I’d like to argue that there are two main regulatory approaches in the world: regulations on “how to do things” and regulations on “how to report things”. Depending on the category of this regulation, the strategy of your compliance implementation will be dramatically different.

Successful FinTech smart companies tend to research in great detail and meticulously apply “how to do things” types of regulations and minimize (or avoid or get exempted from) “how to report things” regulations.

Let me explain my hypothesis.

“How to do things” types of regulations typically came about to regulate a particular activity or new technology and provide clarity and a level playing field. These regulations essentially want more companies to be engaged in a particular activity, and they would like it to be easy for auditors, regulators, investors, and other stakeholders to evaluate and compare different actors. 

I would suggest that PSD1/PSD2, MIFID, Singapore Payments Services Act, PCI DSS guidelines, FINMA Guidelines on ICOs and token categories, and even MICA and GDPR (for the most part) are these types of regulations. 

Since there is a universal law of cause and effect, there is no surprise that most companies genuinely want to comply with these regulations, study them carefully, and make serious efforts to understand the qualifications and differences between various services and license categories.

There is, however, a fundamentally different family or category of regulations on “how to report things” “how to detect wrong behaviours” or “better safe than sorry”. Very often these regulations came about as a reaction to a very negative event (SOX, Dodd-Frank, sanctions) or as an attempt to detect and catch bad guys or unwanted behaviours (FATCA, ESG, travel rule for crypto assets, reporting all foreign transactions of a certain size to the central bank, confiscating water bottles and hair sprays at the airports, etc). These types of rules and regulations are de facto trying to catch a very small minority of bad actors by inflicting a lot of pain on everyone else. The only people who truly love and welcome these regulations are professional consultants and middle office workers. These regulations create tons of jobs because they often require a lot of manual checks, process descriptions, reporting, and data manipulation, but they add very little value to most businesses.

Just think about it: if you understand PSD2 or MICA or even AMLD5/6 well, you will be able to grow your business by structuring your services accordingly. Your only reward for being compliant with FATCA or SOX or ESG reporting is that you avoid heavy penalties or cancel cultural consequences.

Accordingly, my recommendation to all FinTech founders and compliance leaders is that you have to first understand the underlying nature of the regulation and then design your compliance plan accordingly.

What are your thoughts on this? 💭

Enjoy listening to podcasts instead of reading? – Tune in to this episode here!