The report: 2023 State of Compliance Benchmark Report [December 2023]
Source: Alloy
Why we picked it: Regulators are holding more fintechs’ feet to the fire, making compliance a top concern heading into 2024. While not all fintechs are regulated, those who partner with regulated charter banks must adhere to the same regulations.
Over the past year, regulators have increased their scrutiny of bank-fintech partnerships, and the pressure is expected to rise — just as many fintechs are under intense pressure to grow and get profitable. This reports details fintech’s complex — and sometimes contradictory — posture when it comes to balancing risk with growth.
Executive Summary
The stakes of compliance in banking today are high, and certainly not helped by the complexity of the global regulatory environment.
As a result, companies can no longer use the set-it-and-forget-it approach to manage compliance and instead must integrate compliance throughout the entire customer lifecycle. Most fintechs take compliance very seriously, doing more than the bare minimum to preserve their customer reputation. However, they also report many challenges in compliance, including costs, inefficiencies in the workflow and a need for more automation.
Key Takeaways
Alloy surveyed more than 200 professionals working in compliance-related roles at fintech companies about their compliance strategies and the effects of regulatory compliance on their organizations. The survey revealed several key takeaways:
- 93% of respondents said it was somewhat or very challenging to meet compliance requirements
- 86% of respondents said their organization paid more than $50,000 in compliance fines last year; more than 37% paid more than $500,000
- 84% are using or exploring artificial intelligence or machine learning to help meet compliance requirements
What we liked: It’s a fresh study focused strictly on the challenges, burdens and costs of regulatory compliance with some unique insights not found in other reports.
What we didn’t: Some findings could be clearer, several areas have data inconsistencies, and some interesting findings go unexplored. For example, more than a third of respondents (36%) believe they are paying too much for their investment in compliance, and almost half (49%) believe that regulations are too stiff.
“The next 12 months will likely bring regulation of the use of artificial intelligence and machine learning in financial services with a strong focus on protecting consumers from resulting disparate impacts. We will also continue to see heightened focus on banks’ regulatory requirements to have appropriate oversight and control over the third parties that enable them to bring their products and services to a broader client base.”
— Gizelle Barany, general counsel at Alloy
Things that made us go “Hmm”: 80% of the survey respondents report that they do more than the minimum when it comes to meeting compliance requirements, more than 90% say that they find meeting those requirements challenging, and most are investing significantly in both their compliance teams and technologies (including AI). And most agree that adherence to compliance standards is necessary to defend both customer confidence and brand reputation.
At the same time, however, almost 90% also said that their risk tolerance increased in 2023, which Alloy attributes to increasing pressure to grow fast. In combination with the widespread payment of fines, these findings suggest some fintechs regard some level of ongoing compliance violations as an acceptable price to pay for growth.
The State of Compliance
While many fintechs take compliance seriously, they still face a slew of challenges in this new regulatory landscape. And fully 60% of respondents believe they will be more regulated in the coming year.
Alloy notes that banks and fintechs find building and executing a robust compliance program confusing, time-consuming, and expensive. Even big, well-resourced companies still struggle with compliance, and the growing risks are elevating the challenges and costs. While many financial institutions find success with third-party solutions, they must eliminate siloes and ensure that fraud, product and leadership teams work together.
Third-party platforms: Half of respondents use at least one third-party platform for compliance management. Those using a third party say they are more able to follow Bank Secrecy Act (BSA) regulations and identify criminal activities than those using multiple or no third-party platforms.
Lack of automation: As most compliance teams spend most of their time writing reports, 55% say a lack of automation is the leading barrier to meeting compliance requirements. Additionally, nearly half (say existing regulations are too strict, they lack access to experience and have limited resources or budgets.
Fines: Over 60% of respondents paid at least $250,000 in compliance fines over the past year, with 37% spending $500,000 or more. Unsurprisingly, larger organizations experienced higher losses due to compliance.
Concerns for 2024: However, while most organizations may not be concerned about the cost of fines, they are concerned about the financial implications for compliance stemming from investments and staffing.
Nearly a quarter (23%) say the financial cost of compliance is the leading concern for the coming year. Other concerns are financial loss from fraud (21%), adjusting to regulatory changes (21%), and finding employees with the right skills (15%). More than 60% also expect greater regulations around fraud and cybersecurity in the coming year. The coming year will likely bring more regulation of AI/ML in the financial services industry with a strong focus on protecting consumers.
Customer confidence and reputation vs. fines: While many fintechs don’t drive compliance decisions based on fear of fines, there are concerns about the impact that fines could have on other areas of the business. Approximately a third said customer confidence has the greatest influence on compliance decisions, followed by reputational damage (20%) and CEO clawbacks (18%).
Opportunities: Despite the challenges, there are opportunities to improve efficiencies, primarily through automation.
Dedicated compliance teams are spending much of their time writing and filing suspicious activity reports (SARs), suspicions transaction reports (STRs), and currency transaction reports (CTRs). SARs still constitute a lot of work for many financial institutions, with money laundering (28%), tax evasion (24%) and identity theft (15%) remaining the leading indicators for suspicious activity.
Small and medium institutions typically file up to 10,000 SARs annually with staff of up to 24, while large organizations typically file up to 50,000 SARs annually with staff of more than 25. No matter the size of the organization, it typically takes one to two weeks to review and create each SAR.
Craig Guillot is a longtime contributor to The Financial Brand who specializes in technology. He often writes about IoT, cybersecurity and SaaS. His work has appeared in The Wall Street Journal, Entrepreneur and elsewhere.