Page 90

SIBOS: RISK & REGULATIONS “We’re dealing with things like regulatory investigations and helping clients to identify people for roles to upskill, or help with those roles ourselves. We provide C-suite and executive level expertise, and have that ‘grey hair’ around understanding how a regulatory framework ought and needs to work in an FCA-regulated environment,” he says. One of the biggest issues is that the drive for technological innovation has led to its capabilities being vastly overestimated by emerging businesses, says Dadswell: “As you’d expect, a fintech organisation that has become a payment or electronic money institution, would like to see the technology it has created delivering the compliance solution.” But, increasingly, there is no margin for error if that faith in technology alone is misplaced. “We’re finding that the FCA is bringing its traditional methods of regulation to the payment space. It is looking for the three pillars of good governance, protecting client money, and managing financial crime – and every regulated fintech firm I have come across will say it has all of those things covered with a system that does that. However, we’re finding these things still need some degree of human intervention. Platforms often can’t fix everything, and not to the standard the FCA would expect.” Developing in-house capability isn’t the answer, either. “Companies are split into two camps, really. One is the typical startup view of the world, which is ‘I can solve everything about everything with my new proposition’, and it’s an admirable place to be at the start but very rarely works long term,” says Dadswell. “A good example of that is things like know your customer (KYC), which is done admirably by companies out there already. My view is that fintech firms would be far more successful if they strategically bought in services.” In many cases, firms’ internal cultures are their biggest blockers. “There’s this sense that culture in an

organisation is about imagination. In other words, ‘let’s just see how we can imagine what the world could be, with the solution that we have’. I find that leads to a technology bias and organisations are typically saying to us ‘we simply cannot afford to have the individuals we need to drive the cultural change we know we need, so can you help us with that?’ and ‘help us understand how we should approach the regulators and how they think’. “So, we seed the new culture by saying let’s look at the organisation from what I call the five pillars,” says Dadswell. “You may have strategic focus as one, commercial coordination as another and technological capability as a third, along with financial

In the same way that you get a technology debt in an organisation over time, you also get a governance debt that starts to reveal itself


TheFintechMagazine | Issue 13

discipline, which is great, but you also need regulatory competence as the fifth pillar. The blend of those five things means a good, well-organised organisation with a risk-managed culture.” Some issues also just boil down to organisational maturity, he observes. “It’s about the growing process: have all parts of your business evolved in the right way? Have you got a good platform? Do you have lots of features on your app? How are you managing all this in the background? How are you preparing for the future? How are you developing? How are you funding?

“We went to one company to talk about risk management, then focussed minds on culture change. They felt their biggest risk was technology failure of their platform. When we started mapping it, it really was not, because they know how to run their platform and have safeguards in place for restoring their system in the event of a failure. Their biggest risks were actually funding and regulatory compliance.” And his view of the world beyond, where regulation is yet to come of age? “It’s partly about approach, certainly around expectations from regulatory bodies. The need to consider an EU-based presence is why some organisations are going to certain jurisdictions, like Lithuania.” THRS is fast expanding its geographical

Pillars of wisdom: There are five elements to compliance

reach and range of consultancy services. “We also help companies with things like managing their data management risk and General Data Protection Regulation processes,” Dadswell continues. “We get involved in financial sanctions and anti-money laundering (AML) compliance. All of those things are translatable to different verticals. As well as payments, we have been talking to companies in areas like lending and insurance. “Our focus is really around bringing a change in mindset to organisations, and helping them achieve governance change, which can be triggered by a number of things. It could be helping with the consequences of an investigation, or it could be support with developing the culture to better understand, and respond to, governance risk."


Fintech Finance presents: The Fintech Magazine Issue 13  

Fintech Finance presents: The Fintech Magazine Issue 13

Fintech Finance presents: The Fintech Magazine Issue 13  

Fintech Finance presents: The Fintech Magazine Issue 13