Weathering the storm: Why FinTech compliance failures persist

Consider the following recent enforcement examples:

• Earlier this month, one of the world’s biggest cryptocurrency platforms, BitMEX, agreed to pay $100 million as part of a settlement with the Commodity Futures Trading Commission and Financial Crimes Enforcement Network for multiple violations of the U.S. Bank Secrecy Act and other anti-money laundering (AML) laws.
• Also in August, the Securities and Exchange Commission charged Blockchain Credit Partners and two of its executives for deliberately misleading investors to make more than $30 million off unregistered sales of digital currencies.
• In June, TransferGo earned the dubious distinction of being the first FinTech firm to be fined by the U.K.’s Office of Financial Sanctions Implementation for failing to report 16 transactions to a sanctioned Russian bank that flouted an EU ban.
• Also in June, crypto exchange Binance’s U.K. arm was banned from operating in the country, with the Financial Conduct Authority (FCA) warning the firm is “not capable of being effectively supervised.”

Claire Simm, managing director at forensic specialist Kroll’s Financial Services Compliance and Regulation practice, says there are several reasons why FinTechs and crypto firms have sketchy compliance records.

First, compliance is often an afterthought—their primary driver is to create a service that is cheaper, faster, and more efficient than traditional players, she says. Second, they don’t always understand the purpose behind AML/know your customer (KYC) checks or think they are not relevant to their business models. Third, compliance can be an expensive exercise.

“In some jurisdictions, FinTechs hire external expertise simply to get a license to operate—after that, they soon part company,” says Simm.

Will Marwick, CEO of IFX Payments, believes a big part of the problem is the rules themselves can be “very grey at the best of times,” while effective enforcement “boils down to the supervisory regime and its governance of the sector,” which can lack transparency.

“Without clear and concise guidance from our regulators, we are almost left to draw our own conclusions of what is and isn’t ‘good’ compliance, compared to the banks that have lots of publicly available examples of good and bad practice,” he says.

Others in the industry agree. “Regulations have been slow to evolve, and therefore don’t provide enough clarity on how to apply the old regulations to new business models,” says Micheal Sheehy, deputy chief compliance officer at Payoneer.

“If you look at the major money laundering scandals of the past five years—Danske Bank, Deutsche Bank, ABN Amro, and others—these all occurred at traditional financial services firms. … Banks are still failing on AML compliance after decades of work and billions of dollars spent.”

Neil Robson, Partner, Katten Muchin Rosenman

Some experts believe regulators have been “behind the curve” and are now “overcompensating” in terms of oversight. Dr. Iwa Salami, associate professor in law at the University of East London, points out it was only in 2019 and 2020 that cryptocurrency exchanges were required to comply with KYC requirements following pressure from the likes of the United Kingdom; European Union; United States; and Financial Action Task Force, the global standard-setter for AML and terrorism financing.

Thomas Cattee, white-collar crime lawyer at Gherson Solicitors, believes the FCA’s tough stance against crypto firms contrasts sharply with that of the U.K. government, which is trying to harness the sector’s economic potential.

“There are general concerns in the FinTech community that the FCA has perceived the risks too highly, which has resulted in too high a regulatory threshold,” says Cattee. “This is at odds with the Treasury’s most recent risk assessment, where the government found crypto to be medium risk in terms of money laundering and terrorist financing.”

Moving forward, he says, “serious consideration needs to be given to a more uniform and bespoke regulatory approach.”

Neil Robson, regulatory compliance and financial markets partner at law firm Katten Muchin Rosenman, believes the focus on the AML failings of FinTech and crypto firms might be diverting attention from the real risk areas.

“If you look at the major money laundering scandals of the past five years—Danske Bank, Deutsche Bank, ABN Amro, and others—these all occurred at traditional financial services firms,” Robson contends. “I’m not saying regulators should not be tough on FinTech firms—they should. But the point is banks are still failing on AML compliance after decades of work and billions of dollars spent.”

Since the FCA took charge as AML supervisor of U.K. crypto businesses in January 2020, just five firms have gained registration. In June, the regulator was forced to change the end date of its temporary registration regime from July 9 to March 31, 2022, because “a significantly high number” of businesses could not meet the required standards. Critics describe the registration process as overly onerous and time-consuming, with some accusing the regulator of a lack of engagement.

The only way forward, says Katharine Wooller, managing director, U.K. & Ireland at crypto firm Dacxi, is for the industry to embrace compliance rather than oppose it.

“Crypto firms need to … behave as if they are fully regulated,” she says, rather than just strive for AML compliance. “Without this, the horror stories and reputational damage will continue, which is detrimental to the FinTech industry and consumer alike.”