Businesses must comply with the regulation. However, few industries are as regulated as the financial sector.

This article is written by Tobias Holger Hansen, Chief Legal Officer in the fintech company Cardlay.

Since the financial crisis, regulation of the financial sector has exploded, and the financial sector is currently operating in a minefield of various legal rules. The heavy regulation is often referred to as a burden for the financial sector that fights a daily struggle to comply with all the rules. In case of non-compliance, the consequences may be negative media coverage, significant fines, loss of customers or even loss of licence.

The development has, among other things, created a new ‘RegTech’-market. This RegTech market covers technological solutions that can help the financial sector cope with the rapidly increasing amount of regulation. Usually, the RegTech companies apply automation and artificial intelligence to streamline and simplify compliance.

Historically, compliance has first and foremost been about complying with applicable laws, standards and ethical requirements. For the same reason, many compliance departments consist mainly of employees with a legal background, and the compliance function is limited to risk management. However, this is not necessarily the optimal approach to compliance, and many companies overlook what opportunities and competitive advantages that can be achieved through a different strategic approach to compliance.

This is because the intersection between business development and compliance provides a golden opportunity to create value for companies. This opportunity will, in particular, be relevant to new fintech companies.

In these times, where data is the new oil, the General Data Protection Regulation (“GDPR”) can be used as an example hereof. Many fintech companies will experience that investors and financial partners will challenge them on GDPR compliance. The reason for this is that fintech companies often act as third parties in a data flow and therefore have access to customer data via a bank and consequently act as a data processor on behalf of that bank. At the same time, big data and data-driven decisions are key focus areas for many fintech companies. Since big data and data-driven decisions play a pivotal role in the fintech industry, it is crucial that the culture of the fintech companies from the outset focus on GDPR compliance.

The General Data Protection Regulation should not be regarded as a problem, but rather as an opportunity to create value for the fintech companies. Further, it will often be easier for fintech companies to obtain GDPR compliance, compared to banks, as fintech companies rarely have challenges with old and heavy IT-systems.

A good starting point for becoming GDPR compliant is to conduct a data flow analysis. Such an analysis cannot only be used to become GDPR compliant but is equally important to ensure that the data the company handles is optimally utilised from a commercial point of view. Therefore, GDPR can be used to create an overview of the personal data processed by the company. This is important, as there will often be value in the personal data for the fintech companies. Once the data has been mapped new opportunities to earn money may arise. For example, it is possible to find patterns in customer behaviour that can be exploited commercially and ultimately become a growth key. An analysis of this can, for example, provide insight into where the company earns or loses money or what the customers demand. For many fintech companies, it is necessary to use data in this way to meet the customer’s wishes and expectations.

Finally, it will be healthy to clean up in the company’s data, as many companies have data floating around without having control over it. Here the General Data Protection Regulation provides a good opportunity to get control over this data as well as to get updated (or implemented) procedures for processing personal data.

Fintech companies should, for these reasons, consider the tsunami of new regulation as a competitive parameter and not as a burden. In the same way, that non-compliance can damage a company, a business-minded approach to compliance can strengthen the company and help boost the company´s reputation. Banks obviously take compliance for granted but the same cannot be said about fintech companies as they are often less mature and have their focus elsewhere. This immaturity is often one of the barriers for good cooperation with banks. However, compliance does not need to impede the innovative development or agility in fintech companies. On the contrary, compliance should be considered as part of the company´s DNA, and mindset from the beginning as this will help facilitate cooperation with banks and investors. At the same time, this will also be an opportunity to position the company against other fintech companies that do not necessarily have compliance high on the agenda.

GDPR compliance may appropriately be the starting point to ensure intelligent and secure use of data that ultimately can help boost innovation and earnings and enhance trust from partners and investors.