Menu

New Coordinates Articles Details

 

Managing Compliance Risk in an Era of Innovation

The modern economy is built on innovation and technology. The internet and smartphones have enabled an era of innovation that scales faster than anything in human history. But this ever-accelerating pace of change is creating its own risk, and we’re watching that risk play out in real time. Tech companies, especially social media companies, are now facing an unprecedented backlash from the U.S. Congress, Justice Department, Federal Trade Commission, and even more from overseas governments. Comprehensive privacy legislation is already in place in Europe, with similar legislation being contemplated in Washington. And the backlash could intensify for tech companies—calls for breaking up certain companies or requiring divestitures are now being voiced by both Republicans and Democrats.

All this turmoil illustrates the real and potential costs of mismanaging risk in an innovation environment. Compliance or legal professionals working in FinTech should be especially vigilant as federal and state regulators are finally starting to scrutinize the risks of Silicon Valley’s long-uttered mantra, “Move fast and break things.” When it comes to banking, federal regulators have more experience and sophistication in assessing these risks than Congress. And they have long institutional memories.
 
What should FinTechs and banks do now? My career in the FinTech ecosystem and bank product testing environments has surfaced three key challenges, outlined below along with 
practical solutions. As head of Treliant’s FinTech practice, I’ve had the opportunity to work with dozens of FinTech companies over the past nine years. But my truly immersive experience in this space was formed by working for two FinTechs earlier in my career—plus a large bank “innovation lab,” or rapid-cycle testing unit, back before there was social media or smartphones. All these environments were focused on the same activity: rapidly developing and deploying new products or services, testing the results, and then adjusting and evolving.
 
As we watch the headlines play out for tech and social media companies, it’s easy to see that FinTechs face many of the same challenges, but with a banking twist. Consider these three:
 
Challenge #1: The Business is Unfamiliar with Banking Laws
It’s common to find a subset of businesspeople at FinTech companies who are not familiar with all the laws and regulations that apply to their products. This isn’t intended as a criticism. Quite the opposite. Banking was due for a transformation, and outsiders have invigorated banking with a host of new products and innovations that benefit consumers, many of whom have been shut out of traditional banking. Even so, the situation does present a challenge. While senior executives at most FinTechs have extensive banking experience and subject matter expertise, that experience is not as common to find on some project teams or those tasked with day-to-day execution.
 
Solution: The solution is common sense and it’s widely known: training. The conventional approach to training is to put your employees through the alphabet soup of online training modules for everything from Regulation B to Regulation Z, followed by a quiz at the end. This can be effective at building general awareness and is definitely required by regulators, so checking off this box is important. However, in an innovation environment where products or processes are being developed at the bleeding edge of banking, it can be a challenge for employees to connect the dots from a statement about Federal Credit Reporting Act prohibitions in a training module, for example, to their day-to-day job. The solution to this challenge is two-fold:
  • Real-time Training: This informal approach looks for teachable moments as they happen in the workday. It is sometimes difficult to come up with examples and scenarios to use in annual regulatory training modules, but you’re likely to encounter new situations every day or week that merit pausing with businesspeople and reinforcing key themes from the annual training. Real-time training like this tends to resonate and stick.
  • Targeted, Recurring Training: This is a more formal approach that develops short, targeted training sessions of perhaps 30 minutes or less using recent, real-world examples to discuss with the team. These can be scheduled monthly or even weekly if there is a new product or service launching.
Challenge #2: The Pace of Innovation
The proliferation of technology tools and data sets means more innovation at a much faster pace than ever before, and compliance and legal professionals are challenged to keep up.
 
Solution: Documentation is key to keeping pace. It may seem counterintuitive and out of fashion, in a world that is currently enamored with “agile” project management—where suggesting that you write things down will get you a torrent of frowny face emojis from your business partners. But remember that agile was created for software development. Agile is actually the anti-project management approach to rapid-cycle testing. It may work well in many environments, but there are laws and regulations in banking that require certain information to be documented and retained. As a result, federal and state regulators will expect to see these documents, too.
 

Yes, taking time to document product development can slow things down a bit, but there’s a synergistic value to the business that’s often ignored. A key point of launching new products is to test and learn what works. A record of how a product was developed, deployed, and received in the market captures the foundational elements to analyze whether the product is successful and works as intended. Important insights like this are gleaned from documentation and really represent the whole point of launching a test in the first place: to learn. Learning is how a business improves over time, which creates shareholder value, and everyone can agree on that.

 
Challenge #3: Accuracy and Usability of Data
Social media and smartphones have created a supernova explosion of new data types and sources that marketers and model builders in the FinTech space have rushed to use. But not all of it is legally usable for its most valuable purpose—or at all. Unlike mining data to sell sneakers or luggage or any other consumer product, there are long-standing laws and regulations that limit what data can be used to market or make decisions on financial products.
 
Solution: We’ll revisit this topic in a future article, but solutions start with answering and documenting the following questions:
  • What is the source of this data?
  • What are all the uses of the data (marketing vs. decision-making vs. model building, etc.)?
  • What variable or variables will be used?
  • Where will the data be housed/protected?
  • Who will have access to the data and for what purposes?
The Fair Credit Reporting Act, Regulation B, and other rules require documentation of this kind of information regarding data usage. Having a program in place to document and track such questions and answers is crucial to a safe and sound program.
 
The Final Analysis
The new era of innovation is running at full steam through almost every industry, including banking. Compliance professionals want to enable this transformation while still satisfying federal and state regulators because they know, as recent headlines show, that regulators, politicians, and the public all care deeply about core issues of privacy and fairness. Finding a sustainable path through this cycle of innovation is something everyone wants.
 

Theme picker