A Four Pillar Framework for FinTechs
Those in financial services are familiar with the “three pillars” of the Basel Accord. This framework seeks to promote global economic growth by subjecting financial institutions to (1) minimum capital requirements, (2) rigorous supervisory review, and (3) market discipline standards.
While the Basel Accord is mandatory for U.S.-regulated financial institutions, we have developed our own self-regulating principles, or “pillars,” for FinTechs to enhance robustness and achieve sustainable growth. The four pillars emphasize (1) prudent capital management, (2) appropriate risk-taking, (3) development of a strategy for negotiating regulatory issues, and (4) adherence to strong data privacy and security standards
(1) Capital Management. FinTechs, like traditional financial institutions, have complex capital structures that vary based on their business model and sources of funding. Capital structure refers to the composition of debt and equity used by a FinTech to finance its operations and investments. Capital structure affects a FinTech’s valuation by impacting operating cash flows and cost of capital. To achieve lower costs of capital, FinTechs should explore different financing strategies, such as term capital from securitization programs or bank partnerships.
We anticipate a wave of consolidation among FinTechs in 2017. Firms that secure and maintain access to a diverse mix of sustainable, low-cost capital (institutional and retail) will experience sustainable growth and maintain a competitive advantage over their peers. FinTechs making short-term capital expenditures to accelerate growth, rather than investing in a stable infrastructure supportive of systematic product innovation, will struggle. In optimizing capital structure, FinTechs should maintain a capital cushion sufficient to address risks posed by their business model.
(2) Risk-Taking. FinTechs operate in the contradictory sectors of technology and finance. As technology companies, FinTechs are expected to undertake innovative projects that will lead to explosive growth and quickly deliver sizable returns to investors. However, as financial service providers, FinTechs must navigate a heavily regulated, risk averse and traditionally slow-moving environment. Firms might better manage the demands of both sectors by adopting an incremental growth strategy that balances innovation and traditionalism. One approach is to partner with financial institutions. As many firms have discovered, there is a synergy between traditional institutions and FinTechs that enables each party to leverage strengths of the other. Established institutions maintain cost of capital advantages, and FinTechs can leverage new technology to assist institutions. In partnering, however, each party should be cognizant of the regulatory considerations and develop an effective strategy for managing risk.
(3) Regulatory Strategy. FinTechs should proactively engage all regulatory agencies, federal and state, to gain a holistic understanding of the regulatory landscape and expectations. Approaching regulators in an open, cooperative fashion mitigates regulatory uncertainty that may increase compliance costs and complicate strategic planning. An effective regulatory strategy is a competitive advantage as FinTechs able to quickly develop a concise understanding and assessment of regulatory risks will be those best positioned to succeed.
(4) Data Privacy and Security. Data privacy and security are central to the business models of FinTechs. In these areas especially, it is critical for FinTechs to earn and maintain the trust of consumers and other key stakeholders. Competitive firms should invest significantly to reduce risk, protect sensitive information, and ensure compliance with the patchwork of federal and state laws and regulations. Steps taken by FinTechs to preempt privacy and data security breaches, including documentation of those efforts, will be paramount in demonstrating legal compliance to federal and state regulators. FinTechs that proactively address data privacy and security will be rewarded, while those firms that disregard these issues may become targets of regulatory enforcement actions.