Step by Step Guide for FinTech Startups

By Fire Labs Team | May 31, 2019

After constructive discussion with the law experts, companies providing the RegTech services, and based on our proven experience in the FinTech industry, we've decided to make a detailed tutorial for FinTech startups and point out the most common mistakes having an impact on the growth. We will dive deeper into the issues that are very crucial for launching successful innovative products in Fintech.

For a more precise understanding, FinTech is an abbreviation of financial technology for designing and delivering financial services and products. The usual providers of such services are banks, insurers, traditional financial institutions. Why there are so many emerging FinTech startups nowadays?

Indeed, all of them try to smooth the payment process, tackle fraud, make the lower customer's costs, and accessible for people who don't use traditional banking services. Global fintech investment has been growing each year, just for comparison in the 2015 year grew by 75 % ( from $9,6 billion to $ 22,3 billion, and such tendency remains till now) and it means that is a huge potential market.

Such top FinTech companies like Trasferwise, Lenddo, Revolut, Ripple have already transformed the way we are transferring money. We suggest also considering the actual report on the State of the Fintech Industry prepared by the TopTal team. It reflects the actual statistics in FinTech and useful insights on emerging technologies in this industry.

In our article, we tried to develop a step by step guide for the founder of emerging FinTech startups and pay attention to issues needed for the successful launching.

What should be taken into account for financial tech companies?

Let's start with compliance because 3 of 4 projects are blocked because of difficulties in getting a license or assuring the legitimacy of their business.

Legal compliance in FinTech

The success of any FinTech company depends on resolving the problems with legal compliance in the country where it will operate. This is a crucial success factor of the Revolut app because they have a robust legal department helping with the regulations/ compliance issues in 40 countries.

There are lots of regulations for fintech companies in Europe; however, what could cause severe fines and came into effect in Europe last year - GDPR.

What could be treated as sensitive data based on GDPR:

  • personal identity number
  • location
  • IP address, cookies
  • Info about the economic, cultural, physical, social statuses
  • nickname

So just first and last names are not treated as sensitive data, however when it is connected with the personal email/ phone, as it gives access to your internet banking.

The main principle of these regulations is assuring the transparency for the end-users that could get:

  1. The right to get the confirmation of data processing
  2. The right to get a copy of personal data
  3. The right to get the purpose of data processing, data categories, timelines, recipients
  4. The right to protest against data processing

FinTech startups that process sensitive data, it is required to pay prime attention to Art17 GDPR "in certain circumstances" that could cause severe fines in cases when:

  • there is the absence of necessity for data processing for the fulfillment of goals following which it was primarily collected/ processed
  • working with illegal data processing
  • when the personal data is not deleted under the legal requirements in the EU when the user requires it.

If your business operates in the EU and you choose a software development vendor you want to be sure that this vendor will share the responsibility for the security of your users' data, they should guarantee meeting the following measures:

  • take care of security before it will be processed
  • the vendor should take the risks related to personal data at each stage of data processing
  • implement the technical and organizational measures of data protection
  • informing the corresponding authorities within 72 hours about the data leakage or possible vulnerabilities

Thus, it is a common practice when the founders apply for the third party companies who could provide the independent GDPR audit and point out the vulnerabilities that could cause data leakage or severe GDPR fines. Based on GDPR, the penalty is split into two groups:

- serious violation (10 mln euros fine or 2 % of the total turnover)

- insignificant violation (20 mln euros fine or 4 % of the total turnover)

(however, it is not detailed declared what could be referred to as a serious or insignificant violation)

The most common mistake of FinTech startups - not informing the corresponding authorities and end-users about the data leakage within 72 hours. For instance, Mistertango ( popular FinTech startup from Latvia) was fined 61,5K EUR for failing to ensure data minimization, storage limitation, data security, and for violating an overarching principle of accountability.

They also didn't inform the corresponding authorities in Latvia and their users about the appended data leakage. In the course of the investigation, the DPA established that a website listing payments processed by Mistertango along with the customer personal data were openly available online for at least two days in July 2018.

Mistertango failed to notify the DPA about this a breach in contravention of Article 33 of the GDPR.

GDPR vs. PSD2:

The responsibility of the banks to provide the Third Party Providers access to the info about the accounts. If the bank refuses to provide such info, it could be treated as a violation of anti-monopoly legislation.

To the attention: what is needed if you operate under GDPR regulations:

+ Determination of potential risks of data collection by the Client in case of the GDPR rules breach;

+ Identification of the purposes of the data processing allowed under the GDPR rules;

+ Drafting and development of the template of notification of persons, whose data has been collected about such collection and processing. Such notification will include information about the type of data being processed, the purposes of such processing, and the actions that will be taken towards the data;

+ Drafting and development of the legal evidence of the lawfulness of data processing and proof of its safe storage;

+Web-documentation for Client's online platforms in compliance with the General Data Protection Regulation rules (Privacy Policy, Terms of Use, etc.);

+ The company's internal policy on data collection and processing in order to meet the GDPR requirements, including the process of handling data leakage incidents;

+ Data processing agreements between the Client also, the third parties, as well as between the data controller and the data processor;

+ Search and negotiations with the Data Protection Officer (DPO). Development of a service agreement between the Client and the DPO, defining the responsibilities of the DPO;

+ AML/KYC due diligence counseling;

+ Assessment of AML/KYC requirements based on the Client's business model and corporate structure;

+ Advising on the establishment and maintenance of an internal AML/KYC policy, if necessary.

KYC / AML compliance

KYC law is to an increasingly complex ruleset. Banks and financial service providers have to adhere to international anti-money laundering regulations as well as to local standards.

Thus there are many fintech law firms ( or your software dev vendor could also have the legal department with such expertise) which provide services for assuring the high-profile matters of the day-to-day operation of FinTech businesses in compliance with the corresponding jurisdiction.

Sometimes the dev software agencies partner with the legal firms for providing such services as it also requires a close collaboration while preparing the KYC/AML compliance documentation or GDPR declarations.

The average price for developing such documentation range from $5-$10 K in Eastern Europe ( Ukraine, Russian, Latvia) and $30-$50 K in Scandinavian countries or in Western Europe as lawyers prefer to work based on hour rate instead of providing the fixed price for such services. Thus some quotations could be even higher.

On the contrary, even early-stage fintechs are well-advised to give regulatory compliance a high priority in their business development plan. They can also apply to large banking institutions, as they are also certified AML/ KYC providers.

A fascinating insight that KYC provider Mtpelerin is one of the certified providers. It means that they take full responsibility for legal proceedings and inconsistencies. While you will be considering the KYC providers, take into account that uncertified providers don't take responsibility if some differences could come up.

Assuring the legal compliance for the FintTech companies

Development of new or improved risk-based AML/KYC Compliance Program and internal controls that incorporate international and local requirements, as well as best practices. This normally includes:

+ AML Compliance Policy Declarations. Includes recommendations on Anti-Money Laundering Compliance Policy Declarations, Ascertainment of Customer Identity, Transaction Monitoring, Internal Reporting of Unusual/Potentially Suspicious Transactions, Reporting of Unusual/Suspicious Transactions, Internal Security Measures and Record-Keeping, etc.;

+ Terms of Service;

+ Privacy Policy. Incorporates information collection compliance, use of information, children's privacy, storage, security, third-party access, etc.;

+ Cookies Policy;

+ API Terms of Service. Includes API Use Restrictions, information regarding transmitted data using the API, etc.;

+ Law Enforcement Requests Policy;

+ Risk Disclosure Statement;

+ Anti-Spam Policy;

+ Trademark Notices.

Take into account, that loss of FinTech companies related to crypto operations forgot about the Data Protection Impact Assessment. The regulatory authorities in the EU consider such companies as a high-risky. Thus, they could conduct an inspection, and you should be ready for that. It will simplify this whole process if the fintech company would have the audit report held by the authorized legal firm initially.

This report is done as a summary after the audit related to data collection and protection of end-users. All this paperwork is also required for getting EMI ( EMI ELECTRONIC MONEY LICENSE), which could take from 2-4 months and range from 10-50 K depends on the country.

Design thinking in FinTech

The design thinking is also an inevitable part of launching FinTech products that could surface the unmet needs of the people for whom you are creating

Design thinking is not just about improvising usability. It could help to think over the product idea with the tech specialist, Lead UX designer, Product Owner, and Marketing Expert.

What benefits it could bring for your FinTech product :

1. It reduces the risk associated with launching new ideas.

2. It generates solutions that are revolutionary, not just incremental.

3. It helps organizations learn faster.

4. It helps faster get the users' feedback and prioritize the scope

Based on the statistics of companies providing such service, around 40 % of the initial product functionality is modified after the design thinking session with the founders and expert team. Here is a list of best practices for design thinking approaches that are used in our practice:

- How-now-wow matrix, when we prioritize and select your most innovative ideas

- Innovation blueprint, when we overview of key elements of innovation activity. Identify clear roles and allow your activities to be compared.

-Persona, when we help you visualize and better understand your customer segment. It is the starting point of your problem exploration journey.

-Pitching checklist, when you want to sell a killer business idea, your pitch needs to pack a punch. This 5-part checklist is the best way to make sure your pitch hits home.

-Fragment cards mean document stories and observations uncovered during empathy sessions.

One of these techniques could help to validate the idea with the expert team better.

Why design is also so important?

The global statistic states that the number of mobile users using internet banking on mobile devices is significantly growing each year. Just compare 27 % in 2017 and 43% in 2018.

Around 23 billion apps are launched each year globally. However, smartphone users install a new app every 4-5 months. It means that is it getting harder to attract new users and gain their trust. Fintech is a domain where usability, simplicity in usage, authentic relationship with end-users are crucial for growth.

Take a look at the diagram reflecting the percentage of comments related to Design Look.

design look

Involving the users until the launching into the production

While your FinTech product is under development, you should work on your marketing strategy that would drive people to use your app when it is online. Please do not plan on having thousands of users after launching it into production.

FinTech - is a domain where trust is an inevitable part, and your communication with a client should be initiated before they will try your services. This is a significant factor in Robinhood's success where the team managed to get millions of new users in days.

Their team was working on helpful content for their potential users while the app had been in development. The best channel was Reddit. In most cases, the software agencies partner with leaders in PR&Marketing for assisting their clients with acquiring the market, as they are both interested in a client success story.

Taking into account global trends

1. Round-Ups.

Probably you have heard that it is becoming a new trend in the FinTech domain that helps to do 17x the trading volume of Fidelity. Thus, micro-investments is becoming so popular because charge now could bring high earnings both end-users and FinTech company.

2. Targeting users in developing countries

Now EU based users are not so attractive for the fintech startups event taking into account that the average сheck is higher compared with MENA countries. They are less constrained by legacy financial and mobile infrastructure, incumbent banks, old regulations, and set ways of thinking.

A large concentration of the dormant bank accounts is in India, which is also the country with the highest level of unbanked people globally. In India, between 40% and 50% of all accounts, some 300 million, are dormant. China is close behind with 100 million. Indeed, across 29 emerging markets surveyed by the CFI, one in five people "have an account but have not used it in the past year," and this number is growing.

Globally, the mobile money industry now processes an average of $1bn in transactions every day, in small increments. The average mobile money user moves about $188 per month, according to GSMA.

In Ghana, regulators now allow mobile money users to accrue interest on savings accounts. Because Zimbabwe's economy crashed in 2017, mobile money revenues grew by 5% between the second and third quarters as people relied more heavily on digital transactions to cope.

3. Cross-border payments

Remittance will be the next trend that could transform a whole cross-wire system in the world. People are faced with the troubles sending money to other countries and regions, the transactions are still costly, slow, and cumbersome.

While some would be put off from intra-regional transfers by currency risk, services such as Transferwise already have the local market infrastructure in place. Potentially blockchain could also resolve problems with cross-countries wire, and one of the cases was described on our WIKI.

4. Simplified investing

It is also becoming a new trend while upcoming fintech startups are adding thousands of users by clarifying the investment opportunities for their users. The high case - Stash fintech company that managed to combine the 25K user by constraining users investment options

5. Using behavioral science behind trigger-based in finance

A compelling case that we would like to share about this upcoming trend is very close to a fintech company called Qapital. Dan Ariely, Chief Behavioral Economist helped Qapital design several of its features, including the ability to save money every time you indulge in a guilty pleasure - the company's so-called guilty pleasure rule.

6. Drive addictive referral programs

The referral program is an excellent instrument for attracting new users without serious investments in marketing. However, the standard referral programs are becoming ineffective. Thus the addictive referral programs are an exciting instrument for attracting new users, and the case with Robinhood proves it.

Here is just the common list of issues you should take into account before processing with the development stage such as design thinking for a better idea validation or legal aspect of your FinTech startup.

We, at 4ire Labs, assist with idea validation, delivering the POC in a more fast and efficient way. Due to close collaboration and partnership with FinTech legal firms, our clients could be assured in the Legal compliance of their businesses or applying for EMI license required for integrating with electronic banking API and further product development.

For more info about the FinTech design thinking and tech consulting, pls contact at hp@4irelabs.com

FinTech Legal partners of 4ire Labs: Brightman and Axon Partners

More about the successful Fintech cases on WIKI

Fintech accelerator and VCs partnered with 4ire Labs: Blockchain AB, Vostokemergingfinance.

Have a question?

Read also

Green Assets Wallet won Mastercard Lighthouse MASSIV
blockchain guide preview
Everything You Need to Know About Blockchain Development
hire blockchain developer preview
How to Hire a Blockchain Developer?