Neobanks: From Disruption to Regulation
Neobanks, or challenger banks, are a prominent part of the fintech industry. Initially lauded for their disruptive ability to challenge traditional banks with their online-exclusive business models, lower fees, and higher interest rates, these digital banks are now facing increased scrutiny from regulators.
Like traditional banks and despite their tech-savvy origins, neobanks have to adhere to a wide range of regulatory obligations to ensure the safety and soundness of the financial system. These obligations can vary by country and region but revolve typically around Capital and liquidity requirements (Basel III), Risk management (Credit, Market, Operational), Anti-Money Laundering (AML), Know Your Customer (KYC), Consumer protection, Cybersecurity, etc…
Ensuring compliance with those various regulatory obligations is already a complex challenge for traditional banks, and for neobanks, it presents an even greater complexity. Recent events, such as the collapse of Wirecard and FTX and the scandals at Revolut, N26, Monzo, and Starling banks, have put them in the spotlight for their compliance mishaps. Like some of their established predecessors before them, they have made the headlines and become the target of regulators for their poor compliance management, particularly around their AML and KYC processes.
This constitutes a significant wake-up call for neobanks, which now realize the financial sector's strict regulatory obligations. The stakes are high; failure to comply can result in hefty fines, inability to operate in specific geographies, damage to reputation, banking license revocation, and even bankruptcy.
The 4 Challenges of Neobanks
Addressing regulatory compliance, building customer trust, and managing cybersecurity while staying at the forefront of technology are the main challenges neobanks face today on their path toward a sustainable and successful future.
- Regulatory compliance: Neobanks operate in a highly regulated environment and must comply with many laws and regulations depending on their geographical footprint. This can be especially challenging since they may not possess all the resources, expertise, or tools to manage this regulatory complexity and analyze its impact on their business model.
- Building trust: Neobanks, new entrants in the financial services market, must convince customers of their trustworthiness despite their lack of physical presence, short-track record, and recent scandals.
- Cybersecurity: Given their digital-only business model, cyberattacks can have serious consequences, including financial losses, reputational damage, and regulatory sanctions.
- Technology: Neobanks rely heavily on technology to deliver their products and services. Developing and maintaining technology infrastructure can be complex and costly, particularly as neobanks scale.
Initially praised by customers for their online-exclusive business model, neobanks are now grappling with the inherent limitations of this particular approach. Their lack of physical presence and shorter staff while providing highly convenient and user-friendly banking services at reduced costs has also created challenges for them, mostly around regulatory compliance management.
A necessary alignment with banking standards
The emergence of neobanks in Europe has undeniably profoundly impacted the financial industry. Nevertheless, their recent setbacks and regulatory scrutiny have underscored their importance in prioritizing risk and compliance management. As a result, more and more neobanks are now channeling significant investments into compliance solutions to manage their risks.
In the end, neobanks must uphold the same standards as traditional banks to continue growing their activity and remain reliable in the regulator and public eye.
A Journey to Compliance
Navigating the complex regulatory compliance landscape can pose a significant challenge for neobanks. However, some have addressed this challenge through a phased approach, requiring strong collaboration across different departments, particularly between operations and Governance, Risk, and Compliance (GRC) teams. This approach can be distilled into three essential steps:
- Step 1: Process documentation. That is the foundation of sound compliance. Its primary objective is to establish and maintain thorough records of the neobanks’ processes, proving that it is following established procedures in compliance with laws and regulations. To achieve this, neobanks typically use process modeling tools aligned with BPMN standards to facilitate the documentation, alignment, and storage of the myriad processes employed throughout the organization.
- Step 2: Risk Assessment. Leveraging the process documentation effort established in step 1, neobanks are now well-equipped with a clear view of their operations. With this enhanced visibility, they can embark on the critical risk assessment phase, ideally on the same tool. This involves identifying regulatory gaps and implementing necessary mitigation procedures and action plans. By proactively addressing these risks, neobanks not only enhance their regulatory compliance but their overall resilience.
- Step 3: Regulatory Audit. Building upon the robust foundation established in Steps 1 and 2, which serves as a comprehensive blueprint of the neobank's processes, with their associated risks, mitigating controls, and assessment levels, the internal audit team can conduct thorough audits to provide independent assurance regarding the neobanks risk and compliance management framework.
To effectively tackle the challenge of navigating the intricate and continually evolving landscape of regulatory compliance, neobanks must now blend the innovation of their approach with the traditional methods employed by established institutions. By doing so, they can construct a robust compliance framework that not only fosters trust and credibility with both regulators and customers but also positions them for sustainable growth and success.