MAS for its failures to comply with MAS’ Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) requirements. This resulted in a composition penalty of SGD1 million.
The results of non-compliance costs way more than compliance to ensures that FinTechs are motivated to conduct their due diligence to stay compliant. With a robust policy framework in place, FinTechs can rely on a more poignantly prescribed set of guidelines, rather than generalised ones created for traditional finance operators.
What is The Difference with Risk and Compliance?
Risk and compliance have differing characteristics and would require different management style towards both. Risk is managed with a predictive and proactive approach while compliance is managed with a prescriptive and reactive approach. Risk can sometimes be addressing grey areas while compliance issues are straightforward and definitive.
- Risk adaption is quick while regulatory adaption is slow.
- Risk is continuously reviewed and improved while Compliance is a guideline for security.
- Risk is associated with processes while compliance is associated with requirements, expectations, and regulations.
- Risk focuses on uncertainty while compliance focuses on adherence.
- Risk is controlled intrinsically internal to the company while compliance is controlled by external regulatory authorities.
FinTech Roles in Risk and Compliance
What Does a Chief Risk Officer Do?
Chief Risk Officer (CRISK) is responsible for identifying and mitigating any potential (anchor link upwards) risks. It is also a role that constantly evolve due to the constant change in technologies and business practices in the FinTech industry.
A CRISK within a FinTech looks out for threats that can be grouped into three common categories regulatory, competitive, and technical threats. It works as a complementary role with the Chief Compliance Officer to ensure that the FinTech remains compliant with regulatory rules and government agencies. FinTech deal with large amount of information as this increases the exposure to a threat or liability. A CRISK helps to ensure that there isn’t a lapse of security to protect the consumers’ financial data.
Some responsibilities of a CRISK can include, but not limited to:
- Develop risk maps and formulate strategic action plans with the purpose of minimizing, managing, and mitigating primary risks
- Ensure risk management priorities are aligned with company’s strategic plans
- Evaluated potential risks that might disrupt business operations
- Develop strategies to reduce risk exposure and responses
What Does a Chief Compliance Officer Do?
More than 25% of FinTech companies do not have a designated Chief Compliance Officer (CCO) and many do not have a standalone CCO position. It is common to delegate this role to the general corporate counsel. While often overlooked, CCO is one of the critical C-Suite roles within a FinTech startup that helps to prevent the downfall of a FinTech as it is primarily responsible for the company’s compliance towards law, regulatory requirements, policies, and procedures.
Some responsibilities of a CCO can include, but not limited to:
- Coming up with corporate policies and procedures required for the company to comply
- Training employees to comply to processes and policies
- Monitoring of compliance while measuring and evaluating compliance within the company
- Investigate any incidents or violations for legal or regulatory purposes
- Coordinating efforts relating to audit, reviews, and examinations
Managing Your Risk and Compliance Function
In our recent research, we found that Risk and Compliance function is often one of the smallest team within a FinTech. However, increasing number of our clients are starting to see a growing need for a strong Risk and Compliance team within their company due to the influence of increased scrutiny and regulations within this volatile industry. The costs of not having a strong Risk and Compliance function goes beyond the potential fines as it often affects the trust of your consumer in your company. It can be detrimental to your startup as trust is an important factor in the success of a FinTech.
Storm2 can help emerging FinTech companies identify the hiring gaps within its company. Our Risk and Compliance specialists know how important it is to make the right hire to protect your FinTech company in this evolving business environment. Get in touch for a confidential discussion with us to find out how we have helped similar FinTechs scale and succeed with the right talents.