Risk and Compliance Role in FinTech

The Risk and Compliance function within a FinTech company helps to ensure that the FinTech is conducting its business processes in compliant with law and regulations within the operating country, professional standards, international standards, and acceptable business practices. It also helps to perform audit regularly while executing design control systems to advise on the potential risks that might occur.

Being in the FinTech industry allows startups to enjoy the rapid growth without the burden of strict regulatory oversight like traditional banks. However, as scrutiny on this new and massive industry increases, the need for FinTech companies to get their risk and compliance function in order grows.

Many emerging FinTech startups struggle with their Risk and Compliance function, some of the common misconceptions are:

Managing Risk and Compliance is extremely costly and its only important for larger companies.
Risk and Compliance issues can be managed as it comes our way.
If the Risk and Compliance isn’t revenue-generating, we shouldn’t need to spend a lot on it.

In this article, we will break down what exactly Risk and Compliance does and what you should look out for when building your Risk and Compliance team.

What is Risk?

From a regulatory point of view, FinTechs are extremely reliant on technology and the internet, which increases security threat. Other risks that FinTechs are exposed to are money laundering, cyber security threats, data privacy loopholes and more.

FinTechs operate within a technology-reliant environment, which leads them to be more susceptible to threats that can occur online. Some examples of risks that are more prominent within the FinTech industry and should be properly managed are:

Fraud Risk
Merchant Risk
Regulatory Risk
Anti-money laundering and terrorist financing risks
Consumer Risks
Cybersecurity and Data Privacy Risks
Credit risk and operational risks

As the FinTech industry continues to evolve over time, it is critical to onboard a strong risk professional to identify the growing risks that could affect the company. The anonymity and speed of FinTechs have significantly increased the risks of terrorists and criminals exploiting FinTech with their illegal activities.

One significant example is the recent OCBC phishing scam with more than 470 people falling to victim resulting in a loss of at least $8.5 million. Singapore’s regulatory entity, Monetary Authority of Singapore is considering supervisory actions to OCBC, emphasizing the expectations towards all financial institutions to have robust measures for fraud prevention, detection and remediation, as well as provide prompt assistance to customers who have been victims of scams.

From a regulatory and compliance standpoint, the focus would be on risk management in the fintech industry. Regulators must be certain that fintech firms are prioritising risk, and are taking actual measures to assess it, mitigate it, and make sure that risk management is a significant part of their self-governing mechanisms.

What is Compliance?

Compliance is defined as the process of ensuring that your FinTech is adhering to any relevant laws, regulations, standards, or ethics. It can vary depends on the FinTech subsector or the geographical location that you are operating in.

Although Compliance can be very straightforward, FinTech is an extremely reactive industry. Due to the novelty and disruptive nature of the industry, regulators are constantly evaluating and determining new regulations to protect both businesses and consumers. This would mean that your Compliance function would have to be on constant lookout to ensure that the company is protected from any potential fines or lawsuits.

In 2021, Bank J. Safra Sarasin Ltd, Singapore Branch (BJS) was fined by MAS for its failures to comply with MAS’ Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) requirements. This resulted in a composition penalty of SGD1 million.

The results of non-compliance costs way more than compliance to ensures that FinTechs are motivated to conduct their due diligence to stay compliant. With a robust policy framework in place, FinTechs can rely on a more poignantly prescribed set of guidelines, rather than generalised ones created for traditional finance operators.

What is The Difference with Risk and Compliance?

Risk and compliance have differing characteristics and would require different management style towards both. Risk is managed with a predictive and proactive approach while compliance is managed with a prescriptive and reactive approach. Risk can sometimes be addressing grey areas while compliance issues are straightforward and definitive.

Risk adaption is quick while regulatory adaption is slow.
Risk is continuously reviewed and improved while Compliance is a guideline for security.
Risk is associated with processes while compliance is associated with requirements, expectations, and regulations.
Risk focuses on uncertainty while compliance focuses on adherence.
Risk is controlled intrinsically internal to the company while compliance is controlled by external regulatory authorities.

FinTech Roles in Risk and Compliance

What Does a Chief Risk Officer Do?

Chief Risk Officer (CRISK) is responsible for identifying and mitigating any potential (anchor link upwards) risks. It is also a role that constantly evolve due to the constant change in technologies and business practices in the FinTech industry.

A CRISK within a FinTech looks out for threats that can be grouped into three common categories regulatory, competitive, and technical threats. It works as a complementary role with the Chief Compliance Officer to ensure that the FinTech remains compliant with regulatory rules and government agencies. FinTech deal with large amount of information as this increases the exposure to a threat or liability. A CRISK helps to ensure that there isn’t a lapse of security to protect the consumers’ financial data.

Some responsibilities of a CRISK can include, but not limited to:

Develop risk maps and formulate strategic action plans with the purpose of minimizing, managing, and mitigating primary risks
Ensure risk management priorities are aligned with company’s strategic plans
Evaluated potential risks that might disrupt business operations
Develop strategies to reduce risk exposure and responses

What Does a Chief Compliance Officer Do?

More than 25% of FinTech companies do not have a designated Chief Compliance Officer (CCO) and many do not have a standalone CCO position. It is common to delegate this role to the general corporate counsel. While often overlooked, CCO is one of the critical C-Suite roles within a FinTech startup that helps to prevent the downfall of a FinTech as it is primarily responsible for the company’s compliance towards law, regulatory requirements, policies, and procedures.

Some responsibilities of a CCO can include, but not limited to:

Coming up with corporate policies and procedures required for the company to comply
Training employees to comply to processes and policies
Monitoring of compliance while measuring and evaluating compliance within the company
Investigate any incidents or violations for legal or regulatory purposes
Coordinating efforts relating to audit, reviews, and examinations

Managing Your Risk and Compliance Function

In our recent research, we found that Risk and Compliance function is often one of the smallest team within a FinTech. However, increasing number of our clients are starting to see a growing need for a strong Risk and Compliance team within their company due to the influence of increased scrutiny and regulations within this volatile industry. The costs of not having a strong Risk and Compliance function goes beyond the potential fines as it often affects the trust of your consumer in your company. It can be detrimental to your startup as trust is an important factor in the success of a FinTech.

Storm2 can help emerging FinTech companies identify the hiring gaps within its company. Our Risk and Compliance specialists know how important it is to make the right hire to protect your FinTech company in this evolving business environment. Get in touch for a confidential discussion with us to find out how we have helped similar FinTechs scale and succeed with the right talents.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
_GRECAPTCHA	5 months 27 days	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
_gaexp	4 days 8 hours 13 minutes	Google Optimize sets this cookie to determine a user's inclusion in an experiment and the expiration of experiments a user has been included in.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
SRM_B	1 year 24 days	Used by Microsoft Advertising as a unique ID for visitors.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

The Importance of Risk and Compliance in FinTech

Risk and Compliance Role in FinTech

What is Risk?

What is Compliance?

What is The Difference with Risk and Compliance?

FinTech Roles in Risk and Compliance

What Does a Chief Risk Officer Do?

What Does a Chief Compliance Officer Do?

Managing Your Risk and Compliance Function

Discover

Specialisms

Find us

The Importance of Risk and Compliance in FinTech

Risk and Compliance Role in FinTech

What is Risk?

What is Compliance?

What is The Difference with Risk and Compliance?

FinTech Roles in Risk and Compliance

What Does a Chief Risk Officer Do?

What Does a Chief Compliance Officer Do?

Managing Your Risk and Compliance Function

Related Posts

The Rise of Embedded Payments in 2024

Future of Payments: How AI is Making a Significant Impact

Why Q1 is the Best Time to Hire: Insights and Strategies for 2024

Discover

Specialisms

Find us