What the UK can tell us about FinTech regulation
The UK is ranked as one of the most ‘fintech friendly’ territories in the world.
The UK government’s publicly stated position is to make the UK the ‘global capital of FinTech’ and it provides an increasing amount of support to the sector. As a result, a large amount of fintech business is based or represented in the UK and specifically London. Even with the cloud of Brexit looming, London continues to experience growth in venture funding for FinTech companies, with investment reaching $3.3bn last year.
Part of the UK’s appeal to FinTech companies is its collaborative approach to regulation with businesses in the sector. Initiatives like the Financial Conduct Authority (FCA)’s ‘project innovate’ and ‘regulatory sandbox,’ which help businesses to introduce and test new financial projects and distribution methods, have helped establish the UK as a leader in FinTech and as a global authority on FinTech regulation.
As the use of technology increases across the financial services industry, FinTech companies leading this innovation can be held accountable to the same regulatory pressures as traditional financial institutions. Some FinTechs may not be prepared for these regulatory pressures, or, may lack the internal infrastructure and risk management programmes to be fully compliant.
Businesses in the sector should be aware of the UK’s developing regulatory environment, in particular a few key areas which are under scrutiny:
Depending on their activities, UK regulated firms can be expected to comply with more specific regulatory requirements for new types of services, like crowdfunding and peer-to-peer lending for which the FCA published their new rules and guidance in June this year. Specifically, the guidelines emphasized the protection of inexperienced investors, the appropriateness of these products for this type of investor and the protection of the investment should the lending platform become insolvent for any reason.
New payment technology services also draw attention from regulators. In the UK, the second Payment Services Directive (PSD2) was brought in to better protect consumers when they make online purchases, make cross-border European payments safer and encourage competition in the banking sector by taking away the traditional financial institutions monopoly on payment data.
In providing financial services, FinTech firms should consider that the FCA and Prudential Regulatory Authority (PRA)’s legislation to protect consumers will always apply. Banking and eMoney firms should also keep in mind that the Financial Ombudsman will soon be able to make financial services firms pay significantly more compensation to consumers and qualifying businesses in the event a complaint is referred and upheld by them.
To protect consumers, the FCA has also recently put a temporary ban on the mass marketing of ‘mini bonds’ to retail investors, these products can often be invested in via Peer 2 Peer (P2P) lending platforms, while they consult on permanent rules for this industry. Some P2P lending products offer ambitious return targets with very high-risk investments and are sold in the wrapper of an ‘Innovative Finance ISA’ (IFISA) which are promoted alongside cash ISAs even though they are very different, cash ISAs being relatively low risk and IFISAs being generally high risk.
Due to the nature of their businesses many FinTech firms will process high volumes of payments or other financial transactions online. These platforms can provide greater opportunity for criminals looking to launder money or fund nefarious activities. It’s critical that FinTechs have the necessary procedures and software in place to comply with the UK Anti-Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. The FCA is also exploring the potential for a cross-sector ‘know your customer’ platform to support compliance.
Many FinTechs, by nature of the services they offer, will use and hold an increasing amount of customer data. In response, the FCA and the Information Commissioner’s Office (ICO) have been increasing efforts to collaborate on an effective supervisory and enforcement approach for FinTechs. Companies need to make sure they have robust procedures in place to be GDPR compliant, as ICO fines are steep and there is always a risk of criminal liability and damage claims from customers impacted by a data breach.
UK regulators have played a collaborative, forward-thinking role in implementing regulation for FinTech that doesn’t stifle innovation or slow the growth of the market, and the FCA is exploring global initiatives that would remove some of the cross-border regulatory barriers that FinTech firms may face when trading internationally. Regardless, the FinTech market will continue to attract a growing level of attention from regulators and as these companies grow, they must focus on the unique exposures facing their industry as well as their individual business’ risk management capabilities in order to stay on the right side of the line.