What is regulation in fintech?

Do fintechs need to be regulated? Any institution which is involved in financial activities must comply with various regulations, and this certainly applies to the fintech industry. Simple as that. Without regulation, it would be difficult (if not impossible) for fintechs to operate widely in the financial services sector.  

Want to talk to our KYC experts?
Regulatory compliance is a great challenge for various sub-verticals and areas within the fintech space.

Is fintech a regulated industry?

For many years, fintechs were underregulated in many countries. Regulators and regulations have focussed on traditional banks and banking. Regulations have developed alongside the industry and did not initially fit the new breed of fintechs.

This has changed, and fintechs in most countries are now regulated by main national financial regulators. Regulations have, in many cases, been adapted to cater to fintechs.

The regulation of the fintech industry is more complicated than for financial institutions. Fintechs are typically much smaller but still subject to the same intense regulation. They are also likely to operate across several jurisdictions (possibly from an early stage) and will need to comply with different regulations in each region or country.



Who regulates fintech companies?

In the UK, for example, regulatory compliance for fintechs means complying with the FCA, and the Proceeds of Crime Act 2002. In the EU, the AMLD regulations (currently implemented up to 6AMLD) are supervised by national regulators, for example, BaFin in Germany through the AML Act (GwG).

Fintechs may also offer services in many different areas (including cryptocurrency and decentralized finance) and, as such, will be more or less affected by AML or other financial regulations. Fintechs with a full banking license (or with an e-money license and planning to scale up), for example, will face much the same regulation as banks.

KYC is a crucial regulatory requirement for fintech companies and other institutions with financial responsibilities.

Why is regulation important for fintechs? 

Regulations have evolved to protect financial institutions, their customers, and the wider economy from financial crime. AML and KYC regulation are frequently updated to reflect changes in fraudulent and criminal methods.

Where fintechs have operations in the financial services industry, verify customers, or support transactions, they should ensure the same checks and security as the major financial institutions.

Protection and compliance are vital – but there are other good reasons for regulation for fintechs:

Regulation establishes trust.
Credibility and trust are vital for any financial-related company, and compliance with regulations helps to establish this.

Regulation creates a level playing field.
Companies operating in the same area must meet the same requirements and challenges, supporting fair competition.

Compliance will help fintechs scale their business.
This could include offering new products and services, moving to a full banking license, or expanding into new countries.

Which regulations are fintechs mostly dealing with?

Depending on their area of operation, fintechs are affected by several regulations: 

AML and KYC.

Regulation in this area has been in place for decades and has continually been updated as criminal and fraudulent methods have changed. 

KYC and AML regulations aim to prevent fraud, Money Laundering, and other financial crime. Any customer (individual or corporate) needs to be verified to ensure they are who they claim to be, and any suspicious activity needs to be identified and reported. 

AMLD regulations.

In the EU, requirements are well defined through the AMLD regulations.

The latest updates to these came in 2020 (5AMLD) and 2021 (6AMLD). 5AMLD introduced a new focus on the sources of finance and the concept of PEP checking and monitoring. 6AMLD focuses on consistent understanding and treatment across the EU. In the UK, AML is controlled largely through the Proceeds of Crime Act and the Electronic Identification and Trust Services for Electronic Transactions Regulations. 

eIDAS regulations.

The European eIDAS regulations (introduced in 2014) govern the use of electronic signatures. In the UK, the 2016 Electronic Identification and Trust Services for Electronic Transactions Regulations does the same. These set the standards for the definition and implementation of different levels of electronic signature (SES, AES, and QES). 

PSD2 regulations.

The Payment Services Directive 2 (PSD2) regulations are EU and UK regulations for electronic payment services. These aim to make payments more secure whilst also promoting competition and innovations in the sector. 

Decentralized finance regulations.

Decentralized finance (DeFi) is a growing sector for fintechs and one where regulation still needs to catch up. The use of cryptocurrencies and smart contracts largely avoids current KYC regulations, but regulators are likely to make changes soon and fintechs should stay ahead of this. 



For their growth plans, fintechs must essentially balance between sustainable growth plans and taking on the right amount of regulatory risk.

How do regulations help to make a fintech future-proof?

Every business wants to grow. In the financial services sector, compliance with appropriate regulations is important to allow and facilitate expansion. The sooner and more thoroughly a company embraces regulations, the easier future expansion will be.

Compliance is necessary for international expansion.
Fintechs work in many different countries, often from an early stage. Expansion into new jurisdictions will require understanding and compliance with their regulations. But there are many similarities between countries, which existing compliance will help with.

Acquiring new licenses.
As fintechs grow, they will often need new operating licenses. A common journey is from an e-money license to a full banking license – this will likely attract greater regulatory scrutiny and compliance requirements.

Implementing new technologies.
Expanding into new technology and services is likely to require compliance with additional regulations. Fintechs are often heavy digital adopters, with areas such as artificial intelligence, machine learning, and cryptocurrency. Compliance here helps rapid adoption of new technologies and methods.

Supports a good user experience.
Getting compliance right is essential for brand improvement and customer experience. With KYC and onboarding, for example, customs want robust and secure interactions but also one fast and friction-free experiences.

All the important questions on fintech regulations

Does KYC apply to corporate customers as well as individuals? 

Yes. All fintechs and financial institutions must verify the identity (and conduct appropriate ongoing monitoring) for all customers, whether they are individual people, groups, or companies. There are additional checks required for corporate customers. As well as verifying the company details, the actual beneficial owners of the company must be identified and verified as well. 

What are the different levels of KYC? 

KYC and Due Diligence must be carried out on all customers. As part of Customer Due Diligence (CDD), the level of risk posed by each customer should be established.  
Enhanced Due Diligence (EDD is used when a customer is determined to pose a higher risk of money laundering or terrorist financing activity. Extra checks must be carried out to more fully understand activity, including transaction monitoring and checking of sanctions lists.  

Is cryptocurrency activity regulated? 

Yes, and more regulation is likely in the future. Platforms that provide cryptocurrency exchanges need to be registered with the appropriate regulator and must conduct KYC checks and customer due diligence.  
Decentralized finance (DeFi) overall needs tighter regulation, though, and this is something fintechs need to be aware of. In a recent report, PWC UK explained how the adoption of growth and adoption of decentralized finance rose by over 6,000% in the year to March 2021. Regulators need to catch up, and PWC suggests that DeFi projects would be wise to engage early with regulators. 

What are the benefits of eKYC? 

More and more KYC solutions are now “eKYC.“ This refers to the adoption of automation and digitalisation within KYC procedures. eKYC includes video and biometric-based identity verification, digital document verification, and the use of NFC technology.  
This brings many benefits, including faster, cheaper, and more accurate verification. The customer experience should also be improved through a faster, friction-free experience. The use of such methods requires regulatory approval, which is in place in many jurisdictions and is increasing rapidly. 

What are the regulatory changes of fintechs?

One of the main regulatory challenges for fintechs is compliance with KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations.

Fintechs are required to comply with these regulations in order to prevent money laundering and terrorist financing.

Another regulatory challenge for fintechs is compliance with geographical restrictions: fintechs operating in multiple jurisdictions need to comply with the regulations of each jurisdiction. This can be a challenge for fintechs as each jurisdiction has its own set of rules and regulations.

The final regulatory challenge for fintechs is compliance with legislative requirements. Fintechs are required to comply with financial legislation such as the Dodd-Frank Act in the United States and the Basel III Accord in Europe. These legislative requirements can be challenging for fintechs as they can be costly to comply with.

Intro to FinCrime

A serious threat to fintechs: Financial Crime (FinCrime)

The rapidly increasing digitization of financial services has brought many advantages.

Technology and services have improved, and financial markets are more open and competitive. But it has also provided the opportunity for financial crime to increase.

According to the UN, FinCrime is currently estimated at $800 billion to $2 billion per year. Just in the UK, the National Crime Agency reports over £100 billion of laundered money affecting the economy annually.

By providing access to financial markets, fintechs find themselves exposed to FinCrime, and subject to regulations to prevent this.

Regulation has continued to improve over the past years, and many of these changes incorporate new areas of fintech operations.

The latest European AMLD regulations, for example, include stricter controls for cryptocurrency exchanges, prepaid cards, and enhanced requirements to identify ultimate beneficial owners of companies.

Fintechs continue to expand services offerings and markets they operate in, and as such, will face new and changing regulations to beat FinCrime.

Although the increased pace of change seen with the growth of fintechs has brought some challenges with traditional regulations, laws, and regulations will change and catch up.

Step up your KYC game

How can we help?

The fintech sector moves quickly. New technologies and opening market access are hallmarks of the industry. This comes with regulatory challenges, though. Smaller fintechs face similar regulations in many areas to large financial institutions, and they must stay aware of fastchanging regulations across many different areas of operation. 

Get in touch with us

Our Products

AutoIdent

AI- and machine-learning-based identity verification for users. Our fast and AML-compliant solution – available anytime and anywhere.

VideoIdent

Digital verification via video-chat, backed by AI-technology. Our AML-compliant solution meets high security requirements.

eID

NFC-based solution for the electronic German identification card. Our identity verification solution with easy data scanning via smartphone. AML-compliant.

Play