Silicon Valley’s ethos has traditionally aligned with the motto “move fast and break things.” Companies would churn out innovative products and services with impressive speed, with compliance and regulation often a secondary concern.
Transportation, music and television, travel and hospitality — think companies like HomeAway and Airbnb — all these markets (and many more) were turned on their heads by tech innovation and bold visions.
The state of play in financial technology is different. It’s a heavily-regulated industry that’s historically — and justifiably — slower and more cautious to adopt emerging technologies. Startup software companies are partnering with legacy institutions like banks, credit card companies, investment funds and other financial services providers for whom “move fast and break things” is not an option. Companies either abide by rules or get shut down.
The past decade saw arguably the most impactful evolutions in the history of financial regulation. From post-financial crisis reforms to more stringent data privacy mandates, we are in a totally different world — and one that’s more aligned with our increasingly digital nature. These changes set the stage for closer integration between emerging technologies and traditional finance.
What does this look like in practice?
More and more, large financial institutions are embracing tech-forward solutions that improve both customer experience and their bottom lines. Visa’s recent acquisition of Plaid is perhaps the strongest signal of this phenomenon to date. If somebody told you 10 years ago that Visa would spend several billion dollars on a developer-focused tool meant to make their platform more accessible to other financial tools, you’d tell them they were crazy — and in a regulatory gray zone that would make execution nearly impossible. Today, though, Visa is being justifiably lauded for such a move.
Making data more accessible and transparent is a prerequisite for success in today’s economy. Further, regulators have taken a historically dim view of banks and credit card companies that pursue a more monopolistic model (in an ironic twist, this is the same scenario currently playing out with some of the world’s largest tech companies).
What does this all mean for the fintech industry? In short, fintech is becoming so ubiquitous that it will soon cease to be seen as a standalone discipline. Instead, it will be seen as a “fourth platform,” alongside the internet, mobile and cloud. Like each of them, it will be an intrinsic part of almost every digital experience. And smart regulation has paved the way for that.
Three out of four global consumers already use a payments-enabled fintech service, meaning the new model of transparency and portability is not just the right thing to do — it’s the profitable thing to do.
Regulators are establishing guidelines that will make fintech possible worldwide, replacing aging legislation written for the past. Looking ahead, there are several mandates that stand out for their outsized role in shaping the way companies will continue to build and adopt fintech solutions.
New World, New Rules
Several rules are especially important for companies integrating fintech solutions into their broader offerings. Respecting these guidelines is critical to mitigate risk and commit to protecting the data privacy of customers, an increasingly existential issue of our time.
Software companies facilitating embedded payments need to address the Payment Card Industry’s Data Security Standards (PCI DSS), which has seen a worrying dropoff in compliance recently, potentially opening up millions of credit card holders to cyberattacks from bad actors. Following high-profile security breaches in recent years, like the hack of Target, the industry is also weighing how to substantially strengthen these security measures (Target was PCI DSS compliant at the time).
The California Consumer Privacy Act (CCPA) went into effect in January, and applies to most large fintech and digital payments companies. Gaining access to the business of the 5th largest economy in the world means playing by their rules.
Two years on, Europe’s General Data Protection Regulation (GDPR) has not prohibited digital business and fintech in the region, exhibited by robust venture capital investment. But it will continue to challenge companies to be more responsible with their data security and privacy policies.
Becoming a payments company means establishing relationships in all the regions where your potential customers reside — connecting with a wide variety of banks and network providers, all with an equally wide variety of rules that govern their business.
The greatest benefit of globalized digital payments — unlimited portability of dollars and data — also presents technological and regulatory challenges. Companies that disregard these challenges risk huge penalties.
The operational requirements of compliance, risk management and merchant support have the industry working toward technology that will help businesses manage all those concerns from a single platform of record.
Make Compliance Innate
Regulation is again forcing the industry to get creative in how it complies, conducting business responsibly while reducing compliance costs as much as possible, which amounts annually to hundreds of billions for the global financial industry.
The rise of globalized financial technology is in part prompting these costs, but technology is also the solution. If software-as-a-service defined many changes in digital payments, so too can compliance-as-a-service. Payments companies looking to balance compliance and protecting their profit margin should consider the following.
First, companies that handle digital payments should look for tools that automate compliance, making the otherwise enormous task of manual compliance checks manageable.
Second, onboarding dedicated compliance personnel can ensure that whatever payments tool you use is properly calibrated to automatically address the particular regulatory concerns of your business.
Finally, as I laid out in my last piece in February, embedding payments in your technology stack will help with reducing risk and increase security substantially, provided it’s done in the right way. Compliance-as-a-service will rise as a key feature of embedded payment infrastructure.
It’s because of these regulations, not in spite of them, that companies are creating new tools and efficiencies. A cooperative stance toward the creative limitations of regulations will future-proof merchants, financial institutions and the technology that serves them.