7 common compliance challenges for fintech apps

11 min read
March 4, 2022

The Clearing House recently did a study that revealed disturbing findings. They discovered that up to 80% of respondents were unaware of bad data practices implemented by many fintech apps.

Indeed, fintech is still the Wild West of the financial world. Such technologies are not as heavily regulated as the big banks, but they handle just as much consumer money. Not exactly a reassuring thought for consumers.

It’s not that fintech startups don’t want to be compliant. It’s just that following regulations adds a whole slew of challenges to an already complex app development process.

Therefore, it pays to know some of these obstacles so that you can prepare better for them.

Data security vulnerabilities

Data security is perhaps one of the most crucial yet difficult aspects of compliance. In part, this is because finance is one of the top targets of hackers, behind only healthcare and information:

most popular industries for cyber attacks

Source: Findstack

Not surprisingly, data protection and privacy regulations are common worldwide, with roughly 80% of governments enforcing them, according to a World Bank study.

In fact, one of the strictest financial regulations in the world, Europe’s General Data Protection Regulation (GDPR), deals primarily with data privacy.

data protection regulations

Source: World Bank

But what makes data security compliance especially tricky is the number of vulnerabilities you’d have to cover.

Most fintech apps involve passing data from multiple places. For instance, your app needs to send your user’s credit card information to your server, which then transmits it to the payment processor.

Unfortunately, there are plenty of chances for hackers to intercept and steal this data along the way.

Any vulnerability in the entire ecosystem can be a backdoor for a hacker.

What is more, there’s the factor of human error.

Social engineering attacks like phishing are extremely common. All it takes is one mistake from your staff to breach your entire system.

There’s a chance the app itself isn’t safe, either. A study revealed that 84% of Android and 70% of iOS apps have at least one critical vulnerability in their programming.

More alarmingly, nearly half of payments apps have subpar encryption that hackers can exploit.


Source: Tech Panda

Fortunately, while data security is daunting to fix, there are a lot of effective strategies you can consider. Secure coding, data encryption, and plenty of testing are just some of them.

The important thing is that you weave security in at every stage of the app development process. The same applies to compliance in general, as we’ll show in the next section.

Lack of compliance at the development stage

Compliance can be overwhelming because of the many regulations you have to deal with. But common sense will tell you that an easier workaround is to stretch that burden over a longer period.

In other words, thinking of compliance as early as possible can make it much more manageable.

Sadly, many fintech apps fear the huge costs that compliance brings, so they try to avoid scrutiny as much as possible.

Some can get away with it legally at the beginning through no-action letters. This document allows a fintech app to continue app development without regulatory oversight, as long as there’s no clear violation of existing rules.

However, you can only delay addressing compliance for so long.

Sooner or later, firms will inevitably need to follow regulations. And if you’re not prepared for it from the beginning, you’ll face much bigger challenges.

Once again, a good example can be found in GDPR. According to their rules, any company from any country is subject to GDPR as long as it deals with the data of E.U. citizens.

But if you didn’t plan for GDPR compliance and suddenly attract a sizable E.U. userbase, you have to pull out all the stops to comply or risk serious fines.

So we recommend being proactive with compliance.

First, start researching the regulations that will apply to your fintech app in the future. Study them, then develop your app logic and idea in accordance with them.

Better yet, hire a lawyer or a consultant well-versed in financial compliance to ensure you’re conforming to them.

common fintech regulations

Source: DECODE

Prevention is better than cure, as they say. It’s easier to build your app to be compliant from day one than to edit it later to conform to regulations. Hopefully, this encourages you to plan for compliance during early app development.

Ensuring compliance of added products

One fact most startups miss is that compliance isn’t just a one-time thing. Instead, it’s a continuous process, especially when you want to offer new features or services to your app.

Whenever you add something new to your app to plan, you need to re-evaluate how it will impact compliance laws.

For example, if you plan to expand your app to include lending, you should make sure it complies with the Fair Credit Reporting Act in the U.S.

This fact is what spurred San Francisco-based neobank Varo Money to apply for FDIC approval and gain the benefits of government-insured deposits.

The license could also allow them to offer features like overdraft protection, thus giving them an edge over their competitors.


Source: Business Insider

This is easier said than done, though, especially if you need to add third-party tools or partner with other fintech firms. According to an ImmuniWeb study, more than 98% of them are vulnerable to phishing and mobile security attacks.

That means that you need to review the compliance of not just your own app but all of the APIs and third-party tools you use as well.

An unfortunate example is the Dave app, which experienced a data breach through its third-party service provider Waydev.

It might be tempting to do away with the compliance efforts of adding new services to your app, especially in a competitive market where speed is crucial.

But skipping on it will ultimately make the development and maintenance of your app more costly and time-consuming in the long run.

High cost of regulatory compliance

More than time, costs are one of the biggest deterrents for compliance, and the numbers back up this claim.

According to research by LexisNexis Risk Solutions, U.K. financial institutions spend as much as £28.7 billion annually on anti-money laundering (AML) compliance.

And a survey by Thomson Reuters also found that 62% of financial companies surveyed believed their compliance costs and time commitment would increase this year.

risk assessment

Source: Thomson Reuters

And it’s only projected to worsen. The explosion of fintech apps in recent years has brought on attention from the governments, which has inevitably led to the creation of more laws to regulate the industry.

As a result, there’s a huge risk in ignoring compliance: estimates reveal that fines and penalties from non-compliance are up to 2.6 times higher than compliance costs.

non compliance cost

Source: 1RS

Unfortunately, a change of perspective doesn’t change the fact that compliance is expensive. And the issue has few solutions, save for having more money in the bank.

However, one solution can potentially help you lower costs: Regulatory Technology or RegTech.

RegTech helps compliance by automating and streamlining its most tedious processes, such as reporting and monitoring. It can also provide a better Know Your Customer (KYC) flow, which is one of the staples of fintech compliance.

And the results are promising. For example, one case study revealed that a RegTech solution reduced KYC process time by as much as 39% per client. That inevitably lowers the costs of hiring compliance staff.

The bottom line is that compliance is unavoidable, and so are its costs.

The best way to avoid headaches is to allocate some of your revenue into a compliance budget. It’s not the most “glamorous” use of your funds, but it’s necessary for your survival.

Blockchain management

It’s no secret that blockchain is one of the most innovative technologies in this decade. Interest in it is so high that spending on blockchain solutions is predicted to reach $19 billion by 2024.

blockchain spending

Source: Digital Information World

However, blockchain isn’t without its risks, which is why compliance can be especially difficult for these types of apps.

While many tout blockchain because of its high security, it’s not impervious to hacks. Attacks like 51% and Routing Attacks are entirely possible.

And to top it off are the regulatory challenges. Governments and agencies are still beginning to understand blockchain technology and are thus reluctant to approve them.

This stems from blockchain’s many legal uncertainties like anonymity and the absence of a central authority.

Anonymity is a huge problem because it prevents you from verifying the identity of users through KYC. Unfortunately, failing this will make AML compliance next to impossible.

No wonder senior executives worldwide view regulatory compliance as one of the top issues facing blockchain adoption.

barriers to blockchain adoption

Source: Finances Online

Luckily, the landscape is changing. There are now more solutions that can help bridge the gap between compliance and blockchain technology.

Remember our KYC problem?

Well, a solution called Blockpass aims to solve that by being the middleman that verifies the identity of the user for compliance purposes. That enables verification without necessarily exposing the user to the blockchain.

Nevertheless, we do encourage you to pursue any blockchain app ideas you might have. Ensuring compliance might be challenging, but it’s nice to know that help is now more abundant than ever before.

Anti-fraud compliance

Fraud and money laundering is currently the most tightly monitored financial crime worldwide.

You can see this in a World Bank survey that revealed that 98% of countries have anti-money laundering (AML) regulations in place.

anti money laundering

Source: World Bank

Not surprisingly, you should expect to pass strict AML laws if you wish to remain compliant.

And one of the key ways of doing this is via the Know Your Customer (KYC) process. This is essentially an identity verification method that confirms that users are who they say they are.

The goal is to avoid accepting fraudsters, terrorists, or fake users into your app.

The problem is that KYC can be a pain. It can add more time to your app onboarding time, averaging 1,200 minutes. It’s not cheap, either—banks reportedly spend $500 million a year on KYC.

The added time can be a big dealbreaker. It can make you less competitive with other apps that have shorter onboarding times.

One solution here is to re-think where you put the KYC process in your app’s flow, as the Fisdom app did.

Then there are fraudsters who are coming up with innovative ways to bypass KYC procedures.

If you want to stay compliant and avoid fines, you’ll probably need to invest in solutions like Liveness Detection Technology that can help separate fake from live video during verification.

Certified liveness detection and facial recognition

Source: Polygon

To top it off, AML regulations are constantly changing worldwide. For instance, many governments like Singapore and Australia have unified digital identity frameworks that are evolving.

Therefore, you might be required to implement these frameworks in your AML if you wish to be compliant in these countries.

Despite the challenge, AML continues to be a cornerstone that will help build trust with your users. Thus, it’s worth the effort.

Product-specific compliance requirements

Fintech compliance is difficult enough, but some niches have it harder than others. For instance, if you’re developing in niches with a high level of risk, such as investments and gambling, prepare for a rougher ride than usual.,

For example, investment apps are covered by the Financial Industry Regulatory Authority (FINRA)—and they’re known for having strict (but understandable) guidelines specific to investing apps.

For example, FINRA regulations dictate that data must be stored for a set period on write once, read many (WORM) media.

And FINRA fines can be devastating. Just last year, they fined Robinhood a whopping $57 million for “lack of due diligence before approving customers” and “purveying misleading information to customers about aspects like trading on margin.”

Cryptocurrencies are another fintech sub-niche that can be a compliance nightmare.

There are still a sizable number of countries that consider digital coins as illegal, while some strictly monitor when and how they can be used.

Cryptocurrency Regulations Around the World

Source: Visual Capitalist

Going on the frontier of fintech can be challenging. Sometimes, regulations are nonexistent or just can’t catch up with rapid innovations in the field.

But that’s no excuse for non-compliance. As mentioned earlier, you can’t avoid regulations; sooner or later, you’ll have to follow them. Dealing with them earlier in the process can save you much pain in the future.

So, how can you tame these compliance challenges?

We’ve established in this article that compliance can be challenging, expensive, and even frustrating. But never did we say that it was impossible.

Like everything else, things are easier if you have a little help on your side. This can be in the form of lawyers or consultants.

Or, it can be through an app agency like DECODE, with vast experience in developing compliant fintech apps. What’s great about this option is that we have the regulatory knowledge and experience to help you out!

Ready to tackle compliance? Contact us today, and let’s start talking!

Written by

Ante Baus


Ante is a true expert. Another graduate from the Faculty of Electrical Engineering and Computing, he’s been a DECODEr from the very beginning. Ante is an experienced software engineer with an admirably wide knowledge of tech. But his superpower lies in iOS development, having gained valuable experience on projects in the fintech and telco industries. Ante is a man of many hobbies, but his top three are fishing, hunting, and again, fishing. He is also the state champ in curling, and represents Croatia on the national team. Impressive, right?

Related articles