• About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact

Striking the right balance for aspiring FinTech and PayTech firms

November 26, 2021

From a risk management perspective, these are interesting times for small regulated FinTech or PayTech firms, which may still be micro-businesses. My experience is primarily in the FCA regulated space, at a time when we are about to see more public sector collaboration with private sector SMEs. On face value, this looks a really interesting opportunity, as reflected in the HMRC Open Banking public procurement award to micro-business, Ecospend, in February 2021.

Ecospend case study

The UK tax authority handed a £3m Open Banking contract to FinTech startup Ecospend, with the aim of making it easy for taxpayers to submit payments direct from their bank accounts, rather than through debit or credit card.

Viewed as a significant boost to the uptake of Open Banking services in the UK, HMRC worked with the Open Banking Implementation Entity (OBIE) on the procurement exercise, which went out to tender in 2020. HMRC expects that Account Information Services (AIS) will enable it to access customers' transactional data to deliver ‘enhanced and tailored financial services’. 

Two recent public tenders by the Crown Commercial Service and the Money and Pensions Service (MaPS) have reinforced the government commitment to work towards their aspiration of spending £1 in every £3 with SMEs by 2022. The UK government definition of SMEs encompasses micro (<10 FTEs, turnover <€2m), small (<50 FTEs, turnover <€10m) and medium-sized (<250 FTEs, turnover <€50m) businesses.

What is the regulatory concept of proportionality?

A proportionate approach is meant to mean tailoring regulatory supervision requirements to a firm's size, systemic importance, complexity and risk profile. Conversely, risk-based supervision may mean that micro-businesses suffer dis-proportionately in the emerging worlds of regulated FinTech and PayTech because of the higher risk permissions they hold in immature markets (e.g. PSD2).

Proportionality should aim to avoid rules that could distort the financial services market, for example, by unduly constraining its development, curbing competition or limiting the diversity of market participants.

MaPS wishes to encourage an approach which provides a sustainable operating environment for a diverse supply chain which includes start-ups, SMEs and voluntary, community and social enterprises (VCSEs). This includes a strong digital transformation agenda where use of ‘disruptive technologies’ feature prominently.

SMEs in the supply chain are required to contribute to the MaPS policy ambition through its approach to innovation and disruptive technologies to deliver at lower cost and/or higher quality. Continuous improvement is also a policy goal.

Hybrid & remote working operating models

The FCA published on 11 October 2021 their expectations for regulated firms with remote or hybrid working arrangements. The regulator is taking a forward look on trends in target operating models (TOMs) as part of their supervisory approach at a ‘portfolio level’. Unlike the energy sector, they have been monitoring the financial resilience of firms they supervise through the pandemic and coming out of it as transitional arrangements become transformational. 

Priority checks for SMEs:

  • Are your principal places of business substantially remote? 

  • Will the FCA be able to supervise you effectively, including outsourced functions?

  • Can those responsible for GRC and QA fulfil their SMF roles effectively?

  • Is any enhanced risk of consumer detriment reflected in your Conduct Risk Frameworks? 

  • Assuming changes in TOM, are there other heightened risks (e.g. Cyber-crime)?

  • Do temporary changes in operating practice following the pandemic need to be made more resilient (e.g. the shift from transitional to transformational, ability to flexibly scale)?

  • Have you checked the compliance and resilience of your whole supply chain? 


FCA Consumer Duty – July 2022

Given the introduction of the Consumer Duty in July 2022, it will be interesting to see the degree to which ‘culture’ fits into the FCA’s assessments around how this is achieved in a hybrid working model for newly established firms with associates that need to be enrolled into not only the business, but the supply chain that makes up the ‘customer journey’. 

This is being talked about more in the CCaaS world, especially around dealing with vulnerable customers and is very relevant in the regulated debt advice sector from an omni-channel perspective. Consistency of experience across channels and across the workforce will be key metrics going forward. 

MaPS has just closed a call for evidence on how MaPS funded face-to-face (F2F) debt advice providers coped during the pandemic when the sector effectively closed. One of their leading questions was “How has the pandemic affected the way you deliver debt advice?”. Future contingency planning, therefore, becomes critical in this scenario.   

The FCA wants to be able to supervise sustainable financial and operational resilience, which is always challenging for new market entrants where there may be demanding working capital, prudential, capital or safeguarding requirements that need to be met on a sustainable basis over the lifetime of a 3-5 year Business Plan. When operating in a volatile market like the one we are seeing coming out of the pandemic and Brexit, the strategic planning challenges can be daunting, especially when considering the necessity of meeting the government Policy Outcome of increasing supply chain resilience and capacity. 

The mythical government ‘levelling up’ White Paper may also have unintended consequences where key resources become more expensive when they realise their true value in a hybrid working environment. Start-ups and SMEs can often be badly impacted where remuneration packages are based on the future value of a business rather than offering high salaries. London salaries are becoming more accessible by employees that are entirely remotely based. 

Growing and diversifying supply chain opportunities is at the heart of government’s Industrial and Civil Society Strategies. They believe that an economy with diverse, resilient and innovative supply markets is a cornerstone of prosperity. They believe that it is also a commercial advantage to spreading risk more broadly since it reduces commercial risk. The question is whether SMEs can readily comply with this environment, both culturally and in terms of meeting stringent due diligence requirements. 

The government has outlined the requirement to drive greater resilience, capacity, innovation, use of disruptive technologies, green technologies, efficiency, quality, modernisation, productivity and collaboration/co-design in the supply chain. These are all laudable goals, but potentially place more burden on emerging micro-businesses in meeting the minimum credentials required to support such bids without having a guardian angel looking over you (e.g. a pre-approved major systems integrator).

In delivering its National Cyber Security Strategy, government’s objectives include having the means to ensure UK networks, data and systems are protected and resilient throughout the supply chain. By way of example, they reference the Cyber Essentials Plus scheme (requiring ISO27001 accreditation and cyber insurance). Closing vulnerabilities to cyber threats is a major consideration in the effective performance of a technology-based service delivery contract. Scaled penetration testing is expensive and iterative.  

Jessica Rusu (Chief Data, Information and Intelligence Officer at the FCA) made a speech on 2 November 2021 at the CDO Exchange for Financial Services. She has reinforced the investment FinTech and PayTech firms need to make to build trust and protect consumers. She has also highlighted the challenge of dealing with ‘insistent customers’ that may not act in their own best interests, which can be a real dilemma when faced with downstream consequences if claims management firms focus on high complaint levels in any regulated sector that brings in the Ombudsman.

“The threat landscape has shifted for consumers, with fraudsters and scammers benefitting from new technologies and new consumers being drawn to high-risk markets and products, motivated by competition with friends, family, acquaintances and the influence of social media.”

New kinds of consumers are being drawn to new markets and their behaviour isn’t always rational. The FCA’s recent surveys suggest more than 75% of people investing in high-risk products are motivated by competition with friends, family and acquaintances, with more half say that hype on social media and the news drove their decisions. This is making KYC and CDD checks even more challenging where behavioural and transactional data (e.g. Open Banking) are becoming increasingly important over more traditional sources of data (e.g. CRAs).

It is clear that the conduct risk frameworks and compliance monitoring programmes for regulated FinTech and PayTech firms are likely to be dis-proportionate to the size of the entity, but where the potential downstream rewards warrant the necessary investment in financial and operation resilience in systems & controls. This is beginning to be reflected in the private equity market coming alive again in this space.


Kevin Still is an aspiring iNED

Tags: Kevin Still
Prev / Next

Blog

Featured
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson
Sep 25, 2023
Chris Burt
The implications of the revised UK Corporate Governance Code
Sep 25, 2023
Chris Burt
Sep 25, 2023
Chris Burt
Sep 13, 2023
Andrew Cunningham
Financial regulators take aim at crypto-finance
Sep 13, 2023
Andrew Cunningham
Sep 13, 2023
Andrew Cunningham