From “no” to “go”: FinTech compliance expert series
In a recent FinScan LinkedIn poll of 194 compliance professionals, 54% said incomplete customer data was the biggest cause of false positives. This mirrors our recent webinar poll where 54% of 317 attendees said data quality was where compliance professionals spent a significant amount of time.
What gives?
With FinTech compliance teams focused on the promise of using AI and automation to help solve their biggest challenges, getting data right is no longer optional.
Poor data quality = bad automation. Poor data quality = bad AI.
And that’s just part of the story. Other pressing challenges are putting up barriers to reducing risk and achieving what everyone wants: sustainable growth. In this series, Steve Marshall, Director of FinScan Advisory Services, Innovative Systems; Leda Glyptis, PhD, author, speaker and FinScan advisor; and Mayank Sharma, Senior Product Marketing Manager at Innovative Systems debate the challenges and opportunities compliance teams face as they shape the future of compliance for their organizations.
Part 1: Data dilemmas and regulatory wrangles — the compliance battlefront
Compliance teams are navigating complex challenges, from battling data quality issues that put their personal liability on the line, to fighting for executive buy-in, all while keeping pace with ever-evolving, complex regulations. In this high-stakes environment, the pressure is on—especially for fast-moving FinTechs, where missteps can spell disaster. Here, Steve Marshall and Leda Glyptis pull back the curtain on the biggest hurdles compliance professionals face and explore whether tougher penalties or smarter strategies are the key to staying ahead of the game.
What are the biggest challenges facing compliance teams?
Steve Marshall: I see three major challenges.
First, I don’t think there is a debate: the biggest issue for compliance teams is data quality. Data management strategies for data quality must be different for anti-money laundering and sanctions (AML) compliance because regulatory focus on data quality as an underlying issue behind enforcement actions has and will continue to increase dramatically. Close is not good enough for companies or for the compliance professionals who bear the responsibility for the outcomes of poor data quality. No other function is personally liable for bad data quality. For FinTechs, who often want to move faster than traditional institutions, data quality becomes even more critical.
Second is that coveted seat at the table—getting executive buy-in for AML compliance initiatives. Without that support, they are often left in the precarious positions of whistleblowing or resigning.
And finally, while keeping up with new and changing regulations has always been a challenge, regulations are becoming more complex and ambiguous due to broad sectoral and securities sanctions. AML and sanctions regulations are evolving to strengthen the guardrails around politically exposed persons (PEPs), relatives and close associates (RCAs), and ultimate beneficial owners (UBOs). Several jurisdictions are introducing or proposing new requirements. Plus, regulations for crypto, digital assets and AI are emerging and will only get more complex.
Leda Glyptis: I fully agree, particularly around Steve’s second point. The job of compliance teams is changing. Regulatory complexity is increasing. The need to remain both business-valuable and compliant is challenging. Plus, the tools and what compliance jobs entail are constantly shifting.
Added to all that is executive fatigue. Their headspace is more stretched and strained than ever. Getting risk and compliance conversations in the right rooms at the right times is the single biggest challenge for FinTech organizations. And arguably, it’s the single biggest frustration for compliance teams.
Should regulators impose tougher penalties on firms that fail to comply?
Steve: There are arguments for and against this. When the financial and reputational costs of non-compliance are high, firms are more likely to take it seriously across the organization.
However, some critics—including industry experts, financial firms, legal professionals, academics, and business leaders—argue that these penalties stifle innovation. For example, firms might become overly cautious, hindering adaptability and innovation.
Rather than imposing harsher penalties, these critics believe the path forward is a regulatory focus on prevention through clearer guidance and support to help them meet their obligations and foster a compliance culture.
Ultimately, I think the truth, as it often does, lies somewhere in between. The decision to impose tough penalties should be balanced between ensuring firms are held accountable and maintaining a fair and conducive environment for business.
Leda: Instinctively, we all know that prevention is always better than a cure and they are both better than a purge. I think it’s fair to say we all also understand that deterrents for non-compliance with rules and regulations need to be equal to the gravity of the issues the rules pertain to. One could argue that it is best to go big or go home when it comes to fines to show you mean business.
I think a better question is, “How do we lean into a constant dialogue between regulators and businesses?” Can we get to a place where regulators will help you on every step of a journey which you have no choice but to go on?
We must find a way where “accepting risk and moving on” is not on the table as an option for decision makers. Although fines are definitely a weapon in the arsenal of a regulator that can be deployed to focus folks’ attention, by reminding them of the very real consequences of inaction, there is a lot of work that needs to be done every step of the way before we get to the point where the fine is the only option. Therefore, it is more of a warning to others that if you get caught, there are consequences.
The real message should be that compliance with the tenor of new regulation is not a matter of degree. It is a new paradigm and, frankly, “there is no other way.” Fines arguably underline that point in a way that nobody fails to notice. But if they don't lead to changed behaviors after the fact, then they will not drive the change we need to see.
Don’t miss Part 2 of this series where we’ll explore:
How regtech can help fintechs with compliance
The impact of AI on compliance
The role of risk orchestration in detecting financial crime risks