In my earlier guest blog, “Innovation Avenue’s a one-way street,” I spoke about the odd mismatch between the attitudes of fintech players and compliance practitioners towards each other’s disciplines. Over the last couple of years I have attended and spoken at conferences in both fields, and I have noted that while fintech players increasingly speak about regulation, compliance conferences rarely discuss innovation.
I noted the lack of discussion about innovation and fintech in the compliance conference space. I find it especially odd because questions relating to innovation increasingly confront legal and compliance staff. The following is merely a sample of what they are encountering, and will increasingly encounter:
1. Can our bank partner with an innovator, or buy one, or provide it with banking services? What compliance issues will arise?
2. How can we assure such third parties satisfy regulators’ rules on third-party risk including on cyber security, privacy, AML, and reputation risk?
3. Can or should we—or our third-party partner or vendor—use alternative data and data analytics to evaluate and price consumer loans, without risking fair-lending violations, especially on disparate impact? If we don’t, could we eventually face criticism for not using these inclusive alternatives?
4. Should we allow our customers to give access to their accounts for personal financial management (PFM) tools and other service providers, including small startups, access their accounts? Should we prevent it? (Of course, some major banks have taken this measure of late.) If we allow it, what terms should we set? Both options could raise regulatory risks as well as business issues.
5. Can we implement a mobile banking or payment service and get disclosures right?
6. Do we have the holistic data we need to know whether consumer outcomes raise UDAAP risks, given that these violations tend to be revealed by data that we don't usually connect, rather than conventional compliance monitoring?
7. Should we explore helping our customers access robo-investing options and if so, what are the regulatory challenges?
8. How much should we communicate with customers by text, on what subjects?
9. Can we close or repurpose branches in lower-income neighborhoods, as most of our customers move their banking online? And can/should we design special mobile services for lower-income customers?
10. Can we offer technology-based services in languages other than English, without triggering discrimination risks if we cannot automate and deliver every phase of the product life-cycle in the initial language?
11. Can we strengthen our AML and security protocols for non-loan products by having high-risk customers send us a picture of their photo ID and a selfie, without risking fair-lending violations?
12. Can we make our services appeal more to millennials without violating rules that add complexity, delay, and low utility compared to innovative competitors?
13. How would payments system innovations, including real-time processing, impact our business and compliance approach to services like overdrafts or money transmission?
14. How should we view the move toward banks creating open platforms, so innovators can write apps on their systems?
If such questions are not being asked yet in your bank, then here's one to start off with: Why not?