A growing number of fintech companies are providing services to traditional financial institutions, coming together to modernize our financial infrastructure. As these business models continue to grow and gain popularity, they raise important legal and regulatory questions: What regulations apply to the fintech company’s activities? Where does the fintech company end and the regulated financial institution begin? Do the answers change if the services are customer-facing versus behind the scenes? Can fintech companies better manage their legal and compliance risk through thoughtful and strategic contracting?
In this article, we highlight four key legal considerations for fintech companies operating in this space.
1. Depending on the fintech company’s role in the arrangement, it may be subject to financial regulatory oversight. For example:
In each case, oversight comes with significant regulation, including customer protection (such as potential custodial, cybersecurity notification, net capital, and other requirements depending on the type of activity and registration involved), reporting, examination, and other potential obligations that increase the time, money, and liabilities associated with conducting business. And these examples are the tip of the iceberg—the more innovative or complex the services provided to a regulated financial institution, the more regulatory questions they may raise.
2. Regardless of how they are structured, fintech companies must comply with privacy, cybersecurity, and consumer protection laws. In particular:
3. Regulated financial institutions may push their own regulatory obligations onto fintech companies, or even be required to scrutinize the fintech company's business—which can expose a fintech company to unanticipated liabilities and other costs. For example:
4. Commercial contracting is critical to all the above: For fintech companies engaging with regulated financial institutions, commercial contracting is critical to risk management and formalizing clear responsibility for the regulatory considerations above. A few examples of best practice include the following:
Takeaway
As fintech companies deepen their roots in the financial sector and its infrastructure, the potential consequences of failing to address the considerations above increase significantly. Careful consideration of potential regulation and the nuances of commercial contracting is crucial for a fintech company to succeed.
Wilson Sonsini advises fintech companies regarding the integration of their innovative technologies into regulated financial systems and counsels them on how to intelligently navigate associated novel and evolving legal issues. Please contact a member of Wilson Sonsini’s fintech and financial services, national security, privacy and cybersecurity, and/or technology transactions practices for more information.