Legal & Compliance Fintech
I guess you have asked yourself at some point why banks have operated for so long without any other competitor than themselves, and why could fintech burst in the financial services arena since 2012 and not before. And what has been the reason?
The answer is data, and its treatment for financial purposes. In fact, being able to onboard personal data from customers and process it for a commercial or analytical ending, is the answer.
By onboarding customer data, a business can start offering services or products adapted to their needs, and create a very Business analytics profile to follow customer needs.
And if a business is processing customer data and its funds, then its when Compliance in Fintech comes to protect users and consumers with the aim to stay safe, and protect from any fraud or unfair practice.
Compliance in Fintech entails managing, refining and documenting regulatory compliance processes, eg, deal with product owners regarding the launch of products to ensure regulatory requirements are met, as appropriate, while managing regulatory risk and providing reports which meet the needs of the regulator, and at the same time meet group management guidelines and to educate and drive the appropriate execution of fintech business.
As said, Compliance in fintech must be applied in several business areas, and we refer to several rules covering topics detailed in bullet points below.
Common regulation for all Fintech companies are,
• Rules related to Anti Money Laundering and implementing proper KYC or KYB procedures,
• Data Protection coverage and structure to the whole business,
• Compiling with consumer´s regulation (depending on Eu Directives or national consumer protection), its direct application will depend on the business activity, if B2B or B2C and the focus of the business reputation to avoid potential customer claims,
• Commercial Regulation (contracts rules),
• Financial Regulations coming from National Banks that depending if we are located in EU or US or APAC may difere at some or many points,
• Main binding information will need to be communicated to the customer or users by email or on the home webpage, and will need to be accepted by consent by accepting the binding Terms and Conditions, which will be quite significant on how businesses approach customers.
Moreover and on top of the purely compliance and regulation for the fintech activity, aside topics will also need to be covered and reviewed such as the Board of directors regulatory structure and the implications of the clauses in the agreements, its rights and obligations, the impact of financial and Capital Rounds which will entail a specific Support to the business where necessary.
With that said, when it comes to regulated entities that want to operate under certain regulations to perform transferring funds, payments, getting funds from the public, advertising deposits or high returns, as many Fintech companies do, must take a deep dive into fintech regulation, mainly at PSD2 regulation in Europe, and local regulation which will be ruled by the Bank of each country.
Since 2015 the main goal for banks and fintech was to find a way and a path to work together and share best practices and data, so they could make better decisions. In 2015 they(UK Banks and Fintech´s) created the Open Banking working group, where the aim was to be able to share customer data between fintech and banks and benefit all of the parties, and that was the beginning of PSD2 pillars.
The European Banking Authority (EBA)made a huge step as some gray areas which were reserved only for banks were from then on allowed for private fintechs and that involved a new era for compliance in fintech.
The 2 main goals of these new regulated areas in payments market were focused in
• Consumer protection and its security.
• Boost competition, innovation and improve the development of new payment ways.
These 2 main topics had been raised as the heart of fintech compliance and business, by increasing consumer protection, fintech regulation included stronger compliance requirements for online transactions, introducing initiatives such as stronger authentication which meant empowering customer safeness and decisions.
In that sense, the 2018 PSD2 regulation opened a wide range of opportunities for fintechs.
What type of operations can be performed under the PSD2 umbrella?
Under the PSD2 European regulation, several legal figures have been created,
PSD2 has enabled several fintech figures that can operate in the market taking banking market share,
As an Example we have Mobile Money Remittances for business that can be enabled through Payment Entity.
Payment Entity license enables a fintech to Secure funds, Operate to transfer funds in marketplaces, Operate as an exchange cryptocurrency and Process transactions as payment gateway, moreover if you are a B2B focused business also enable you to transfer remittances through business. the capital requirement is 125.000€
And what if we want to create a Neo-Bank or a Challenger Bank?
Then we need to apply as a EMI Electronic money institution, and that will entail further requirements, Minimum social capital, 350.000€ and that license enables to perform as payment service, issue credit cards, Iban numbers, crow accounts, Mobile wallets,
Also EMI type of license allows to perform as AISP meaning bank reader, so aisp license can connect through API to several bank accounts from a customer, with the previous consent, these allow the service to provide a wide knowledge on the credit risk side, or even on investment, as through data credit risk score are done.
EMI´s can also be regulated as PISP which means enabling payments without needing a credit card on the customer payment flow. PSD2 allows users to operate around Eu by passporting the license.
On the competition and innovation front, the use of application programming interfaces (APIs) opens up the floodgates of access to information by third-party providers.
From a regulatory perspective this includes customer consent, Third-Party Payment Services Providers (TPPs) can access information and build new payment solutions.
How are these improvements implemented to make it factible by using APIs.
Application programming interfaces (APIs) allow users to exchange data in a secure and controlled environment, which is one of the core pillars of a safe interoperable business.
Apart from the functionality of transferring data and enabling the sharing of payment account information between third-party providers, it can also be a new way to create new revenue paths.
Reloadly´s main activity is developing Apis for Airtime, Gift Cards and also API development for Mobile Payments including B2B money remittances.
The EU requires regulatory license as a B2B Payment Entity for Business Remittance.
With Mobile money in mind, Will mobile users be able to receive their funds in Crypto currencies? And what happens when it comes to the Crypto Arena?
When it comes to Crypto Exchange, these platforms had free regulatory scope since November 2021,since then a license must be issued according to the UE regulatory framework.
Although each jurisdiction follows its own approach taking into account its existing regulatory frameworks and risk appetites for customer protection and financial crime etc., these are consistent with the principles set out by international standard-setting bodies. on the regulatory approaches toward cryptoassets and the potential gaps, for example, with respect to investor protection, market integrity and AML, and data protection.