Are fintechs unregulated?

By Rohan Lakhaiyar,

Trust is the foundation upon which businesses are built. This is even truer for the financial services sector, which deals with public money and undertakes risk transformation activities. Financial institutions play a central role in facilitating the transfer of risks from those who want to reduce their exposure to those who are willing to assume it for a potential return, and in the process generate revenue for themselves. Since the sector deals with public money, it is one of the most heavily regulated. Consequently, there are elaborate regulatory directions that determine the way financial activities can be undertaken by the financial institutions. Key objectives that the regulator aims to drive are financial stability, market integrity, customer protection, and prudent risk management.

Fintechs are the new entrants in the sector and are revolutionising the way financial services are delivered and consumed. The increasing digitalisation of Indian economy has led to digitisation of information that can be accessed, processed, and disseminated at speed that was not possible until now. The intermediation process has undergone a transformation where customer and financial institutions are able to interact directly, leading to optimisation in financial transactions. Technology offers opportunity of scale through ease of access of financial services on mobile devices of customers. All these aspects are driving efficiencies with the sector and bringing down the cost of manufacturing and delivery of financial services, and fintechs are at the forefront of it. While the scale and scope are rapidly increasing, the basic structure and nature of financial services remain as is. Products available in the realm of the physical world can only be digitalised and delivered to customers. Accordingly, the rules of the game for fintechs are no different from other market participants in the sector. While fintechs do not hold regulatory licences to manufacture financial products, they partner with incumbent regulated entities to enable delivery of technology-led solutions to customers digitally on their devices.

But does not holding regulatory licence, or not being regulated by sectoral regulators, really mean that existing regulations in their line of business do not apply to fintechs?

Regulators have established innovation hubs, sandboxes, and other fora for interactions to engage with fintechs, monitor new developments, and understand new technologies and business models in depth. Further, regulators have issued a host of guidelines for regulated entities in the last couple of years that provide baseline rules of engagement to adhere to when partnering with fintech companies. The regulatory instructions issued on outsourcing, third-party risk management, and operation risk and resilience require regulated entities to carry out comprehensive due diligence of the prospective partner fintech’s governance standards, risk management practices, technology stack, and cybersecurity posture. Incumbent firms are required to put in place appropriate oversight mechanisms and perform ongoing monitoring of operations during their partnership. Further, soon to be authorised sectoral self-regulatory organisations will increasingly play an instrumental role in standard setting, surveillance, and enforcement activities for member fintechs.

Therefore, even though fintechs may not be directly regulated by their respective regulators, they would have to act like they are regulated for their long-term success in the banking, financial services and insurance sector. Fintechs can take key cost-effective measures to bolster corporate governance, risk management, and compliance:

Leadership accountability: Governance culture must be driven top-down in an organisation. Designing compensation with linkages to governance, risk management, and compliance can be a useful tool to achieve the desired objectives. Risk taken by business leaders materialise over a longer time horizon. A disincentive structure on vesting of employee stock ownership plan for corporate governance failure or material failure to adhere to company policies, attributable to the business leader’s team, can help drive desired behaviour among teams across the organisation. Ideally teams shouldn’t be incentivised for expected behaviour, hence disincentive compensation structure is the right tool to encourage increased accountability.

Communicate: Leverage town halls or other methods to communicate consistent, clear, and relatable messages on governance.

Empower control functions: Ensure risk, compliance, and audit teams operate independently with direct reporting to non-business functions or founders themselves. Allocate seniority to control function leaders so that there is balance of power equation between business and control functions, and they can effectively drive their agenda within the organisation.

Training and awareness programmes: It is critical for development and sustenance of good corporate governance. This is especially important for fintechs to develop regulatory sensitivity since they hire talent from diverse and unregulated sectors. Involvement of founders in the programme will help since it signals commitment from the highest levels.

Independent veteran board member: The board member can act as an ideal sounding board from a governance perspective and mentor the organisation in navigating the regulatory landscape; the board member can also open a channel of network for business teams to leverage.

Create risk tolerance framework: The core business of financial services is prudent risk management. Fintechs should consider creating a perimeter to operate within and critically evaluate whether the residual risk that remains is worth taking in the long term.

Systematise roles of business and control function: Ownership of corporate governance must lie with the business function, with the control function monitoring and enabling it.

Changes to business processes: Include new product approval and product governance mechanisms that have parameters beyond business numbers. Introduce whistle-blowing mechanisms; and increase focus on “how” while articulating “what”.

Co-sourcing of subject matter experts: Consider taking help from external subject matter experts on building and testing aspects of corporate governance, compliance, risk management, and audit, among others. Time-based expert engagements can be more cost-effective and swift than organically building in-house capability, especially during the early start-up journey.

Fintechs have come of age and are maturing as an ecosystem. Good governance, risk management, and compliance are key business imperatives in the financial services sector, and investments made in these areas will have the highest return on investment for fintechs in the long term.

The author is Partner at Grant Thornton Bharat.

Disclaimer: Views expressed are personal and do not reflect the official position or policy of Financial Express Online. Reproducing this content without permission is prohibited.