Comprehensive Overview of Regulations in Fintech

It is no longer news that Fintech products have become a disruptive force for global financial services. The worldwide adoption rate is now capped at 75%. However, the sudden and revolutionary changes in the Fintech industry are increasing exposure to risks and creating new challenges for regulators and policymakers

Regulatory challenges in Fintech are usually related to striking a balance between fostering innovation and protecting consumers from financial crime and loss. This has not come with ease. The debate over whether some digital assets should be categorized as commodities or securities is a prime example.

For one thing, Fintech products often blur the lines between traditional financial services and emerging technologies. With new business models and products, regulatory and compliance risks tend to expand at a rapid pace.

Nevertheless, countries around the world are continually adapting financial regulations to respond to Fintechs’ unique offerings. The regulatory gap is closing slowly but surely.

In this article, we explore some of the major regulatory developments that relate to US Fintechs. But first, let’s answer the following question:

Why Is Regulation Important For Fintech?

Trust: Complying with regulations is the best bet to gaining the trust of stakeholders. A Fintech company with weak KYC/AML compliance or enforcement, for example, will fail the due diligence and trust test of banks looking for third-party relationships. Likewise, the major reason why customers still trust traditional banks more than Fintech companies is because they think they are more heavily regulated and supervised than digital finance companies.

To establish trust, Fintechs must be on top of regulatory risks and development. Those that have compromised on regulations have to face the consequences immediately or in the future. A simple regulatory notice can lead to a decline in stock price or legal action.

Growth: Pursuing growth opportunities becomes sustainable and long-term when Fintechs adhere to established regulations. For example, Coinbase, the second-largest crypto exchange in the world, currently faces a seemingly regulatory logjam in the US that may hinder its future growth in the country. As a reaction, the digital asset company is now expanding to other countries with less strict regulations.

Non-compliance opens the door to legal and reputational risk, which can be costly and stifle growth.

Fairness: Regulation is “a balancing act.” Entity-based and activity-based Fintech regulations are there to give a level playing field for all participants in the Fintech industry, including traditional financial institutions and new entrants. A clear set of rules and standards will enable all players to be subjected to the same requirements and obligations.

Overview of Fintech Regulatory Development in the US

According to a 2021 survey conducted by the Bank for International Settlement (BIS), the regulatory and oversight requirements of digital payment services often revolve around the following: 

  • Licensing                            
  • Registration                        
  • Capital requirements
  • Security deposits at central banks 
  • Risk management
  • Safeguarding customer funds
  • Ownership restrictions
  • Mandatory partnership with banks
  • Cyber security
  • Anti-money laundering
  • Data protection
  • Interoperability.

In the US, these 13 regulatory categories have taken different shapes and forms over time, forming the basis of most Fintech regulatory requirements.  Here are some of them:

1. The SPNB Charter for Fintechs

One of the first notable steps to provide a comprehensive regulatory framework for Fintech in the US was in 2016 when the Office of the Comptroller of the Currency (OCC) revealed a “framework for evaluating new and innovative financial products and services.” It also established  the Office of Innovation(now replaced by the Office of  Financial Technology) “to support responsible financial innovation.” 

These developments culminated in the emergence of the Special Purpose National Bank (SPNB) charter for Fintechs in 2018. The charter aimed to allow Fintech companies to operate as banks, to some extent, and comply with some of the traditional banking regulations. However, some organizations believed that it was a futile attempt to turn fintech into banks and questioned the fact that it allows fintech companies to offer banking services without being subject to state-by-state regulations. The legality of OCC’s SPBNB is currently being challenged in court, and it’s forestalling progress.

Amid the litigation, however, a US Fintech startup, Varo Money, was granted a full-service national bank charter from the OCC in 2020. This is different from the SPNB charter.

2. AML and CFT

In its 2021 report, the Financial Action Task Force (FATF) highlighted three distinct risks faced by Fintechs as: “Money Laundering, Terrorist Financing, and Financial Crime and Fraud.”With Fintechs facilitating large volumes of cross-border payments, AML/CFT regulatory obligations and sanctions programs cannot exclusively be for traditional financial institutions. To minimize the risk of money laundering, an effective AML compliance program as outlined by the Bank Secrecy Act is required by Fintechs operating in the US.    

The major elements of AML/CFT compliance for Fintech include:

  • Compliance officer 
  • Ongoing training 
  • KYC and CDD standards
  • Transaction monitoring 
  • Sanctions screening 
  • Suspicious activity reporting (SAR)
  • Board management and oversight

To address some of the elements of AML/CFT regulatory requirements, Fintechs often rely on payment APIs that are in full compliance with required regulations. But while using compliant payment APIs can be a helpful component of an overall AML/CFT compliance strategy, it should be accompanied by robust internal policies and procedures.

3. Gramm-Leach-Bliley Act (GLBA) and FTC Data Protection Rules

First enacted in 1999, the GLBA is primarily enforced by the Federal Trade Commission (FTC). It requires financial institutions “to explain their information-sharing practices to their customers and to safeguard sensitive data.” A key section of the GLBA, the Safeguard Rule, was amended in 2021 and will take effect by  June 2023. The new provision redefined the meaning of “financial institutions” to include wire transferors, payday lenders, collection agencies, and more. 

While providing guidance on this new provision, FTC urged finance companies to constantly check the definition of financial institutions as they may be affected when they expand operations. This is a caveat for Fintechs.

Even if your Fintech is not among the covered companies described in the Safeguard Rule, you may still be indirectly responsible for protecting customer information that you manage in partnership with the covered companies. 

Aside from the technical controls enabled by financial technology, the revised Safeguard rule requires covered companies to establish a security program that must also include physical and administrative controls such as regular risk assessments, incident response plans, and periodic security audits. To learn more about this rule, you can read the latest guide by FTC.

4. Decentralized Finance Regulations

When the US President’s Working Group on Financial Markets released a report on regulatory requirements for stablecoins in 2020, it maintained that “stablecoin participants and arrangements must meet all applicable anti-money laundering and countering the financing of terrorism (AML/CFT) and sanctions obligations before bringing products to market.” 

Likewise, in 2022, President Biden signed an executive order on ensuring the responsible development of digital assets. The order points out a national policy direction for digital assets to include the development of  Central Bank Digital Currency (CBDC) and a host of other measures that protect consumers and investors.

Today, digital asset operators operating as  Money Services Businesses in the US must be registered with FinCEN and follow the required provisions of the Bank Secrecy Act (BSA). Meanwhile,  regulations for virtual currencies and Fintech licensing requirements differ from one state to another. In New York, for instance, businesses that trade in virtual currency require both a BitLicense and a money transmitter license.

But, the US regulatory agencies have recently been accused of “regulation by enforcement” and not providing “regulatory clarity” for digital asset operators. This has more to do with the primary regulatory concerns about identifying which digital assets fall under the category of commodities and which are under securities.

The Securities and Exchange Commission (SEC) is primarily responsible for the securities, while the Commodity Futures Trading Commission (CFTC) is in charge of commodities. What’s more, the Howey Test is used by the SEC to determine if an asset is a security or not. But it’s not as easy as it sounds. 

The current battle between SEC and Coinbase is majorly about the disagreement over classifying some of their crypto assets as securities. In March 2023, SEC issued a Well Notice stating that Coinbase is trading in unregistered securities.

The Future Of US Fintech Regulations

The current US regulatory framework is largely fragmented and deeply complicated. More than ten federal agencies are involved in Fintech regulations as we speak. Besides, there are state regulations that are often overlapping and can even conflict with federal regulations. This poses significant compliance challenges and risks for Fintech companies.

Fintech regulations around the world, especially in European countries and the UK, are much more centralized. A testament to that is laws like Markets in Crypto-Assets (MiCA) and Transfer of Funds Regulation (TFR) that are currently in development in that part of the world. These regulations aim to provide a harmonized regulatory framework for Fintech companies operating in the region, reducing regulatory fragmentation and facilitating cross-border activities.

The future of Fintech regulations in the US will include exploring a unified and clear regulatory framework like other countries where it’s proved successful. Even though the market is not the same, removing regulatory bottlenecks will be important to allow innovation to flourish.

Talk to Us

If you’re looking for reliable and effective consulting services for Fintech compliance, look no further than RADD LLC.  Our comprehensive Fintech compliance checklist and processes are what you need to navigate the fragmented Fintech requirements. Check them out now or talk to us directly for a tailored service.