What Does the BaaS Crackdown Mean for the Tradeoff Between Innovation and Compliance?

Product wow can turn into compliance woe in today's regulatory environment. Alan Carlisle, a compliance veteran, has ideas on how to manage compliance risk without choking off product innovation.

One of the definitions of “technical debt” is the price that must eventually be paid when a company has sacrificed quality in producing computer code fast and expeditiously, only later to have to cope with the results of inferior software workmanship. Alan Carlisle says there’s an equivalent weak point in financial product development that he has dubbed “compliance debt.”

This issue affects banks and fintechs alike. After the boom in new product development over the last decade, some of the compliance debt has been coming due, says Carlisle, one case in point being the various consent orders filed against institutions in the banking as a service business.

Fintechs have experience with both types of debt, says Carlisle, who is now chief compliance officer of Marqeta, and who previously spent about six years as regulatory advisor and enterprise chief compliance officer at SoFi. In that time he helped the former fintech qualify to become a bank, via acquisition. He’s a veteran of nearly every kind of financial company compliance, from bank lending issues to securities matters.

The startups, especially those funded by venture capital, face a looming clock from conception. They tend to seek to produce a “minimum viable product” (MVP) that can be put before the public to build audience and buzz as soon as possible. Often this means taking shortcuts not only on tech but also on compliance, all in the name of rapidity and competitive pressures.

In the BaaS business, regulators recently blew the whistle after years of giving the appearance of permitting free-range BaaS. Carlisle says agencies have sent the banking industry a major message and from where he now sits, as a payments industry advisor, both banks and fintechs appear to have gotten the message. In the wake of regulators’ stepped-up focus, more banks in the BaaS space with compliance expertise are promoting that.

After 25 years in the discipline, Carlisle admits to being a card-carrying compliance nerd. As part of that fraternity, in an age of major financial product innovation and disruption, he’s been the guy who walks into a room of product developers and receives all the warmth granted to a health inspector in a restaurant.

He says his answer has been to cultivate a positive approach that emphasizes that he’s there to help — a word now may save lots of reworking and money, in the form of costs and fines. Sometimes a bit of praise helps, too.

“I don’t want to get in your way. I want to see what you are working on succeed,” has long been part of his message. That and this: “I have a job because of your brilliance, because of what you’re going to build. I just want to measure the risk and make sure we’ve addressed the regulatory stuff.”

Read more: Some Top Fintechs Value This Function as Much as They Do Innovators and Engineers

Getting Financial Product Development and Compliance to Work Together

Still, compliance is often seen as the internal police, the “Department of No,” and general sand in the gears. It takes time to build cooperation.

Carlisle says a key tenet of that process is having the compliance people keep their mouths shut in the earliest stages of product ideation.

“The directive is to be an active listener,” says Carlisle. “We’re not there to introduce complexity, yet.”

Nuance proves essential, because an experienced compliance type like Carlisle can tell when product development is venturing onto risky ground. He explains that sometimes an issue has to be raised, not as a blockade, but to point out that a reg or rule may be the reason that no one has tried the new idea before. Presenting compliance’s role as a form of risk management can build acceptance.

In some instances Carlisle has found compliance can’t be at the table when creators are in motion. An alternative approach is suggesting milestones that mark points when product developers and compliance agree to check in.

When possible, Carlisle hires compliance people who have at some point in their lives been creators in some form. “They understand the investment that product development has made,” explains Carlisle, “because they have invested part of themselves in things they do.” He says they understand when developers consider something to be their “baby” and can come up with solutions to issues without sacrificing it.

Read more: Supreme Court Rulings May Shake Up Banking Entry Decisions in Fintechs’ Favor

Lessons to Learn from BaaS Orders

Compliance issues often seem divisible into two classes. The first consists of “Big C” compliance matters like fair-lending, UDAAP (unfair, deceptive or abusive acts and practices), and “truth in” regulations. The second is “small C” compliance, the realm where practitioners can argue over the meaning of a comma in a rule.

Carlisle sees these as complimenting each other. “You have to get the blocking and the tackling of compliance right,” he says. “But if you don’t understand the bigger picture, the why and how, it won’t make sense.

Recent BaaS orders have elements of this push-and-pull. Key points tend to be failings in anti-money-laundering and Bank Secrecy Act compliance.

Anyone familiar with this area of compliance knows how focused it is on detail. But to Carlisle it’s important to rise above the detail and remember why it’s required.

“When you have AML issues, you could be talking about terrorism, you’re talking about human trafficking, you’re talking about child exploitation,” says Carlisle. “You’re talking about very real things that have a very significant impact on human life.”

Read more: Banking as a Service Isn’t Over. It’s the End of the Beginning.

Near-Term Advice: Buckle Up for Turbulence

Carlisle is generally approving of the job that the Consumer Financial Protection Bureau has done. He cites the recent decision to apply truth in lending rules to buy now, pay later activities, no matter what kind of firm provides them, as appropriate. He believes consumers should have clear disclosures and the right to dispute.

Yes, regulators can dive too much into “small C” compliance matters, says Carlisle. “It can sometimes feel overly punitive,” he says. “But they may be using those issues to send messages.”

The impact of the upcoming election is more up in the air than ever, but right now Carlisle sees increasingly aggressive federal regulators and greater scrutiny as a given. The regulatory pendulum always swings, he’s found in two and half decades, and fintechs and financial institutions have to watch their heads.

Read more:

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.