Takingthestrain

There are five business pillars that prevent a fintech from crashing under the weight of regulatory compliance, believes Geoff Dadswell, CEO and founder of TH Risk Solutions. His job is to make sure they’re up to the job

With the chant of ‘tech, tech and more tech’ ringing out across financial services, any firm could  be forgiven for thinking it’s the answer to all its problems – from keeping customers happy to managing compliance.

But they would be wrong, according to Geoff Dadswell, CEO and founder of  TH Risk Solutions (THRS), the UK-based risk management consultancy that works with emerging payment providers, electronic money institutions and challenger banks. Because, in his experience, there’s no substitute for the ‘grey-bearded’ regulatory knowledge that the right people bring to an organisation, particularly those that are born digital. For them, THRS is sometimes a reality check.

“There’s a strong belief that ‘the platform’ will deliver solutions for consumer experience and commercial success, too. We’re finding this is not always the case, and is instead creating tension in terms of the traditional methods used by the UK Financial Conduct Authority (FCA) versus the perceived risk of certain fintech activities.

“Organisations think ‘we’re managing ourselves in a particular way, based on what we know’, but it’s the things you don’t know, or are not focussing on, that you need to consider more thoroughly,” he says.

There have been a spate of high-profile cases recently that tend to support that view. Earlier this year, UK startup Lendy collapsed, carrying half its peer-to-peer lenders’ money with it, amid ongoing FCA concerns. In April, the FCA confirmed it had required unicorn Revolut to take action after a whistleblower raised concerns around compliance issues. More recently, we have seen crossborder, multi-currency, electronic money institution, Ipagoo, enter into administration after the FCA ordered it to cease regulatory activity.

While Dadswell himself is careful not to point the finger at firms that fall foul of the regulator, he clearly sees a growing role for THRS in helping organisations to avoid such potentially catastrophic outcomes.

“The FCA is getting more confident in regulating this space, which has been evidenced recently by some of the things it’s doing around reviewing safeguarding of funds as well as wider governance questions,” he says. “This is causing much change within organisations, which are looking towards upskilling in governance, risk and compliance. Because there’s historically been a skew towards technology expertise in these organisations, their idea has been ‘let’s set up our framework, become regulated and let the regulatory, risk and governance items look after themselves’. Invariably, though, they don’t. So, in the same way you get, over time, a technology debt in an organisation, a governance debt begins to reveal itself.

We’re dealing with things like regulatory investigations and helping clients to identify people for roles to upskill, or help with those roles ourselves. We provide C-suite and executive level expertise, and have that ‘grey hair’ around understanding how a regulatory framework ought and needs to work in an FCA-regulated environment,” he says.

One of the biggest issues is that the drive for technological innovation has led to its capabilities being vastly overestimated by emerging businesses, says Dadswell: “As you’d expect, a fintech organisation that has become a payment or electronic money institution, would like to see the technology it has created delivering the compliance solution.”

But, increasingly, there is no margin for error if that faith in technology alone is misplaced.

“We’re finding that the FCA is bringing  its traditional methods of regulation to the payment space. It is looking for the three pillars of good governance, protecting client money, and managing financial crime – and every regulated  fintech firm I have come across will say it has all of those things covered with a system that does that. However, we’re finding these things still need some degree of human intervention. Platforms often can’t fix everything, and not to the standard the FCA would expect.”

Developing in-house capability isn’t the answer, either.

“Companies are split into two camps, really. One is the typical startup view of the world, which is ‘I can solve everything about everything with my new proposition’, and it’s an admirable place to be at the start but very rarely works long term,”  says Dadswell.

“A good example of that is things like know your customer (KYC), which is done admirably by companies out there already. My view is that fintech firms would be far more successful if they strategically bought in services.”

In many cases, firms’ internal cultures are their biggest blockers.

“There’s this sense that culture in an organisation is about imagination. In other words, ‘let’s just see how we can imagine what the world could be, with the solution that we have’. I find that leads to a technology bias and organisations are typically saying to us ‘we simply cannot afford to have the individuals we need to drive the cultural change we know we need, so can you help us with that?’ and ‘help us understand how we should approach the regulators and how they think’.

“So, we seed the new culture by saying let’s look at the organisation from what I call the five pillars,” says Dadswell. “You may have strategic focus as one, commercial coordination as another and technological capability as a third, along with financial discipline, which is great, but you also need regulatory competence as the fifth pillar. The blend of those five things means a good, well-organised organisation with a risk-managed culture.”

Some issues also just boil down to organisational maturity, he observes.

“It’s about the growing process: have all parts of your business evolved in the right way? Have you got a good platform? Do you have lots of features on your app? How are you managing all this in the background? How are you preparing for the future? How are you developing? How are you funding?

“We went to one company to talk about risk management, then focussed minds on culture change. They felt their biggest risk was technology failure of their platform. When we started mapping it, it really was not, because they know how to run their platform and have safeguards in place for restoring their system in the event of a failure. Their biggest risks were actually funding and regulatory compliance.”

And his view of the world beyond, where regulation is yet to come of age?

“It’s partly about approach, certainly around expectations from regulatory bodies. The need to consider an EU-based presence is why some organisations are going to certain jurisdictions, like Lithuania.”

THRS is fast expanding its geographical reach and range of consultancy services.

“We also help companies with things like managing their data management risk and General Data Protection Regulation processes,” Dadswell continues. “We get involved in financial sanctions and anti-money laundering (AML) compliance. All of those things are translatable to different verticals. As well as payments, we have been talking to companies in areas like lending and insurance.

“Our focus is really around bringing a change in mindset to organisations, and helping them achieve governance change, which can be triggered by a number of things. It could be helping with the consequences of an investigation, or it could be support with developing the culture to better understand, and respond to, governance risk.”