In light of recent market developments, firms in the FinTech space should be taking steps to review and enhance as needed their internal governance arrangements since these are key to mitigating the risk of misconduct and mistakes and consequential investigations, enforcement and claims, which can significantly impact not only the business but also its staff. Particularly important is ensuring that investment in these perhaps more prosaic matters is proportionate to that being channelled into the development of the business and its commercial growth.
The UK is one of the leading global locations for Fintech growth and investment, a position which is championed by the UK Government and the UK financial services regulators, including the Financial Conduct Authority (FCA). February 2023 saw the launch of a new government-backed national hub for FinTech, the Centre for Finance, Innovation and Technology (CFIT), established in response to a recommendation in the 2021 Kalifa Review of UK FinTech and backed by £5.5 million of Treasury and City of London Corporation funding. The CFIT is tasked with “powering up” the UK’s financial innovation sector, through the use of coalitions of experts from finance, technology, academia and policy-making who will aim to identify opportunities and create solutions.
The FCA’s latest Business Plan, published on 5 April 2023, recognises that the digitalisation of financial services is changing how consumers make decisions and how markets operate and it plans to continue the significant range of activities in this area, including publishing Feedback Statements to its DP22/5 on Big Tech and DP22/4 on artificial intelligence (AI) in financial services. There are also a number of regulatory changes in relation to cryptoassets on the horizon.
However, support for innovation will not be at the expense of consumers or wider market integrity. The regulators are clear that FinTech firms cannot skim over regulatory rules where they apply to them, including relevant governance requirements, emphasising that technology in and of itself does not change the need for transparency in corporate structures or for appropriate systems and controls. Developments in the cryptoasset market, including the failure of several high profile businesses, have illustrated the importance of proper governance arrangements. Any vulnerabilities in crypto firms, such as flawed business models and/ or widespread use of leverage, can be amplified by inadequate governance to detrimental effect. There has been criticism of certain governance aspects which have emerged such as informal procedures for internal approvals, lack of reliable management information and general absence of internal controls.
Governance lessons learned
Many of the governance considerations for FinTech firms are the same as for firms carrying out other more traditional forms of finance but new and fast growing businesses can be particularly vulnerable to risks of underinvestment in governance and to internal structures and arrangements not keeping pace with commercial developments.
Lessons learned in relation to governance for FinTech firms from recent market developments, as well as regulatory enforcement cases from other sectors, include:
- Firm growth needs to be matched by investment in infrastructure and human resources. As the business expands, internal processes, including those relating to finance and accounting, must be scalable and avoid dependencies on a small number of individuals. Any skills gaps should be assessed, with a plan in place to address any identified issues.
- Key functions need to be filled appropriately, with clearly assigned and documented roles and responsibilities, for example, appropriate finance and cybersecurity personnel, as well as suitable appropriately experienced headcount in internal risk and audit functions. Clear reporting lines and proper controls around the exercise of powers by individuals are essential, as well as effective delegation to those who have the appropriate expertise.
- Proper board oversight of the business is paramount, with adequate engagement by senior individuals, including appropriate scrutiny and investigation in the face of risk factors and/ or warning signs and proper documentation around decision-making. Clear escalation mechanisms to the executive leadership should be implemented and recorded.
- Documented policies and procedures, consistent across business areas should be established and kept updated effectively. Such policies should be tailored to the individual business rather than generic and appropriate to the level of business that the firm in question is undertaking. In addition, they need to be accessible and properly communicated, for example, through a regular training programme. This should include training to senior management.
- Where functions are outsourced, proper consideration must be given as to whether the third party or parties being used have the requisite sector expertise and whether their services are appropriate given the nature and scale of the relevant business. Bear in mind that it may also become necessary to evidence such consideration.
- Transparency in corporate structures is essential; firms should avoid bundling products or functions into one firm without proper controls around these. As part of this, client funds must be properly protected.
As highlighted in a recent speech by the FCA, good governance is complemented by a healthy organisational culture. Such a culture can help promote a responsible environment at all stages of the product lifecycle.
We have extensive experience in helping firms with reviewing and implementing improvements to their governance structures both proactively and as part of an incident response plan. For further information on this topic, please see our governance reviews hub or contact the authors of this blog directly.