A Cautionary Tale of Compliance for FinTech
Last week the startup world was abuzz with news that Zenefits CEO Parker Conrad resigned amidst a compliance scandal. David Sacks, replacing Conrad as CEO, emailed the company stating that “many of [Zenefits’] internal processes, controls, and actions around compliance have been inadequate, and some decisions have just been plain wrong”. Indeed, in just one example of poor decision making, it came to light that Zenefits created a program to fake mandatory state insurance broker training.
It is no surprise that the demands of compliance often come in to conflict with the entrepreneurial mindset in all regulated industries. However, the implications of compliance in FinTech are often much more severe than in other industries. As a result, this must be seen as a cautionary tale for FinTech startups everywhere.
Some observers have been tempted to compare Zenefits problems with other notable startups facing regulatory obstacles. No regulatory versus startup comparison is complete without invoking Uber, as Ben Thompson astutely points out in his Stratechery post on this subject:
In the wake of Conrad’s departure there has been a bit of a meme about Silicon Valley needing to clean up its “move fast and break things” mentality, with most such think-pieces tying Zenefits screwups to Uber’s well-documented run-ins with regulators.
Thompson goes on to say, “I don’t think today’s Uber comparisons hold water: specifically, just as is the case with regulations themselves, the validity and viability of ‘violating’ them all comes down to context.” He proposes a framework for evaluating regulations based on the following questions:
- Is the regulation unambiguous?
- Is the regulation business-critical?
- Is there a user-benefit to testing the regulation?
- Is there recourse to adverse regulatory action?
- Is it right?
His framework is particularly instructive when it comes to regulation affecting FinTech startups because the answers explain why FinTech startups are so sensitive to compliance:
Is the regulation unambiguous?
In many cases, yes. The requirements relating to areas like AML, KYC, and money transmitter licenses are well established and unambiguous. Other areas like Reg E and Reg Z may be ambiguous as to the letter of the law as new financial products are introduced, but the spirit of those regulations are generally unambiguous as well.
Is the regulation business critical?
The answer for startups is, almost by definition, yes. The financial component of most FinTech startups is so central to what they do that their entire business model would be destroyed without it. Whereas Uber can afford — in terms of time, money and scale — to litigate these issues on a city by city basis, almost all FinTech regulation exists at the federal and state level. This means that the regulation is business critical and that the cost of non-compliance is extraordinarily high.
Is there a user-benefit to testing the regulation?
This is a difficult question to answer for FinTech startups. While there is no doubt that some regulations — while well-meaning — work against customers’ interests, they were also created with those customers interests in mind. Unlike Uber, where the incumbents (taxi companies) welcome the regulation as a moat, most incumbent financial institutions find regulations as stifling as startups. In fact, startups often have it easier than incumbents because enforcement efforts are usually focused on the largest institutions.
Is there recourse to adverse regulatory action?
When it comes to financial regulations, the answer is almost always no. Unlike taxi regulations that are controlled at the local level, the most rigorous regulations exist at the federal level. Incumbent financial institutions — with substantially more resources than startups — spend substantial sums of money through lobbying groups to influence regulation with only marginal success. For FinTech startups, there is literally no recourse to adverse regulatory actions.
Is it right?
This is the hardest and most subjective question to answer. Ultimately, I believe that most financial regulators — especially those in the consumer space — are well-meaning watchdogs trying to protect the individual. They must do so in an increasingly complex environment where they do not, and probably can not reasonably be expected to, understand all of the implications their rules will have.
All of this highlights why the Zenefits story is such a cautionary tale to FinTech startups: regulation in this space is unavoidable, central to the value provided to the customer, and generally motivated by good intentions. Failing to comply is not a calculated risk for these businesses — it is literally suicide. As a result, FinTech startups have to ensure that compliance is in their DNA… It affects business, technical and operational decisions. It permeates interactions with customers.
Disruption must occur to move the industry forward, but not at the cost of willful non-compliance. Instead, entrepreneurs find ways to create businesses using existing financial products in innovative ways or by inventing new products with fewer regulatory burdens. This approach is what drove many FinTech startups to use general purpose reloadable debit cards instead of traditional checking accounts. It also contributed to the approach TransferWise used to enable international money remittance through a peer-to-peer system that settles transactions locally in each country rather than actually performing cross-border transfers.
This is potentially the biggest value we provide to our clients: the ability to synthesize product values, customer desires, and regulatory compliance as the “magic triangle” of FinTech. Without each of those legs, the business value of any financial services product is irreparably compromised.