How a compliant-by-design operating model preserves scalability and enables growth for Fintechs

Marnix de Kroon

INNOPAY

Josje Fiolet

Willem Mosterd

08-06-2021 Reading time: 11 minutes

How a compliant-by-design operating model preserves scalability and enables growth for Fintechs

Fintechs will have no choice but to comply with the requirements of the Digital Finance Strategy, but they can decide whether to regard compliance as merely a cost driver or as a growth driver. This blog focuses on that consideration and outlines how the right organisational structure can enable a Fintech to not only achieve and maintain compliance, but also to actively leverage it for scalability and growth.

Over the past decade, many Fintech players have emerged who challenged the status quo with their agility and customer-centric propositions. While the changing market structures resulting from innovation have contributed to the growth of the digital economy, they have also led to fragmentation of the digital market space and new/amplified risks for consumers and businesses, such as security breaches, privacy scandals, money laundering and poor consumer protection. The European Commission (EC) is keen to further safeguard financial stability and consumer protection within the financial ecosystem and to promote a level playing field between existing financial institutions and new entrants in order to stimulate innovation.

To this end, the EC has initiated various regulations in the past couple of years, such as the PSD2, GDPR, AMLD and, most recently, the EU Digital Finance Strategy (DFS). Expected to come into force in 2024, the DFS outlines the objectives and priorities in moving towards a Digital Single Market within the EU. One new principle is that of ‘same activity, same risk, same rules’, which means that all entities involved in a specific regulated activity should be subject to the same rules, regardless of their nature or legal status. This will inevitably result in a future of ever-changing and increasing regulatory compliance that will especially impact on Fintechs.

Strategic directions: is compliance a cost driver or a value driver?

How can Fintechs respond to this prospect? They face a choice between two main strategic directions: they can decide to perceive compliance merely as an unavoidable cost driver (reactive response), or they can view the need to comply with the EU’s rules as a strategic opportunity to enable growth (proactive response).

When working with Fintechs and scaling organisations, we often see that they view compliance as a cost driver. Commonly, they make it the responsibility of a single staff function which is typically seen as the ‘says-no department’ by the business line. Then, as soon as the Fintechs start to increase in size, their operating model appears to hinder further growth. Often, manual solutions to comply with regulations are stacked and are only embedded in the organisation’s daily activities to a limited extent. As a result, their complexity and cost per revenue increase while their ability to scale declines, as illustrated in Figure 1(a). Such organisations tend to fight only the symptoms of their operating model no longer being ‘fit for purpose’, rather than the cause. In the long term, this leads to diminishing shareholder value.

Relationshipo between total cost of compliance / revenue in time

Figure 1: Cost driver (a) vs. value driver (b) response to compliance shown as cost in relation to revenue.

A scalable operating model facilitates growth

Now more than ever, Fintechs must be able to deal with the changing compliance requirements if they are to maintain their ability to scale and grow. This calls for a scalable operating model that is able to embed compliance requirements in their daily activities in terms of continuous implementation of legislation, directives, guidelines and policies for mitigating risks of their organisational activities. Importantly, compliance requirements not only stem from regulatory developments, but also from expectations of clients, partner, investors and employees regarding general good business practices and behaviour. In return for the necessary upfront investment in such an operating model, Fintechs can expect to benefit from strategic advantage, improved competitive positioning and long-term growth.

Fintechs need to transition to a compliant-by-design operating model

To maintain the ability to scale, we advise Fintechs to embrace a more proactive approach to compliance based on a compliant-by-design operating model. This ensures that responsibility for compliance is shared throughout the organisation and is embedded into the daily activities. Maintaining the ability to execute and scale leads to lower cost per revenue in the long run, as shown in Figure 1(b). While this requires an initial investment, business leaders must see the longer-term perspective and understand that it will ultimately result in strategic advantage, improved competitive positioning and increased shareholder value.

A compliant-by-design operating model requires a shift in both the organisational mindset and the organisational activities, and starts with the following:

1. Embed foundational principles to support the compliant-by-design approach. The first step is to establish clear foundational principles that guide the organisational change as they set a clear tone from the top down and are communicated throughout the organisation. Figure 2 presents five exemplary principles to be embedded, as an alternative to how compliance is often addressed in practice.

Figure 2: Five exemplary principles for a compliant-by-design operating model.

2. Establish a coherent view of the operating model. After laying down the foundational principles, the organisation needs to establish a coherent view of the organisation’s operating model. This helps business units and individual employees to understand their role and contribution to the set strategic objectives. Absence of such a coherent view tends to cause misalignment between the strategy and the daily operations of the organisation (see Figure 3).

Figure 3: A well-functioning compliant-by-design operating model creates coherence between strategy and daily operations.

Interdependencies between elements of the operating model should be made clear in order to obtain insight into the impact of change on the organisation. Compliance requirements tend to affect several different elements of the operating model, but in practice they are often treated as stand-alone requirements, leading to point solutions that increase the overall complexity in the organisation’s daily activities and hinder long-term scalability.

This can be illustrated by the implementation of new AML requirements where point solutions are often created by adjusting just the existing tools and processes of the Operations and/or Compliance team, leading to more bureaucracy. The proper approach would be to treat it as a service development and take the company perspective of how it supports or impacts the client propositions and overall performance. Then the right decisions can be made regarding how to meet the AML requirements: within the Operations and/or Compliance team only, or by adjusting the sales process or even market focus, for example.

The first step towards a compliant-by-design operating model

Failure to adequately embed compliance requirements is likely to hinder the future growth of any organisation whereas a compliant-by-design approach will boost the longer-term outlook, which is why this topic is particularly relevant for Fintechs who are in the process of scaling up their business. As experienced consultants in Operating Model Design, INNOPAY can help you to define how your organisation can deal with compliance requirements without losing your key strengths and scalability. If you would like to discuss the opportunities, feel free to reach out to Josje Fiolet.

On Friday 11 June, this topic is discussed at the Amsterdam Fintech Week 2021. INNOPAY is a founding member of Holland FinTech, a financial technology hub with links to the rest of Europe, the US, the Middle East and Asia.