How To Be the CCO of Multiple FinTechs and Not Be Overwhelmed or Stressed Out

Published by Yana on

This image is from sunny and windy Cancun.ย ๐Ÿ–

Since you have followed me for some time, you realized by now that I am always on the move. During the last 3 years, I worked from Singapore, Cran Canaria, Austrian spas, rain forests of Costa Rica, Mexican beaches, Mallorca, vineyards of Bordeaux, friend’s sofa in Luxembourg… (more to come). 

This is not about bragging at all, and I’m definitely not Tim Ferris and work much longer than his aspirational 4-hour week, but seriously โ€“ I do want to help other entrepreneurs, all my fellow compliance peers to simplify your working life and achieve a better balance (however you define it).

So, what are the most common mistakes that I see many overwhelmed compliance officers make? ๐Ÿ™…๐Ÿผ

  • I am not in favor of building big teams, most FinTechs need fewer people than they have. People and people management are not only expensive, but it is also actually super time-consuming. I have worked for years with tried and tested freelancers and agencies based on a contractual basis and it saves me a lot of time and money. Design clearly what you need, define processes and deliverables, and then outsource as much as possible.
  • Many FinTech founders and compliance professionals start every project with massive research, planning exercise, or “gapโ€œ analysis which makes the task look bigger and more complex than it needs to be.
  • I always determine the steps for the MVP. If the issue is regulatory, I simply respond to the questions of regulators or auditors without expanding the scope of what they asked trying to anticipate what they may ask in the next rounds. I reduce the time needed for preparing the responses because it is in my opinion better to have more iterations faster.
  • Many compliance officers believe they need to know every regulation and requirement before they recommend the solution. They say โ€œIโ€™m not a lawyer, we need external legal advice for thisโ€. I’m comfortable acting with imperfect information and happy to revise my decision if new information comes later. It saves me a lot of time. โŒš
  • I don’t review low-risk customers and low-impact cases. I just approve them until there is a reason to believe something might be wrong or unusual. 
  • I don’t obsess about compliance tools. I simply understand which alerts to review and which ones to ignore. 
  • I don’t apply for the wrong licenses in the wrong countries so that my clients won’t spend resources on developing tech solutions, marketing buzz, or hiring at the wrong times.
  • My risk assessments and regulatory matrix reviews as usually less than 3-4 pages long. They cover important points and remain actionable. Most other compliance officers write down a long list of everything that needs to be in place to be 100% compliant, and then they create a table or a checklist with 200 lines and send it to other departments or functions and expect it to be completed in time with good quality.
  • I never try inflating the organizational risk universe, pretending that everything is a risk and that all risks are equally important and extremely high. Others do it to get resources and I think this is a very short-term focused and inefficient strategy.
  • Many inexperienced compliance and risk experts create organizational conflicts by pointing fingers and blaming other functions, insisting that the “first line of defense is not doing their duties” or stating โ€œthis is not the job of compliance, but rather should be done by finance, IT, senior management…” These conflicts are extremely time-consuming and unproductive.
  • A lot of inexperienced compliance officers are afraid to push back after receiving feedback from auditors and regulators (or they do not know where and how to do it). It leads to long remediation actions, diverting tech and engineering resources from customer-facing projects, plus it results in hiring more compliance people to do redundant processes as a result of bad regulatory inspections or poorly managed audits.
  • I don’t care if I make typos in my emails or if I miss something. There is always a possibility to make corrections in the future and unlimited chances to try again.

Hope you see the difference. ๐Ÿ™๐Ÿป

>