Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Navigating Fintech Compliance with Alloy’s Tommy Nicholas

Navigating Fintech Compliance with Alloy’s Tommy Nicholas

Expand for full transcript

While fintech continues to bring new, innovative products to market, that progress comes with compliance responsibilities.

Fintechs that partner with banks to offer banking, payments, or lending products sometimes find out about their compliance responsibilities the hard way – via regulatory actions and fines.  Alloy’s Annual State of Compliance Benchmark Report 2023 noted that 60% of fintechs paid at least $250,000 in compliance fines over the past year. 

Tommy Nicholas, CEO of Alloy, says that number isn't alarming given the amount of money in the ecosystem.

However, it points to the increased scrutiny regulators are placing on fintech. Tommy joined Reggie Young, product counsel at Lithic, on the Fintech Layer Cake podcast to discuss Alloy's report and how he believes fintechs can more effectively navigate compliance.

Bullet-proof compliance is an investment in building customer confidence

Compliance is critical for any fintech that wants to build trust with customers. 

Tommy recommends that a guiding principle for fintech builders should be the impact on customer confidence. "What would be the best thing that could happen for [your customers] nine times out of 10? That's a good orientation for a lot of this stuff, especially things like consent and transparency-type violations," he says.

Many financial laws are written to protect customers – that is, they force companies to think about customer impact. So being customer-centric is most often aligned with a fintech company’s compliance obligations. 

However, sometimes fintech companies may operate in regulatory gray spaces, where compliance obligations are less clear. In those areas, doing what’s right for the customer will often lead you to the same decision that compliance-centric thinking does. 

The benefits of customer centricity don’t stop there. Building customer trust doesn’t only foster growth, but helps maintain a good reputation with regulators. 

Indeed, regulators are most likely to apply restrictions on a fintech when customers are harmed. Tommy says, "The reason we have consumer protection laws in consumer financial services is because consumers have been screwed over by financial services companies en masse for decades. If that doesn't happen, there'll be more leniency to operate."

Automation opportunities abound in fintech compliance

Fintech compliance has plenty of automation potential, and service providers can fill this gap. Fifty-five percent of respondents to Alloy's report noted that a lack of automation was limiting their ability to comply with Bank Secrecy Act (BSA) requirements, with 53% using a third-party platform to solve the issue. 

He explains that, historically, the lack of guidance from regulators on automation best practices kept companies from leaning into automation in the past. However, this view is changing. 

"Now, I think the view of regulators is that if you aren't automating things that can be automated, it's scarier because how are you relying on people?" notes Tommy. 

Tommy sees huge benefits in automating many areas of fintech compliance, including:

  • Monitoring of compliance program effectiveness
  • Application decision-making
  • Suspicious Activity Report (SAR) filings
  • Notices and consent tracking

Always-on compliance effectiveness monitoring is ripe for automation. Fintech companies generally need to check to make sure their functions are effective. For example, is your transaction monitoring system still flagging all the transactions it should?

Fintechs and financial institutions currently take a "sampling" approach, but Tommy envisions a better process. 

"What I want to imagine is a regulator coming into my institution, and they go, ‘We're about to do an audit,’ and it's going to take all this time," Tommy says. "Instead, I go, ‘No, sit down with me, and I'll show you my computer for 30 minutes,’ and then we're going to be done with the audit."

Another function, automating application decision-making, also has similar transparency benefits, he says. A fully-automated decision workflow – one that meets all required customer identification needs – can simplify onboarding and give regulators a ready-made audit trail to review.

Use modern fraud prevention technology

Money moves faster than ever, and this speed makes transaction monitoring especially challenging. This is not only a problem for effectively fighting card payment fraud but also for satisfying AML regulations.

To better catch fraud, Tommy believes studying the characteristics of a suspicious transaction is too simplistic. Instead, fintechs must shift toward analyzing the people committing fraud and adopt technology that accommodates this shift.

"People commit fraud, not transactions," he says. "Especially when you're operating in a digital environment, you can't assume that the person who got this product is who they say they are.”

As a baseline, he says, fintechs must adopt a zero-trust policy by assuming every user could potentially commit fraud.

Add the need to deliver great consumer experiences to this mix, and monitoring payment fraud is an especially challenging task. Fintechs and banks cannot hold transactions to verify them for fraud, as that drives customers away. However, if they fail to spot fraud or flag suspicious activity incorrectly, customers leave anyway. 

Worse, fintechs place themselves in regulatory crosshairs and invite penalties if they cannot flag suspicious activity in a timely manner. 

Tommy believes evaluating the underlying technology is critical to solving this problem. "It's the underlying technology providers that power the entire product that are the limiting factor nine times out of 10," he says.

"It's not just that the fraud and risk systems have to be updated," he continues. "It's that the system that powers the whole thing has to be capable of managing fraud and risk in a modern way."

Moreover, by using outdated fraud prevention technology, banks and fintechs are unnecessarily limiting the users they can support. When a fraud control system is outdated, it will throw false positives that can result in denying or closing users accounts. 

Tommy explains, "One thing I would tell people to think a lot about when picking infrastructure providers is ‘am I going to be able to manage risk with this system?’"

The path to better compliance

Fintech founders and operators sometimes underestimate the importance of compliance. But aligning around customer trust, automating compliance tasks and workflows, and choosing the right technology can go a long way toward solving the puzzle.

Persistence and choosing the right people are critical to a fintech realizing its vision, according to Tommy. The right environment will streamline and simplify compliance, which in turn aids growth. Listen to the full conversation to hear more about Tommy’s thoughts on the state of fintech compliance.

Subscribe to Lithic’s Fintech Layer Cake podcast for more insights from fintech leaders like Thejo Kote, Jeff Forkan, and Zach Perret.