This episode of the Fintech Layer Cake podcast features a deep dive on fintech compliance. We cover a lot of areas including:
- How to build a compliance program
- What to look for in your first few compliance hires
- How compliance should look like at each company stage
- Compliance tools that can lighten your workload
- Should your general counsel be your compliance officer
Fintech Layer Cake is presented by Lithic and hosted by Matt Janiga, our general counsel, and Reggie Young, our product counsel and author of the Fintech Law TLDR newsletter.
Highlights from Compliance 101:
What does a fintech compliance team do?
REGGIE: The compliance function at fintechs set the policies, procedures, and processes to ensure the company is compliant with the law. They focus on anti-money laundering (AML), sanctions, and regulated conduct.
- AML refers to legal obligations that help the government fight crime, like having to verify the identity of bank account applicants.
- Sanctions refers to checking certain government lists that include, e..g, people US banks are prohibited from doing business with.
- And regulated conduct refers to various regulations that require certain types of businesses to do – or not do – certain things. For example, at Lithic, we have to deal with card-specific laws and regulations that say what sort of conduct card companies can and can’t do.
How is compliance different from legal?
REGGIE: Legal helps interpret guidance and navigate gray areas to figure out what the company needs to do.
Compliance focuses on implementing and running the day-to-day operations. Things like confirming your customers aren’t on sanction watchlists, or that they’ve provided all the right KYC elements.
Legal also helps with contract negotiations, employment issues, and others.
But there’s often overlap – good compliance folks often help do some of the legal lift, especially at early companies.
Who are your first compliance hires?
MATT: Well it depends on your existing team. If you have seasoned founders or an in-house attorney who understands compliance needs, you can use your budget to bring in a mid-level manager who can take direction, manage analysts and help you scale.
Your more senior, non-compliance person can help them balance commercial and compliance needs, and also start to build alignment with your C-suite.
Ideally, this person is growth oriented and can keep growing up as you need a more senior hire.
If you get stuck and can’t find a good candidate to be a manager or director level, I’d recommend getting a great analyst who can help you block and tackle. They might need more direction and coaching, but they’ll give you good lift.
The trick is being honest. A lot of folks will mistake being first in their function with being the senior title in their industry.
Don’t leave any ambiguity – if you see your hire as an analyst or manager, but not the compliance officer, make sure you’re clear with them so they don’t get upset later and leave.
Should your general counsel be your compliance officer?
MATT: Historically most lawyers take the view that your GC or another lawyer should also be your compliance officer, and there can be managers under them to run the operations. But that can get you into some trouble.
If you’re in a regulated space, like if you have money transmission licenses, states like New York require that your compliance officer have five years of experience with the Bank Secrecy Act and sanctions.
REGGIE: So some in-house general counsels at FinTechs tend to be generalists or are rotating into FinTech for the first time.
MATT: Right – a lot of lawyers a founder might hire won’t qualify to be the compliance officer under state laws.
I regularly advise founders to decide based on whether their GC has compliance officer experience and if not—whether they have someone in-house, that they trust who does.
This is for the good of the company and shouldn’t be a vanity or popularity contest, and your GC of all hires should get that and go with the flow.
The other thing I advise folks on is to not give away too big of a title too soon.
Like most banks only require you to appoint a BSA officer. That lets you give out a “consumer compliance officer” title to someone else if they’re a better fit, or if you need to split titles for retention purposes.
Same thing on giving out the “chief” compliance officer title. Save this for when someone earns it and is ready. Or if you need to hire over your current team, but don’t want them to leave.
What makes a good chief compliance officer?
MATT: I think there’s a few key elements.
The first is a good compass on legal requirements, and how to operationalize them.
If your compliance officer has a firm understanding of the law – or a lawyer they trust and lean on to help them get there – they have the right starting point.
Next is the ability to balance the legal requirements vs. the risk vs. the business opportunity. Sanctions is a good example of this because it’s black and white at the 30,000 foot level, but really gray and fuzzy as you get closer to the work.
US law says don’t do business with people on the SDN list. That’s clear.
Some compliance folks will take this to extremes and say you need to screen everyone 100% and constantly re-screen to ensure compliance.
And sure that’s one way to do it – but a super strict view could also strangle your business. Or be out of whack with what competitors are doing to run their products and build market share.
A great compliance officer can identify the risk related to the requirement. For example, if your customers need a US bank account to use your product, they’ve already been screened somewhere else. So your customer population is less risky.
Off of this, maybe it’s OK to lag your sanctions screening and do it next day or allow the minimum use of your product.
And more importantly – to get something launched, you might need to live in this gray zone because your product and engineering teams can’t deliver the tooling you need to do real-time sanctions screening until after launch.
If you’re in a small startup - you need to get the product out the door to find market fit and also get revenue going. A good compliance officer gets that and is going to help you find the safest and fastest way to launch.
The last key element is compliance officer and founder/CEO fit. If you’re a founder looking for your first compliance officer, hire someone you like and can respect. Because you’re going to have tough conversations with that person and you and the other execs are going to spend a lot of time with them.
What are some common pitfalls for compliance teams?
REGGIE: The big one that comes to mind is compliance can sometimes become a dumping ground for other functions. Especially vendor management, risk and fraud, and partnerships work. Partnerships here mean partnering with banks and other critical third parties.
What about you Matt, are there any pitfalls that come to mind?
MATT: Keeping clean reporting lines to drive accountability can be an issue. In other words, compliance shouldn’t report to other functions.
They should be focused on AML, sanctions, etc. If they report to other functions like, say, partnerships or risk, then scope creep that’s sub optimal for the company becomes a problem.
Reporting to other functions also blurs the first and second line. You want to make sure the business doesn’t have full power to overrule compliance.
Compliance Resources
If you want a deeper dive on compliance, check out these resources.
- Explainer on fintech AML requirements
- How to build a compliance program
- How to build and scale a compliance team
- How to build your US KYC/KYB operations
For access to quality legal templates, visit our free Legal Library.
–
If you liked this episode, subscribe to the podcast on your favorite podcast app and give us a review on iTunes.
About Fintech Layer Cake
Fintech compliance. It can be complicated and overwhelming — even if you've been in the industry for a while. But what if there was a podcast that made learning about it a piece of cake? That's what Fintech Layer Cake is about.
It's hosted by two popular fintech lawyers, Matt Janiga and Reggie Young. In each episode, they use their experience from working at companies like Lithic, Stripe, Square, and BlueVine to break down some of the toughest topics in fintech.
Listen on iTunes, Spotify, or your favorite podcast app.