FSI Member Spotlight Episode #18: Challenges fintechs face relating to compliance and how to fill the gap
In a recent FSI Member Spotlight, Praxent had the opportunity to meet with Jeff Horvath, CEO & Co-Founder at DigiPli Inc., a company that helps FinTechs onboard new customers quickly, efficiently, and in full compliance with the anti-money laundering laws with their flagship product called Onboarding-as-a-Service.
In this episode host Tim Hamilton, CEO & Founder of Praxent, talks with Horvarth about the challenges fintech faces relating to compliance and the various ways they can fill the gap.
Tim Hamilton. – Well to kick things off, tell us a little bit about what DigiPli does, the problem it solves, and for whom.
Jeff Horvath. – DigiPli refers to digital compliance, and we help fintechs onboard new customers quickly, and efficiently, and in full compliance with any money laundering laws, with our product called ‘Onboarding as a Service’. And that’s a highly automated and configurable SaaS product that comes integrated with all the tools, data, and products you need to run and launch a fintech, from an AML perspective. Plus, we bundle it with ongoing support from our anti-money laundering experts, and they can provide the day-to-day help needed to make everything run as smoothly and seamlessly as possible. And in terms of customers our ideal customers are new and growing fintechs, like payment companies, currency firms, crowdfunding platforms, online lenders, and neobanks.
Tim Hamilton. – We’re going to get into a discussion about AML and BSA, and the very specific areas of compliance that are most challenging for those fintechs. But tell us about the founding story. Before we do.
Jeff Horvath – There’s three of us on the founding team in DigiPli, and all of us spent the last 25 plus years working for major financial institutions, either in a legal or compliance or I.T. capacity. And we saw that the systems and processes there, from an AML perspective, were a mess, and there are clearly better ways to do things. And the problem, though, that these big firms were so mired in their legacy processes – couldn’t get out of their own way. And with the rise of fintechs and how much the fintechs are taking market away from the big players, to be honest, we saw an opportunity to ditch Wall Street and do something a little more fun and interesting, and we really wanted to become part of this growing financial ecosystem and take the experiences we’ve built up over the last few decades and deploy them to help fintechs avoid some of the mistakes and issues and problems that are haunting banks to this day, and that led to the launch of DigiPli about three years ago.
Tim Hamilton – At a high level, what are some of those regulatory requirements that a B2C in particular, a B2C fintech, faces when they’re offering a banking-focused value proposition?
Jeff Horvath – And I would almost take a step back and differentiate fintechs that are partnering with banks, maybe we can talk a little bit about that later, versus fintechs that are actually operating as a regulated entity. But let’s look at the fintechs that are partnering with banks and delivering that value proposition to a consumer. The fintech itself might not be necessarily subject to all that many regulations, but the bank is under enormous regulatory pressure, enormous regulatory scrutiny, many, many sets of laws, rules, and regulations on the federal and state level to apply to them. And what we’ve been seeing over the past year or two is, even though the laws haven’t changed that much, banks risk appetites have changed as fintechs become more and more a significant part of their portfolio. And what banks have been doing is in effect in their contracts with the fintechs, mirroring the regulations that are applied to those banks. So in a way, by contract, a lot of these fintechs are becoming regulated in the same way that banks are being regulated. And when it comes to the anti- money laundering laws and the Bank Secrecy Act, that’s really focusing on the controls around the onboarding and due diligence for new customers. And once those customers are onboarded, the review of the activity of those customers designed to detect suspicious or anomalous transactions.
Tim Hamilton – You just articulated two separate categories. The first one was the onboarding and the second one was monitoring transactions for suspicious activity. Let’s go into that first one, the onboarding perspective first.
Jeff Horvath – And this is the one that I would say is applicable to almost every fintech, especially in a B2C space. So it’s really about understanding that consumers and the bank’s obligations are going to be passed on to the fintechs. So you have to look at what the bank’s obligations are. They’ll be detailed in the contract, but generally, it’s going to involve verifying the identity, through a government I.D. or some other method, of the consumer, making sure the consumer isn’t on any sanction lists, or terrorist lists, or government watch lists – trying to analyze that consumer to see if they have any red flags associated with them. Are they in a country that has a high corruption risk? Are they engaged in products, or businesses, or activities that might lend themselves more towards potential money laundering activity? And then for those higher-risk customers, performing what’s called ‘enhanced due diligence’, which is basically doing a deeper dive to make sure you really know who they are, where the money’s coming from, and what they’re going to do with the account. And that process all takes place before you even start transacting with a customer, and a lot of it takes place behind the scenes so that the customer doesn’t even see what’s going on there.
Tim Hamilton – I’d love to hear how quickly each of these categories are evolving from a regulatory perspective, but perhaps before we do that, Jeff, tell us a bit about the second category, when we’re monitoring the transactions.
Jeff Horvath – Well, the monitoring of transactions is really around trying to detect anomalous or suspicious activity. So if you consider driving a car, right, you’re going onto the highway, the onramp is your onboarding process and there’s a set of controls around that. Once you get on the highway, you’re subject to various different rules around how fast you can drive, the recklessness of your driving and so on. So the monitoring component is really looking at transactions and trying to flag those transactions that might look suspicious. So is based on a customer’s profile. Would it be strange for them to send large amounts of money to a particular jurisdiction? Are they sending money back and forth at certain denominations right below some reporting thresholds? Are they sending different types of money or transacting in different ways that might be concealing where this money came from? So it’s really about developing the tools to look for these anomalies. Once they pop up, analyzing them, and then deciding, is this a suspicious something transaction? In which case there will be a report requirement either at the bank or maybe a regulator. Or is it just within the normal parameters? Maybe get tripped up in a flag, but not a big issue, in which case you document your resolution and close it out. So there’s a lot of work that goes on in just reviewing those activities, but it’s a key component. And then there’s obviously, once you have onboarded a customer, making sure that in a week, two weeks, two months, what have you, they don’t actually get it back on to one of those original watch lists you checked. So it’s really around maintaining that customer file and the customer data up to date.
Tim Hamilton – And reflecting on how much these regulations change and at what pace, tell us a bit about the evolution of these rules.
Jeff Horvath – So the rules started out a long time ago and continue to be layered on with new and new sets of laws and rules. So over the past 50, 60 years, there’s been dozens of different sets of requirements which have been layered on. I would say the most transformative came right after 9/11, when they passed the Patriot Act because the requirements were much looser prior to 9/11. After that, they really tightened up and imposed a whole new slew of requirements for vetting and doing due diligence on both individuals and entities and the owners of entities. And then it continued to evolve, and every X number of years, you’d see another set of requirements added on to what was existing within the framework. And the most recent one was just about a year ago when it passed, which was the Anti-Money Laundering Act of 2020, which established an additional layer of obligations designed in some ways to modernize the rules, but in other ways to close some of the existing gaps that became more and more obvious over time.
Tim Hamilton – As you look ahead, what are your predictions about the future of AML and BSA?
Jeff Horvath – I would see the future continuing the same trends that we’ve seen over the past 20 years, and that’s really a continued ratcheting-up of regulation and oversight over the payment industry. And there’s really, I would say, two main drivers for this. One is that it was much easier for the regulators to oversee this activity when the vast percentage of it was handled through a handful of large financial institutions. Now, with the thousands of fintechs out there offering different payment solutions, plus major players from a tech space or an online retail space getting involved and also providing financial services, it’s really disseminating the provision of these financial services over not just a wide range of players, but people who have never actually worked in a regulated industry before or sold regulated products before, so they’re not quite sure how well they’ll fit into the existing regulatory infrastructure. That’s the one component, the other component: cryptocurrencies. It’s been basically a political issue. There have been enough ransomware attacks and various crimes in which cryptocurrency has been requested as the payment that it’s really gained a lot of attention. The existing rules, to be honest, don’t make sense. Indoor won’t work when it comes to cryptocurrency, from a technical perspective. So even if you wanted to try to regulate it in the same fashion, in many cases it’s trying to slam a square peg into a round hole. So I would see a lot of attention on cryptocurrencies, but because of those two trends really focused on the fintechs in this growing ecosystem, that’s really going to shift a lot of attention, I think, from what historically has been focusing on banks, into these fintech areas.
Tim Hamilton – You mentioned a moment ago, Jeff, about the dissemination of these rules across an increasingly fragmented ecosystem of fintechs doing new and different things. How do the regulations vary from one fintech to another?
Jeff Horvath – So good question. And really, the first thing to look at is what’s the financial service being provided? Are you selling securities? Are you providing investment advice? Are you engaging in cryptocurrencies? Are you sending money overseas? The activity drives the regulatory environment, and depending on your activity, you’ll be subjected to a different set of regulators, a different regulatory application process, and a different set of conduct rules. The anti-money laundering laws are pretty consistent, regardless of what each of those activities are. There are different practical implications and how you carry them out. But the anti-money laundering laws are going to be pretty similar from one to another. That, though, is really also then, we’ll go back to one of the points we discussed earlier, which is, are these firms providing this service on their own, as a regulated entity? Or are they partnering with a bank or a sponsor bank who is delivering this product for them, in which case the bank bears the regulatory burden, which will shift some of that to the fintech, but it’s a faster and easier approach to take, is partnering with a bank rather than going through that process independently.
Tim Hamilton – So for a start-up, fintechs, some practical advice may be to really prove-out your go-to market and minimize the regulatory hurdles as much as you possibly can until you’ve really proven unit economics and are ready to scale. And you can achieve that, and we’ll talk with you in just a minute about sponsor banks and what those structures might look like, but a sponsor bank partnership is one key way to achieve that.
Jeff Horvath – Absolutely, and that’s generally the advice we give people, in that it’s very difficult, very time consuming, and very expensive to go through the registration process. You need people with the right skill sets, you need people with the right licenses, and some institutions are well-funded, well capitalized, and have a lot of money to start out, and great for them. Most of the firms we’ve been talking with are going through that fundraising process first. And if you can deliver that product through partnering with another, it’s a much quicker and easier way to demonstrate, as you say, that ‘go to market strategy’ and to scale, and then look for maybe an independent regulatory path to deliver specifically, or to achieve what specifically you want to achieve.
Tim Hamilton – Let’s talk a little bit more about that sponsor bank path. What should fintech founders consider before proceeding with a chosen sponsor bank?
Jeff Horvath – There’s a number of considerations, obviously price and product is chief among them, but one of the requirements the bank is going to have is that the fintech implements certain controls so that the bank can help manage its own risk, and a lot of times those controls aren’t disclosed or discussed until you get pretty far down the contractual path. And I’ve seen a huge range of, if you will, requirements from different institutions. Some of them, very light touch with the financial institution, or the bank, owning most of the risk. Some of them are very, very onerous, very expensive to address, and require a really costly infrastructure for the fintech to stand up in order to meet those contractual obligations. So one of the advice would be: look more broadly at the fine print in a lot of these contracts, in terms of what they can apply, what they will require you to do. But also, certain banks, while they might have the technical authorization to do things, from a practical, risk-based approach, they’ve decided not to do it. So, for example, some banks have said “Full stop, we’re not going to do business with these 25 countries.” if you don’t figure that out until three months into your negotiation process and that happens to be one of your key markets, you have wasted a lot of time. So understanding really what that regulatory posture is, upfront, is important.
Tim Hamilton – It really seems like it’s a function, to a degree, of the bank’s risk tolerance and how fintech centered they might be, or might not be, given that risk tolerance and their overarching business strategy.
Jeff Horvath – Yeah, that’s right, and there’s maybe I would say, 20 or so banks out there that are very fintech focused, they understand the fintech business model, and have products designed to suit it. Others are getting into that space. Others want nothing to do with it because they see it as a high-risk activity that they and their shareholders just don’t want to have to address.
Tim Hamilton – Let’s talk about that next. The considerations from the financial institution’s point of view when they’re looking at a sponsor bank strategy, for example, as a way of expanding. What are some of the pros and cons from the bank’s perspective to expanding in this way?
Jeff Horvath – I would say, the pro obviously, is getting a good growing stream of business, modernizing their book of business, and generating asset flow and generating assets. So that’s sort of obviously a financial consideration for them. There comes with it a big downside risk because, in a lot of ways, they are going to be ultimately found liable for what the fintech does. So even if the fintech is, if you will, contractually indemnifying the bank for their activities, the bank, at the end of the day, is going to be on the hook. So, they’re going to be very cautious in terms of what sort of relationships they allow to happen. The countries that you allow to transact with, the products that you’re going to have access to, and I would say from a sponsor bank perspective, they’re going to be very cautious in terms of continually looking at that risk profile of the fintech, because those of us in this start-up space know that one of the most popular words is “pivot”. And if a fintech starts out with strategy a-b-c, which the bank likes and then pivots to an x-y-z strategy, that can completely change the risk profile of that institution and that’s somewhat scary to the banks.
Tim Hamilton – Yeah, that is a very nuanced approach to partnerships, one that requires a lot of very, very careful and deliberate risk management. Now tell us, Jeff, about where DigiPli fits in and the different ways that a fintech can comply with these regulations.
Jeff Horvath – So in terms of how a fintech can comply with these regulations, I’ll take that one first. It’s really one of two options. They can do it themselves, or they can find someone else to partner with and do it with them. So doing it themselves is what we find many fintechs do, largely for cost purposes at the outset. There is a risk associated with that. Obviously, the risk of not being aware enough of the regulations, making a misstep, getting something wrong, not appreciating a limitation that you might be subject to, and that can really and burning you when it comes to discussions with investors or with banks down the line. The other concern is the compliance officers are expensive. They’re difficult to maintain. And it’s really, when do you hire that right compliant support? So doing it in-house has the benefits of potentially being cheaper, but you get what you pay for. The outsource compliance support is what we see a lot of fintechs go for, with a combination of either an outsource, what they call a ‘fractional chief compliance officer’, or outsourced work, either through bringing in external systems and data to bringing in external staff to help with a lot of the day to day operations. So that would be at least one thing I’d recommend, is get at least your infrastructure set up for you on the outset. And that’s kind of one of the things that DigiPli really focuses on is, yes, we can help you set up your infrastructure. We can give you the systems and tools and data you need. But really, where we are setting ourselves apart is we like to partner with people from a long term perspective. So it’s great you can just give them a system, but then you’ve got to run the system. So we we try to bundle that with outsourced support to run these systems for and with the fintechs.
Tim Hamilton – At the top of the call, Jeff, you mentioned DigiPli’s ‘Onboarding as a Service’ offering. And I wonder if you might be able to walk us through that from the point of view of the customer, or the new account holder and what their journey looks like and where you all come in.
Jeff Horvath – Well, if we do it right, the customer is not going to know we exist. So we’re sitting completely behind the infrastructure of the fintech. But from a customer coming in, they would, in any relationship, provide a lot of information name, address, date of birth, that gets ingested into our platform. We would take that. We would run all the different screens. We would run all the scans and the checks. We would verify their identity. We would risk rank them to determine whether they’re a riskier customer. If so we would bring in additional data to make sure we understood who they were and how they’re working. And some percentage of customers are always going to be flagged as potential issues or problems. And we have our analysts who really just take that first look at what’s happening with this particular account. How can we fix it? How to resolve it? Can we get this account open without having to bother the fintech? Because it’s a minor issue that we can address. And that’s really, I would say, where this service component comes into it. It’s really bundling together that day-to-day support to augment what we can deliver from a technical or software application perspective.
Tim Hamilton – What’s the number one thing people should know about DigiPli, and what they should expect to see in DigiPli in 2022?
Jeff Horvath – So we deliver anti-money laundering products and services that are designed by industry experts, and specifically designed to help fintechs scale quickly and compliantly and avoid potential headaches and mistakes. And then, 2022 will really be continuing to build-out our product line, ingest new data, automate new aspects, and find other ways that we can streamline the anti-money laundering infrastructure we provide to fintechs.
Tim Hamilton – Thanks so much, Jeff, for the conversation.
About FSI
FSI is an exclusive community for financial services executives and digital product leaders who are looking to deepen their understanding of relevant innovation and emerging trends. What you can expect to get as a member of FSI:
- Access to conversations and discussions with your peers.
- Exclusive content focused on helping grow your business.
- A forum to ask questions, share experiences, and learn from some of the top leaders in this field.
This group is not for promotion, and content of an overtly promotional nature will not be allowed. The community is professionally moderated.
Share your experience and find solutions for the greater good by joining us. Invite your friends & colleagues!