Rayson Tan, Chief Compliance Officer, Revolut
In an article, Forbes highlights the major challenges that fintech startups face today, and regulatory issues fall into the top-three list.
“It is important to work with regulators and make sure that you hire a capable team member who is dedicated to understanding the trends, can interface with the appropriate regulatory bodies, and who has a solid understanding of any regulatory impact on your product or the way you market the product,” the article says.
In many countries, including Singapore, it has become a common practice for the government to run a sandbox programme to balance out between innovation and compliance.
But how exactly does one perform compliance in a fintech startup? For those who are new in this, what are the factors that need to be considered? How can one know they have done it right?
e27 reaches out to Rayson Tan, Chief Compliance Officer at Revolut, to understand how the UK-based fintech giant works with the regulator to ensure safety and security for their customers.
Also Read: Why companies should prioritise compliance during a worldwide pandemic
A little background information about Tan: Prior to joining Revolut, he has over 19 years of financial services experience. He has deep in-house experience building, running, and changing compliance programmes in financial services across investment banking, private banking, corporate banking, asset management, payments, and financial technology.
The following is the edited excerpt of the interview with Tan:
Can you explain to us the basic principles of regulatory compliance framework and how it is being implemented in your company?
There are many components to a good compliance framework, which includes having a coherent strategy and clearly set out objectives, having appropriate policies, processes, systems and controls, having a suitable level of resources and the right kind of people.
In what ways does it differ from traditional practices?
The traditional compliance model was designed in a different time and often has compliance teams focussing solely on promulgating regulations and internal policies in a largely advisory capacity. At Revolut, the Compliance department is more than just an advisor, and we play an active role in risk management and monitoring. We seek to focus on actual risk identification by understanding business operations and the underlying risk exposure and then being practical and smart enough to translate the regulatory requirements into business actions that work for our organisation.
What are the most pressing challenges you have ever faced in its implementation? And what are the most valuable lessons you got from it?
Our company has ambitious plans to be the world’s first digital bank. In the case of Singapore, the regulatory requirements have changed with the introduction of the Payment Services Act in late January 2020. We have and continue to expend energy interpreting new regulations and thinking of innovative ways of implementing them into day-to-day operations, this can be a labour intensive and complex process.
Also Read: Compliance, lending are the most popular fintech sectors among banks in Malaysia
The lessons that I have learnt in dealing with regulatory change is that you have to get up to speed very quickly and also going about managing the change in a methodical and structured manner. This means, for example, creating an inventory of laws and regulations and a clear mapping of the regulations to controls in place, and having a structured process to go about doing an impact assessment when the obligations change, and prioritising them accordingly.
There is also a need to build capacity quickly given the large volume of change. However, this does not mean adding indiscriminately resources by throwing warm bodies at the problem. Capacity can be built by using technology such as in the area of surveillance and monitoring.
What is your advice for fintech startups who would like to implement this in their companies? What are some of the worst mistakes a fintech startup can do in implementing this? How to avoid this?
Think how best to leverage technology to plot your regulatory journey. Technology is a powerful enabler, not only just allowing one to be more effective and efficient, but also helping one identify potential risk hotspots and taking corrective measures before they become bigger.
Other than the hard elements, it is important to establish a strong risk and compliance culture throughout the organisation. Most senior failures in companies in recent times have a cultural element.
One of the worst mistakes that I have seen is the adoption of a one-size-fits-all approach towards compliance. Each company’s circumstances are different and compliance officers should not be thinking that if this worked at my previous organisation, let’s copy and paste it here.
Also Read: Why using security information and event management (SIEM) tools makes sense even if SEA isn’t high on compliance yet
Working with regulators. What are some of the tips that you can share about building relationships and collaboration?
Initially, some regulators may have difficulty dealing with fintech companies as there is a perception they differ so much from traditional players.
The diverse nature of the fintech industry can create obstacles for some regulators who are looking to classify the variety of fintech companies and provide appropriate oversight. Given how rapidly the fintech industry evolves, regulators are often similarly on a learning journey and it is wise that you walk the journey with them and help give them perspective.
I find that constructive engagement works much better than strategies of avoidance or opposition. Engagement is often the best way of building an effective relationship. When a firm is not known to the regulator, and they have an issue, if there is no relationship, it can make it difficult to move on the issue. If you have a relationship you may find it easier to sit down with the regulator and pitch ideas to them.
What are the knowledge and skillsets required to work in this field?
Hiring the right people who can think about issues the right way is key to be successful as compliance undergo rapid transformation.
I like people who are proactive and inquisitive, who take it upon them to understands the business they are managing and its specific risks in addition to having the technical regulatory expertise. It is also important that compliance officers do not see their role as solely advising and being able to execute key tasks on top of the advice they provide.
Also Read: Why culture will play a huge role in compliance with data privacy rules
Lastly, I like staff who are willing to get out of their comfort zone are comfortable in learning new skills. For example, there is considerable opportunity to use more technology to improve the effectiveness and efficiency of compliance, if you don’t already know it, learn.
What is the future of compliance and how does your company plan to get there? What are the barriers that you need to jump through?
As regulations have become more important in shaping business strategy, the future of compliance has to evolve to one that is supporting the business as a strategic business partner. It has to evolve from a function that is focused on conservatism to one that operates in a more strategic and predictive capacity.
—
Image Credit: Revolut
The post Balancing innovation and security: How Revolut implements regulatory compliance framework in their business appeared first on e27.