Fintech’s rapid growth has been built upon a culture typically characterized by bold entrepreneurship and a drive to bring innovative products rapidly to the market. This full-throttle approach relative to the more traditional norms of the banking industry has often left little time or focus for compliance planning. 

Moreover, this attitude was enabled by regulatory authorities’ prior struggles in keeping pace with the growth of fintechs. As a result, historically, there has been relatively light government oversight of fintechs compared to financial institutions (FI).

Evolving Fintech Ecosystem

However, the times are changing as the lines between fintechs and FIs continue to blur, resulting in increased scrutiny. Plus, regulators are catching up with the growing market impact of fintechs and increasingly turning their attention to them.

This has resulted in new dynamics for fintechs, including no longer being able to hold onto their ambivalent stance regarding compliance. With the increased compliance demands comes the need for new approaches and technology.

Non-Compliance is Getting Costly

Fines for non-compliance continue increasing as regulators ratchet up their scrutiny of the sector. Below is a sampling of significant penalties against fintechs in the US:‍

  • BitMex was fined $100 million due to facilitating $200+ million in transactions that failed to comply with AML and other regulatory standards.
  • The Consumer Financial Protection Bureau penalized a US-based fintech company $6 million because its lending practices violated consumer protection guidelines.
  • GreenSky incurred a $2.5 million fine for taking out loans on behalf of thousands of consumers who had not agreed to the loans. 
  • Payoneer was fined $1.4 million for nearly 2,300 sanction violations. They transacted payments for third parties in a variety of sanctioned countries. 
  • The Financial Crimes Enforcement Network applied a $700,000 penalty against a fintech firm because of an inadequate AML program.

KYC/AML – Bellwethers of Fintech Compliance Requirements

Fintech’s compliance requirements are driven by a broad array of regulations from various national and local jurisdictions. As a result, these requirements can vary greatly depending on the targeted customer. For example, compliance needs will differ significantly for a fintech focused on supporting healthcare-related transactions compared to one targeting agriculture or education. 

Two of the critical requirements for fintechs in the US are know-your-customer (KYC) and anti-money laundering (AML) regulations. Due to increasing fraud and money-laundering activity, regulators are likely to expand KYC/AML compliance obligations.

KYC is a set of due diligence practices intended to help prevent identity fraud, which is often a precursor to other criminal activities, including terrorism financing, corruption, and account or card fraud. Because KYC reviews must be done before transacting with a customer, it can be a bellwether of an organization’s ability to manage its compliance program effectively.  

The KYC process sets the stage for a better assessment of potential customer risks. Understanding expected transactional behavior offers the framework for spotting aberrations in transactions. The challenge for fintechs is developing a process that results in a frictionless experience for consumers.

AML regulations are designed to stop money laundering activities, focusing on the source of funds over the destination of the funds. Money laundering costs companies and governments USD$2+ trillion per year. Typically criminals will create a labyrinth of benign-appearing financial transactions to conceal their illegal activities. Fintechs’ facilitation of payments and transfers puts them directly in the path of money laundering activities. 

Compliance planning and programs for fintechs must include a robust AML toolset to help ensure adherence to regulations and protect companies from fraud. With better filtering for suspicious transactions, including at onboarding and throughout the transaction lifecycle, fintechs improve risk management and help stay compliant.

Other Fintech Compliance Requirements

In the US, fintechs must adhere to many other regulations in addition to KYC and AML. These requirements stem from various regulatory agencies and depend on the fintech’s business model. In addition, as a fintech organization grows, it will almost inevitably come under the purview of new regulatory agencies and requirements. Some of the US regulatory agencies that oversee fintechs include the Consumer Financial Protection Bureau (CFPB), Financial Crimes Enforcement Network (FinCEN), and Financial Industry Regulatory Authority (FINRA).

Fintechs also must adhere to other regulatory stipulations based on their business. For example, companies supporting the healthcare space must comply with the health information handling provisions of the Health Insurance Portability and Accountability Act (HIPAA).

In addition, in the US, many states have additional regulations that fintechs must abide by, including privacy laws like Virginia’s Consumer Data Protection Act (VCDPA) and consumer protection agency regulations, such as the California Department of Financial Protection and Innovation (CADFI).


Improve Compliance Planning with solutions offer fintechs a comprehensive, flexible toolset to automate and reduce the cost of compliance for your KYC/AML and other requirements. Read further about the steps to take to improve regulatory compliance in our eBook: AML, KYC, and Compliance for Fintechs. To learn more about our enterprise fraud and compliance applications, please contact our experts for a free demonstration.