FinTech: Best practices for regulatory compliance

When is the optimal time to include regulatory compliance testing in a development process?

In the high-speed, innovative, savvy world of fintechs, the last thing anybody wants to do is slow down to consider regulatory compliance. I have experienced this firsthand in my compliance career — more than one fintech executive has expressed their company’s desire to adhere to the various fintech compliance requirements, but not in a way that compromises its technological intent and trajectory. Basically, companies want to comply — just so long as it doesn’t slow down innovation and production.

So the question remains: When is the perfect time to engage compliance testing resources?

Compliance in fintech: The earlier, the better?

Some say that compliance testing should be done in the earliest stages of the process. However, the problem here lies in the fact that the rules and logic that make one situation compliant can make another noncompliant.

An easy example that comes to mind is an artificial intelligence-powered underwriting algorithm, where the first iteration can be programmed to avoid fair lending issues of race, age, ethnicity or location. However, later iterations may (and often do) lose sight of one or more of those prohibited bases and can result in fair lending violations. Version 1 of the product was compliant. By version 4 the product was no longer compliant, and unfortunately, version 4 is the go-to-market product. Clearly, this would be a problem, and shows that earlier isn’t always better in fintech regulatory compliance.

Or, better late than never?

On the other hand, later in the process can be too late to be useful. Let’s use the same example, but bring compliance into the development at the end.

Compliance in this situation would be concerned with understanding approval and denial outcomes against prohibited bases. If the compliance review showed the same outcome as above (an underwriting tool that would violate fair lending standards in version 4), it would mean that we have to resolve a problem that is inherent in the algorithm. At that point in the cycle, who has the funding or time to go back and recode all of that?

So, if engaging compliance early can be risky and engaging compliance too late is also risky, what is the right answer? The only compliant answer is early and often — meaning fintech compliance should be considered both a development requirement and a product of development.

Before the completion of the development process, fintech companies need to ensure that their tactics are carried out compliantly and also guarantee that these tactics do not cause the product to violate regulatory rules.

If this advice is followed, then independent compliance reviews should be routine and uneventful.

If not, then financial institutions’ compliance teams will slow down the sales process in order to ensure regulatory compliance. What fintech companies would hope to be a seamless, quick transaction could quickly be halted by FI compliance teams if the fintech cannot convincingly demonstrate that its product is fully compliant. Incorporating regulatory compliance proactively can shorten a fintech’s sales cycle and make customer buying decisions easier and faster.

The future of fintech

Analyze your product and scrutinize the process from all angles, including regulatory compliance. Although the fast pace of the fintech world can be intoxicating, take a step back to embrace compliance as an integral part of development.

Asaad Faquir is a regulatory compliance senior manager in Wolf & Co.’s Livingston office. Faquir has extensive experience serving the needs of banks, fintechs and non-banking financial institutions in New Jersey, Pennsylvania and New York. To learn more, reach out to him at