PICPA  >  CPA Now
CPA Now
Aug 06, 2018

Regulatory Compliance and Risks in Financial Technology Industry

Salman RazaBy Salman Raza, ACCA


A worldwide financial technology (sometimes called fintech) revolution is changing the way we invest, raise capital, borrow, lend, pay for goods and services, and save for retirement. It is reinventing currency, democratizing the flow of capital, and giving rise to a generation of tech-centric financial leaders. This revolution has primarily been driven by technological advancement, easy access to global communication, a changing regulatory landscape, and popular demand.

Wallet of Digital CurrencyIt is widely believed that financial technology is going to do to banks and brokerage firms what Amazon did to retailers. The democratization of access to capital would mean that small investors will be able to reap the benefits of smart investing. Considering all these factors and an ever-increasing public interest in using financial technology platforms as an alternative to conventional banking, the need for effective oversight over financial technology products has never been greater than it is now.

The financial regulatory reforms introduced after the economic crisis of 2007-2008, both in the United States and globally, are based on outdated ideas of what financial services look like and how they are provided. The regulations have not appropriately taken into account the rise of financial technology firms. Financial technology presents a particularly acute problem from the perspective of systemic risk for three reasons:

  • Financial technology firms, because of their size and business model, are more vulnerable to adverse economic shocks than large financial institutions, and those shocks are more likely to spread to other firms in the industry.
  • Financial technology firms are more difficult to monitor and constrain than typical financial institutions because regulators lack reliable information about the structure and operations of financial technology markets.
  • Financial technology markets suffer from collective action problems that inhibit cooperation among market actors.

These problems suggest that financial technology presents a set of regulatory concerns that are different from, and in many cases more severe than, the concerns presented by conventional financial institutions.

The traditional banking sector is having a hard time coming to terms with digital currencies. Tokens (issued with the purpose of raising capital) and cryptocurrencies (mined and created through blockchain technology) are going to disrupt conventional patterns due to their anonymity and decentralization. In its July 25, 2017, Investor Bulletin: Initial Coin Offering (ICO), the Securities and Exchange Commission highlighted the details and factors to look for when making an investment on a crypto exchange. It is clear that the SEC sees tokens as “securities,” and thus wants them to be either fully regulated or at least seek exemption from the requirements of full regulation. However, regulations for cryptocurrencies that are mined and created through blockchain technology and stored in a distributed ledger still seem to be a gray area.

Supporters of blockchain technology associate cryptocurrencies with freedom from banks, the state, intermediaries, and the complex financial system that primarily guards the interest of large financial institutions. Bitcoin was created in 2009 by Satoshi Nakamoto, an alias used by a person or possibly a group of persons, and by the end of 2017 its market capitalization stood at $72 billion. As of March 2018, the total market capitalization of cryptocurrencies exceeded $300 billion. Every day, dozens of projects mushroom on the market, attracting money through the ICO mechanism and issuing their own coins. According to CoinSpeaker (an influential news source for blockchain technology and the financial technology industry), 382 token sales were successfully completed in 2017, collecting more than $3.7 billion. In January 2018 alone, 82 startups launched ICOs. Many influential companies, such as Microsoft, Expedia, and PwC, now accept bitcoin payments. This means the integration of cryptocurrencies into the mainstream regulatory framework is inevitable.

The core principles behind financial technology startups were distributed ledger technology, anonymity, and seamless execution. As they were founded by tech-centric professionals, risk and regulatory compliance were not considered top priorities. Financial technology startups are generally concerned with their ability to continue and their limited financial resources, so dealing with fraud and compliance issues are a challenge for them.

This is expected to lead to major problems when it comes to addressing fraud, know-your-customer/anti-money laundering, and sanctions risks. Identification of customers and cybersecurity are two of the biggest challenges. Due to multiple social media profiles and changing cell phone numbers, as well as the system itself only identifying the wallet address, there is no direct customer information. The anonymity opens up almost endless opportunity for money laundering and fraud, and criminals have already been taking advantage. Crypto exchanges remain in a gray zone for regulators, especially in relation to speculation and cash-out operations that involve the conversion of cryptocurrency to fiat money. Governments have serious concerns about the security and safety of depositors’ funds.

According to the Securities Act of 1933, a defrauded investor who buys unregistered securities can sue the company to recover the investment. The most notorious case is the trial of Tezos, a company that raised $232 million through an ICO. A group of investors filed a class-action lawsuit against Tezos in San Francisco, accusing Tezos of fraud and trading unregistered securities (i.e., its digital tokens). In early March 2018, it was revealed that the SEC had sent subpoenas to the various companies involved in ICOs, their lawyers, and advisers. New trials are likely and, according to former SEC commissioner Dan Gallagher, “This was the tip of the iceberg and a new wave of enforcement activity is not too far.”

After a series of discussions with players in the financial technology sector, it is clear that the level of regulatory oversight will vary significantly among jurisdictions. This is primarily due to the different economic priorities and financial inclusion milestones that are set in each jurisdiction.

Given their resource constraints, financial technology firms cannot reasonably be expected to develop a full-scale compliance structure comparable to those maintained by traditional financial institutions. Because of their limitations, they may start looking to engage consulting professionals who are familiar with the intricacies of the crypto world.


Salman Raza, ACCA, is a senior consultant in the compliance, forensics, and intelligence practice at Control Risks in New York, N.Y. He can be reached at salman.raza@controlrisks.com.




Leave a comment

Follow @PaCPAs on Twitter