We are in the midst of an exciting technology revolution – fintech offers the chance to develop innovative solutions to help people manage their money, increase access to financial products and services and streamline processes. Unlike previous tech revolutions, it frequently involves engaging with people’s hard-earned cash and therefore has had to take place in a regulated environment.
For those in the legal community who are supporting fintech collaborations, partnerships and funding rounds, it is key that fintech businesses get the regulatory and legal building blocks in place to be ready to play. Whether they’re looking for customers, investors or to partner with a large bank, insurer or other established financial services business this cannot be overlooked.
Our experience is that both early- stage and more mature fintech businesses do not always have these basics in place, causing delays and hindering opportunities.
With considerable experience advising large regulated financial services businesses around collaboration, we recognise that they are not always easy to deal with. There can be tension between the amount of oversight and control a financial institution wants versus the lack of concrete commitment it is prepared to make at an early stage.
The lengthy procurement processes of many larger financial institutions can be tough on cashflow for fintech businesses and we often hear that there is nothing worse than a ‘slow no’.
From the financial institution’s perspective, though, initial interest in a potential fintech product or partner almost never means quick and simple progress. Detailed risk assessments and due diligence of potential partners must be made.
For effective collaboration, fintech businesses should anticipate the issues of highest concern to their potential collaborating partners.
Arrive ready to play
There are a few issues that established financial services businesses almost always have in mind which will influence their decision on whether to collaborate. It makes sense for fintech businesses to be aware of those and have plans in place to address them.
The regulated financial services sector has dealt with a lot over the last few years, riding a series of large waves of regulatory change. The General Data Protection Regulation (GDPR) came into force, Brexit occurred and much new regulation in the context of outsourcing has been issued. There has also been a real focus from regulators on operational resilience, which is about how businesses adapt to disruption, including that caused by Covid-19
Financial services businesses have incurred significant costs to comply with these changing regulatory requirements. At the same time, they must continue to innovate and offer interesting, competitive solutions to customers to avoid losing market share to alternative providers.
This context drives a lot of discussions around data security, data flows, escrow, exit arrangements, business continuity planning, supply chain issues and other key issues. Much of this can be frustrating to deal with for fintech businesses, but it is important to understand that the context exists and that larger financial institutions cannot change that.
With this context in mind, three areas which fintech businesses should focus on are:
- Cyber security
- Supply chain issues and meeting regulatory requirements
- Not forgetting the basics
Cyber security
A hot topic for every sector and every business, cyber security is an essential part of building trust and meeting regulatory requirements. Effective cyber security means putting in place solutions to protect against the threat of a cyber-attack and ensuring well- established processes to deal with the aftermath should one occur. There may also be specific requirements around the use and storage of encryption keys, incident response plans and the timing of data breach notifications that need to be met.
Our experience is that cyber protection is perceived to be a complex and ex- pensive area and one that some fintech businesses think is closed off to them until they are bigger. But that does not have to be the case – there are solutions in the market that are tailored to the needs of fintech businesses.
Supply chain management
Depending on a fintech’s product or service, it is very common for one of the major cloud players to be somewhere in its supply chain. If the fintech is looking to collaborate with a large financial institution, it will likely need to ensure that it meets regulatory outsourcing requirements, including in relation to its use of cloud solutions.
Regulatory outsourcing frameworks often require that suppliers to financial institutions have some control over their supply chains in areas such as auditing, compliance with law and data security. All the major cloud players offer solutions specific to financial services, where a financial services business is the cloud provider’s customer or the customer’s customer.
Those solutions are likely to satisfy the regulatory requirements; however, all too often fintech businesses are not aware of these solutions, which leaves them scrambling late in the day to get them in place.
Even if they are only at the most embryonic stages of discussions with potential customers, any fintech business targeting regulated financial services businesses should be aware of, and put in place, regulatory solutions via a cloud provider. It just means that they are ready to play when an opportunity arrives.
Don’t forget the basics
Fintech business should not forget the basics. This is key in setting up for success and when seeking out investment and collaboration partners and includes implementing effective intellectual property (IP) protection strategies – ensuring that valuable IP is owned by the business and not someone involved with it in the distant past. If others have been involved in its development, it is crucial that all necessary third-party licence rights are in place. If the business depends on a piece of third-party software to make its solutions work, it must have a licence for it with terms broad enough to allow it to do what is needed with customers and collaborators.
We often tell our fintech clients to be careful not to be the company with a key bit of IP owned by that guy which they started up with but have now fallen out with! If developers are not employees, IP transfer agreements must be in place.
Know where data flows
Data is at the heart of fintech and businesses must understand how the data flows from its organisation to its customers. Fintechs must understand who their data is going to, where they’re located and what happens if something goes wrong in the chain. An effective data strategy can map this out, including the implications of increased reliance on the remote working of staff.
Giving attention to these basic issues will make any fintech business much more attractive as a partner, collaborator or investment target. They will also be well placed to take advantage of the broader opportunities that this tech revolution offers.
Partner Content in association with Pinsent Masons.