In just two decades, compliance has changed dramatically. Financial services shifted from light controls pre-2008, to relentless regulation mountains. And they're showing no signs of slowing.

Since 2023, Russian-based sanctions alone have increased 816%. Even more are expected to come, according to nearly three quarters of compliance professionals (73%). The evolution hasn't just affected business models either. Profitability is taking a hammering. More than two in five professionals (44%) noticed that their firm is forced to ramp-up spending, just to keep pace.

‍

Today, compliance is going through yet another revolution, a digital one. Humans alone - no matter how expert they are - simply do not have enough hours in the day to get through the never-ending requirements. Technological tools are vital. But they are not all created equal… And as we've seen with the likes of Binance, Starling and Synapse, the wrong digital strategy leads to failures, fines and even forced closures. 

In this article, we're exploring where some firms have taken wrong turns in their digital journeys, and how to avoid them. 

An industry haunted by inadequate screening 

Following the 2008 financial crisis, incumbents learned the hard way that regulatory compliance must come before profitability. For the first time in the industry's history, charges and fines came rushing in from the newly-minted regulatory bodies. For fintechs and challenger banks, however, who have mostly edged into the mainstream since the 2020 tech boom, the lesson is only happening now. Years of inadequate screening are now coming to light, and the ramifications are immense. 

In the space of just 24 months, the world watched between its fingers as the likes of Block, TD Bank, Binance, Evolve Bank, Synapse, Mercury and even Starling came under fire. TD Bank was especially hard hit. Slapped with an eye watering $3 billion, for facilitating money laundering, the firm is still frantically trying to recover. Across the industry, fintechs are getting hit with charges like whack-a-moles. To date,  60% of fintechs have received fines of over $250,000 from regulators.

Regulators around the world are swiftly reacting to the poor compliance tools and woefully inadequate screening. The US Authorities issued a joint statement on the direness of the situation. It warns of the dangers of fintechs or third parties,  “incentivized to promote growth in a manner that is not aligned with the bank’s regulatory obligations, resulting in insufficient attention to risk management and compliance obligations”. The EU has also issued similar statements and warnings, as well as the UK's FCA. More are expected to follow.  

Lesson: Never side-line regulatory compliance 

Unscalable compliance systems were disastrous for fast-growing fintechs

The tech world in general loves to move things in-house. You only need to glance at the magnificent seven to see how they produce their own chips, data centres and even power plants. But that mindset does not work in finance. The regulations are too important, too specialist and too dynamic for a DIY approach. This is precisely where so many fintechs have stumbled, costing them dearly. 

The homespun solutions that worked for the first half a million customers cannot possibly scale for the needs of millions. And the growth spurt has been rapid. Revolut, for example, has grown more than six-fold since November 2019 from 7.84 million customers to over 50 million. 

As the authorities noted in their joint statement, “Rapid growth [...]  may result in risk management and operational processes struggling to keep pace”.

Lesson: Ensure that compliance solutions are scalable, getting more intelligent with increased data

The 2020s cybercrime boom and the false economy of DIY compliance

What's more, as the compliance weakened, criminal activity heightened. Between 2020 and 2021 alone US citizens reported a 30% increase in fraud, spurred on by the isolation and lack of cyber crime training at the start of the pandemic. In the same timeframe, 63% of financial institutions reported an increase in attacks. As of Summer 2024, the rate of cyber attacks has doubled since pre-pandemic times. 

The lacklustre compliance of fintechs made it an ideal place for criminals to set up accounts and launder stolen money. Investigations found that challenger banks were facilitating the most fraud, especially when it came to APP (Authorised Push Payments). In the UK, for example, Monzo, Starling and Metro Bank had the highest proportion of fraudulent transactions. 

The DIY compliance platforms were a disaster waiting to happen. Sure enough, we are now witnessing the avalanche of multi-million dollar fines and a whirlwind of regulation hitting fintechs. 

Lesson: DIY compliance is a false economy

Information-sharing would have built industry-wide resilience

Fintechs rose from the ashes of crumbled banks after the 2008 crisis. And they seemed determined to start a revolution. So, it's ironic that building everything in-house is a characteristically incumbent move. 

For decades, banks operated on COBOL-mainframe computers they ran in their own data centers on proprietary tech stacks. This meant that data could not be shared with other banks - or even between different departments in the same firm. Repeating workloads and frustrating customers was one disadvantage. However, the major pain point has been that firms could not share information about criminal activity and support each other. 

Many established banks have already started or completed the process of changing their technology approach. As they move into the Cloud, they can access and share data in a private, secure, and confidential way. They’ve also built consortia for secure intelligence sharing with law enforcement and other financial institutions under the appropriate legal frameworks. In the words of the USA's Cyber Defense Agency, “Information sharing is the key to preventing a widespread cyber-attack". This is one avenue the Fintech companies have not exploited.

Fintechs can maintain their cost advantage and strengthen their compliance by leaning into data and intelligence sharing through initiatives like Sonar. This means having both experienced compliance professionals in-house and purpose-built industry-wide technology. 

Lesson: Take an industry-wide approach to cybercrime

The compliance-tech team you hire as an API. 

Getting ahead in fintech means learning from the compliance nightmares of others and not repeating the same mistakes. 

Technology like Sardine helps fintechs and banks regain control over their onboarding operations, and then some. 

In addition to providing the most up-to-date business sanctions screening, we also use behavioural analysis to detect and predict suspicious behaviour before any association even takes place in the pre-screening stage. We’ve built integrations with more than 40 data providers, and constantly update our models and batch routines to capture more activity and more alerts, with lower false positives. We’re specialists in compliance and AI. These two superpowers make us the compliance and tech department you hire as an API. 

Clients often call us an extension of their team.

Working together, we can be more than the sum of our parts, creating a stronger and safer onboarding process without the hefty price tags. 

If you find yourself getting a shiver from the compliance ghosts, get in touch! We're just a few clicks away. 

‍