I’ve written about the natural-occurring tension between Product and Compliance teams within Fintech companies before. Product teams are in the business of maximizing the growth of transacting users while Compliance teams are in the business of implementing legally-required controls which necessarily restrict the growth of the business. In other words — Product is a profit center, Compliance is a cost center.
I have also wondered how Miles Davis might run a financial compliance program, and how he might balance the needs of the business with the requirements of the law. It is certainly a difficult balance, especially for early-stage Fintech firms focused on growth.
I have been working in Crypto Compliance since 2014 and have had the pleasure of working at three top US Fintech firms, each with unique cultures and attitudes towards Compliance. This article will discuss specific techniques that I have personally used to improve Product/Compliance relationships.
Make Friends With The Product Team
One of the most common problems in the Product/Compliance relationship is the fact that Compliance teams are often not included in any of the early product development meetings. Fintech is a fast-paced environment and Product teams iterate quickly. Sometimes, too quickly.
I’ve witnessed Product teams develop fully-functional crypto markets only to be told by Compliance that they legally cannot launch those markets; the amount of wasted hours on that project was astronomical and avoidable. Product blamed Compliance for “being the place where we get rejected” and Compliance blamed Product for not even informing them about the illegal product until the launch plan was announced internally.
Compliance leaders should take it upon themselves to be included in early-stage product planning and development meetings. Make friends with the Product team and help educate them on the value of compliance. Help them understand that you have a shared interest in the company’s success and that you are not the place where people get told “no.”
Don’t Be The Place Where People Get Told “No”
One of the companies I joined had an outward disdain for Compliance due to the poor execution of a prior administration. I was part of a new Compliance administration which was replacing an old one that did not communicate well with the business, nor within itself. It was not uncommon for poor business performance to be blamed on Compliance at All Hands meetings. It was bad, and we had our work cut out for us.
We started by proactively reaching out to the Product team; first on Slack, then over lunch, and then at Happy Hours after work. Building this camaraderie from the start was key in establishing the trust required to be included in Product meetings.
We then kept to our word; we were a business-minded compliance team that set strict boundaries around the non-negotiable aspects of compliance (AML, KYC, Sanctions) and did everything in our power to develop the appropriate controls and procedures to make bleeding-edge financial products defensible during regulatory exams.
Three Magic Words: “Risk-Based Approach”
The Financial Action Task Force (“FATF”) — the dominant authority on global financial compliance — defines a “Risk-Based Approach” as the requirement for financial firms to, “identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed, and take the appropriate mitigation measures in accordance with the level of risk.”
In other words, it requires Compliance to:
- Determine the highest areas of compliance risks.
- Identify the firm’s current mitigation measures for those risks.
- Identify any gaps in the firm’s current mitigation measures and the regulatory requirements relevant to the jurisdiction(s) in which the product is available.
- Develop a plan to mitigate the gaps.
- Rinse and repeat every year.
The more complex a financial product is, the is higher its compliance risk; this is especially true with cryptocurrency products which evolve much faster and do not enjoy the same level of regulatory clarity that traditional financial products do. Compliance leaders must be quick to adapt to business needs and see the forest from the trees when it comes to its evolving risk landscape. Don’t sweat the small stuff; identify, prioritize, and plug the largest gaps in your program and then move on to the smaller gaps.
Tension between Product and Compliance teams is natural and normal. It is incumbent upon Compliance leaders to help Product teams understand that they have a shared mutual interest in working together early and often in the product development process. When possible, approach compliance challenges from a position of “how can we make this happen” rather than “we can’t do this.” Lastly, develop and maintain a compliance program that is proportionate to the risks of the product.
This article was originally published here