Banking Exchange Magazine Logo

14 fintech questions Compliance should ask

Part 2: “Innovation Ave.” must be two-way street and that begins with questions

UNconventional Wisdom is a periodic guest blog where the conventional wisdom is held up for fresh inspection. If you have some "UNconventional Wisdom" to share, email UNconventional Wisdom is a periodic guest blog where the conventional wisdom is held up for fresh inspection. If you have some "UNconventional Wisdom" to share, email [email protected]

In my earlier guest blog, “Innovation Avenue’s a one-way street,” I spoke about the odd mismatch between the attitudes of fintech players and compliance practitioners towards each other’s disciplines. Over the last couple of years I have attended and spoken at conferences in both fields, and I have noted that while fintech players increasingly speak about regulation, compliance conferences rarely discuss innovation. 

I noted the lack of discussion about innovation and fintech in the compliance conference space. I find it especially odd because questions relating to innovation increasingly confront legal and compliance staff. The following is merely a sample of what they are encountering, and will increasingly encounter:

1. Can our bank partner with an innovator, or buy one, or provide it with banking services? What compliance issues will arise?

2. How can we assure such third parties satisfy regulators’ rules on third-party risk including on cyber security, privacy, AML, and reputation risk?

3. Can or should we—or our third-party partner or vendor—use alternative data and data analytics to evaluate and price consumer loans, without risking fair-lending violations, especially on disparate impact? If we don’t, could we eventually face criticism for not using these inclusive alternatives?

4. Should we allow our customers to give access to their accounts for personal financial management (PFM) tools and other service providers, including small startups, access their accounts? Should we prevent it? (Of course, some major banks have taken this measure of late.) If we allow it, what terms should we set? Both options could raise regulatory risks as well as business issues.

5. Can we implement a mobile banking or payment service and get disclosures right?

6. Do we have the holistic data we need to know whether consumer outcomes raise UDAAP risks, given that these violations tend to be revealed by data that we don't usually connect, rather than conventional compliance monitoring?

7. Should we explore helping our customers access robo-investing options and if so, what are the regulatory challenges?

8. How much should we communicate with customers by text, on what subjects?

9. Can we close or repurpose branches in lower-income neighborhoods, as most of our customers move  their banking online? And can/should we design special mobile services for lower-income customers?

10. Can we offer technology-based services in languages other than English, without triggering discrimination risks if we cannot automate and deliver every phase of the product life-cycle in the initial language?

11. Can we strengthen our AML and security protocols for non-loan products by having high-risk customers send us a picture of their photo ID and a selfie, without risking fair-lending violations?

12. Can we make our services appeal more to millennials without violating rules that add complexity, delay, and low utility compared to innovative competitors?

13. How would payments system innovations, including real-time processing, impact our business and compliance approach to services like overdrafts or money transmission?

14. How should we view the move toward banks creating open platforms, so innovators can write apps on their systems?

If such questions are not being asked yet in your bank, then here's one to start off with: Why not?

Jo Ann Barefoot

Jo Ann Barefoot, a frequent contributor to, for many years was an ABA Banking Journal contributing editor and is now a member of the Banking Exchange Editorial Advisory Board. She is CEO of Barefoot Innovation Group, Cofounder of Hummingbird Regtech, and Senior Fellow Emerita of the Harvard Kennedy School Center for Business and Government. Barefoot has served on the Consumer Advisory Board of the Consumer Financial Protection Bureau. She has over 35 years of management, strategy, regulatory, and consulting experience focused on consumer financial protection. A former Deputy Comptroller of the Currency—the first woman to serve in that post—and partner at KPMG, she has advised most of America’s largest financial institutions, scores of community banks, and numerous non-profits and government agencies. She is a frequent speaker and media source on financial issues, has authored several books and over 150 articles, and has testified before Congress and other federal bodies. You can see Barefoot's periodic blog here, and follow her on Twitter on @JoAnnBarefoot

back to top


About Us

Connect With Us


Adaptive Authentication:

Superior User Experience and Growth through Intelligent Security

Banks and financial institutions find themselves trying to satisfy competing priorities. Fraud continues to grow at an alarming pace and in sophistication year-over-year.

Intelligent adaptive authentication is a new approach to combating fraud that solves this problem and achieves the twin goals of reducing fraud and delighting the customer.


OneSpan logo