STEP BY STEP GUIDE FOR FINTECH STARUPS

fintech compliance

develop fintech startup

design thinking fintech

license in fintech

AML KYC in fintech

After constructive discussion with the law experts, companies providing the RegTech services and based on our proven experience in FinTech industry, we've decided to make the detailed tutorial for FinTech startups and point out the most common mistakes having an impact on the growth. We will dive deeper into the issues that are very crucial for launching the successful innovative products in Fintech. For a more precise understanding, FinTech is an abbreviation of financial technology for designing and delivering financial services and products. The usual providers of such services are banks, insurers, traditional financial institutions. Why there are so many emerging FinTech startups nowadays?

In deed, all of them try to smooth the payment process, tackle fraud, make the lower customers costs and accessible for people who don't use traditional banking services. Global fintech investment has been growing each year, just for comparison in the 2015 year grew by 75 % ( from $9,6 billion to $ 22,3 billion, and such tendency remains till now) and it means that is a huge potential market. Such Top FinTech companies like Trasferwise, Lenddo, Revolut, Ripple have already transformed the way we are transferring money.

What should be taken into account for financial tech companies?

Let's start with compliance because 3 from 4 projects are blocked because of difficulties in getting license or assuring the legitimacy of their business.

  1. Legal compliance in FinTech

The success of any FinTech company depends on resolving the problems with legal compliance in the country where it will operate. This is a crucial success factor of the Revolut app because they have a robust legal department helping with the regulations/ compliance issues in 40 countries. There are lots of regulations for fintech companies in Europe; however, what could cause severe fines and came into effect in Europe last year - GDPR.

What could be treated as sensitive data based on GDPR:
  • personal identity number

  • location

  • IP address, cookies

  • Info about the economic, cultural, physical, social statuses

  • nickname

So just first and last names are not treated as sensitive data, however when it is connected with the personal email/ phone, as it gives access to your internet banking.

The main principle of these regulations is assuring the transparency for the end users that could get:

  1. the right to get the confirmation of data processing

  2. the right to get a copy of personal data

  3. the right to get the purpose of data processing, data categories, timelines, recipients

  4. the right to protest against data processing


FinTech startups that process sensitive data, it is required to pay prime attention to Art17 GDPR "in certain circumstances" that could cause severe fines in cases when:

  • there is the absence of necessity for data processing for the fulfillment of goals following which it was primarily collected/ processed

  • work with illegal data processing

  • when the personal data is not deleted under the legal requirements in the EU when the user requires it.
If your business operates in the EU and you choose a software development vendor you want to be sure that this vendor will share the responsibility for the security of your users' data, they should guarantee meeting the following measures:

  • take care of security before it will be processed
  • the vendor should take the risks related to personal data at each stage of data processing
  • implement the technical and organizational measures of data protection
  • informing the corresponding authorities within 72 hours about the data leakage or possible vulnerabilities

Thus, it is a common practice when the founders apply for the third party companies who could provide the independent GDPR audit and point out the vulnerabilities that could cause data leakage or severe GDPR fines. Based on GDPR, the penalty is split into two groups:

- serious violation (10 mln euros fine or 2 % of the total turnover)

- insignificant violation (20 mln euros fine or 4 % of the total turnover)

(however, it is not detailed declared what could be referred to a serious or insignificant violation)

The most common mistake of FinTech startups - not informing the corresponding authorities and end users about the data leakage within 72 hours. For instance, Mistertango ( popular FinTech startup from Latvia) was fined 61,5K EUR for failing to ensure data minimization, storage limitation, data security, and for violating an overarching principle of accountability. They also didn't inform the corresponding authorities in Latvia and their users about the appended data leakage. In the course of the investigation, the DPA established that a website listing payments processed by Mistertango along with the customer personal data were openly available online for at least two days in July 2018. Mistertango failed to notify the DPA about this a breach in contravention of Article 33 of the GDPR.


GDPR vs. PSD2:

- the responsibility of the banks to provide the Third Party Providers access to the info about the accounts

- if the bank refuses to provide such info, it could be treated as violation of anti-monopoly legislation.


To the attention: what is needed if you operate under GDPR regulations:


+ Determination of potential risks of data collection by the Client in case of the

GDPR rules breach;

+ Identification of the purposes of the data processing allowed under the GDPR rules.

Drafting and development of the template of notification of persons, whose data has been collected about such collection and processing. Such notification will include information about the type of data being processed, the purposes of such processing, and the actions that will be taken towards the data;

+ Drafting and development of the legal evidence of the lawfulness of data processing and proof of its safe storage;

+Web-documentation for Client's online platforms in compliance with the General Data Protection Regulation rules (Privacy Policy, Terms of Use, etc.);

+ The company's internal policy on data collection and processing in order to meet the GDPR requirements, including the process of handling data leakage incidents;

+ Data processing agreements between the Client also, the third parties, as well as between the data controller and the data processor;

+ Search and negotiations with the Data Protection Officer (DPO). Development of a service agreement between the Client and the DPO, defining the responsibilities of the DPO;

+ AML/KYC due diligence counseling;

+ Assessment of AML/KYC requirements based on the Client's business model and corporate structure;

+ Advising on the establishment and maintenance of an internal AML/KYC policy, if necessary.


KYC / AML compliance

KYC law is to an increasingly complex ruleset. Banks and financial service providers have to adhere to international anti-money laundering regulations as well as to local standards.


Thus there are many fintech law firms ( or your software dev vendor could also have the legal department with such expertise) which provide services for assuring the high-profile matters of the day-to-day operation of FinTech businesses in compliance with the corresponding jurisdiction. Sometimes the dev software agencies partner with the legal firms for providing such services as it also requires a close collaboration while preparing the KYC/AML compliance documentation or GDPR declarations. The average price for developing such documentation range from $5-$10 K in the Eastern Europe ( Ukraine, Russian, Latvia) and $30-$50 K in Scandinavian countries or in the Western Europe as lawyers prefer to work based on hour rate instead of providing the fixed price for such services. Thus some quotations could be even higher.

On the contrary, even early-stage fintechs are well-advised to give regulatory compliance a high priority in their business development plan. The can also apply to large banking institutions, as they are also certified AML/ KYC providers. A fascinating insight that KYC provider Mtpelerin is one of the certified providers. It means that they take full responsibility for legal proceedings and inconsistencies. While you will be considering the KYC providers, take into account that uncertified providers don't take responsibility if some differences could come up.



Assuring the legal compliance for the FintTech companies

Development of new or improved risk-based AML/KYC Compliance Program and internal controls that incorporate international and local requirements, as well as best practices. This normally includes:


+AML Compliance Policy Declarations. Includes recommendations on Anti-Money Laundering Compliance Policy Declarations, Ascertainment of Customer Identity, Transaction Monitoring, Internal Reporting of Unusual/Potentially Suspicious Transactions, Reporting of Unusual/Suspicious Transactions, Internal Security Measures and Record Keeping, etc.;

+ Terms of Service;

+ Privacy Policy. Incorporates information collection compliance, use of information, children's privacy, storage, security, third-party access, etc.;

+ Cookies Policy;

+ API Terms of Service. Includes API Use Restrictions, information regarding transmitted data using the API, etc.;

+ Law Enforcement Requests Policy;

+ Risk Disclosure Statement;

+ Anti-Spam Policy;

+ Trademark Notices.


Take into account, that lost of FinTech companies related to crypto operations forgot about the Data Protection Impact Assessment. The regulation authorities in the EU consider such companies as a high-risky. Thus they could conduct an inspection, and you should be ready for that. It will simplify this whole process if the fintech company would have the audit report held by the authorized legal firm initially. This report is done as a summary after the audit related to data collection and protection of end users. All these paperwork is also required for getting EMI ( EMl ELECTRONIC MONEY LICENSE), that could take from 2-4 months and range from 10-50 K depends on the country.


Design thinking in FinTech



The design thinking is also an inevitable part for launching FinTech products that could surface unmet needs of the people for whom you are creating

Design thinking is not just about improvising the usability. It could help to think over the product idea with the tech specialist, Lead UX designer, Product Owner, and Marketing Expert.


What benefits it could bring for your FinTech product :

1. It reduces the risk associated with launching new ideas.

2. It generates solutions that are revolutionary, not just incremental.

3. It helps organizations learn faster.

4. It helps faster get the users' feedback and prioritize the scope

Based on the statistics of companies providing such service, around 40 % of the initial product functionality is modified after the design thinking session with the founders and expert team. Here is a list of best practices for design thinking approaches that are used in our practice:
- How-now-wow matrix , when we prioritize and select your most innovative ideas
- Innovation blueprint, when we overview of key elements of an innovation activity. Identify clear roles and allow your activities to be compared.
-Persona, when we help you visualize and better understand your customer segment. It is the starting point of your problem exploration journey.
-Pitching checklist, when you want to sell a killer business idea, your pitch needs to pack a punch. This 5-part checklist is the best way to make sure your pitch hits home.
-Fragment cards means document stories and observations uncovered during empathy sessions.
One of these techniques could help to validate the idea with the expert team better.

Why design is also so important?


The global statistic states that the number of mobile users using internet banking on mobile devices is significantly growing each year. Just compare 27 % in 2017 and 43% in 2018.

Around 23 billion apps are launched each year globally. However, smartphone users install a new app each 4-5 months. It means that is it getting harder to attract new users and gain their trust. Fintech is a domain where usability, simplicity in usage, authentic relationship with end users are crucial for growth.


Take a look at the diagram reflecting the percentage of comments related to Design Look.
Percentage at Evaluations

Involving the users till the launching into the production

While your FinTech product is under development, you should work on your marketing strategy that would drive people to use your app when it is online. Please do not plan on having thousands of users after launching it into production. FinTech - is a domain where trust is an inevitable part, and your communication with a client should be initiated before they will try your services. This is a significant factor of Robinhood success where the team managed to get million new users in days. Their team was working on helpful content for their potential users while the app had been in development. The best channel was Reddit. In most cases, the software agencies partner with leaders in PR&Marketing for assisting their clients with acquiring the market, as they are both interested in a client success story.



Taking into account global trends

1. Round-Ups.

Probably you have heard that it is becoming a new trend in FinTech domain that helps to do 17x the trading volume of Fidelity. Thus, micro-investments is becoming so popular because charge now could bring high earnings both end users and FinTech company.

2. Targeting users in developing countries

Now EU based users are not so attractive for the fintech startups event taking into account that the average сheck is higher compared with MENA countries. They are less constrained by legacy financial and mobile infrastructure, incumbent banks, old regulations, and set ways of thinking. A large concentration of the dormant bank accounts is in India, which is also the country with the highest level of unbanked people globally. In India, between 40% and 50% of all accounts, some 300 million, are dormant. China is close behind with 100 million. Indeed, across 29 emerging markets surveyed by the CFI, one in five people "have an account but have not used it in the past year," and this number is growing.

Globally, the mobile money industry now processes an average of $1bn in transactions every day, in small increments. The average mobile money user moves about $188 per month, according to GSMA.


In Ghana, regulators now allow mobile money users to accrue interest on savings accounts. Because Zimbabwe's economy crashed in 2017, mobile money revenues grew by 5% between the second and third quarters as people relied more heavily on digital transactions to cope.

3. Cross-border payments

Remittance will be the next trend that could transform a whole cross-wire system in the world. People faced with the troubles sending money to other countries and regions, the transactions are still costly, slow, and cumbersome. While some would be put off from intra-regional transfers by currency risk, services such as Transferwise already have the local market infrastructure in place. Potentially blockchain could also resolve problems with cross-countries wire, and one of the cases were described on our WIKI.

4. Simplified investing

It is also becoming a new trend while upcoming fintech startups are adding thousands of users by clarifying the investment opportunities for their users. The high case - Stash fintech company that managed to combine the 25K user by constraining users investment options

5. Using behavioral science behind trigger-based in finance

A compelling case that we would like to share about this upcoming trend is very close to fintech company called Qapital. Den Ariely, Chief Behavioral Economist helped Qapital design several of its features, including the ability to save money every time you indulge in a guilty pleasure - the company's so-called guilty pleasure rule.

6. Drive addictive referral programs

The referral program is an excellent instrument for attracting new users without serious investments in marketing. However, the standard referral programs are becoming ineffective. Thus the addictive referral programs is an exciting instrument for attracting new users, and case with Robinhood proves it.

Here is just the common list of issues you should take into account before processing with development stage such as design thinking for a better idea validation or legal aspect of your FinTech startup. We, at 4ire Labs assist with idea validation, delivering the POC in a more fast and efficient way. Due to close collaboration and partnership with FinTech legal firms, our clients could be assured in the Legal compliance of their businesses or applying for EMI license required for integrating with electronic banking API and further product development.


For more info about the FinTech design thinking and tech consulting, pls contact at hp@4irelabs.com
FinTech Legal partners of 4ire Labs: Brightman and Axon Partners
More about the successful Fintech cases on WIKI
Fintech accelerator and VCs partnered with 4ire Labs: Blockchain AB, Vostokemergingfinance.

Did you like it?
Nope.
Nah...
Sort of
Yes.
Hell yeah!