Fintech organisations cover a broad range of services, from payments to loans, savings to insurance and, more recently, cryptocurrency.
Their business models, products and markets are constantly evolving, with a laser focus on growth, agility and cost reduction.
There are an estimated 2,500 fintech firms in the UK (81% of which are made up of fewer than 50 people) and they have an annualised growth of 16% versus the SME average of 1.3%.
Taking financial services as an example, fintechs typically focus on a niche product or service offering, either meeting unmet customer needs or solving particular customer pain points not addressed (or not addressed well) by traditional banks or insurance providers.
Their customer centricity, product innovation and ability to leverage the latest technologies are just some of many reasons fintech organisations are successfully disrupting traditional FS markets at pace and scale.
By their very nature, fintech organisations need to be disruptive, but this doesn’t mean they aren’t susceptible to disruption themselves.
Extreme growth, business model evolution, competition from new market entrants, cybersecurity concerns – all are potential threats to fintech organisations.
Fintech founders often come from a strong technology background vs a risk or compliance background. Combined with the focus on growth and consistent concerns with disruption, this means that risk management (the process of identifying and mitigating potential threats and challenges to a business or market) can be missed.
The need to meet risk and compliance requirements can be underestimated, but is really fundamental to the ability to secure further funding, and ultimately to the long-term viability of the business.
With FINRA’s recent penalty against retail trading app Robinhood
, it shouldn’t be a surprise that regulators are increasingly paying closer attention to fintech organisations.
The question we should be asking is– how can fintech organisations continue to grow and flourish whilst meeting increasingly stringent regulatory requirements, ultimately ensuring that customers and clients are protected?
Risk as an enabler of growth
What might come as a real surprise to many fintech organisations is that risk needs not be seen as a roadblock to progress and growth, but rather as a value-add enabler that drives growth for organisations, their investors and their customers.
Brands that look after their customers’ money understand the level of responsibility involved in this undertaking.
Finding the balance between growing your business and managing risk in an agile way will be the new gold standard that investors and the market are looking for.
Indeed there are shared opportunities here for both fintechs and regulators. The FCA has, for example, committed to being more ‘innovative and adaptive’ in its 2021/22 business plan.
The overarching objective of ensuring customers are protected remains, but there’s also a desire to streamline compliance requirements so as not to stifle innovation in FS markets.
The regulator understands that increased choice and innovation can lead to delivery of better customer outcomes and encourage competition – both key strategic goals for the FCA.
Establishing risk capability within a fintech scale-up
It can often be a challenge for fintech organisations to proactively manage risk, needing instead to react to reports and regulations, and making changes after regulators have identified emerging risks in the market, or even after the risks have materialised.
Building risk into the business as a crucial component from Day 2 – helping to shape the business and allow it to grow safely and resiliently, while also allowing for much greater agility in reacting to emerging market risks – is a successful approach taken by leading fintech organisations.
This also helps reframe risk as a contributor to innovation, allowing it to work closely with the product and engineering areas, and providing meaningful insight to inform product development.
For example, a fintech organisation with sound risk management principles built into their business structure can subsequently incorporate risk into their product and data models at an early stage.
Risk management by design allows for much greater ability to leverage analytics, machine learning and AI – a significant edge on competitors.
What does this mean in practice?
It’s crucial to bear in mind that any incorporation of risk into a fintech organisation’s model needs to be underpinned by the clear awareness, accountability and engagement of the board, hence the Financial Conduct Authority’s (FCA) introduction of the Senior Manager & Certification Regime (SM&CR) which was extended to all FCA regulated firms in December 2019.
This is particularly important to the FCA, which places a great deal of focus on “tone from the top,” linking a company’s culture and conduct to the fair treatment of its customers.
From a resourcing perspective, it’s important to work with strategic, well-rounded risk professionals who are a good cultural fit, embrace disruption, constructively challenge and who bring a different perspective to innovation.
So, where to start?
Fintech organisations wondering where to make the first steps towards this business model, developing their compliance culture and leveraging risk management as a value enabler, should look to define their risk and compliance framework by taking a number of key steps:
- Engage the right people: The board (key to developing a risk and compliance culture as described above) and your risk and compliance officer.
- Identify key risks and risk exposure: Create clarity around the big picture view on risk exposure (regulatory compliance being one risk) and determine who is accountable for key risks.
- Understand existing controls: Understand and document what is already in place to mitigate the risks, such as training, processes and regular reporting.
- Prioritise activity to close or strengthen controls with clear time-bound plans: Implementation of automated controls should be considered where appropriate. Often deployed to manage financial crime risks (such as anti-money laundering or suspicious activity reports), automated control monitoring offers efficiency benefits and provides a real-time view on risk indicators, enabling appropriate mitigating actions to be taken.
- Implement risk governance and monitoring: Keep things simple, review material and any severe risks regularly to facilitate appropriate decision making and to enable action to mitigate and manage risk.
- Build in risk management by design: Consider and mitigate risk up front and avoid the need to apply costly controls to new products or services retrospectively.
Organisations that follow these steps, and maintain a keen eye on balancing their risk capability with their need to grow, will find themselves with a significant edge on competitors as they are able to take advantage of risk as an enabler of growth.