Challenges Fintechs Encounter With Regulators

The Ugly Truth About Building a Fintech Thats Regulated😱 For fintech startups dealing with payments, remittances, or digital wallets, Money Transmitter Licenses (MTLs) are a critical regulatory hurdle. Unlike federal banking charters, MTLs are state-specific, making the process complex, expensive, and time-consuming. Here’s how it works: 🔹 1. State-by-State Licensing The U.S. doesn’t have a single national MTL. Instead, fintechs must apply in each state where they operate, typically starting with larger states like New York, California, and Texas. Each state has its own requirements, timelines, and fees. 🔹 2. Compliance and Financial Requirements States assess applicants on financial stability, compliance policies, and executive backgrounds. Common requirements include: ✅ Minimum net worth (varies by state, often $100K–$1M) ✅ Surety bonds ($100K–$500K per state) ✅ AML/KYC compliance program ✅ Background checks on key executives 🔹 3. Navigating the Regulatory Maze Some states, like Montana, don’t require an MTL. Others, like New York (BitLicense), have extensive oversight. Many fintechs partner with licensed banking-as-a-service (BaaS) providers or work with legal/regulatory firms to streamline the process. 🔹 4. Time & Cost Considerations 💰 Licensing costs can exceed $2M+ for nationwide coverage. ⏳ Approval can take months to years, depending on the state. 📜 Many fintechs start with a few key states before expanding. 🔹 5. Alternatives to MTLs Some fintechs partner with licensed banks or money transmitters (like Evolve Bank or Synapse) to operate under their license rather than obtaining their own. 🚀 The Bottom Line: Getting licensed as a money transmitter is a long and expensive process, but it’s essential for fintechs looking to move money legally. Whether going direct or partnering, understanding compliance is key to scaling in the U.S. #Fintech #MoneyTransmitterLicense #Regulation #Compliance #Payments

You’re hired as a GRC Analyst at a fast-growing fintech company that just integrated AI-powered fraud detection. The AI flags transactions as “suspicious,” but customers start complaining that their accounts are being unfairly locked. Regulators begin investigating for potential bias and unfair decision-making. How you would tackle this? 1. Assess AI Bias Risks • Start by reviewing how the AI model makes decisions. Does it disproportionately flag certain demographics or behaviors? • Check historical false positive rates—how often has the AI mistakenly flagged legitimate transactions? • Work with data science teams to audit the training data. Was it diverse and representative, or could it have inherited biases? 2. Ensure Compliance with Regulations • Look at GDPR, CPRA, and the EU AI Act—these all have requirements for fairness, transparency, and explainability in AI models. • Review internal policies to see if the company already has AI ethics guidelines in place. If not, this may be a gap that needs urgent attention. • Prepare for potential regulatory inquiries by documenting how decisions are made and if customers were given clear explanations when their transactions were flagged. 3. Improve AI Transparency & Governance • Require “explainability” features—customers should be able to understand why their transaction was flagged. • Implement human-in-the-loop review for high-risk decisions to prevent automatic account freezes. • Set up regular fairness audits on the AI system to monitor its impact and make necessary adjustments. AI can improve security, but without proper governance, it can create more problems than it solves. If you’re working towards #GRC, understanding AI-related risks will make you stand out.

State compliance is the hidden challenge every fintech founder needs to know about. Not even bank sponsorship gets you out of it. Here's what no one tells you about state-level compliance in lending: There are only 2 ways to legally originate loans: • State lending licenses  • Partner banks But here's the kicker - even with a bank partner, you STILL need state registrations. Depending on the states you are lending in and servicing, states require you to get licenses. Most founders miss this completely. We did too. At my company, we had to register in 25 states and went through 10+ comprehensive audits. Here's what's really happening behind the scenes: Every state requires 3 things: • Registration & licensing • Regular reporting (monthly to annually) • Comprehensive audits The registration process is brutal: • Need specific license types • Surety bonds required • Minimum balance requirements • Full financials for every 10%+ owner • Mountains of paperwork But getting the license is just the beginning. The real work? Maintaining it: • Monthly/quarterly/annual reports • Different formats for each state • Custom calculation methods • Team-wide coordination needed • Personal attestation required Then come the audits: • Some states audit yearly • They check EVERYTHING • Marketing materials • Customer communications • Payment reconciliation • Regulation compliance Think you can handle this with a small team? Think again: • Need compliance experts • Legal support required • Engineering involvement • Product team coordination • Back office operations • External consultants Bank sponsorship helps, but doesn't eliminate the work. The reality? • Regulations change constantly • Each change impacts multiple teams • Implementation deadlines are strict • Documentation must be accurate My advice to fintech founders: Build compliance muscle early. Work with experienced partners. Budget for the hidden costs. This isn't just about checking boxes. It's about building a sustainable fintech business that can scale. Read the full post. Link in comments.

🚨 Fintechs: Do you know what’s going on with your partner bank? Regulatory pressure on fintech partner banks continues to mount.  In addition to the public enforcement actions, several partner banks are now under non-public (informal) orders.  Still more have been told enforcement actions are coming. For fintechs, these orders can have existential consequences.  🔻 Reacting to regulatory pressure, several fintech partner banks have offboarded partners.  🔻 Others have stopped taking new fintech partners or allowing their partners to launch new products.  Monitoring regulatory pressure on your partner bank is hard.  Don’t expect your bank to keep you posted: sharing confidential supervisory information - including, for example, the threat or reality of an informal regulatory enforcement action - is a federal crime.  Even so, there are things you can do: 1️⃣ Understand your bank’s business model:  How much does it depend on revenue from banking-as-a-service?  Many banks with limited banking-as-a-service revenue may need to reconsider their commitment to the business in light of rising risk and compliance costs. 2️⃣ Understand your bank’s financial condition.  Is it making healthy profits?  Is it amply capitalized?  Does its balance sheet indicate significant concentrations in risky assets, such as commercial real estate? 3️⃣ What’s your impression of your bank’s risk management team and tech?  If they’re not impressing you, they’re probably not impressing their regulators, either. 4️⃣ Know who else your bank partners with:  Your own activities may be pretty benign, but if your bank’s other fintech partners include high rate consumer lenders or crypto businesses, your bank may be at particular risk of regulatory scrutiny. 5️⃣ Have a contingency plan.  Or a retirement plan.  Your choice. What else? Leave your questions and suggestions in the comments.  Feel free to DM me if you want to inquire confidentially.  My team can assess your situation and provide advice. #regulation #banks #fintech

FinTech is at a fork in the road. I recently attended an off-the-record conversation with a former federal financial regulator who provided an analysis of the current state of fintech. My key takeaways: “We're either going to have a viable fintech sector or we're not.” Currently, 120-150 out of approximately 4,700 banks have some sort of fintech partnership but for most it’s not material to their business. There are really about 20ish banks that have multiple fintech partners, with 12 being heavily focused on BaaS. However, 6 or 7 of these 12 banks are under consent orders, indicating heightened regulatory scrutiny that’s impacting the entire model of bank-fintech collabs. The increased regulatory scrutiny is making banks reluctant to form new fintech partnerships. This hesitation creates a chilling effect on the fintech ecosystem, as access to banking partners is essential. The regulator emphasized that enforcement actions can take 2-3 years to resolve. During this time, banks under consent orders are often restricted from issuing new products or onboarding new fintechs without prior approval. This delay can be detrimental to fintechs who cannot afford to wait years while technology evolves rapidly. “Fintechs forced to seek government approvals to launch or tweak products find themselves waiting around like Marisa Tomei in My Cousin Vinny: My biological clock is ticking!” The regulatory reluctance to allow fintech partnerships with banks stems from both practical and political considerations. Agency leaders often prefer to avoid risks to steer clear of political backlash: “If you’re leading one of these agencies the best thing you can do for your own sanity is to say ‘No’ to everything and not allow any risk into the system. Because if you allow risks into the system and something happens, political opponents will savage you. If nothing happens, no one will say: Hey, you did a great job for America! But if something goes wrong people will say: It’s because of people like YOU that America is going to hell in a hand-basket! The regulator’s advice? Build rigorous compliance into your sponsor bank and fintech from the start. “Move fast and break things works if you’re disputing taxis and hotels, but you can't move fast and break things in financial services – they lock you up for that!" If you're a fintech, maintaining redundant banking relationships is crucial: "if your bank gets a consent order, and you don’t have access to other banking partners, you’re going to be knee-capped. Plus finding a new bank will be tricky: You go to a new sponsor bank and say, "It wasn't my fault!" There’s a good chance the new bank’s reaction will be: How do we know you weren’t the problem?” The fintech sector's success hinges on the delicate dance between innovation and regulation. Like Vinny Gambini's closing argument, fintech must present a compelling case that leaves no reasonable doubt about its ability to innovate responsibly.

Partner banking ≠ fintech banking.  If regulators treat them the same, it will stifle innovation by requiring duplicative compliance controls and making it even harder for fintech non-bank financial institutions to get payments system access. Regulators are rightly increasing their oversight of partner banking, where a bank partners with a program manager to onboard new customers to the bank.  But I’m seeing worrying signs that some examiners are expecting the same standards for banking of fintechs, like MSBs and broker-dealers, that have their own regulatory permission. This makes no sense. In partner banking, the bank has responsibility for all AML and consumer compliance obligations.  Regulators are right to expect the bank to have the same quality of control and oversight that it does for its direct-to-customer products.  Where a fintech has its own regulatory permission and owns the end-customer relationship, the bank’s obligation is to do risk-based due diligence on the fintech itself.  There is no regulatory obligation to know your customer’s customer.  This is the regulatory standard that has been applied for years to large payments banks like Wells Fargo.  I’ve seen several occasions this year where examiners have criticized, in one case severely, partner banks that also do fintech banking for not knowing their customers’ customers.  To be clear, I am talking about KYC items such as lack of negative news screening, not obligations such as Travel Rule compliance that do apply to the bank in these relationships. This is both unfair and dangerous public policy.  1️⃣ Unfair because tiny banks are being subjected to arbitrary standards that are neither grounded in regulation nor the supervisory practices being applied to large payments banks. 2️⃣ Bad public policy because the fintech already has these obligations and is subject to direct regulatory oversight, so the regulatory system has already accounted for the risk. It’s really good news that all the banking agencies have increased internal coordination of partner banking supervision.  As part of this, they should tell examiners to stop applying partner bank standards to activities involving payments processing for non-bank financial institutions.  Please DM me if you are a bank or licensed fintech that has had this experience and would like to compare notes and possible strategies. #baas #banks #fintech #regulation #aml

Over-Legislation is Suffocating Banking Tech in Kenya Kenyan banks have enough regulations to make a startup founder break into a cold sweat. Every time a bank tries to innovate, boom—another compliance requirement. Want to launch a new digital product? Better prepare for a five-year approval process, 17 forms, and a surprise audit. Too Many Rules, Not Enough Innovation -Layers of bureaucracy – Before a new banking tech sees the light of day, it’s been reviewed, revised, and rubber-stamped to death. - Regulatory overkill – Every fintech solution is treated like a potential money-laundering scheme, even when it’s just an app helping mama mboga save for stock. - High compliance costs – Banks would rather charge you transaction fees for existing products than spend millions navigating new regulations. The Impact? Slow Tech Adoption & Stale Banking - Fintechs outpacing banks – Why do most Kenyans prefer fintechs for loans, payments, and savings? Because banks are stuck in compliance mode instead of innovating. = Stifled competition – Small players struggle to launch because they can’t afford the legal maze. =Customers losing out – Imagine having real-time settlements, AI-driven lending, or cross-border payments with zero stress—but no, we’re still queuing for manual approvals. Regulators Need to Chill Kenya’s banking sector doesn’t need more rules—it needs flexibility. Regulate the risks, but don’t strangle innovation before it even starts. #Banking #Fintech #Regulations #Innovation #KenyanEconomy

Ryan Salame just demonstrated that in FinTech/Crypto, “move fast and break things” can be very dangerous. Most of the media coverage about the former chief executive of FTX pleading guilty yesterday to multiple charges focused on the $1.5bn asset seizure order and the possible 10 year jail sentence he faces. But delving into the specific charges contains a valuable lesson for FinTech/Crypto companies. Specifically, one charge that Salame pled guilty to was the dry sounding “Conspiracy to Operate an Unlicensed Money Transmitting Business.” The background was FTX had no bank accounts to handle customer deposits/withdrawals. FTX tried to open one, but their bank (likely Silvergate) refused without FTX having the needed registration and licenses (money transmitter business license, primarily). Rather than let that slow them down, Salame and SBF pushed forward. Initially, they illegally used the bank accounts of Alameda (SBF’s trading businesses) for FTX customer deposits/withdrawals. Knowing that was not a durable solution, they then incorporated a new entity, misrepresented that entity’s business (not disclosing it would deal with FTX’s customers and was not licensed), and opened a bank account. That behaviour might have hewed well to the disruption ethos of many in tech (think the early days of Meta and Alphabet). But financial services is different as it is heavily regulated. This underscores the unique complexity of FinTech/Crypto. The need to balance the disruptive possibilities of new technology against a very well-established regulatory infrastructure. Many correctly cite the need for regulatory change for novel technologies Iike crypto. But they must also understand many foundational regulations in financial services are not up for debate: protection/separation of customer funds, KYC, anti-money laundering, anti-terrorism financing, sanctions compliance (to name but a few). Those FinTechs/Crypto companies that manage that balance between disruption and compliance will be successful. Those who don’t……. As Salame has aptly demonstrated yesterday, you can’t ignore financial regulations because it slows you down. In financial services, “move fast and break things” can easily land you in jail. Ex-FTX Executive Salame Pleads Guilty to Criminal Charges https://lnkd.in/eG2Vvytc

Kicking off the week with Part 3️⃣ of the series on the bill (H.R. 9303/S. 4943) introduced August 2nd to amend Regulation E's liability framework. So why should #fintechs care about a Reg E liability shift (and not just their #bank and #creditunion partners)? Check out the last recommendation the Senate Subcommittee made with regard to Zelle and #fraud and #scams: "Congress should amend the Electronic Fund Transfer Act to clarify that EWS, and any other financial services companies that play a central role in facilitating electronic fund transfers, are considered a “financial institution” under the statute. Expanding the definition to include these entities would make it more difficult for EWS to avoid responsibility to protect consumers." My brain: 🤯 🏦 EWS (and others with a "central" role in EFT activity) as a "financial institution"? Besides angering true financial institutions who go through a very different charter, oversight, and supervisory set of events to become financial institutions (as most #fintechs will readily admit), what would this actually mean for the regulatory framework when a non-chartered entity is defined as a financial institution for purposes of enforcement in some regulations but not others? 💸 How do we define which service providers play a "central" role in facilitating electronic funds transfers? Do these include those who directly create and offer the services, as well as those who integrate or embed their solutions into products and services they take to market? According to the Subcommittee's explanation, they believe Congress should proactively create legislation and take care to "not provide opportunities for for #financialtechnology companies to find loopholes that allow them to avoid protecting consumers on their platform." They further say this should apply broadly to ALL payment platforms, including mediums that "facilitate an electronic transfer." (see the screenshot below). This statement should raise 👀 and 🚩 for any #fintech in the #banking or #financialinstitution space and their partners at these FI's too as not only will both take on liability directly, but partnerships between our bank and credit union friends could become much more complex when liability blurred lines come into play. Curious what the #fraud, #compliance, and broader #banking community thinks on this one! Tagging in those who had thoughts on part ✌ in case they are willing to add in some part 3️⃣ wisdom! Ron Shevlin Jason Henrichs Jeff Harper R. Andrew Gómez Tricia DeFord Craig Tidwell Ray Chandonnet And our Nymbus compliance and fraud crew: Kate Phillis, NCCO, NCRM Stephanie Kennedy, CFCI #riskmanagement #regulatorycompliance #fraudrisk #frauddetection #fraudinvestigation #fraudstrategy #partnerships #fintech #finserv

Payments are under increasing scrutiny as regulatory frameworks tighten and fraud risks evolve, particularly in the wake of advancements in Generative AI and deepfakes. 👉 Interchange fees and surcharging regulations shift payment industry dynamics, with regions like the EU and Australia capping fees to protect merchants while the U.S. remains focused on debit interchange through the Durbin Amendment. Meanwhile, surcharging remains a contentious issue, with some countries allowing merchants to pass costs on to consumers, with strict transparency rules. As regulatory bodies seek to make transactions more equitable (with a mix of intended and unintended consequences) payment providers must continuously adapt. 👉 Open banking regulation is also reshaping payments, particularly in the UK, EU, and Australia. By mandating that banks share customer data securely via APIs with third-party providers, these regulations aim to foster innovation and competition. Open banking opens doors for fintechs to build new services, but it also comes with higher expectations for data security, customer consent, and fraud prevention. 👉 Governments are devising digital ID frameworks to streamline identity verification (e.g. the EU’s eIDAS, India’s Aadhaar, NIST draft guidelines in the U.S.). These frameworks ensure secure access to financial services, yet they must now confront the rise of GenAI and deepfakes. Fraudsters can manipulate facial recognition, voice biometrics, and even digital ID systems using AI-generated identities, which means banks and fintechs must evolve their fraud detection techniques. ✔️ Opportunity: Payment providers have a long history of adaptive pricing in response to regulatory shifts. Banks and fintechs that invest in advanced verification technologies, such as multi-factor authentication, behavioral biometrics, and AI-powered fraud detection will not only protect themselves and their customers, but be able to use risk mitigation as source of differentiation. Fraud and risk providers that offer advanced biometric and behavioral verification methods, leveraging voice characteristics, environment detection, and liveness checks will gain share in this new risk environment. ❌ Threat: Traditional payment processors, legacy banks, credit card issuers, and e-commerce platforms must recalibrate pricing strategies and their data access posture in response to evolving regulation interchange fee caps, surcharging restrictions, and open banking mandates. Less sophisticated fintechs and banks that rely on outdated fraud protection systems will find themselves targeted by fraudsters, and risk losing the trust of merchants and consumer customers. My colleagues Michael Cashman, Roger Zhu and I recently updated our perspective on global payment trends… this is 5️⃣ of 6️⃣ in a series of posts. Are you attending #money2020usa? Reach out to the Bain & Company team if you want to discuss implications for your business.