It’s been a while since we’ve written about happenings in Indian fintech compliance, and this past week there was a flurry of activity by the country’s primary financial regulator. On May 14, the RBI (Reserve Bank of India) cancelled the Certificates of Registration of 150 non-banking financial companies (NBFCs), 95% of these firms were located in West Bengal, which also includes Kolkata, and New Delhi.

On paper, this looks like a dramatic enforcement sweep. But the better reading is more subtle: the RBI appears to be cleaning up its NBFC landscape by removing firms that in its view, no longer met standards to continue inside the regulated nonbank finance ecosystem.

Quick primer - what is an NBFC? These are typically lenders or investment-related companies that are not banks but offer services that you might expect from one. A few downsides are that they cannot accept traditional demand deposits or issue checks, but on the flip side they close the gap for the unbanked by serving those who may ordinarily not qualify for a true loan. This can include microfinance institutions which sometimes focus exclusively on local customers or use alternative scoring methods.

The RBI has undertaken these waves of cancellation actions before, including in the last month. This particular month has featured a larger set of cuts which appears aimed at removing entities that are either inactive, non-compliant, no longer eligible, or no longer operating at NBFCs. This should remind players in the Indian fintech ecosystem that an NBFC registration is a marker of continuing compliance status, but not necessarily a permanent badge of legitimacy.

What does cancellation actually mean and why did it happen?

When the RBI revokes an NBFC’s certificate of registration, this means the company can no longer conduct services like lending, leasing, investing, or marketing/holding itself out as a regulated nonbank finance company. This doesn’t mean the company is dissolved, bankrupt, or no longer exists as a legal entity; it can still own assets, wind down obligations, operate in non-regulated lines of business, or even pursue an appeal with the Central Government. However, while the avenue exists reversals are rare in the ordinary course.

So let’s say you’re an NBFC and get the cancellation notice. To the public, the reasons are not shared but for this wave in particular, many of the names appear to be small, legacy finance players rather than major active consumer lenders or fintech platforms that may have been unable to meet expectations, including compliance obligations. In the case of these 150, I did some digging and found that indeed, there were at least 118 of these companies flagged in a February 2026 list published by India’s Financial Intelligence Unit that failed registration requirements related to AML/CFT, and were also flagged on a 2018 report by the same FIU in 2018. In English, many of these firms appear to have missed basic compliance steps required of regulated financial companies.

Why RBI can cancel an NBFC registration

The RBI acted under Section 45-IA(6) of the Reserve Bank of India Act, 1934, which was the law that created and empowered the RBI. Quite intriguing that acts prior to India gaining independence are still valid and on the books. In any case, this law gives the RBI the authority to cancel NBFC registration when the organization no longer carries on relevant business, is non-compliant, does not maintained required accounts, does not participate in inspections, or is already in hot water with the RBI through deposit acceptance restrictions that have lasted for at least three months.

Technically, there is no official reason that was provide for these cancellations. So in some sense, one might think this is a regulatory cleanup, which is technically possible. However, given the dots we connected above, this seems to be action taken directly following the FIU list a few months ago.

Who are these firms?

The firms involved are not large consumer fintechs or systematically important NBFCs. These are small and mid-sized companies that are involved with trading, securities, leasing, and corporate holdings. Some of the names: Bengal Exim Scrips, D.S. Stocks & Securities, Continental Fiscal Management, MR Fincap, Dalmia Housing Finance, Finmax Credit & Finance, Menlo Finance and Investment Corporation, Kautilya Shares and Stocks, and Peak Securities. The full list can be found here. Also quite notable that none of these companies were recently established. The cancelled CoRs ranged from Nanda Parbat Finlease Limited, issued on February 10, 1998, to Finmax Credit & Finance Private Limited, issued on October 23, 2018.

The biggest pattern is that many of the cancelled companies do not look like modern lending firms at all. The list includes names tied to textiles, trading, distributors, packaging, metal industries, mercantile businesses, securities, leasing, and “vincom/vyapaar” style entities, which supports the idea that this was a perimeter cleanup rather than a targeted action against headline fintech lenders.

Is this the biggest sweep ever?

Instead of directly answering that question, let’s take a look at the trends:

• 2021: 17 NBFCs cancelled across 4 cancellation releases.

• 2022: 46 NBFCs cancelled across 11 cancellation releases.

• 2023: 22 NBFCs cancelled across 10 cancellation releases.

• 2024: 26 NBFCs cancelled across 10 cancellation releases.

• 2025: 146 NBFCs cancelled across 15 cancellation releases.

• 2026 year-to-date: 282 NBFCs cancelled across 5 cancellation releases.

The major development is the number of cancellations per release, especially in 2026. In 2025 and 2026 specifically, the numbers tell the story of the RBI undertaking systematic register cleanup. This is also not random national sweeps, but older and smaller legacy NBFCs in specific locations (West Bengal/Kolkata and New Delhi). This is different than in 2022-2024, where many cancellations were directly tied to digital lending misconduct and the companies were relatively recently incorporated.

So to answer the question, this is in fact the largest batch of cancellations that we could find in the last 5 years, but most notably it follows a rising trend that had already become apparent in the last year.

RBI trends in supervision

Recent analysis as cited by publications like The Print notes that the RBI wants to compress its volume of regulatory coverage by shrinking the perimeter at the bottom while tightening scrutiny at the top. For NBFCs, that means registration is exempt if there are no customers, no public funds, and assets are less than 10 million rupees (about $100K USD).

In essence, the RBI doesn’t want a crowded register full of inactive, non-compliant, low-relevance or unsupervised entities. In some ways then, at least for some of these cancelled firms, the RBI is doing them a favor and basically cutting back on paperwork for them. On the flip side, it should remind NBFCs that the registration process is always up for re-evaluation. If other companies are dependent on an NBFC to originate, hold and service loans, there can be serious consequences within the overall fintech lending model.

The real trend is that NBFC balance sheets increased by almost 20% between 2024-2025. Since the RBI wants to seemingly put its mouth where the money is (to reverse the common saying) and focus on the larger firms that are driving this growth, one view is that it can’t be devoting more resources than necessary to lower-priority older companies.

How consumers might benefit (if they exist!)

Regardless of the size/age concern, if companies can’t meet continuing obligations then allowing it to keep an RBI registration could create a false sense of safety and a lack of transparency for customers. On the flip side, as mentioned in the beginning of this piece these NBFCs serve borrowers who are underserved by traditional banking. Some examples of what these companies do include commercial vehicle and tractor financing, small business loans, and other ways to get access to credit.

The thing is, there is very little visibility outsiders have into the customer footprint of small regulated lenders. In fact, it begs the question as to whether consumers were actually affected at all as a result of these cancellations. Some of these firms appear to have zero visible loan books, while there have old loan-book history. The most likely explanation is that these firms were less retail lenders and more as vehicles for intra-group financing, fund routing, or legacy balance-sheet activity. Of course, the AML risk doesn’t go away and may in fact be even higher, but that’s another story.

Can the cancelled firms fight back?

We talked about an appeals process earlier. Specifically, cancelled companies have 30 days from the date of the cancellation to appeal, and also have the opportunity to ask for a hearing before the final cancellation. However the burden of proof as to why the cancellation shouldn’t proceed is on the company, as they would need to show they still satisfy registration conditions, meet capital requirements, maintain records, comply with RBI direction, or denied due process.

In the end

This is a major enforcement headline, but from a compliance POV specifically this is a sign that India’s central bank is tightening the integrity of the nonbank finance space. This is not a strike against major fintechs, and there’s no evidence that there are any political motivations involved here. This really does look like a cleanup of small, legacy, inactive or noncompliant entities.

The lesson here for fintechs, banks and embedded finance platforms is that partner licensing is not static. An NBFC registration should be monitored like an ongoing compliance requirement and not a one-time thing.

Last time we previewed what was coming up in the month of May from the fintech compliance regulatory world. This time, we’re looking ahead to June - where the FIFA World Cup will start on June 11 with the likely last time we’ll see Cristiano Ronaldo and Lionel Messi both participating together, Olivia Rodrigo drops her 3rd album on June 12, and Toy Story 5 comes out on June 19 along with Supergirl on June 26. Break out your calendars and let’s see what’s coming up:

June 2: Answering Treasury’s State vs Federal Question

What is happening? The comment period closes on June 2 for the Treasury Department’s proposed rule on a component of the GENIUS Act that allows for state regulation of stablecoins. Specifically, the GENIUS Act states that issuers with over $10 billion in outstanding stablecoins issued must be federally regulated, but those with less than $10 billion can stay under state regulation, but only if the state’s rules are “substantially similar” to the federal framework. It is this “substantially similar” phrase that has set off debate and led to this comment period by the Treasury department.

For more on the GENIUS Act, check out this breakdown by Paul Hastings.

Who has commented? 16 comments have been left (although only 10 appear to be available on Regulations.gov). If you ever wonder whether any average person can pop in and drop comments on a groundbreaking legislation like this one, this is a great example that proves anyone absolutely can. Highlights:

• Someone clearly used an AI to submit an anonymous comment that reads more like an outline, not really taking an opinion, just highlighting different high level examples of what “substantially similar” could mean and compares possible state approaches to federal approaches.

• Another person started off their comment by saying they don’t care for cryptocurrency at all and then goes on to vent about separate issues they are having with Progressive Insurance and Shellpoint Mortgage Servicing, going into great length about how both companies’ websites result in late fees, concluding with the belief that “we need physical cash and paper checks. Period.”

• In more serious commentary, the North Carolina Blockchain AI initiative, an advocacy group, offered support for the proposal and used the comment as an opportunity to highlight North Carolina’s progressive crypto legislation dating back to 2020 and indicated that it was going to lobby for the state to create its own version of the GENIUS Act to demonstrate further alignment. This group is not a bunch of random crypto bros shouting out the proposal; a further look at the signatories reveals that this is a newly formed (as of March 2026) lobbying vehicle that includes a former Lt. Governor, a member of the FRB of Richmond’s Business and Consumer Payments Advisory Council and a managing partner of a national law firm.

• The American Bankers’ Association contributes to two comments. One has the backing of all 52 state bankers’ associations (including DC and Puerto Rico) and says that June 2 is an impossible deadline to opine on “substantially similar” when the federal framework itself is not final (it will go into effect the earlier of January 2027 or 120 days after the FRB and FDIC finalize their frameworks). The other sees the ABA co-signing with three other groups to argue that a separate June 9 comment period on the next batch of NPRMs makes holistic review impossible. The latter comment also adds an interesting statistic from the International Bancshares Corporation - stablecoins could drive deposit outflows of up to $6.6 trillion, while community banks could lose $1.3 trillion in deposits and $850 billion in reduced lending capacity if yield loopholes aren’t closed (the latter is relevant because affiliates, distribution partners, and rebate programs are often used by issuers to get around the GENIUS Act’s prohibition on them paying interest to holders which could lead to unmonitored systemic risk).

• Michael Ravnitzky adds a comment to the mix. He is an attorney and former journalist. In his comment, he argues against the rule, claiming that the rule is stacked against states primarily because there is no allowance for states to transition to become “substantially similar” among a host of 25 total objections.

• Two other comments tout their own products and frameworks to argue for technical enhancements to the proposal, specifically cryptographic interoperability standards (i.e. ensuring there is a way for federally regulated and state regulated issuers to verify each other’s compliance automatically using the same technical format) and the application of a more meaningful equivalence assessment by not just comparing federal and state rigor but also adding a stress-testing layer when analyzing an issuer.

Why does it matter? Treasury has to respond to all of these comments, as they are now officially building blocks of the administrative record. Later on down the road, if someone sues to overturn the rule, a judge will come back and read all of these in deliberating on a final ruling.

June 9: The FDIC, FinCEN and the Future of Stablecoin Compliance

What is happening? Three separate comment periods close on the same day, with two tied to the aforementioned GENIUS Act and one proposing massive changes to what it means for banks to do AML going forward.

From the FDIC side, the NPRM answers the question of how stablecoin issuers should be built. Specifically, it establishes a view on safety and soundness by creating a framework within which future issuers can understand capital requirements, reserve standards, and what happens to the reserves if the issuer fails. It also asks the question as to whether stablecoin reserves should count as deposits and whether holders should get FDIC protection.

From the FinCEN/OFAC side, their NPRM defines who is a stablecoin issuer under the law. Issuers are formally designated as financial institutions under the BSA for the first time, which triggers the full suite of AML obligations including CIP, SARs, and record keeping. It also creates the first explicit legislative requirement to have an OFAC sanctions compliance program, something that was previously strongly expected and based on guidance and enforcement practices alone. The rule leans into smart contract technology that stablecoins can offer and lays out an expectation that sanctions compliance must now go beyond the point of issuance and extend to secondary market transactions.

Lastly, separate from the GENIUS Act, FinCEN proposes an overhaul of BSA compliance for every financial institution by proposing a new model where instead of SARs filed as a default, a risk-based approach would be used to allow institutions to focus on actual threats from bad actors rather than generating paperwork.

Who has commented? Six parties have commented to date on the FDIC proposal, 14 on the FinCEN/OFAC joint proposals, and 21 have commented on the FinCEN risk-based proposal. I’ll use this as an opportunity to say (as you may notice when attempting to access the links yourself) that for whatever reason, the ability to access comments is somewhat limited on regulations.gov - the FDIC uses its own website to house comments on its proposals. On regulations.gov, there seems to be frequent downtime and delayed syncing back to the federal register, with this being the most frequent result I ended up getting:

Which of these has the biggest implications? I’ll underscore the AML/CFT reform rule as having the biggest impact on anyone who works in regulated financial services. We talked a little bit about this last time in the context of the upcoming hearing on BSA modernization, but here’s why this is so important:

• It rewrites how all BSA-regulated institutions should do AML compliance - banks, credit unions, MSBs, fintechs, broker-dealers, etc - shifting from “file as many SARs/CTRs as possible and let the regulators review it” to a risk-based, effectiveness model, essentially shifting the burden of judgment and analysis to the institutions themselves.

• It ties non-FinCEN examiners’ hands - supervisory regulators at the OCC, FDIC and Fed would have to consult FinCEN before taking major AML/CFT enforcement actions. This dramatically raises the power of FinCEN to be a formal gatekeeper in Fincrime federal regulation.

• It directly affects how your program is built, how it will be examined, and what counts as “good enough” across the entire industry. This is not a signal to do less - on the contrary, it will impact who you hire, what you write down, what you actually do day-to-day, and how you’re graded. In terms of hiring, expect fewer pure “checkers” and more analysts, more data and engineering roles embedded in compliance, and upgraded expectations for CAMLO/MLRO roles as it relates to resource allocation and strategy. In terms of documentation, you should expect a living enterprise AML risk assessment that drives control design, policies that justify internal standards/exclusions in risk terms, and procedures that support documented tuning cycles, governance around exceptions/overrides, and more QA/QC around investigations. And lastly, compliance training will need to move away from “here is the SAR form” to “here is how human tracking, sanctions evasion, or fraud actually surface in your line of business.”

Honorable mention/the rest of June:

• June 15-19 - FATF Plenary: The Financial Action Task Force is essentially the world’s anti-money-laundering referee. It’s an international body of 40 member countries that sets the global rules for how governments and financial institutions are supposed to detect and stop dirty money, terrorist financing, and sanctions evasion. When FATF says a country is on its “blacklist” or “grey list,” it’s a serious signal to the entire global banking system to treat that country’s transactions with extra scrutiny. Every few months, FATF member countries send their delegates to a plenary, which is a formal meeting where they vote on new standards, approve country evaluations, and set the agenda for the next period. The June 15–19 meeting is important because it’s the last one under Mexico’s leadership before the UK takes over, and it’s expected to finalize new guidance specifically on stablecoins and crypto, directly relevant to everything else happening in May–June 2026.

• June 16-17 - FOMC Meeting: The Federal Open Market Committee is the group inside the Federal Reserve that actually votes on interest rates. It’s made up of the Fed’s Board of Governors plus rotating regional Fed presidents. Eight times a year, they meet for two days, review the economy, and vote on whether to raise, cut, or hold interest rates. This is the decision that ripples into every mortgage, car loan, credit card rate, and savings account in the country and is getting extra scrutiny due to rising gas prices and potentially rising unemployment. Every other meeting also includes a dot plot, which is a chart showing where each committee member anonymously expects rates to go over the next few years. The June 16–17 meeting is one of those, and it’s the first one that will likely be run by Kevin Warsh if he’s confirmed as Fed Chair in May. That makes it the first real signal of whether his stated goals of shrinking the balance sheet and cutting rates on his own terms translate into actual policy.

• July 1 - DFPI DFAL Deadline: The Digital Financial Assets Law is a California law passed in 2023 that requires any company dealing in crypto assets with California residents to obtain a license from the DFPI, similar to how New York’s BitLicense works. The law gave the industry until July 1, 2026 to either get licensed or have a completed application submitted. July 1 is technically a California deadline, but because California has 40 million residents and roughly a quarter of U.S. blockchain companies are based there, it’s nearly impossible for any serious crypto company to simply walk away from the market. In practice, this state deadline is setting the minimum compliance bar for the entire U.S. crypto industry.

If you’ve read this far, congratulations: you’re now more prepared for June than most of the industry. None of this will trend on X. But in a year or two, when products launch, banks pull back, or regulators act, odds are you’ll be able to trace the story back to the dates and time frames we just walked through. Thanks for joining us, and see you next week.

Over the next few weeks, a few things might catch the average person’s attention. For one, the Cannes Film Festival is coming up. Drake is dropping his 9th album, Iceman, while Paul McCartney is dropping his 21st album, The Boys of Dungeon Lane. Star Wars is back on the big screen for the first time in 7 years with The Mandalorian and Grogu. The NBA Playoffs will be wrapping up the semifinals and moving to the conference finals.

But if you’re reading this, you are not the average person, which is why in today’s edition we are going to take a look at some of the most important upcoming dates in the fintech compliance and regulatory world, and why they matter. Pop open your calendars and join me as we dig in:

May 11: Warsh Vote

What is happening? The full Senate will vote to confirm Kevin Warsh as Chair of the Federal Reserve, replacing Jerome Powell, who has served in this role since 2018. Powell’s term officially ends on May 15, which means this will be a quick turnaround.

Who is Kevin Warsh? Warsh comes in with direct Fed experience. He originally served as an FRB Governor from 2006-2011, and was in the thick of the 2008 financial crisis as he was involved in facilitating the sale of Bear Stearns to JPM, the Lehman bankruptcy, and AIG’s bailout. He resigned shortly after as a result of disagreements with then-chair Ben Bernanke. Until this year when Trump floated his name, he had been out of government and in the private sector.

Will he get confirmed? To be confirmed, Warsh only needs a simple majority in the Senate (not the 2/3 requirement that sometimes comes into play). All has been quiet on the Western Front, as no Republican Senator has come out against this appointment.

What he will likely do vs. Powell

Once he’s in place, all eyes will go straight to interest rates. The June meeting will be the first read on whether Warsh moves on rates immediately or holds for later in the year.

Warsh is proposing the elimination of much of the forward guidance that markets have come to rely on from the Fed. For example, the most recent FOMC meetings at the end of April held rates steady but notably kept language suggesting that rate cuts are still coming, even as three Fed presidents dissented, arguing this was too optimistic given inflation was still running well above the Fed’s 2% target. A hint of Warsh’s possible rationale came from one of the dissenters, Dallas Fed President Lorie Logan, shortly afterwards, who argued that the Fed’s usage of language like “In considering the extent and timing of additional adjustments to the target range for the federal funds rate…” could come across as though the Fed is subtly guaranteeing to households and businesses that a rate cut will come eventually. The downside is that stocks could get bumpier than they already have (which surprisingly is not that bumpy/volatile relative to major shocks in years past).

The thing that probably makes markets most uncomfortable about Warsh is his view on the Fed’s balance sheet. In his eyes, he believes the Fed is like a massive landlord that bought too many properties, with the bulk of the accumulation happening post-financial crisis. This is quantitative easing 101, where the Fed buys government bonds and mortgage-backed securities to stimulate the economy. The controversy is that Warsh thinks that the only way rate cuts will work is to sell the assets (bonds) first and then cut interest rates without triggering inflation. The last time the Fed tried this back in 2019, the repo rate (which is what banks charge each other to borrow cash overnight) went from 2% to 10% in a matter of hours. In other words, the Fed had drained so much cash reserve out of the system that banks didn’t have enough cash to lend each other overnight. Thus, the Fed had to rush in and start pumping liquidity back in within days, reversing course.

What Warsh means for Fintech Compliance and Regulations

Depending on who you are, this could be good news. Warsh believes the Fed has gone too far in regulatory supervision, in line with the deregulatory movement that has taken hold most notably at the CFPB. In his confirmation hearing, he said: “Politics have no place, not just in monetary policy, but in supervision and regulation. If central bankers should stand for anything, it’s to resist fads, resist trends, call balls and strikes.”

At the same time, he is looking to relocate some supervisory power from the Fed to the Treasury Department, which would in theory have the opposite effect given Treasury departments are led by political appointees while the Fed is an independent government agency and its chair cannot be removed easily. If this holds, all major federal banking and consumer regulators would have short-term political dependencies going forward, as the leadership of the OCC, FDIC, and FTC (which has growing jurisdiction over fintech and crypto consumer protection) are all subject to removal by whoever is President.

For compliance teams, the structural implication is worth tracking: a shift of supervisory authority toward Treasury would mean more federal banking regulators with leadership tied to the political cycle, which has implications for the stability of supervisory expectations over time. This also comes on the heels of the Education Department planning to transfer its student loan portfolio to Treasury, suggesting a broader consolidation of powers into the Department.

May 19: BSA Modernization Hearing

What is happening / who is speaking? The House Committee on Financial Services is holding a hearing entitled “Modernizing the BSA for Financial Crime in the 21st Century” on Tuesday, May 19 at 10AM EST (livestream link here). This is specifically a session of the Subcommittee on National Security, Illicit Finance, and International Financial Institutions chaired by Rep*.* Zach Nunn (R-IA). There were two hearings prior to this which are good to check out: one on September 9 of last year, entitled “Evaluating the FinCEN” with a focus on recent Beneficial Ownership reporting requirements, and another a few weeks ago entitled “Evaluating the Effectiveness of US Sanctions Programs.” The prior witnesses were Andrea Gacki, Director of FinCEN (for the September hearing) and Jonathan Burke, Assistant Secretary for Terrorist Financing, Treasury (for the April hearing); either of these two could be possibilities for this upcoming date.

What is BSA Modernization in the Trump era? If you’re in compliance, you should already know this, but for those who are not, the Bank Secrecy Act was enacted in 1970 and compels financial institutions to assist law enforcement with combating money laundering, terrorist financing, and other financial crimes. Many in the industry felt that in recent years, the impact of BSA had evolved into companies filing massive amounts of SARs (Suspicious Activity Reports) and CTRs (Currency Transaction Reports) that created a lot of administrative work but no meaningful intelligence. In this vein, the AML Act of 2020 was implemented with the highlight being the direction for FinCEN to modernize BSA regulations with a focus on effectiveness over volume.

In this spirit, FinCEN released a notice of proposed rulemaking this past month which signaled support for risk-based approaches rather than binary compliance, and a framework that would require other regulators (OCC, FDIC, Fed) to consult with FinCEN before taking any supervisory action, another data point in the broader consolidation pattern noted above. Simultaneously, the other major development is the GENIUS Act, which we’ll talk more about in our next edition.

What does this hearing set up? This hearing is ten days before the June 9 comment deadline for two FinCEN notices of proposed rulemaking — the AML/CFT program reform rule and the GENIUS Act AML/sanctions rule. The hearing will likely build the congressional record as an input into the final rule (along with comments), surface consensus on SAR reform (i.e. how to reduce low-utility filings without creating enforcement gaps), and preview, or potentially drive momentum for, specific BSA reform legislation like the STREAMLINE Act (S. 3017) and its House companion (H.R. 1799)

May 20: Bank-Fintech Collaboration Hearing

What is happening / who is speaking? A day after the aforementioned hearing, the Committee will hold another hearing entitled “Partnering for Innovation: How Bank-Fintech Collaborations Enhance Financial Infrastructure” on Wednesday, May 20 at 10AM EST (livestream link here). This is specifically a session of the Subcommittee on Digital Assets, Financial Technology and Artificial Intelligence chaired by Rep. Bryan Steil (R-WI). This is the first Congressional Hearing on bank-fintech partnerships since 2024, which was shortly after the issuance of the Interagency Guidance on Third-Party Relationships. It’s harder to project the possible witness list given this topic has not featured prominently for some time, but possibilities could include a BaaS bank/sponsor bank representative, a fintech CEO, and/or an academic aligned with the committee’s framing.

What is the current state of Bank-Fintech Collaboration? The Synapse fallout is the most prominent story in the space, along with enforcement actions targeting sponsor banks for failures by their fintechs. Post-Synapse, questions about liability are also being raised, i.e. who is responsible when compliance or accounting fails in a bank-fintech partnership? The money flowing through bank-fintech infrastructure is bigger than ever, but the number of players doing it has shrunk, as Synapse scared off the smaller sponsor banks and the remaining ones are more rigorous.

What does this hearing set up? Given the shift in administration since the last hearing, the title of the hearing suggests a more constructive posture toward partnership going forward. This hearing could also lead to clarity on not just liability, but also reconciliation standards for FBO accounts (the root cause of the Synapse issue).

Wrapping Up

That’s the calendar. Three dates, two weeks, and a lot of structural movement in a short window. The Warsh confirmation reshapes the leadership of the Fed at exactly the moment GENIUS Act implementation rulemaking is being finalized across the federal banking regulators. The BSA modernization hearing sets the stage for the June 9 comment deadlines on two of the most consequential AML proposals in years. And the bank-fintech collaboration hearing, the first of its kind since the post-Synapse era began, could start drawing the lines on liability and FBO reconciliation that the industry has been waiting on for two years.

A reminder of what I said up top: most people will spend the next few weeks watching Drake, McCartney, the Mandalorian, or the Eastern Conference Finals. If you’re reading this, you’ll be watching all of the above plus a Senate floor vote, two House Financial Services hearings, and a slew of comment deadlines. See you soon.

At the start of the year, I planned a multi-part countdown of the biggest compliance stories of 2025 (Part 1 here). Instead of dragging that series out, I’m closing the loop here with a single synthesis: what actually mattered, what didn’t, and what compliance teams should still be paying attention to going into 2026. Let’s dive right in!

8. California’s “Mini-CFPB” Starts Cracking Down on Fees and Sloppy Crypto

The story: Last time we checked in on the NYDFS, New York’s version of a “mini-CFPB” state regulatory body. This time, we start with the DFPI, California’s edition. Two trends stood out - one, targeting crypto kiosks (think of the ATM-style bitcoin terminals that are available in random places) specifically for accepting cash transactions that surpassed the $1K daily AML limit, and for charging excessive fees on transactions; second, going after lenders (namely Apoyo Financiero, a lender that markets itself to the unbanked and primarily targeting Spanish speakers) for charging interest and fees that exceed the caps set by the California Financing Law.

Analysis: Here’s a quick table that shows some of the key fines and penalties across some of the larger state regulators in 2H 2025:

Based on the above, while NYDFS takes the cake from an overall monetary perspective, California is unique in that it appears to be the only major state regulator that is hitting hard on not just one two areas that seemed to have been the bread and butter of federal regulators and namely the CFPB - fintech lending/junk fees and cryptocurrency violations of AML and fees. Reg E, Reg Z, BSA/AML all come into play here. The other thing of note is that the DFPI appears eager to cross state lines (and even country lines in some cases) and tackle institutions based out of California that happen to operate there. Clearly, the CFPB “going to sleep” has simply opened up the doors for the DFPI to step in and leverage authority granted by regs like CCFPL, essentially their local version of UDAAP.

7. Aflac and Powerschool - When People, Not Systems, Become the Breach

The story: Neither of these players are true “fintech” institutions. However, these breaches are worth highlighting because of the attack vectors. In the case of Aflac, the popular insurance provider (yes, that’s why we had the ducks last time at the end of our post) in June of last year a social engineering attempt occurred by simply calling Aflac’s customer service line, asking for a password reset and stating that an urgent meeting was about to begin, and then also got the Helpdesk to reset the MFA. The individual whose credentials were compromised also had admin access to key systems. For a good read and further deep dive on this incident and how something seemingly simple can actually be pulled off, check out this post by cybersecurity expert Asad Syed.

In the case of Powerschool, it was a bit more of what I’ve seen in similar breakdowns (and probably many of you have seen for not just cybersecurity but other failures for institutions generally) - a vendor dropping the ball. Quick background, Powerschool is a cloud provider with front-end tools specifically for K-12 students, teachers and administrators. In this case, a contractor’s credentials were stolen who happened to have access to PowerSource’s portal, allowing access to what PowerSchool described as “sensitive personal information” that “may have included” Social Security numbers and medical data (!!!)

Analysis: The Aflac breach is a textbook example of why technical MFA is a secondary defense to social engineering; ultimately it is your classic human error leading to a huge breach situation. The Powerschool breach stands out to me more because of how it has been handled post-breach. First, they actually paid a ransom to the hackers - which flies in the face of the mindset “we don’t negotiate with bad actors” - to delete the data, which they have no true guarantee was actually done. Secondly, the types of information are way more than just your standard SSN, Driver’s License, credit card numbers - it turns out sensitive information about students was included that ranged from restraining orders to medication information, but again, no complete transparency was provided. The last update from Powerschool is a not-so-comforting announcement that someone is extorting impacted students/families with the stolen information and that in response, they will offer credit monitoring and identity protection services to those impacted. It has been 8 months since the last update.

One final thing of note here - PowerSchool was taken private by Bain Capital prior to the breach in late 2024, just months before the breach occurred, which almost certainly would have shifted its governance incentives and its focus for accountability. The reality is, when who you answer to changes, this sort of change in ownership will also change the context for risk prioritization, incident response, and disclosure practices even if it doesn’t cause operational failures. Specifically in the case of private equity acquisitions, Ownership transitions, whether to private equity or public markets, can create 'integration blind spots' where legacy controls may not scale at the pace of new strategic goals. This is inherent from acquisitions of Clear Channel to healthcare platforms. For compliance teams, the lesson isn’t about private equity itself, but about how ownership changes can quietly alter risk tolerance, oversight, and investment in control infrastructure.

6. The "AI-Washing" Crackdown at the SEC

The story: After the departure of Gary Gensler, who was quite reviled in the crypto world, the SEC has been headed up by Paul Atkins, who came into the organization in April 2025 shortly after the agency had already slimmed down by 10%. The SEC’s focus area has been more targeted towards “AI-washing” while decreasing the focus on registration violations and things like “off-channel communications”. In addition, the signal from the SEC as well as the DOJ and Congress (i.e. passing the GENIUS Act) is extremely pro-crypto.

But despite the federal government’s simultaneous pro-AI stance as evidenced by a recent executive order, the SEC seems to be unfazed as it converted its previously entitled “Crypto Assets and Cyber Unit” division to the “Cyber and Emerging Technologies Unit”, reflecting the de-emphasis on crypto and the broader coverage of technology risk in general - and this unit was responsible for two major actions, with one taken against the founder of prominent fintech Nate in April 2025 and a more sweeping action against a slew of crypto-related companies that touted their “AI wealth” capabilities in December of the same year. In addition, the 2026 SEC Enforcement priorities included AI as a continued focus, ensuring this is likely the beginning, not the end of targeted focus in this.

Analysis: Looking at the raw number of SEC enforcement actions in the 1 year since the Trump administration took office, the amount has gone down by 22% (311 between Jan 20 2024 - 2025, 242 between Jan 20 2025 - 2026). But in addition to the above activity, the SEC also launched an AI task force in August of this past year and appointed Valerie Szczepanik to head it - an interesting pick as she served in the agency through the Biden administration leading its innovation hub, proving this is no longer a party-line issue.

The aforementioned enforcement priorities also talk about evaluating AI in the context of cybersecurity, which should be interesting as to date the focus has been more on fraud perpetrated by registrants but this seems to indicate the scope will expand in the new year.

5. The Impending Advent of PSR in the EU

The story: If you lived in or interacted with any EU payments related regulatory matters, you were probably familiar with PSD2, the latest iteration of which went into effect in 2018 and was best known for mandating Strong Customer Authentication (SCA), for which enforcement was fully implemented in 2021. In English, this mandated multi-factor authentication, more accessibility/portability for customers (think open banking), and customer liability limits, just to name a few. PSD3 doesn’t introduce anything fundamentally groundbreaking, instead focusing on strengthening and clarifying some of the minutiae in PSD2 and making it clear that this will head to the issuance of PSR (a true Payments Services Regulation), so that the rollout is not forced to align with national regulations (something a non-PSR directive has to do, resulting in time-consuming legislation in each member state).

Analysis: The specifics of PSD3 are focused on two key areas - liability for spoofing (which now falls on the bank, even if a customer “falls for” a spoofing attempt) and firming up requirements for banks to “open the doors” to allow PSPs access to APIs so that open banking can start to scale (with a specific expectation of providing a dashboard where customers can see all third party access they have provided).

Check this article out for a great primer on where things currently stand - their prediction is that the PSR will be passed this summer and compliance will likely be expected by early 2027. This leaves precious little time for IT organizations of banks to get it together, particularly those that have not been modernizing their infrastructure. Aside from this, I was also curious whether there is going to be any customer awareness campaign so that customers know what their rights are. The data to date about consumer awareness has been telling:

• A 2023 YouGov survey found that only 34% of EU-based adults were aware of “Open Banking” (a core PSD2 pillar).

• A 2019 study by Riskified found that as many as 76% of consumers had never heard of PSD2.

• Awareness is lowest among younger users (ages 16–24), where knowledge of the directive is below 30% (using a survey of Swedish consumers as an example).

This all begs the question - a more comprehensive regulation is great, but what is the point if the people it’s intended to serve have no idea what it’s supposed to do?

4. The Billion-Dollar Message Down Under (or is it?)

The story: The SEC’s Australian counterpart, the Australian Securities and Investment Commission, took massive action late last year against the Australia and New Zealand Banking Group (ANZ). ANZ happens to be the second-largest bank in Australia - which makes it a more prominent target. In essence, ANZ was invited to join a government panel that, among many things, influences government bond markets. To join the panel, ANZ would be evaluated by the government on how active it was in the secondary bond market (aka bonds already issued and being traded between investors). However, ASIC identified that ANZ had found a way to puff up its numbers here.

Beyond this, ASIC also identified (likely triggered by more scrutiny after identifying the first gap) instances of misconduct, including tacking on fees towards accounts of deceased customers being run by the estates, and ignoring hundreds of customer-initiated hardship notices. In the end, the fines between both items (manipulation + misconduct) added up to $240 million Australian dollars, which happens to be the biggest fine ASIC has ever levied and is more than double the size of the previously largest fine (levied in 2022).

Analysis: A lot of “biggest” or “second-biggest” in this case. However, what is the real impact of this? Does it do anything in practicality to dissuade this behavior in the future or is the government trying to grab headlines? For context, the fine of $240 million is about 4% of ANZ’s full-year profit of $5.8 billion.

And how did ANZ respond to this, while publicly settling with the government? Just earlier this week, they announced their first quarter results, showing an increase in profit of 6% powered by cost-cutting - specifically, slashing 3500 jobs that took place at the beginning of the last quarter. This comes as just months before, Consumer NZ conducted a poll that revealed of all the major banks in New Zealand, ANZ ranked last in customer service satisfaction.

This raises a critical question about the efficacy of monetary penalties: if the cost of misconduct is simply passed on to the workforce through job cuts, the 'deterrent' hasn't actually changed the institution's risk culture.

3. The OCC Signals the End of Rent-A-Charter

The story: After a year of its enforcement action output slowing to a crawl, with several months of no enforcement activity, something that would have been unthinkable prior to 2025, the OCC took a wide-ranging action against the First National Bank of Pasco in Florida covering a slew of areas including corporate governance, capital planning, BSA/AML and FinCrime, and more.

The biggest driver here is that FNB Pasco was going way beyond their seeming profile as a community bank with only $285 million in assets. Thanks to the strain of markets and margins being squeezed, they had numerous partnerships with foreign FIs. However, per the enforcement action, these partnerships did not get the appropriate scrutiny required for correspondent banks that is supposed to be the hallmark of AML compliance. And this comes at a time when the Synapse case has already been dragging on for years now, showing that scrutiny is in full swing for both fintechs and the banks powering them. In this case, the cost of a mandated overhaul of board governance will likely wipe out any profit earned from fintech partnership.

Analysis: Two things stand out that are not immediately clear if you only look at the OCC’s action in isolation. First, the likely identities of some of these FIs. While the enforcement action doesn’t go into detail (which is typical for these sorts of documents), the FinCEN files were released in 2020 as a result of a collaboration between the International Consortium of Investigative Journalists (ICIJ) and 109 media parters. The documents that the journalists obtained revealed specifically for FNB Pasco correspondent accounts for banks in Tanzania, Latvia, Estonia and Russia, of which four were later involved in major money laundering concerns and actions. Interestingly, at the time of this disclosure, the sources stated that most SARs are not read or acted upon by FinCEN. The fact that an action like this took 6 years to be issued adds some credence to this concern.

Second, shortly after this action, a cannabis-banking related lawsuit was filed against the bank from minority shareholder based in the UK, citing the fact that the bank had significant experience to handle the nuances associated with cannabis banking. A quote from the lawsuit about the bank’s Board is something else, with some quotes you have to read, with the most comprehensive one being “Not a single one of the directors identifies any prior banking experience.”

2. CFPB Funding Cliff

The story: Almost anyone who has been keeping up with the activity of the federal government in 2025 knows that the CFPB has been in the crosshairs of the Trump Administration. Despite a lot of rhetoric in the first Trump administration, the Bureau soldiered on and continued to operate into the Biden administration. However, this time around things are quite different. A timeline-style format follows:

• 2/1 - 2/7/2025 - Trump fires CFPB Director Rohit Chopra and appoints Russell Vought, one of the key minds behind Project 2025, as Acting Director.

• 2/9 - 2/14/2025 - Vought issues a stop work order at the Bureau and the headquarters are locked, after which a team from DOGE enters the building and starts accessing sensitive data. A federal judge issues a Temporary Restraining Order to stop this data access and any attempts to fire employees. Most notably during this time period, Vought claimed the Bureau had “excessive “ reserves and declared that the “spigot” of Fed funding that had contributed to the “CFPB’s unaccountability” was being turned off by requesting $0 from the Reserve.

• 5/9/2025 - Trump signs resolutions repealing the credit card late fee and overdraft fee limit rules that had not yet gone into effect but had been finalized during the Biden administration.

• 10/28/2025 - Senate Democrats claim that Vought intends to “close down” the agency in months against the requirements of court cases that say the Bureau must remain operational.

• 11/11/2025 - The CFPB sends a notice in one of its court cases that it cannot legal request funds from the Federal Reserve, reigniting the argument that had been seemingly tabled back in February.

• 11/20/2025 - Vought sends a letter to Congress stating that the CFPB would run out of money by January 15, 2026 and that the Bureau was $279.6 million short of what was needed to maintain operations.

• 12/30/2025 - DC District Judge Amy Berman Jackson, who has been involved with the actions of the CFPB throughout 2025, ruled that the CFPB can continue to draw funding from the Fed, in a scathing 32-page decision.

• 2/9/2026 - The Senate Banking Committee’s minority staff releases a report detailing that the CFPB’s self-immolation has cost American consumers $19 billion in late fees and lost relief.

Analysis: What else is there to say at this point that hasn’t already been said? Here’s a link to a good analysis from Consumer Reports of where things stand at the Bureau as of February 2026. In spite of all the efforts made to save it, its future is still not looking good.

1. Synapse Implosion

The story: We save the best (or the worst, depending on how you look at it) for last. Arguably the biggest story in fintech for the last two years and running. We covered this as it started to become a big deal back in May 2024, but a lot more has happened since then. Similar to the above, we’ll use a timeline-style approach:

• 6/14/2024 - A massive ledger discrepancy is revealed - customers are owed $265 million from Synapse, but partner banks only hold $180 million. The gap that was previously thought to be $14 million is now $85 million.

• 10/15/2024 - The FDIC proposes a new rule that will require banks to maintain their own daily records of fintech customers rather than depend on middleware providers like Synapse.

• 03/11/2025 - One of Synapse’s biggest competitors, Synctera, raises $15 million while touting its new partnership with FinCrime vendor Hawk.

• 06/18/2025 - Synctera hires Deb Bonosconi, a former examiner with the Fed and the OCC, as Chief Risk and Compliance Officer, touting her compliance credentials and talking about how much this area is a priority for them.

• 08/27/2025 - After all the drama noted in our previous story, the CFPB breaks out of its Trump-era slumber and actually uses its enforcement power for the first time in the new administration to sue Synapse for “systemic failures” in fund tracking, with the suit amount being irrelevant as the goal is to unlock $46 million of victim relief funds. But that doesn’t address the almost $40 million still unaccounted for.

• 02/06/2026 - The CFPB announces new limits on its complaint portal, with the changes making it difficult for victims to whom the $40 million is still owed to have advocacy for their claims.

Analysis: Out of curiosity, I decided to take a look at what is left of the middleware space (specifically ledger as a service) that was a big thing in the BaaS space at the time this all started. I put together this table demonstrating what was happening in 2024 vs today in 2026:

Paired with the new FDIC rule, when 4 of the 6 names above no longer even exist as independent companies it is truly the end of an era.

In addition, even though it’s focused on a different side of the space (crypto/stablecoins), the GENIUS Act which was passed last year has a few interesting elements that would seem to take inspiration from the Synapse debacle. It provides the regulatory blueprint for what the 'Synapse Fix' should look like for the digital age, specifically the 1:1 reserve and monthly proof of accounting:

• A 1:1 reserve mandate - Every 1 unit of stablecoin has to be backed by cash, short-term treasuries, or central bank deposits

• No more lending out/investing customer funds to earn extra yield - This was what many suspect caused the Synapse shortfall

• Monthly Proof of Accounting - Stablecoin issuers have to publish a certified breakdown of their reserves on their website every 30 days, with top execs signing off on the accuracy of these ledgers (similar to what SOX mandated after Enron).

• Source of Truth - Issuers have to have the technical capability to seize or freeze tokens upon a court order, preventing a Synapse-like scenario where users are stuck because the middleman turned off the dashboard and now no one knows who owns what.

For more on this, as always, check out Jason Mikula’s multi-year coverage of all things Synapse and Evolve (dating back to before the bankruptcy - latest update here).

Wrap-Up

That finally does it for 2025! For a good preview of 2026, check out this post on Reddit that does a no-frills, straight to the point prediction about what compliance issues will keep up CEOs at night in the upcoming year.

Keep an eye out for more content and hopefully for things to become a bit more regular around these parts. I'm currently exploring how these 2026 shifts will impact lending in particular. If you are navigating these waters, I'd love to connect. Thanks, as always, for your subscriptions and support!

This thing still on?

In all seriousness, hope you all have been doing well! If you’ve noticed, I kind of…sort of…took a hiatus from our little thing here, including the broader fintech community. For the last 6 months, I made a conscious decision to step away entirely from all of this. Even LinkedIn. No fancy announcement, just a necessary, intentional disconnection for a variety of personal reasons, ranging from family matters to a massive marathon training block.

While the Chronicles went quiet, my focus on the industry’s moving parts did not. Stepping back from the daily ‘feed’ allowed me to prioritize health and recalibrate my perspective without the constant noise of the platform. So I’m returning with a much more disciplined cadence and a tighter focus on the stories that actually matter. As we turn the page on 2025, we take one final look at the 10 biggest stories in the fintech compliance world while we were away for the last 6 months; not just here in the US at the federal level, but in states and even around the globe. In tried and true tradition with some of our past editions, this is yet another series. This week we’ll focus on #10 and #9, with more coming over the next few weeks. Let’s dive in:

10. A £1 Million+ Data Integrity Screw-Up (that the FCA notices)

In the UK, the Financial Conduct Authority (FCA) - essentially the UK’s equivalent of the Securities & Exchange Commission (SEC) in the US - demonstrated that it has lost patience with firms that cannot manage their data. On July 29, the FCA fined Sigma Broking Limited £1,087,300 for transaction reporting failures. Interestingly, this story didn’t get a lot of play in the news beyond more technical legal publications, but this is a bigger indicator of where regulatory scrutiny is going (at least for British fintech) and we thought we’d start off by highlighting it.

Who is Sigma? Most of you tech savvy folks may have heard of Sigma Computing, which is a company that specializes in analytics and visualization. (Don’t worry, this isn’t a third/fourth party service provider horror story). This is actually a different company altogether - Sigma Broking is best described as a broker’s broker. Think of them as the plumbing that moves millions of dollars for the world’s biggest players, including investment banks, hedge funds, and massive portfolio managers. Sigma helps these giants move government bonds, oil and stock indices.

So what went wrong? The origin story for this screw-up comes back to MiFID II, an massive EU reg that became law in 2018 and among many things, requires institutions to deliver strict reporting on financial trades. While some may hear the phrase “regulatory reporting” and think “necessary evil,” to the regulator (in this case the FCA) it is a critical tool in their fight against market manipulation. And coming to Sigma, in this case - right from the jump of their MiFID reporting in 2018 - they transposed “Buyer” and “Seller” fields for what they were sending to the FCA to the tune of 924,584 transactions. In terms of what the reporting looked like to to the FCA, they were seeing the client as the seller and Sigma as the buyer - for all of their transactions. Meaning that Sigma looked like it was just the buyer on trades constantly, when in reality they are an intermediary and do both. To make matters worse, this lasted for 5 years and was never caught, all while they actually got an earlier action levied against them (in 2022) by the very same FCA on a related but different matter that was significant enough to lead the FCA to ban the CEO from senior management, essentially forcing his exit.

You would think that would alert them to beef up the internal controls, but no - it was the FCA that ultimately found the issue, and as is the case with many regulators they do not take it easy on what they consider “repeat offenders.” The FCA is pretty transparent about its methodology, and in this case they decided to double the base fine and apply a 40% aggravation increase due to the repeat nature of the offense, along with failure to self-report and not doing anything about the previously identified issue.

And speaking of the fine, one might be tempted to see £1 million and think “okay that’s bad, but how bad is it really?” For a private firm like Sigma Broking, a £1.08 million fine is a seismic event, not a line item. While a global bank might lose that much in a rounding error, this penalty represents roughly 3.5% of Sigma’s total net assets (£31.2M).

To put that in perspective: for an individual earning £100,000, this is the financial equivalent of a sudden, non-negotiable £3,500 bill. It’s enough to wipe out annual bonuses, freeze hiring, and force a complete audit of every internal system.

Sigma would have probably argued that they were on top of it after 2022, it just took them a while. But to the FCA, they saw a company that took 7 months to acknowledge the error, then over a year to remediate it, bringing in a third party to help them, and still couldn’t get things right. On top of this, a few months before the 2025 issue was publicly announced, Sigma announced they were putting themselves up for sale, while the new CEO resigned. What a mess.

To me, the biggest lesson here is that you can’t just fix a problem and expect that issues will be resolved. In fintech/banking/financial services compliance, it is critical that you not only solve a problem, but then put controls in place to make sure you can catch similar issues in the future should they occur. Had Sigma built an internal control environment, performed more internal audits, and reviewed their system logic, they would have probably avoided this mess.

9. The Multi-State Regulatory Surge

These pages have been very focused on the CFPB, in 2023 and 2024. Obviously, 2025 has been a different story. With the agency on the verge of shutdown (which - spoiler alert - is one of the 10 stories we’re covering), attention has shifted to state regulators. And no name loomed larger than the NYDFS, which historically has been seen as proposing NY-based rules that are precursors to activity later undertaken at the federal level (something that was apparent as early as 2014).

The new wrinkle is that this era has seen the rise in significance of the multi-state approach. Although this approach started showing up in 2020 for state regulatory exams (yours truly is a proud participant of a few of these in the past), the stakes are higher in the wake of federal pullbacks. The NYDFS is the example we use, and specifically their action against Wise for $4.2 million in July along with Massachusetts, Texas, California, Minnesota and Nebraska.

As a reminder, Wise used to be known as TransferWise, and historically has been a significant player in the overseas money transfer game (along with its biggest rival, MoneyGram) having been around since 2011. In the last five years, they decided to drop the “Transfer” while on the cusp of going public, and since then have wildly diversified their offerings, getting into everything from business cards to QuickBooks functionality while also expanding their global footprint.

The action also came against the backdrop of a broader period of transition for Wise, including leadership changes following its public listing and other publicly reported regulatory and operational challenges. While those issues are separate from the specific AML findings, they provide useful context for understanding the governance and controls environment around a rapidly expanding cross-border payments business.

The specifics of the action focused on core AML program obligations: timely SAR filing, accurate and complete data feeding transaction monitoring, and sufficiently frequent independent AML program reviews. These are foundational elements of AML governance, which makes the action notable beyond the size of the fine.

As for the fine itself and the multi-state approach? Fine-wise, the amount is not much as $4.2 million is a drop in the bucket for a company with net assets of over £1 billion. But the multi-state nature of this is the more interesting aspect. The action was coordinated by the Conference of State Bank Supervisors (CSBS) (which has been around since 1902 and is best known for running the National Multistate Licensing System and the State Examination System) in conjunction with the Money Transmitter Regulators Association (MTRA) which started more recently in 1989 and focuses specifically on money transmitters and payments.

Both of these orgs have been around for a long time conducting multi-state exams, but what has been interesting is their recent proclamation - after testing it for a few years, the CSBS formally launched their “One Company, One Exam” framework this year of which there was a component called “Networked Supervision” - essentially, it allows states to pool resources and conduct a single, massive exam on a company rather than 50 individual ones. And the other bit to note here, it wasn’t just a bunch of states under the CSBS doing an exam on banking requirements, those same states were able to cover money transmitter license (MTL) requirements as well. Double-edged sword for the company - less exams, but way more hinging on a big one (and essentially the equivalent of a large federal exam).

The CSBS and MTRA continue to work closely beyond exams as well, having collaborated in the past on a report calling out bank de-risking practices that result in them terminating accounts for licensed fintechs without valid justification. I would say best to buckle in and watch the state regulatory space closely in the coming year. The Wise action tells us that multi-state exams are not just going to be administrative check the box exercises, but could very well be poised to replace the rigor of what CFPB exams used to bring pre-2025.

Next Time and In Closing

Join us next week as we bring you the #8 and #7 Fintech Compliance stories of 2H 2025. I’ll give you a hint with a word and picture. The word? “Mini-CFPB”. The picture?

Now, in closing and some housekeeping. To the 2,000+ of you who stayed subscribed, the small batch of people on Substack who decided to subscribe even though I didn’t produce anything for half a year, and the dozens who reached out about the podcast or pings - thank you. I’m currently triaging a mountain of messages. If I haven’t replied, it’s not for a lack of interest, but a commitment to moving forward with intentionality.

Finally, a note on the ‘Year-End Recap’ season. LinkedIn is currently a sea of ‘humbled and honored’ victory laps. But I know that for many of you, 2025 was a year of layoffs, personal loss, and quiet struggles that don’t make it into a highlight reel. If you’re just happy to have made it to December 31st, you’re in good company. Let’s make 2026 about the humans behind the compliance tech.

See you next week and happy new year!

~~

Further reading:

1. 2025 fines | https://www.fca.org.uk/news/news-stories/2025-fines

2. FCA fines Sigma Broking Limited for transaction reporting failures https://www.fca.org.uk/news/press-releases/fca-fines-sigma-broking-limited-transaction-reporting-failures

3. Final Notice 2025: Sigma Broking Limited - FCA https://www.fca.org.uk/publication/final-notices/sigma-broking-limited-2025.pdf

4. Notice in a nutshell: Broker fined for MiFIR transaction reporting failures https://connections.nortonrosefulbright.com/post/102l10p/notice-in-a-nutshell-broker-fined-for-mifir-transaction-reporting-failures

5. Sigma Brokings Compliance Collapse - A Case Study in Reporting Failures https://vinciworks.com/blog/sigma-brokings-compliance-collapse-a-case-study-in-reporting-failures/

6. Bank and Financial Services Orders | Mortgage Enforcement Actions - DFS https://www.dfs.ny.gov/industry_guidance/enforcement_actions

7. NYDFS and Other State Regulators Impose $4.2 Million Penalty on Money Transmitter

   https://www.consumerfinanceandfintechblog.com/2025/07/nydfs-and-other-state-regulators-impose-4-2-million-penalty-on-money-transmitter/

8. One Company, One Exam - Driving Forward Change - CSBS
   https://www.csbs.org/one-company-one-exam-driving-forward-change

Connecticut Digital Banking Innovation Summit, hosted by Bankwell

“This conference will be focused on initiating discussions in Connecticut on digital banking innovation. Our goal is to bring regulators together with banks and FinTech experts with the goal of fostering greater support of innovation in the CT Department of Banking and state government.

We have two senior regulators speaking on panels. I am moderating the first panel, which includes Joe Chambers, who is the Chief of Staff and General Counsel.

Our second panel is ”Managing Financial Technology Risk in a Digital Economy.” Faraz Rana (CEO/Founder Affinity) is on that panel along with Derek Henderson, the Chief Compliance Officer for DR Bank (based in CT) and Steve Brunner, Chief Risk Officer at Bankwell (based in CT). Jaspers Sneff Nanni of FS Vector is moderating that panel.

The third panel is focused on the “new” CT Innovation Charter, which is a non-depository charter. There are a few banks operating under this charter, including Banking Circle. As you can imagine, it is of particular interest to people in the payments ecosystem. Matt Saunig from the CT Department of Banking is participating in that panel.

Our event is Tuesday, June 3rd from 11 am – 2:30 pm at Fairfield University in Fairfield, CT.

We are viewing this summit as just the first discussion.”

As a bonus for our readers, if you use the code “FINSOLUTE” you will get free admission to the event. If you attend, kindly let us know and take pictures! Always proud to support the fintech compliance community.

As many of you know, I spent 8 and a half years working there, longer than anywhere else in my career. And if you throw in the 6 months I did a college internship with them, it essentially rounds up to 9 years. This is a subject that I didn’t really talk about publicly until seeing the initial cold, unfeeling media reaction to the surprise news last year prompted me to share my thoughts about it which more or less went viral, and spurred me to create the “Now What” series here which got a lot of views especially from current Discover employees. All that, for those of you who have been here since then, is old news.

Today I would like to share some of my reflections as a new entity now forms. These are not necessarily related to Compliance, so if you’re here looking for that maybe it won’t be the best read for you this week. No worries, we have a lot coming in store very soon. For those that want to take a trip down memory lane with me, read on.

• How did I even find out about this place? Late in my college career, I had gotten a B+ in a college class, and a professor told me he was going to “make it up to me” by facilitating an introduction that he promised would have an impact on me long after this course was over. He introduced me to the career counselor at our University, who facilitated my application for the summer internship program with Business Technology, and so I actually started off my career in tech doing a mixture of SQL coding, managing portfolio marketing campaigns, and working on intranet pages. When the time came to make a decision on what I wanted to do after graduation, Discover offered me to come aboard full time. Instead, I ended up going into public accounting where I was part of the post-busy-season layoffs about a year later. It took 4 years before I “came back to my senses” and found my way into Discover again, and the entire time between stints all I could think of was the amazing campus and the familial vibe. For some reason, the RAK in particular always stayed with me.

• Stint two was working in Internal Audit, and it was frankly, a hell of a ride. My sincere thanks to my boss of 7 years, Michael Nesler, who saw something in me during my interview and basically strapped a rocket to me - giving me opportunity after opportunity. I got to prove myself as an IC, then a project lead, and eventually got to lead and grow teams for the first time in my career, something that has truly become a passion since then. These sort of “trial by fire” skill building approaches are rare at any company, large or small, but I’m proud to have had the opportunity to experience it. I worked, traveled, and made lifelong friendships with incredible people, not just my own team but with stakeholders, colleagues in China, and even external peers. By the end of my time at Discover’s IA, we had done some wild innovative stuff that left management consultants we worked with asking me if they could set up time to learn more about some of it, and allowed our leaders to humble brag at conferences about our direction.

• The field, as we called it, was something that I’ll probably never experience again. Most of us have deal with call centers and it’s not really a pleasant experience. You have seen the Discover commercials, though. And the hype is real, the customer service is second to none - something that I hope Cap One does not mess with. The JD Power awards are proof of the fact that it’s no joke. However, all of this is one thing - actually visiting a call center is another. A few things stood out during my approximately 15 visits to Utah, Arizona, Ohio, and Delaware during my time at the company:

  • 1) The floor of the call centers were a constant buzz, and not in a bad way. It wasn’t just calls either. There were little subcultures formed in different wings, with decorations, different shared snack days, brief huddles that sometimes included offbeat things like costumes, and so on. All to keep folks happy, motivated and connected while they provided top notch quality to customers. It is a stressful job, and I remain in awe of how these folks did that while having actual smiles on their faces (it’s not just in the commercials)

  

  • 2) If you were a new employee and didn’t know how the product works, sitting down with the agents and watching them in action (or listening to their calls) was the best way to get up to speed. And as a bonus, because I was there doing audits, after the calls the agents would tend to offer extremely candid insights about the process and how they thought it could be improved, sometimes sharing things that their management wasn’t always eager to share but begrudgingly admitted later on.

  

  • 3) Speaking of management, our senior leadership up to and including the CEO constantly visited the sites. Not to gauge performance, but to remind the folks working in these centers, many of whom were hourly employees and did not have the luxury of corporate bonuses, that their opinion mattered and that even someone with years of experience working in big companies elsewhere could learn a thing or two from sitting back and just listening to the agents do their thing.

    

• Recognition programs! This was something that came as a shock to me when I started at the company and received my first “Smart Appreciation” coin. But over the years I realized how much these little nudges of encouragement meant to me and kept me motivated. Yeah, it’s great to get a salary, but if you want to ensure loyalty you build out formal programs like these. These extend all the way to the President’s Award which I was fortunate to win in 2014 with some of my fellow colleagues for revamping a training program, and the Pinnacle Award which is essentially the equivalent for those in the field.

  

• There are some things, as I look back, that I would imagine would be warning signs for any company in a similar profile to Discover because let’s be real about it - the Cap One deal did not happen because Discover decided it was a good business move. On the contrary, it happened in the wake of a major compliance and finance error that cost the longtime President his job and the deal likely was the cost of getting over the hump for the $300M penalty associated with this miss. Here’s a couple of things without getting into specifics:

  • 1) While a culture where you have folks who have been with the firm for over 30-40 years is amazing, it can also breed complacency and the classic “we’ve always done it this way” approach. Most notably, executive leadership remained largely static for over 10 years before undergoing change. Although recent years have led to a huge number of changes and management turnover since then, I’d argue a balanced approach is necessary.

  • 2) Partnerships are critical. They keep you out of your bubble and give you allies and new perspective. While many of the peer companies offered co-branded cards or partnered with cool up and coming entities, Discover did not always do so. Perhaps the biggest example of this is in 2014 when Apple launched Apple Pay, yet Discover was noticeably absent. Eventually, we know that things changed, and yes Discover did a lot of hard work on things like international payment network sharing, but does anyone remember the last real celebrity endorsement of Discover before Jennifer Coolidge of White Lotus fame?

  • 3) Compliance must be a priority and tone at the top on this matters a lot. Won’t say more about that but I think you get the idea.

I’ve interspersed some pictures from the 2012 “Voices of Discover” book we were all given after a company town hall which reflects the culture at the time and something that for better or worse, is going to change as the company, its employees and its customers embark on a new era. Thanks for the memories, and best wishes to everyone on the new chapter.

If you’re a current or former Discover employee, chime in with your comments and thoughts below. Would love to have this become a wall of good memories.

Welcome back to the podcast! This week, I’m excited to feature my conversation with fintech compliance recruitment leader at Madison-Davis, LLC and general compliance industry advocate Sanjeev Menon.

Madison-Davis is “a leading executive search and temporary staffing firm specializing in financial services and technology. Founded in 1982 with a single purpose: to provide top-tier talent through a strategic approach and unparalleled subject matter expertise. We pride ourselves on the relationships we cultivate and the success of our placements, and our role in building highly-skilled workforces across financial services and technology. We have partnered with more than 1,000 companies across traditional finance, decentralized finance (crypto & blockchain), healthcare, technology, consumer, and industrial sectors. Our tight focus on both financial services and technology has cultivated our subject matter expertise, which allows us to fill any role promptly and efficiently. We offer personalized recruiting in various specialty groups, including Accounting & Finance, Corporate & Investment Banking, Equipment Leasing & Commercial Finance, Legal & Compliance, Risk Management, and Technology.”

Some background about Sanjeev - he is “a Managing Partner in Madison-Davis’s Legal & Compliance Practice Area, joining the firm in 2023. His expertise resides in providing staffing and workforce solutions to clients actively creating best-in-class compliance and financial crimes programs in the financial services, fintech, telecommunications, pharmaceuticals, and health services industries. Sanjeev has assisted clients in dealing with consent orders and enforcement actions by providing both executive recruitment and contingent labor for projects. He is an ASA Certified Staffing Professional and holds a SHRM-CP. Sanjeev stays abreast of the latest human resources and staffing trends, analyzing the ongoing evolution of the employment market. He holds a BA from the University of Michigan, Ann Arbor.”

Grateful to Sanjeev for taking the time to join the show, and grateful to those of you who participated in our audience poll ahead of this episode with your questions.

Experimenting with no transcript this week, and trying something slightly different with the video. Please see below for a link to the video edition of this episode:

Welcome back to the podcast! This week’s guest is Andrew Jamison, an industry leader in B2B payments and spend management, and the CEO and Co-Founder of Extend.

Extend is a “digital credit card distribution platform for banks, fintechs, businesses, and their customers, that redefines how credit cards are issued. A certified Visa and MasterCard partner, Extend seamlessly integrates with legacy bank issuing systems to enable modern virtual credit card features and distribution capabilities. Extend offers both a virtual credit card distribution app (paywithextend.com) for business customers that want to instantly equip anyone with a secure mean of payments, and a suite of APIs for fintechs to leverage virtual credit cards to enhance their products, enable commerce at POS, and streamline payment operations.”

Some background about Andrew - he is a “virtual card expert, who managed all B2B payments solutions for American Express for 12 years with a mandate to drive digital payment innovation and adoption. Over the course of six years, he doubled B2B payment volumes by launching and scaling new capabilities and platforms. Prior to AMEX, Andrew spent eight years managing global SAP deployments for large multinational corporations. He earned an MBA from INSEAD.”

Grateful to Andrew for taking out his time to talk to us about the intersection of B2B payments and compliance! Special thanks to Avenue Z for helping coordinate the discussion.

Zarik: Welcome Andrew Jamison to the Fintech Compliance Chronicles podcast. Really excited to be talking to you today to learn a little bit more about Extend, the company of which you are the CEO. As I always like to start off with in these conversations, who are you and what do you do?

Andrew: Thank you Zarik, for having me on the show. So I'm the CEO as you rightly pointed out. I'm one of three co-founders of Extend. We are just approaching our eighth anniversary of creating this company. It's been an interesting journey. Upon which I've relied an awful lot on my prior experience.

That's spending the best part of 10 years working alongside SAP and understanding the enterprise resource planning space and the size and scale of business and specifically around finance functions. And then more recently with the 12 years I spent at American Express managing B2B payments, and the platforms over there.

So understanding the payments ecosystem. And so all this comes together, with the creation, of Extend, which is really a spend and expense management tool designed right for the middle market or the emerging middle market. The idea is to allow people to do more with what they already have.

It's really about spend and expense management from the card you already have from your existing bank provider in your pocket.

Zarik: Great. Thinking to the origins of the company, what would you say were some of the pain points? In spend management, particularly thinking about B2B payments in general, what were some of the gaps, pain points, opportunities that you and your co-founders saw, that you built Extend on, to try to resolve and, ease.

Andrew: Yeah, so for the segment that we really go and support, the main part of our customer base really is in that emerging middle market segment. It's companies with less than 75 million in revenue, and north of 10 million in revenue. So in that space there's somewhere between 150 and 200,000 companies, that represent a spend capacity of about $2 trillion.

So a sizeable spend. It's a top 10 global economy right there. What I saw though with the tools at our disposal is frankly, there was just too much friction. In the ecosystem specifically, the companies are seriously resource challenged. Whether it's to do with capital or people, they don't have the luxury of having departments, right?

The departments are often departments of one or two, and those individuals have so much diversity in what they do in any given day. And what they didn't have was access to tools that drove automation, tools that drove control. Tools that allow them to get to compliance right. In a more seamless fashion.

So for us, what we were trying to solve for is could a company of less than 200, 300 employees easily be able to manage both expenses after an event had happened, but actually more importantly, also then manage events before they happened. So, this is where the prevalence of subscriptions and how people run their businesses has changed so much over the past five years that actually just new tools are needed. There's so much more is happening through payments online, but you have to have control and you have to really understand that your subscription's not gonna run wild out there.

And so many businesses today rely on buying these services on behalf of third parties that actually just need a better way to reconcile and to automate billing and collections and all these pieces. So that was really the vision here was like, could we look at that customer segment and really think long and hard about how do we drive truly automation into that segment, right?

And access to tools that frankly, that'd been kept away from them, partly because they were not scaled enough as businesses, and typically those tools just took too many resources for it to be profitable for people to bring those capabilities to that segment.

Zarik: That makes sense. If I'm remembering correctly, your company started in 2017, is that right?

Andrew: That is right. Yeah. So we started in 2017. The company was formed in April, but we didn't raise our first fund until October of 17. So we had sort of a six months period where we got some friends and family money together, as much as anything else you have to prove to investors that you're worthy and that comes at the cost of having to lean in, to your network and have people be willing to back you, even if it's for a normal amount.

It's really an important part of the journey. And actually for our collective wives, it was a really important part of the journey. 'Cause I don't mind you giving your time because time is money given your careers. 'Cause we're not 22 starting the business, right. We're all in our forties at the time.

So for them it's like, I just don't want you to invest our own money given the fact you're giving up so much already. So how do you partner up to bring capital and skill together right? To develop this company.

Zarik: That makes sense. And actually what came to my mind when you were talking about subscriptions; it's interesting that in 2017, this was the vision you had because from my perspective-- certainly more I think on the B2C side than the B2B side, the subscription pain and the need for organizations to be able to support, subscription management recurring payments, if you will-- I think it's become much more of a going concern for individuals and organizations since then. So I would say kudos to you and your team for anticipating that, as a challenge and to some extent, I'm sure it did exist, but at least from my vantage point of seeing this as a problem to be solved, I think it's gotten more and more. So certainly, seems that you all have positioned yourself very well to be able to tackle it.

Andrew: I was gonna say, I'd love to take credit for that, but there's always luck in this. Right? And so this is where part of the story is luck because COVID has actually been one of the biggest reasons why this whole thing has, I think gathered speed and like a snowball running downhill. It's just gathered momentum.

And, I think if you go back to 2017, yeah, there were subscriptions. Absolutely right. We still stood up paying subscriptions for Jira, for managing tickets or for running essentially Slack or all those different things. But the reality is we also believe at the time, where anywhere between 10 and 20% of the workforce were contractors, long term contractors that didn't have access to a card, we thought originally there would be a lot more in that particular space. As it turns out, there was an even bigger problem, right in that sort of indirect spend where, there was frankly, a lot more problems to be solved there and much bigger tickets. And that's what's allowed us to scale, really fast is seeing that opportunity develop.

Like everything right, there's always elements of luck. And being there at the right place at the right time.

Zarik: Agreed. And you talked a little bit about partnerships. If you could talk through your partnership with, BMO, where, you focus on essentially creating a set of virtual cards and, having some really innovative ways to work through underwriting.

If you can talk through that and even how you manage things like AML, KYC identity verification to the extent that you need to, when you're partnering with them and when you're thinking about, the creation of virtual cards.

Andrew: So this is where we differ from others in the market, that instead of partnering with BMO and banks, have decided to go it alone, right? And so that's where our model actually is. We partner to overlay our technology, over the top of existing infrastructure. So it's dependent really on what processor they're using to issue cards, to manage cards, right?

What network they go and authorized transactions on and how transactions are routed through the ecosystem. So essentially our model there is really a white label model. And we do not onboard a customer because BMO does. BMO is the one running KYC and essentially all of those aspects.

And so that's the beauty of our model, we don't have to go down that path of KYC. Now, here's what's interesting in that model though, is when virtual cards are generated and now increasing, getting into the hands of individuals, now you start saying, we need to do OFAC screening.

And so we essentially have partnered up with them to drive that process. That's key because this is net new. You're delivering a card to an individual versus a business. And more and more bank partners are saying, well, the minute you straddle into that space, you do need to run that part of the process.

But the beauty of our model really has been the fact that I don't underwrite. Actually, I'm not the issuer of the cards. BMO underwrites, BMO issues. And then when a card gets presented at a merchant, be it online or, in retail with Apple Pay that whole, process runs through the normal rails.

So again, relying on the whole infrastructure that BMO has put in place around making sure fraud isn't happening and all these different things, my belief is they have all the resources to make that happen. And it would be very hard for a FinTech to hold that high standard.

And that's why we have relied on the model where we are gonna go out and partner with traditional banks, to make them really successful.

Zarik: Yeah, and I think it says something that BMO is willing to partner with a company like yours and take on some of that risk and infrastructure, regulatory infrastructure, if you will, to be able to perform those checks. 'Cause I've also heard of cases where there's tech / bank partnerships on the table, and sometimes the bank will say, you know what? We don't want to assume the risk for your customers. So, I think it's a testament to, the quality of partnership and their trust in you.

Andrew: Yeah, look, I mean, here's the benefit of having been in the industry and having been on the other side of the table for 12 years whilst I was at American Express: for me, compliance isn't an option. It's a necessity. And as long as you kick off with that as a mindset you build your company in a certain way.

And it's never been a case of circumventing. It's always been a case of addressing. And I think where technology and compliance sometimes goes a bit awry is people are understanding what each party's actually doing. And so the hardest part here is much more about being able to outline to different teams exactly the role you play and therefore what rules should be applied to that particular scenario.

Too often these things get bundled and sometimes it's, people say, there's too much compliance and oversight. It's like, well not really. It's just about can you understand which parts of this are relevant right to the process that you are supporting on behalf of your bank partner.

And I think navigating that gray zone is where most people have trouble. And I think that's where, having the benefit of having been, in and around industry and enterprise for the best part of 25 years before starting this business. It was very clear to us that if we were gonna be successful, we would have to be onboarded as a supplier, likely not just by the banks, but by the processors and by the networks. And so for us, we knew out of the gate, we were going up against the biggest of companies in financial services full stop. And so we would have to be able to pass all of these different gate reviews, and really be supportive in that process.

And that's actually been a huge asset because that's where we've built the trust and we all know this business and financial service trust is such a key element in being able to grow together. Because without trust, things fall apart really fast. As we've seen in the FinTech ecosystem where people didn't take something seriously, the thing unravels really fast.

Zarik: Agreed. It can go bad pretty quickly. Just staying on the topic of regulation more generally. I'm curious if either as a consequence of your past industry experience or given the increasing profile and exposure of Extend to the larger market, you've received any regulatory feedback, or just indirectly have heard from some of the organizations that are using your tool from their compliance teams perhaps.

You said a lot of the burden is picked up by partnerships like BMO, for example. Would be curious to hear what kind of feedback you're getting from some of your customers, your partners, et cetera.

Andrew: Yeah, so look, we've had great feedback, partly because we help accelerate timelines for our bank partners to be able to launch these capabilities for the customers they're trying to serve. A bank partner may say, I love the solution, but you do need to do sanction screening.

And it's like, well that's gonna take us two years to develop internally. And it's like, great Extend, can you help us here? And that's where it wasn't two years. Because our advantage is speed of building technology and integrations and different pieces. There we were 12 weeks later, having satisfied the compliance needs of our bank partner. And so that's where I think you get these great partnerships, right? It's about, leveraging technology and building the right process flows, where you get the benefit of being a FinTech. But then you get the benefit of size, scale, compliance, trust with the partner issuer that you have that's been in market and understands the market as well as anyone else.

And that's where we get the benefit of experience from them and allows us to drive clarity in how we're building and designing, our solutions. So look, overall, the other thing is having been onboarded by so many of these strategic partners, where there's PCI compliance and you go down the list they've commended us because we've thought through and every time we get assessed it's like, oh, you know, you've actually thought this through and you've thought it through in a way that you can go and scale your business without us having to be concerned, right? Around whether or not you're doing these different things.

So what I will say is, sometimes you can say, oh, it's frustrating. It's just added six weeks. It just added 12 weeks to the process. But I think compliance is a necessity. You can't go around it. And as long as you embrace it, I think you get to a really healthy place.

We always wanna move faster. They always wanna move slower 'cause they wanna make sure they get through the right gate reviews and somewhere in between we do really well together.

Zarik: I think it's all about balance, to be successful on, that topic of compliance. 'cause at the end of the day, compliance should be a competitive advantage if it's helping you achieve your bottom line in a way that maybe some folks don't think about. But I think you illustrated it really well.

How it can benefit and help you stay outta trouble at the same time.

Andrew: Yeah. And it goes beyond the banks, right? We struck up a partnership with SAP Concur invoice to essentially allow them to have bank partners of ours who are part of that ecosystem to be able to add virtual cards as a payment method to suppliers.

And the key part here is you have to have someone be able to register a card. Well, SAP does not want to get into this, PCI compliance world. We understood that and so we're able to create the infrastructure that ensures that we can authenticate. Someone owns a card without SAP Concur and their invoicing platform having to worry about it because we handle it on their behalf.

And so, it's interesting how it goes one step further always. You're trying to serve the banks who are trying to serve their customers, but those customers are already using certain software solutions. So actually you have to serve the software solution provider too. It's a really complicated web, and I think that's why B2B embedded payments has taken so much longer to take a foothold because of the complex nature of it.

The permutations are massive compared to the consumer world where we walk around with a device and that's the thing you need to worry about, and it doesn't go beyond that.

Zarik: Certainly agree. And if I could just hone in on the SAP part for a second, I would have seen them as a competitor of sorts from your perspective.

But you just mentioned that you've partnered with them, which I think is really fascinating and interesting. And my understanding is also you had a background that involved, some time in SAP consulting, if I'm not, mistaken. So I would love to just dig into that a little bit, the thought process behind, partnering with them.

How, if at all your prior background played into that, does it just come back to the thing you talked about earlier with credibility, experience, trust?

Andrew: Yeah, we're talking about a massive sort of enterprise partner. And I think, credibility is huge, right? It's being able to point right to people I knew within the company who had worked with in the past. It's about them having a full understanding that I actually understand the ecosystem.

I understand Concur. I understand Core SAP. I had also, whilst I was at American Express, done a partnership right with SAP around how we could really help customers send payment instruction files directly to Amex so that we could then marry up an instruction with a card to give to a supplier.

I'd done a bunch of those initiatives because I'd been with SAP and working with them as a consultant in Europe. And so I had a pretty good understanding of the ecosystem and what needed to happen. That is definitely one of the big advantages of having a few gray hairs, the fact you're able to parlay that experience into meaningful relationships that frankly outsize the size of the company. Punch above your weight. And that's really been a huge foundation for so many of the things that we are doing.

So yeah, it is critical in my mind to get to this space where you are embedded in those ecosystems because I do think the future of this goes into embedded payments. I think the challenge so far though, has been that outside of core payment rails, which is ACH, it's wires, it's checks, there hasn't really been any standards around how things should happen. Cards always had standards, but the standards were driven by the merchants and their point of sales and how data went from the point of sale to the networks and then got pushed down to the issuers and eventually to the customers.

So there was always a standard there, which is why that ecosystem grew really, really well. I think the challenge of software providers who work alongside small business all the way through to large enterprise is when it came to issuing cards. And in this case, digital cards. There was no standard.

There has been lots of partnerships where people have gone out and said, you know what? I'm gonna work with this bank or that bank, and everyone puts a ton of effort behind it, but it's not really scalable outside of that one bank partner. And then you realize that it's not a build it and forget it, it's a build it and support it forever.

And before you know it, you gotten yourself down a rabbit hole and seemingly you're never getting out of it. And you have to keep supporting this thing forever. And you're like, well, this was never our business model. How did we end up here? And so our vision has always been, let's also create that middleware that creates a standard for digital card issuance so that we can plug into software partners.

And they can do what they do best, which is develop standard software. And let us take care of the idiosyncrasies of how one bank may issue a digital card versus how another bank issues a digital card. And then we truly help you and we make it easier for those business owners to do the things they need to do inside of a cockpit that they chose and not having to have whiplash of being inside here, "well now I need to go and make a payment. I need to go over here and now I need to come back and rent reconcile back over there." And that's really what we've been trying to help with. And that's where APIs, frankly, have really helped to get us here. So a lot of this is about maturity of technology as well, and I think a better understanding of the baseline capabilities that need to be in play.

Zarik: Speaking of capabilities and technology maturing, would love to get your take on future trends, where do you see the space evolving, particularly as you think about embedded finance, how it's expanding into global supply chains. Even thinking about things like cross border transactions, real time payments. Certainly, someone with your payments background and obviously what you're doing now, I'm sure you must have a lot of thoughts about, where the industry's going and specifically where you think Extend, can play into that in the future.

Andrew: So when you think of rails clearly the rails are evolving, right? We've gotten to a place where we have real time payments. I think the big argument there is that, okay, but who's making the transformation from one payment method to the next? Checks are there and there's still a ton of 'em in the US but what people forget is we've automated most of the process around it.

It's a sunk cost. So what's gonna make someone move from there to realtime payments? Someone's gotta capture the details of the from and two, and so unless you're gonna put resources against it, are you gonna change it? Now, of course there's fraud and all these things that are gonna wanna make you move into that piece, but I do think from a foreign, and an FX payment side of things, you start looking at stable coins, it's no longer like you're trading a commodity. 'Cause the stable coins are linked to currency baskets and so they have stability in them. And that's what businesses have wanted.

It's like, I don't want to be using essentially commodity pay things that one day's worthless, one day's worth a ton. So the idea behind really the stablecoins is, okay, let's create a basket. And with that basket we create stability and then we can start thinking about how we do international payments, on those rails.

And so because international payments are so expensive in the end of themselves, there's a real appetite for people to solve it through these real time rails, that essentially drastically reduced costs. 'Cause I think at the end of the day, businesses are saying, help me reduce cost, help me reduce fraud.

Those are the two key drivers. I think for too long we were not coming up with that great innovation and so businesses stuck to what they were doing and automated their way around the problems.

And so that's one aspect. I think no discussion today is relevant without how AI is coming into the picture. And for a long time I've been somewhat dubious 'cause I've seen big data a million times, right? Data's not new, but really the ability, now to be able to query that data through a really simple query, has really what's transformed it.

And eventually then we get into a Gen [AI] tech where they start thinking, and taking actions. In the payment side of things, I don't think we're there yet. 'Cause you wouldn't want it to hallucinate and all of a sudden, boom, a million dollar payment went out the door. And so yes, there's gonna have to be approvals in there and all these different things, but as it comes to segmentation, as it comes to insights, as it comes to control, as it comes to compliance.

Even now when we take our APIs and we start plugging 'em in right to the Claudes of this world or the ChatGPTs of this world, you start saying there's real value. Because simple prompts now are allowing you to get great feedback and insights and ability to take action. And I think that's where, for a long time you've had to rely on building more of the report layers and the infrastructure to support these reporting tools. I think these BI tools are gonna get displaced really fast, right? This business intelligence. And that's where I get super excited because let's face it, there isn't a CFO or a VP of finance out there who wouldn't love to turn up to a report ready made that didn't have to go and build a report and think through it.

It's like I just asked a bunch of questions and now it's just feeding it to me every day. And next step it'll take action or send out emails to remind people of X or Y or query these different things. So that bit becomes really interesting and I think it helps finance and payments a huge amount actually.

So that becomes super interesting.

Zarik: The capabilities, I think, are just tantalizing to think about, for the future as the AI space in particular evolves and intersects with FinTech.

My last question, in the spirit of giving back, if you will-- let's say there's somebody listening, to this podcast who's in a similar space that you were in 2017. And it's a founder, maybe a group of founders that are, building something in the embedded finance space. And they're thinking about, how to navigate, how to operate.

I would say given this is a compliance focused podcast, would love to hear your take and lessons learned. For somebody in that position as early stage founder, what would be some of the pitfalls that they should be aware of, especially in today's environment? And how to navigate the compliance mindset and compliance expectations in general as you're building, an embedded finance organization.

Andrew: Look, I think the important thing is you need to know how to trust yourself, but trust and verify. And I think that's where building a really strong network right across the different functions is so critical. And I think number one is when I say you've gotta trust yourself, for me, that's about, it's your vision.

Don't let someone else tell your story. That's number one. I think number two is, as you go out and do the fundraise, I think you've also gotta be realistic about what it is that's truly achievable. 'Cause eventually it catches up with you, right? You can have a flash in the pan and outright success, but the reality is, it will catch up with you if you haven't really thought through the whole end-to-end process and the reality of the addressable market that you're going after. I'm fortunate in that I started the company with three founders. Now, many venture capitalists would say, well, that's a nightmare, right? You've spread the equity across three people.

And the way I look at it is, number one, if you don't believe the pie is big enough for three of you, then I think the opportunity's not big enough or, you haven't thought big enough. The other thing for me is, that's the beauty of having multiple founders is you hold each other accountable and you hold each other to a higher standard. And the three of us come from very different functions. I had more of the product and go to markets in terms of sales motion. Danny, one of my other co-founders was an iOS, developer, but also had frontend design experience. And my third co-founder had a strategy and operations background.

And so right across those three pillars, we had a really, really strong foundation. My advice there is be well surrounded because I have an utmost respect for people to do it on their own. The burden there must truly be prolific because having to net off all the different things, you need to check off as you build a business, especially in financial service where compliance and all these things are so important, you just can't afford to make mistakes along the way, and so experience counts and, experience in the right fields counts.

Zarik: I think that's a great place to leave it. Andrew, thank you so much for your time. Really appreciate it and best wishes to you and to Extend.

Andrew: Thanks for the engaging conversation. Really, really appreciate it.

The week kicked off at Rise, NYC’s Fintech Accelerator and Hub, with NYC Fintech Coffee. This is a monthly event that Rise has been hosting in partnership with Received and for quite some time, but what made this bittersweet is that it will likely be one of the last times the event occurs (at least at Rise itself) as Rise is closing down at the end of May - a sad development for me personally as I was a member for two years. The event was boosted by the presence of folks from out of town, and I’m certainly grateful to have linked up with many of you there.

On Tuesday the day was insanely packed - kicking off with our very own “Compliance & Pastries” breakfast event, which brought together ~ 20 founders, legal folks, compliance pros, and others from across the country. It was a privilege to be able to host such smart and way-cooler-than-me people for a second straight year during this special week (this time while actually having a voice!). For me personally, the impact of these get togethers is measured by how many friends from last year joined us again for this year’s edition. And this year, it was extra special joining forces with Dmitry Gritskevich of ComplyCo to host an event during this week. Kudos to the staff at The Smith - Nomad for providing great food, service and a cool venue in the heart of Midtown.

Then during lunch, I joined in a virtual webinar which featured one of my favorite people, fellow Ascend Executive Network member Edward Hida and Senior Executive Advisor as Secura/Isaac Group, entitled “Banking in the Crossfire: Earnings, Regulation and the Trade War Shakeup”.

Some of the takeaways of the event:

• Investor sentiment is heavily influenced by ongoing uncertainty - stemming from trade wars, tariffs, and shifting regulatory and political environments. This uncertainty is reflected in cautious bank outlooks and market volatility.

• Credit losses and charge-offs remain historically low, with only slight increases in certain consumer segments like credit cards. Banks have ample reserves and strong pre-tax, pre-provision revenue (PPNR), providing a cushion against potential credit deterioration

• The new administration is rolling back or pausing some regulatory initiatives, including higher capital standards and certain merger rules. M&A deal approvals have accelerated, and the regulatory environment is expected to become less burdensome, especially for smaller banks

• The CFPB is shifting focus to tangible consumer harm and passing more enforcement responsibility to states. CRA (Community Reinvestment Act) rules are reverting to pre-2020 standards, reducing compliance complexity for banks

• Significant layoffs at the CFPB and FDIC are not expected to materially impact bank examinations or deal approvals, given the agencies’ previous staffing levels

• Recent policy changes-such as the resumption of student loan collections and stricter enforcement on delinquent mortgages-are expected to increase financial pressure on consumers, potentially leading to higher delinquencies in the coming quarters

• While large regional bank mergers are expected to pick up in 2026–2027, small bank consolidation continues at a steady pace, aided by faster regulatory approvals. Stock price volatility and uncertainty are temporarily slowing deal flow, but the long-term trend remains toward consolidation

• The panel discussed ongoing political pressure on the Federal Reserve but expect its independence to be maintained. Most anticipate one rate cut in 2025, with further cuts possible in 2026, depending on economic conditions

• With Michelle Bowman’s expected confirmation as head of supervision, further tailoring of regulations for smaller and mid-sized banks is anticipated

You can view the full session on YouTube here.

I then hiked up near Grand Central, to the American Australian Association to see my former Google colleague Pedro Morales - who is the Global Head of AML/Sanctions Compliance and Payments Compliance - and several other regulatory/compliance leaders share Global Perspectives on Tomorrow’s Regulatory Compliance, organized by Fivecast. The panel also included ​Shawna Klatt, Senior Legal Customer Success, Thomson Reuters as the Moderator, ​Chad Longo, Director, Financial Crime Channels, Fivecast, ​​Síobháine Slevin, CEO, Realta Logic and ​​Sebastian Gonzalez, Chief Business Officer Americas, Roboyo.

This was one of those rare sessions where the panel not only jived but you actually wished they could keep talking and providing super valuable insights on all things regulation and compliance. Indeed, topics discussed ranged from the US deregulatory stance being dwarfed by regulation globally continuing to scale unabated, the value of RPA tools, transparency of algorithms, the value of centralizing sources of knowledge in the identity verification process, and more.

Some of the key takeaways, put in the simplest way possible:

• Compliance can help make money and is a differentiator

• Filter the noise

• Compliance is not your ex!

• Lean into the change/be innovative

• When in doubt, safe design will get you to compliance

The day ended with me swinging back near Battery Park, joining in a happy hour led by two of my favorite founders in the space, Faraz Rana of Affinity and Kalyani Ramadurgam of Kobalt Labs, along with Scale LLP. Although I couldn’t stay long, it was a great way to end the day by talking shop and connecting with founders who are making some seriously cool innovations in the RegTech area.

On Wednesday, I walked over to the Washington Square area to Aleo’s office to join in the Financial Club’s lunch and learn networking session on AI, featuring Oivind Lorentzen, Partner at Oak HC/FT and Sam Bobley, Co-founder & CEO at Ocrolus. While this wasn’t a compliance-heavy event per se, it was great to meet with fellow AI enthusiasts and learn about how AI has become a core consideration from an investment and operational perspective. We were blessed with great conversations, great food, and most notably, a great rooftop view:

Finally, on Thursday we closed out the week where we began, with a farewell party for current and past members of Rise. It was nice to take a final walk through the halls which have meant so much to me over the years, and connecting with folks familiar and new. Plus enjoying some custom-made tacos, some sweet coconut purple dumplings, and juices. A few parting shots from the place I have called a second home for the last few years:

That’s all for this year - a special shoutout to my friend , the mind behind this epic week that has become can’t-miss for anyone in the fintech world, for all he does for the community. Stay tuned as we plan our next in-person get-together coming in June during NY Tech Week!

Welcome back to the podcast! This week we sit down with tech veteran and product leader, Prashant Fuloria, CEO of Fundbox.

Fundbox is “a working capital platform based in San Francisco that offers credit and payments as a service to small businesses. Founded in 2013, the company innovates technology to help optimize cash flow for small businesses. Its primary offering is a revolving line of credit to manage cash flow. Fundbox uses a banking partner to give short-term funds up to $100,000. It also offers membership-based offerings and payments which include Flex Pay, which provides additional payment options for business expenses. Its services are offered online and through a tech platform that integrates with QuickBooks, FreshBooks, Xero and Indeed.”

Some background about Prashant - he is a “seasoned tech executive who has played senior leadership roles at companies across the consumer internet (Yahoo, Google, Facebook), mobile developer platforms (Flurry), and AI-driven fintech (Fundbox). He is a sought-after advisor who has advised companies in fields as diverse as executive recruiting (Spencer Stuart), musical instruments (Fender), energy tech (Bidgely), crowdfunding (Patreon), and advertising tech (Singapore Telecom). He is also a regular lecturer at leading business schools, teaching popular MBA courses in building consumer internet businesses.

Before joining Fundbox, he was senior vice president of advertising and data at Yahoo, reporting to the CEO and managing the 1300-person engineering, product and UX teams driving Yahoo’s $5B/year advertising business. Fuloria joined Yahoo through the acquisition of Flurry, the world’s leading mobile app analytics platform, supporting over 100,000 monthly active developers and over 2B monthly active mobile devices. At Flurry, he was chief product officer, responsible for product strategy and delivery. Fuloria played a critical role in the Flurry acquisition and led the highly successful integration of Flurry’s product and business into Yahoo’s, helping create a new $300M/year mobile advertising revenue stream.

Prior to Flurry, he was senior director of product management at Facebook. Fuloria was responsible for all of Facebook's advertising products during a period of intense 2.5X year-over-year growth, which saw the company cross the $1B/year and $2B/year revenue milestones. He also managed Facebook Credits, an attempt to monetize the Facebook platform that achieved a $500M/year revenue run-rate within just two years of its launch.

Before joining Facebook, Fuloria was product director at Google, where he most recently managed all of Google's products (search, ads, apps) for the Asia-Pacific region (including CJK, AU/NZ, South and Southeast Asia). He also worked for several years building monetization products at Google, both as an early product manager on Google AdWords and then as the first product director for Google’s global billing and payments platform.

He holds a PhD and an MA in business, a PhD minor in operations research and an MS in statistics, all from Stanford University. Before joining Stanford, Fuloria studied at the Indian Institute of Technology (IIT) Delhi, where he was awarded the President of India's Gold Medal, the most prestigious undergraduate engineering award in the country.

He is an avid guitarist, currently playing with the Silicon Valley tech exec band, Coverflow. While in college, Fuloria played guitar for Euphoria, which became India's largest-selling rock band. He lives in Los Altos, CA, with his wife, a fellow IIT Delhi and Stanford graduate, and their two children.”

I wish I had gotten time to ask Prashant about his music experiences! But we’ll save that for a follow-up down the road - really enjoyed hearing from a fellow Xoogler and grateful for him taking the time from an undoubtedly busy schedule. Special thanks to Avenue Z for helping coordinate the discussion.

Zarik: Prashant, welcome to FinTech Compliance Chronicles podcast. I'm happy to have you join us, to get us started quick background on yourself. As I like to say at the beginning, who are you and what do you do?

Prashant: First of all, thank you for having me excited to be here. I consider myself to be a recovering product manager. So today I lead Fundbox, which is an embedded platform for capital for small businesses. We serve the small business economy through capital, and we provide capital solutions to the ecosystems and tools and systems that SMBs already use to run and grow their businesses, whether it's an accounting software or a payment provider, or some sort of vertical SaaS platform, et cetera.

Very excited about what the company does, our mission and kinda where we are going, and including the compliance aspect of that. I've been at Funbox now for almost a decade, and so this is an important part of my career. Prior to that, I was an early product manager at Google, worked on Google AdWords when it was just getting started.

Eventually built Google's first global payment network. This was before we had companies like Stripe and Adyen to take care of this, do it yourself. Also ran Google's products, all of Google's products for the APAC region, the Asia Pacific region. Then actually went to Facebook, did the same thing. I ran Facebook ads for a couple of years, and then ran Facebook payments.

Did a startup called Flurry, which was a mobile analytics platform, which was acquired by Yahoo. I sometimes joke that I've done Yahoo, Google, and Facebook, but not quite in the right order. For the last, for quite some time, I've been at Fundbox and for me, the biggest thing has been in my previous career journeys, I had seen how technology could level the playing field between small businesses and large enterprises in areas like marketing in the Google auction.

It doesn't matter whether you are. Target, or a local grocery store, you're competing in the same auction on fair terms. And I think for me, the question was could technology also level the playing field between small businesses and large enterprises in other areas like access to financial services.

And a large enterprise has all of these people and talent and resources to manage finances, whereas the small business owner just has himself or herself. And what could Fundbox do to help with some of those financial questions? And that is the journey that, that I got started on, and it continues to be an amazing one.

Zarik: That's fantastic and this is actually a great segue into my next question, which has to do with Fundbox's focus on embedded finance and SMBs. So you talked about access to products and resources and capabilities. I think about consumers when I hear embedded finance and what it's enabled for them.

So, just your overall take on what embedded finance has been able to do. Specifically for small businesses, but even for the consumer as well, if you will, and how Fundbox fits into that equation.

Prashant: I'll stick with small business because there's so much to say there. This access to financial services has been so difficult for small businesses for years or decades or maybe even centuries. Capital has always been difficult. Getting paid and making payments has been hard.

Getting any kind of insurance product has been difficult. And the small business market is notoriously difficult because it's a big market. We all know that there are over 33 million small businesses in the US, for example, but it's very fragmented. So customer acquisition is hard. It's hard to serve small businesses because they also have, a high mortality rate.

You have a small business on average lasts for only five or six years, and for all of these reasons, this whole trend of embedded financial services, which is really bringing the financial service to the customer inside of their daily, weekly, monthly workflows, the tools they already use has been a game changer.

And we at Fundbox, have chosen to really use the embedded channel because it helps us in three ways. One, it helps us with distribution. When we partner with someone like Intuit and are embedded into their QuickBooks product, well, they've got millions and millions of customers using QuickBooks every day, and so it gives us access to those customers that would otherwise be very difficult for us to acquire. The second is gives us data, so I'll just continue with the QuickBooks, example there. We can, using the QuickBooks APIs, get access to a business' entire accounting ledger and underwrite instantly or in less than a minute, and assess their risk and their suitability for some sort of capital product. Imagine the old school analogy, going to a bank waiting for days to get a loan approved and the bank spending several thousand dollars in human capital to review your books. All that is being done through technology. And the third thing is that it's not just a matter of accessing users and getting data, it's also the opportunity to provide products that are really convenient and friendly for the customer. Products that are, somehow embedded inside my workflow. So, for example, we have a Payroll Guard product that our customers sometimes use to make sure that they never miss payroll, where we are actually making payroll for them, where their payroll backstop. So you don't have to worry as a small business owner on a Friday, I have to run payroll this afternoon.

Did that check from my customer clear or not? We are running payroll for you and we later decide or let you decide how you want to fund it. So there's little product innovations like that that just make the lives of our customers easier. So it's a very, very major part of our strategy and it's how we've shaped our product offerings.

It's how we've shaped our company, literally. So it's a very critical thing for us.

Zarik: Speaking of innovation, you had referenced your usage of risk assessment tools. And so when I hear risk assessment in my world, it starts to bring the compliance, regulatory part of my brain into activation. So how do you, on a day-to-day basis, balance your usage of tools like getting involved in a risk assessment with things on the regulatory side, like fair lending and UDAAP, for example, which gets into how you portray things to consumers? What's your thought process around balancing innovation with regulatory compliance?

Prashant: So there's a lot of depth to your questions, Zarik, but I'm gonna start with something very simple. It starts with the alignment of incentives, which is does the lender or the capital provider, in this case Fundbox, succeed if the customer succeeds? In this case, the customer is a small business owner, and if the small business owner fails for whatever reason, does the lender succeed in that case?

At the extreme case, you have lenders that do well financially. Whether the customer does well financially or not, those are typically predatory lenders. If, for example, you as a customer default on a loan and I seize your house, I'm probably going to make more money in the event that you default, in which case your incentive and my incentive are completely misaligned, like that's a, that's structurally a bad place to be.

Now for us that our best customers are customers that use Fundbox, not just once, but over and over and over again. And so we have customers that we've acquired right since we started. We launched our offerings in 2014/2015, who've been with us for like nine or 10 years. They love the product. Keep coming back, keep using us.

Our average repeat customer uses us, I'd say something like seven to 10 times a year. And those are our best customers and they're growing, and as they grow, our business with them also grows. So even before we get into the technology, I think fundamentally we've built our business model where we succeed if our customers succeed.

So that actually just helps us in a more structural way. Now, I think in, in the deployment of technology itself, there is sometimes people sort of frame this as a, how do you make sure you can use technology while, complying with things like the Equal Credit Opportunity Act or the Truth in Lending Act, or you know, all of that. Or the Fair Credit Reporting Act for that matter. And I think that there are a few things that go into this. One of them is just the interface and the interaction with the user. So things like having the appropriate disclosures are really helpful in making sure that you comply with, say, truth and Lending, or for that matter, making sure that you are communicating.

Why you've declined a customer in a transparent way, like adverse Action notice helps you with things like the Equal Credit Opportunity Act. So one part of it is just the interface you have with your customers. The other part of it is how much do you look at your models and keep checking to see statistically how they're performing.

There's "What features are you using to make predictions?" Clearly those features have to be free of bias, but that's not all, even features that are themselves free of bias when combined can have some implicit bias in them. So you kind check statistically that way as well.

And then you also run what you might call disparate impact assessments by third parties who look at a set of customers and may have access to data that you don't have access to and check to see how you're doing. Very important part of what we do. We are a FinTech or a financial technology platform and we partner with banks to originate these loans.

So our partner banks are, have national charters and are regulated by agencies like the FDIC. So the work that we do has to really pass the muster of the FDIC and other regulatory bodies that regulate the activities of our bank partners. So they get audited on a regular basis and as part of their audits our programs with these banks also get audited.

Zarik: Yeah. And to that point, I'm curious, have you had any either direct or indirect feedback about your products from a regulator? Obviously you're providing a solution for your customers, but, sometimes regulators are regulating financial institutions, right?

They utilize tools to help them succeed. So in your case, as providing a solution to help some of those folks succeed I'm curious if you received any direct or indirect feedback about your product and how that has informed your approach or validated what you've already been doing.

Prashant: We do communicate with regulators at the state and at the federal level, both directly and also through our partner banks. The banks that we work with know that when they interact with regulators, one of the most useful things they can do is use specific examples of programs that they think are working well. They might say, " For example, let's take Fundbox. This is what we are doing with Fundbox. Here's our program. Here's how it's helping customers." So you may have a lawmaker in some state saying, "Hey, I wanna better understand what you guys are doing."

If our bank partner can say "With Fundbox, here's our program and by the way here are the actual customers in Rhode Island that this program has actually helped," it just gives a lot of specificity to all of this. We get questions on a regular basis from regulators, and that's nothing out of the ordinary.

In fact, every audit generates questions like, how do you do this? How do you do that? And so on. We've also been commended by regulators, so for example during the COVID Crisis and PPP, the Paycheck Protection Program, we did participate and work with the SBA on PPP. We were originating there as well.

And you might recall, and a lot of it has come out in the years after 2020, there was a fair amount of fraud in the PPP program. And meanwhile we were very, very careful about not letting fraud enter our system. So the Financial Crimes Enforcement Network. Sent us a very positive letter that commended our efforts to fight financial crime and maintain the integrity of the PPP program.

So, I think the days when fintechs try to avoid talking to regulators are over. They should be working with regulators. Whether this is federal or state it's the way to go because I think now we have a pretty decent level of sophistication on all sides.

FinTech is not exactly new the industry has been around now for like a decade or more. I would argue that the first FinTech, truly FinTech company was probably Capital One. That's been 30 plus years. So I think there's a lot of interaction with regulators.

Zarik: That's where I was trying to nudge. I think this is the attitude that I hope folks who are watching this who are in early stage startups or have never really gone into the regulatory side of things with their business, [are] hearing this, that it is actually possible to get, commended by a regulator for your product.

And on top of it, actually have them look at you as basically a role model for the industry. And then you briefly talked about financial crime so I want to just touch on that.

In terms of AML and KYC, some of the more fraud based issues. How do you, in your role, working with partner banks, working with these small businesses, et cetera, how do you mitigate that risk of financial crime from where you sit or how do you work with the players that have a greater risk than you or equal risk perhaps.

Prashant: There are different vectors to financial crime, based on the product. I think a very basic thing is to make sure you have a good understanding of the identity of your customer. And now in a typical lending product, the customer that you're giving money to and the customer that you're collecting money from are the same.

So it's a different fraud vector than say, payments where you're taking money from one person and giving it to another person. So there's differences there. But identity is tricky in small business because the same individual can open a business A today, open a business B tomorrow, and a business C the next day. Those are all different businesses and there are many, many legitimate reasons why someone might do that. But it means that some of your KY B know your business, has to be small business specific and not generic kYC. We have our own tools. We also work with a number of third party vendors that have built up databases and machine learning tools around verifying identity. And when we end up having to move money around for some of our products, we have to be even more careful about financial fraud because it's money from one account into another account as well.

There are also all kinds of fraud, like first party fraud and third party fraud. I would say the distinction between first party fraud and credit risk is a little blurry. If someone, were to go to a lender and take out a loan with no intention of ever having to pay that loan back is that fraud or credit risk? That's a gray area in some ways. Clearly, if I've misrepresented my identity, that's fraud for sure. But we also sometimes see people revealing the true identity of their business, but then never making a single payment. We call them first payment defaults.

And that's sort of semi fraud risk and then semi credit risk. So there's an entire spectrum of risks that we have to manage and mitigate from a compliance perspective. The clear thing is just to make sure that you understand the real entity of your customer.

For example, they're not on any OFAC list. And it's a critical part of our product. It becomes more interesting in the embedded case because in many cases our partners already have done their own identity checks, so then it becomes a matter of, can we and our partner banks get comfortable with the identity checks that our partners have done. So imagine if you are, using a vertical SaaS platform as a small business, you're a hairdresser using a vertical SaaS, software with payments in it, someone, let's say Stripe or someone has already done a K Y B from a payments perspective.

Now, is that enough? For credit or not, it depends on the partner, but now you can see that there's a chain of trust that has to be built. We have to verify what our partner, the platform has done and satisfy the needs of our bank partners. This is happening now. There are more standards being set and so on.

But the whole idea here is how do you make it as frictionless for the good actors while catching all the bad actors. Right. That ultimately is the framing that we use.

Zarik: Appreciate that. I just wanted to zoom out a little bit and just ask, for those FinTech leaders that might be listening and trying to figure out how to balance compliance and innovation. Clearly talking to you, you speak the language, but you're also running this company. And I think it's great to get your perspective and I would just ask if you can provide some advice to folks who are struggling trying to figure out, " How do I balance at a high level running a business, being innovative, taking risks versus also staying out of trouble." And of course there's been shifts from a regulatory perspective, but I think as you had alluded to, at the end of the day, your customers are still your customers. Your customers are still gonna hold you accountable, regardless of what the regulatory direction is at that point in time. So, in summary, how, would you say for those folks if you had to give them advice, is the best way to balance compliance and innovation?

Prashant: I don't think that innovation and compliance always have to be at odds with each other. I think there are actually many situations where clever implementation can satisfy a regulatory need while being innovative. And I think an important part of this is making compliance a key part of your innovation process or product development process, or even ideation process.

I think one thing that I've found in financial services and FinTech financial technology is that it's really, really helpful to not only have experts in their field like a chief compliance officer or someone who's very deep in compliance, someone who is a great product innovator. But also having everyone at least have a basic understanding of all the domains.

And what I mean by that is ideally if you're a product person, thinking about a product, let's say in a credit context or an insurance context or a payments context, ideally you understand the domain IE credit, like what is the user experience, for example. But you also understand credit and what does credit mean?

The credit fundamentals. But you also understand compliance, at least at the very basic level, such that you have regulatory considerations be thought of from the very beginning of the product that way. You don't end up trying to build something and then running into a compliance roadblock.

It's more of a, you've thought about, oh, in this case I'm moving money. This is actually, we are originating a loan. Okay, that's great. So now there's a certain set of things that we need to be able to have in place before we originate a loan. And if that's not what we want to do, then let's think about a different way of solving this customer's problem.

But having that understanding at the very beginning is important. So at Fundbox, we try to make sure that all of the folks that are working on product are not only product managers or what have you from a traditional perspective. They also understand the business IE, this is credit and there are some analytical and constructs around credit and it's a regulated financial service.

So we'd better at least have the basics of. What does truth in lending look like? Or what does equal credit opportunity look like? Or what does fair credit reporting look like? So that we at least have that from the very beginning.

That's just the way we've built it and I'll make a pitch for having small teams where you have the end-to-end knowledge and expertise within the team as opposed to a very siloed way of building things where you've got like a product organization and an engineering organization and a credit organization, and then a compliance organization where things only come together at the top because that's recipe for disaster, right? A small team that has everybody talking all the time, and that has all of these viewpoints expressed and articulated from day one is a much more effective way to run.

Zarik: It's funny you mentioned that about product folks. I've also, in my career, I've encouraged compliance folks and audit folks and risk folks to think the same way. Where, you can't just know the regs and know the risks, but then not understand the product you're looking at.

And we've seen sometimes, unfortunately, even in, regulatory environments where the examiner doesn't understand the product, then it leads to unnecessary friction, between the companies they're trying to review. So I agree with you and I'm saying I think it would also, be good for it to go the other way as well from folks in compliance and risk.

We're coming up to the end here, and I wanted to close out with, your take on what's next for Fundbox. What does the future hold in terms of growth? In terms of next steps, where do you see, the company, particularly in this new regulatory environment, how you plan to play in it?

Any closing thoughts on that front?

Prashant: I mean, there's definitely a lot of uncertainty right now in terms of the compliance regime. I think that a careful adherence to first principles is always helpful. So I'll give you an example. We are a small business capital platform. We serve small businesses. It's a commercial product. At the same time, because we serve small businesses, we try to maintain consumer level compliance in what we do.

It's a degree of compliance that is perhaps more rigorous or more strict than what we need to. But we do keep consumer grade compliance in what we do. Similarly, I think that when you're making a really, really big decision around a product, your planning horizon may need to be more than just a few years.

If you're building a business on, and if the only way your business can succeed is, if a certain regulation is interpreted in way X versus way Y, that's a lot of risk you are taking, and it really begs the question, why is your business so dependent on the narrow interpretation of a regulation, right?

So I think while there's uncertainty, and I think everybody would agree that it would be good to get more clarity on certain things like. How, like what's gonna happen to, let's say all of the open banking discussions and so on so forth. I think first principles are always helpful.

The other thing I'll say is also that as you move from just the US to looking at other markets, you encounter different compliance regimes. That's another big consideration for us because we've focused primarily on the US and that has made all the sense in the world for us to get to our scale and, our economics.

But we serve partners who have a very large global footprint, and so we are now opening up in other markets where our partners want us to go so now we have to live in a world that has different compliance standards for different customers anyway, even in the us. To be fair, you think about different states, we've had to have different disclosures in let's say California versus Georgia versus Utah.

What did we have to do? Build the infrastructure to manage that. We work with multiple bank partners and even our same bank partners interpret different regulations slightly differently. So what's required to truly understand business ownership for a business? 'cause a business and like a consumer can have multiple owners, like what information do you need?

There's some subtle differences between how banks interpret it. Neither is right or wrong, it's just an interpretation of the regulation. And so we've had to build infrastructure to support multiple banks. So yes, life would be easier if there were just one set of regulations around the entire world and it, there was one set of interpretations around it, but life is not, and so you just have to innovate and kinda build.

The foundation such that you can handle different regulatory, regimes and so on.

Zarik: Great. We'll hope that maybe someday we can have that, set of unified standards. In any case, it has been a real pleasure talking to you, Prashant, and thank you so much for your time. Really appreciate it.

Prashant: Thank you for having me it's been a pleasure.

(Additional Note - the image accompanying this article was generated by ChatGPT)

In what should be completely unsurprising to anyone who has been watching developments in Washington since January, Russell Vought, Acting Director of the CFPB, announced mass layoffs yesterday (Thursday, April 17) at the agency. This follows an appeals court ruling last Friday that lifted some components of a previously enacted freeze on reductions in force along with a demand to reinstate previously terminated employees.

In the original freeze, Judge Amy Berman Jackson issued 8 provisions as part of her ruling, which included requiring the Bureau to:

1. Maintain all records

2. Reinstate all employees terminated since the first wave of layoffs in February

3. Halt any RIFs and only fire employees for cause/performance

4. Rescind a February stop-work order along with any administrative leave

5. Provide employees with office space if they are to RTO, or permission to work remotely if they cannot

6. Continue the collection of complaints

7. Rescind all contract terminations

8. Confirm compliance by April 4.

The appellate decision affirmed all of the above except #2, #3, and part #4, meaning the Bureau did not have to bring reinstated employees back, RIFs could occur, and the stop-work order could also resume provided “statutory duties” aka the CFPB’s legal requirements could continue - with the caveat that a “particularized” or “individualized” assessment had to occur before taking these steps. All the other provisions including recordkeeping, office space/telework, complaints, restoration of contracts, and confirmation of compliance, remained in place.

Well, the assessments have presumably been completed (any bets on whether they actually were or not?) and late Thursday, news sources began reporting about a notice that was sent by Vought about the upcoming RIF which he framed as “necessary to restructure the Bureau’s operations to better reflect the agency’s priorities and mission.” He added that impacted employees will be able to access their systems until Friday evening and will be formally terminated by mid-June. The initial projections are that only 200 employees will be left at the Bureau when all is said and done, a nearly 90% cut.

Jackson is not thrilled and has ordered an 11AM hearing today on whether the layoff violated her initial order.

While we wait for the court process to play out, here’s a recap of what has been happening with the Bureau in 2025 - something we had planned to do anyway before the layoff news hit:

• February 6, 2025 - The implementation of the Medical Debt Credit Reporting rule, which would have excluded medical debt from credit reports effective March 2025, was suspended indefinitely. This resulted from the CFPB essentially deciding to file a motion to stay the proceedings in a lawsuit raised by the Cornerstone Credit Union League and the Consumer Data Industry Association challenging the rule. We covered the rule extensively when the initial rulemaking was announced and when the rule was finalized (also here).

• February 10, 2025 - With the aforementioned work stoppage, the Big Tech Digital Payment Rule focused on supervision of nonbank actors like Apple and Paypal that had taken effect on January 9 was essentially halted.

• March 26, 2025 - The CFPB asked a District Court to stay litigation in a case that had originally been filed against the Bureau challenging a rule that had been implemented last year applying Regulation Z provisions to BNPL providers. The Bureau added that it plans to revoke the rule.

• March 28, 2025 - The CFPB announces that it will not be enforcing its payday loan rule which would have gone into effect March 30, 2025. The rule would have prohibited lenders from attempting to withdraw payments from consumers after two failed attempts, and would have required notice to consumers before attempting to withdraw for the first time and a notice of the consumer’s rights when back to back attempts fail.

• April 3, 2025 - The CFPB concurred with an industry group’s motion to stay the compliance date of its 1071 Rule, which would have required financial institutions to collect and report data on loan applications for credit to small business with a special emphasis on underserved groups.

• April 10, 2025 - The House voted to overturn the CFPB’s overdraft rule, finalized in December 2024 and effective in January, that would have limited overdraft fees to $5. The Senate had already voted in favor of overturning the rule as well, which means the bill will now go to Trump for his signature. Estimates were that the rule would have slashed fees from an average of $35 per transaction down to $5 and saved 23 million households that end up having to pay these fees $5 billion a year.

• April 14, 2025 - The CFPB announced that it would not enforce a rule requiring registration of nonbank lenders with the Bureau along with having to disclose any agency or court orders concerning violations. The idea here was to have the ability to leverage work being done at local levels to potentially inform future rulemaking at a national level, but that’s a moot point now.

• April 15, 2025 - A federal court vacates the Credit Card Late Fee Rule after the CFPB admitted that it violated the CARD Act and APA by proposing the rule. The rule would have lowered late fees to $8 for issuers with >1 million accounts and eliminated inflation adjustments; we covered it extensively back when it was first announced (here and here).

• April 16, 2025 - Likely connected with the layoff news, the CFPB laid out its 2025 Supervision and Enforcement Priorities, which stated that 1) it would reduce the number of exams by 50% 2) it would aim to meet the 2012 ratio of 70% of supervision on banks and only up to 30% on nonbanks as opposed to what it says is now 60% nonbank focused and 40% banks. 3) it will pull out of multi-state exams and cede much of its enforcement to states. The piece about pulling back on nonbank supervision appears to fly in the face of Dodd-Frank which says that the Bureau “shall require reports and conduct examinations on a periodic basis.” We will have much more on these priorities in a followup post next week.

Interestingly, the one rule that has not been commented on by the Bureau is 1033, the Open Banking Rule. That has not stopped it from coming up in the courts, where the Financial Technology Association, a group that represents fintechs like Plaid, Stripe, and Wise, is challenging a lawsuit filed by a group of bankers including the Kentucky Bankers’ Association - essentially pitting traditional banks against the new guard. Meanwhile, the CFPB sits on the sidelines while this inter-industry fight plays out.

We’ll have more on the new priorities next week. In the meantime a ton of talent with deep regulatory experience has just hit the market as a result of this effective shutdown of the Bureau (assuming nothing changes as a result of the followup hearing today). If you’re hiring, they deserve your consideration and even if you’re not, they deserve your support.

Welcome to the last of our interview series from Fintech Meetup 2025. This week we share our conversation with a standout voice in the payments space - Fernando Castellanos, Chief Revenue Officer at EverC.

EverC is “focused on powering growth for the online seller ecosystem. With the world’s first fully automated, AI-driven cross-channel risk management platform, we are transforming the internet into a safe and trusted place for ecommerce. Our easy-to-use solution rapidly detects, identifies, and removes high-risk merchants; online money laundering; and fake, illegal, and dangerous products and services. We also continually monitor activity to mitigate ongoing and evolving risk. Founded in 2015, the EverC team comprises domain experts in risk intelligence, data science, fintech, payments, and financial risk.”

Some background about Fernando: “With a distinguished track record in building high-performing teams and scaling revenue for SaaS and fintech companies, Fernando brings deep expertise in risk management, fraud prevention, and business development. Prior to joining EverC, he held executive roles at Merkle Science, SheerID, and Forter, helping global organizations navigate the complexities of online risk and compliance. Fluent in four languages and based in New York City, Fernando is passionate about leveraging technology to create safer, more transparent digital marketplaces.”

I have to give Fernando a special thanks for giving me his valuable time as he was shuffling between Fintech Meetup and MRC, which was happening across the street - one conference is a lot to manage, but combine that with walking back and forth between two venues and it’s huge. Thanks yet again to Caliber for setting this up! The transcript of our discussion is below and the recording is at the beginning - enjoy:

Zarik: Fernando, tell me, as a starting point, a 30 second elevator pitch on EverC, and how you came to be in the organization?

Fernando: So we're basically an AI machine learning, company, whose sole purpose is basically enable, the payments ecosystem, digital payments ecosystem to be, safe of, transaction laundering and anything that violates, regulation, acceptable use policies, card brands, and things of that nature.

We work with, all the largest acquiring banks, in the world. Basically where we sit is, when a merchant goes to acquiring we go through the KYC/KYB, PEP, address, media, adverse media, all the screenings that everybody does, and then that merchant gets clear from that aspect.

And what happens at that point? We get sent all the URLs that that merchant wants to process payments in, and our technology basically crawls all the URLs to make sure that the website is what it's being said it is, and that there's nothing hidden in it that violates, any card scheme regulation, and things like that.

And, also we bring our graph to make sure that, hey, maybe this is Fernando and yes, this is a bookstore, and the bookstore.com is actually accurate. We also know that Fernando has, another, store that sells guns or something that may be more, big no-no for you.

And sometimes we have also service where maybe they're not providing you a URL. We've been evolving into now, helping marketplaces not only with sellers, but also with product listings.

We work with the largest marketplaces, in the world as well, where we see up to 30 million product listing. Because a seller may be a legit seller. And they upload 50,000 products. And the example is, you can sell melatonin in the US but you cannot sell it in the uk. So those are ones you're like, okay, this is not a bad stock, it's just a seller that is big, has a lot of things and is not realizing this is a big no.

But if you do it, you are gonna have the card brands or the regulator fine. Also blog posts and IP infringement and then all the things that are for sensitive adult content, weapons, drugs, things of that nature. What sets EverC apart in my view, from other vendors in the space is we came as an AI machine learning company first to tackle the problem. And I think that puts us today in a forefront to deal with Gen AI and everything this company embraced a long time ago to make sure we were ready and prepared for it.

We also have our team of, specialists who do deep dive investigations, transaction laundering investigations. We also do some, services for companies like Discover, which are their own closed loop network.

Where they want to say, okay, find me anybody who's violating my acceptable use policy. And we do that for companies like that.

Zarik: I love the fact that it's not just limited to, the KYC and KYB, but your focus on compliance-- and compliance is maybe even a limiting term-- playing by the rules of whatever ecosystem is developed. Like you're trying to get and capture all that information as well for benefit of different parties, it sounds like. That's really cool.

So we're talking about these different players in the ecosystem. We've got issuers, we've got networks, we've got acquirers, I'm sure the merchants are there as well, but let's talk about the consumer for a second, right? So, on the false positive sides, right?

Like a lot of these competitors you might have, may have perhaps more stringent models that perhaps gets one of these merchants like incorrectly flagged and then suddenly it creates a lot of tension and unnecessary back and forth. So I had read that one of the things that you had done was to actually lower these false positives in some of the case studies that I found about your company. So talk a little bit about how like CE like able to do what you do from like an accuracy perspective.

Fernando: So going back because we came, and we started as a technology company, we've been obviously improving accuracy, our speed. What allows us is because our technology helps us, with pretty short SLAs, tackle about 90% with a previous inaccuracy. And then the 10% that is more complicated, but not plain vanilla, those actually sit a little longer to make sure that we're actually not creating a bad experience. While it's not ideal for any acquirer or anybody in the ecosystem to create friction with the merchants at the end of the day, it's better to create a bad customer experience than have somebody go through the doors that shouldn't have Now, that said, like in anything else, the merchants are way more demanding and, it's forcing everybody to get faster. Like, if you look at the big ones they're tech driven, like the Stripes of the world, the Adyens, all of them, their SLAs for onboarding.

From the time you onboard to the time you're processing a payment is pretty short, and I think it's gonna get shorter. And, then that creates a problem because on one end you have to be faster on the other end, Gen AI, when it comes to individual merchants, micro merchants and things, I could very easily create 20,000 fake merchants.

So it's gonna get quite interesting to see, how our industry starts to tackle those things and at one point, you get like, "okay, what do I need to make first?" Like the SLA from a customer and client experience, right? Versus, at this point, and it's top of mind, right?

MasterCard, last week here at ABP [American Banker's Payments Forum], was talking about scams and how [with] AI, you're getting a video from your father saying, "Hey, wire me the money and I need this." You're like, "look at it, it's pretty impressive." So I think that that's the conundrum that the service providers will have to deal with, with everybody expects like at the snap of fingers, everything needs to be there now.

On the other hand, it's super sophisticated, the way criminals are actually now leveraging technology.

Zarik: Yeah. Talking about scams, so, coming back to the accessibility piece, right? Your goal is obviously to help acquirers, as you said, detect fake merchants, fraudulent merchants, et cetera. Right? Or find instances where there's some sort of issue with a merchant that maybe needs to be resolved. Especially as you mentioned you're very global in nature.

How do you make sure that your tool doesn't become unintentionally, a means to shut out, certain market or certain type of merchant through the rigor? Fairness for certain type of SMB as a consideration.

Fernando: I think in our space is we don't go into those details, meaning, it's very clear what is legal, what is acceptable by the card schemes and basically those are the frameworks. We have also what is called a rules customizer, where a client may set up a different set of rules where some of them are less risk adverse than others.

"We don't want to take gaming, we don't wanna take gambling, we don't want to take adult, we don't wanna take marijuana, which is legal in some states, some not." Some are more aggressive on that end. That's basically entirely up to the client.

Zarik: And they're the ones who have like, opted into following certain rules or set of rules.

Fernando: Their own rules, customers, whatever risk appetite they can stomach.

Zarik: And so that leads me to ask about one of your products, I think it's called Merchant View. So tell me a little bit about Merchant View, like how you should think about it from a compliance perspective. And then we can talk about the customization to the extent it exists and how, let's say an acquirer might want to leverage that customization.

Fernando: So merchant view is the merchant onboarding and merchant monitoring solution. Basically the product we've been talking about. We have two ways we can integrate. One is through an API where we can feed a customer system and they get the inputs thrown into it. Or, we have our own user interface where you can upload the URLs. The models already are in compliance with card schemes. If that applies globally, regulation, legislation, things of that nature. Now we onboard the client, we provide training on how to customize our rules, then--

Zarik: --they're basically on their own.

Fernando: Now, they may reach out to customer success and say, "Hey, can you help me. I'm trying to establish these set of rules of things." But in general, that would be under their responsibility.

Zarik: Some regulatory bodies, I don't think in the US but other jurisdictions, have brought up, "oh, some of these tools to help detect fraud can be deemed as high risk," presumably because they're worried about ability for customization.

But from your perspective you haven't gotten mixed up in any sort of regulatory inquiry for these acquirers maybe that do go too far with dropping the guardrails, right. Like, "oh, let's actually create a little bit more risk appetite" and then they get in trouble for it. It hasn't come back to you, from your experience?

Fernando: If they decide to be lax on them--

Zarik: --that's on them.

Fernando: They sometimes come to us and ask for us to do deep investigations. We'll provide the results so they can go back to it. But at the end of the day, we are a solution that is tuned to their own criteria. So if they get in trouble with the regulator for being lax about it, it's on them. Like I said, there's some clients that have a little bit more appetite on riskier portfolios, but we don't participate in that.

Zarik: That's helpful to know. And then just talking a little specifically on some of the regulatory challenges, not for yourself obviously, but for the acquirers and by extension, the merchants. So one of the things that is a big pain point sometimes in the whole AML/KYC financial crime space is false positive OFAC hits, sanctions hits.

Where you're talking about an individual, the name is close. So, how do you work with the acquirers and by extension merchants or how do you work internally to account for some of these, how do you work to minimize some of the friction that could result if somebody was just trying to take the list and literally screen their merchants as is.

Fernando: We're gonna crawl URLs right? At the end of the day. If there's no URLs, we're gonna come back and say, there's nothing. We don't touch sanctions OFAC anything like that. Those are done by the client usually prior to sending. We are sort of like the last step.

After you go through sanctions screening, adverse media and things of that nature, we don't have those issues or anticipate those issues. It's prior to bringing in our services.

Zarik: So you're an AI driven company doing machine learning for quite some time before it became like a big buzzword that everybody's talking about. In terms of how data is stored and how it's used in building this intelligence model, so to speak, is it fair to say it's almost like a consortium of data because you're working with tons of different acquirers who in turn have tons of merchants?

You might have referred to this in one of your earlier examples, but do you run into cases where because you worked with one acquirer who has information and maybe you have a stored result for that merchant, that you come up with that same merchant for a different acquirer? Are you able to leverage that past data for the merchant and then basically use it in your decisioning for the next acquirer?

Fernando: So we do have our graph, which is basically leveraging all the data that the crawlers, accumulate throughout our big systems today. Our crawlers will start crawling, but also we ping our graph and say, okay, what do we know about this? So we do leverage.

Zarik: Also it sounds like Market View is the other tool for the marketplace. So just a brief overview of that.

Fernando: What we do is we work with the marketplaces and it's by product listing and categories.

Categories could be pharmaceuticals, contract bids, knockoffs, weapons. So those are the categories and then they send us, so when you go to marketplace and you go through the process, then you put it before it gets published, the marketplace sends it to us. We screen it and we say this violates copyright infringement as a knockoff, or we say, good to go.

And then, we earned the trust with some of the largest marketplaces to take our decision and just basically publish. The way marketplaces control it is you cannot make a change to the product listing. But if you do, you go through the same process.

"I'm gonna put a real Louis Vuitton and then I'm gonna change it to a knock off. Then it has to go back to the present."

Zarik: It's good change management, clearly. And, one other thing I wanted to ask is, we're talking about change management, let's maybe keep it specific to market view and marketplaces. You were talking about in the context of merchants, right? Like the acquirers have the card rules, they're responsible from your perspective for staying up to date with regulations, requirements, et cetera, for Market View, let's say. Some of these restrictions, especially in different jurisdictions, they change, what's your process for staying up to date with those requirements as they either A, become stricter, or B, become looser?

Fernando: So we have a team, that sits, under our, head of risk and basically, stays on top of all these regulations globally to make sure that we focus on the regulated markets, which today includes the US and the European Union. So we stay on top of those things and make sure that the models are fine tuned to the regulations.

And again, the card schemes basically are the most important, tunings that our clients care about. For the longest time, marketplaces were saying, "Hey, seller come in, buyer come in and they match. I'm not responsible for the transactions, buying something that is illegal," now that's not flying anymore.

Fernando: Regulation said that you are responsible for making sure that your marketplace is offering things that are actually within-- and that's why it's prompting a lot of this. Now a lot of the marketplaces do a first line of defense on their own. They're a tech company, so they build their own models. But there's certain categories to the places where their own models are not enough.

Because usually if a seller is gonna do bad stuff in one marketplace, most has like multiple things happening in different marketplaces, so we're able to detect that and be more effective in helping them with that.

Zarik: Last question here. Thinking about marketplaces and with like things like drop shipping for example, these have become quite large and complex and you have Amazon Marketplace, Facebook marketplace, what do you see as a future for the space and how do you think, others in your space will adapt as things in the overall ecosystem adapt.

Fernando: I don't have an answer and I don't think Amazon has the answer either, right?

There's two steps. One is, we are on the front end making sure that the listing is legit, like it's a legit product and it's authentic and that's it. Right? And then the transaction comes through. The problem is at that point we don't control that the seller actually puts the right product or ships something and the only way, is with central distribution centers controlling. Because otherwise, I think at one point probably AI would be like, okay, take a picture of the package and I get it and somehow AI will keep the picture. Like I took the picture of the package I'm shipping you and it's encrypted and you will take a picture that you got and somehow the platform saying it is a product that was shipped, right? I'm guessing it's a ways before we head in that direction. It's a little bit where, for example, companies like, Nike are focused on technology that allows them to make sure to avoid the lost product and here's how we're going to tackle that. But you're talking about a multi-billion dollar problem.

Zarik: Very insightful. Well, it's been a pleasure, Fernando. Appreciate your time.

(Additional Note - We will be hosting a breakfast-hour event during #NYFintechWeek on April 22! Spots are filling up quickly, learn more and sign up here.)

Continuing our series from Fintech Meetup 2025, with more great conversations with trailblazers and innovators on the topic of compliance. This week I’m featuring my discussion with two fantastic leaders from BankTech Ventures - Pam Kaur, Head of Bank Technology, and Katie Quilligan, Investor.

BankTech is “a strategic investment fund that was founded to support the community banking industry. Our mission is to generate both strategic value and financial returns for our investors. We accomplish this by sourcing, vetting, investing in, and introducing best-in-class bank-enabling technology solutions that enhance the competitive positions of our community bank partners. Backed by a seasoned investment team and General Partners from the community banking industry (including two of the nation’s most innovative community banks), we believe that BankTech Ventures is uniquely positioned to accomplish this mission.”

Some background about Pam: “Pam Kaur is the Head of Bank Technology at BankTech Ventures, where she supports the fund's rapidly growing portfolio of fintechs and limited partner banks. She plays a key role in both pre-investment diligence and post-investment activities, guiding fintechs on aligning their solutions with community bank needs and helping banks navigate their digital transformation journeys. Pam's efforts ensure a seamless onboarding experience, from sourcing fintech solutions to implementation, helping mitigate risks and drive success during hyper-growth stages. Before joining BankTech, Pam was VP of IT at a $5B+ community bank in California. She holds a BS in Computer Science from the University of the Pacific and an MS in IT Management from Golden Gate University. Pam currently resides in the Greater Sacramento, CA area and enjoys experimenting with new recipes, reading, and exploring local trails.”

Some background about Katie: “Katie works on the investment team, finding the bank-enabling fintechs that would best serve our Limited Partner banks and the broader banking industry. She supports the investment process from origination to execution and everything in between. Katie has previous fintech investment experience at a seed stage fund, as well as a track record of driving audience growth, revenue, and innovation for startups and Fortune 500 companies, including American Express.”

Although we didn't get a chance to dive into it during our conversation, I would be remiss if I didn't shout out their other venture Tech Sis, a fantastic initiative devoted to amplifying the voices and journeys of women in tech/fintech. It’s 2025 and tech and finance are still pretty male-centric, which is why we here at Fintech Compliance Chronicles are proud to support efforts like Tech Sis that are actively working to change the face of the industry.

It’s not every day you get to hear directly from the people writing the checks and thinking through the regulatory minefield. What stood out in our conversation was how deeply compliance is baked into BankTech’s thought process, from beginning to post-investment. Hearing Pam and Katie talk through how they evaluate and support fintechs gave me a whole new appreciation for the role investment funds can play in shaping the ecosystem. Thank you yet again to Caliber for setting up the discussion and to both Pam and Katie for making the time! The transcript of our discussion is below and the recording is at the beginning - enjoy:

Zarik: Who are you? What do you do?

Pam: Yeah. I'll start with BankTech. So we're a strategic investment fund. Backed by over a hundred community banks across the us. We invest in bank enabling FinTech companies. I've made 22 investments to date over the past three years.

I am Pam. I work on the post investment side as our head of bank technology. So I do all of our portfolios support, post-investment, and help our companies, one, help them figure out how to work together easier with banks. Two, help them figure out their product market fits their literally A through Z of anything that they need to actually work with a bank.

One of the major things that we do is take them through this banker style due diligence process. So they really get that crucial lens on their company of how a bank will evaluate them.

Zarik: I saw that you do audits essentially of their tech stack.

Pam: Essentially, yes. So similarly to when a bank is onboarding them as a potential vendor or some kind of partner with them, we'd also take them through this process, One, to make sure that they understand what that process is gonna look like. Two, to help them find any gaps that they might have there.

And then three, obviously help them figure out where we can plug in things for them to help build out that program long term.

Zarik: Do you have any relationships that you're able to pass along to from your perspective like, "Hey, you may want to connect with these parties", or is it more like you prepare them and then, after the fact, they're on their own? Describe to me, beyond your portfolio company, if you will the role in helping them in relationship management?

Pam: Yeah, so we definitely have a short list of partners and third party vendors and other things that we have formed our own relationships with that will either send them off to like here's a compliance lawyer, or here's somebody that offers like Chief Compliance Officer as a service to your company, or, here's somebody else in the ecosystem that is going through the same thing as you, what they did, and you can figure out next steps. It really depends on the company, what stage they're at. What their comfort level is to even, ask for help. But we are more than happy to help provide any services. I'm happy to help walk them through that myself with any of my own experience in banking in the past, and guide them through, here's how a bank might look at this, or here's why this is okay for right now because you're an earlier stage company and we don't expect you to have x, y, Z built out, and here's how you can talk to the bank about why you are where you are. So it just varies based on the company.

Zarik: Got it. Katie?

Katie: So I'm on the investment side of the team, and that means that we're going out and sourcing companies and trying to find the best solutions that will help make our banks continue to be innovative, competitive.

A lot of the diligence that we do, mirrors what a diligence process might look like at a bank. At other more traditional funds, it's probably a lot lighter. We're putting them through a lot more diligence and also a lot of what we do is looking through the lens of how can a bank actually use this?

And thinking from that customer lens, as well as evaluating what kind of financial returns and other things that we can get, really dual lens, I would say a big part of the value we provide to our limited partners is this market intelligence. If we're meeting so many companies, we're seeing what's out there and going back to them and saying, here's kinda what we're seeing in the market.

This is what you should be looking at, thinking about for your future and making introductions. Even the case we're not making investments. There might be a solution that a bank needs, where we can make that and facilitate that. So they're getting a lot of value beyond just financial returns from saying yes to investing in our fund.

Zarik: Got it. And so maybe just shifting to the angle that I love to talk about which is compliance. You mentioned the audits briefly, from either of your sides or both of your sides, do you have a methodology around compliance when you are evaluating an organization for fit.

I know you've talked about auditing and reviewing, but from your perspective how do you think about that when you're looking at prospective companies?

Katie: Well, one, we have the benefit of having Pam on our team, so as part of our diligence process, we'll bring her into the calls because she has the expertise of having worked at a bank.

And I think a lot of what we'll ask them is about different things, like, let's say generative AI, right? How is that data being used? Is it going to be shared? Let's talk through some of those, just depending on what the solution is, there might be different sets of questions that we're looking at.

But we are trying to do it from the frame of, "what would a bank be concerned about here and how can they evaluate that?" We look at third party risk management solutions for potentially investing and for our banks to use. But we've also looked from the side of, "Are there tools we should be using to be getting smarter and better in this area?" To go to that extra level of thinking and making sure that everything is intact, we have a pretty extensive list of the documents and things that we ask them for ahead of time.

Zarik: Pam back to you, when you're thinking about all the talk around third party risk management, BaaS, FinTech - bank partnerships, how do you see that in 2025 and beyond with the shifts in the regulatory environment?

Like do you think that anyone out there in DC is even thinking about this anymore?

Pam: Yeah. I actually just did a webinar on this last week. A lot of the conversations that I've heard from FinTech lawyers or people in DC that are either lobbying or doing something in the space to try to figure out like what's next for banks, and advice that we've also gotten from some of these experts in the industry have been, "a lot of what is already out there in terms of regulation is not gonna change very quickly."

The conversation that we had last week with the American FinTech Council talked about how much time it'll actually take for it to go from up here down to the actual examination level and actually changing at the per bank level and how your own banks examiner might either decide to ignore certain things or decide, " this is the way I've been examining for 25 years and these are the things that I care about and it's still gonna be the things that I care about." . Just in terms of like safety and soundness, we don't think that will change very quickly.

These people that have been working there as career examiners, have gone through many administrative changes and have had many different presidents, et cetera. Agency heads tell them different things. But I think, "As we are humans, this is what we care about and these are the things that we're gonna examine," I don't see that changing very quickly. I might be wrong, but hopefully I'm not. 'cause I think that would bring a lot of instability into how, banks. Are safe and sound. You know, we've seen banking crises in the past. And, I think some of these things that came out in the last 10, 15 years were to help prevent additional crises like that. So I don't foresee a lot of things changing very quickly at the per bank examination level. I think it takes time for that messaging and communication to get down. All the way down from executive to examiner. So I think there's gonna be a little bit of a lag there. Again, it's very unprecedented times in terms of, regulation and things.

I think for sure there won't be any new regulations coming out very quickly. A lot of existing things that have been in the air over the last one to three years are, again, a big question mark of which of these are still going to be existing at the end of the year, or even by summertime.

But I think the, at the bank level, the banks still need to make sure that they're acting in a manner that is beneficial to their customers and keeping their customers money and things safe. So I think at a core level, I don't see that changing very significantly. I think for sure, new regulation is gonna be neither here nor there. We don't know. Administratively we're at a huge pendulum shift this way. Again, in four years, three, four years, it might swing right back the other way or somewhere in the middle. So I think people that are doing these jobs day to day understand that and are hopefully not trying to get swept away in the "Oh no. Everything's changing now."

Zarik: Yeah. And I think there was similar talk in 2016 and if anything the focus was on larger institutions getting hit even harder. So, who knows what the future will hold, to some extent.

I wanted to circle to AI. From the compliance angle, one topic that I've been having some conversations about is like AI in fairness of evaluations of customers and that sort of thing. So I'm curious, what are some positive developments, any examples that you've seen about companies that have used AI to really solve issues of fairness or from a credit perspective, any stories of companies doing it right and solving some of the problems around lending using AI in a compliant fashion. Maybe that's kind of a unicorn, who knows but, would love to get your take on that.

Pam: Yeah. Katie's actually our AI, bank tech AI expert so I don't know if you wanna add anything on that specifically. We've definitely seen companies specifically working with fairness and how AI is gonna play into that in the lending space., I don't know that banks have been super quick to adopt solutions like that as of yet.

I think, again, it's a big regulatory question mark, so, it's been a little slow play of, let's see how it goes. I think the larger institutions are more likely to engage in those types of conversations.

Zarik: It's the large institutions that many would argue, need to be disrupted.

They've kind of created the problem, right? Of, folks getting shut out of the system.

Katie: Yeah. We talk to our banks about what they're using, a i for, it's mostly back office, compliance and creating the efficiency piece because they are worried about this regulatory piece. So thinking about fair lending or how they just don't even wanna get swept up into that, even though we believe that there's so much possibility for loan volume to be done faster, more efficiently, and potentially helping, like on the s and b side, if you can now do these smaller dollar loans and do them as efficiently as you can, these larger loans, then you're gonna say yes to them.

Whereas before you only had the bandwidth, the resources to do these larger ones. So you're gonna say no, but then it does bring into what you're talking about of, where's the fairness come in and understanding the data that's going into the model that you're creating. So we've spent time looking at, is model risk management now going to be more something that our banks need to bring on?

And so is that a standalone tool where the banks need to do this and be doing it and they'll have a lot more models coming in because they have technology to do things? Or is it something where we say yes to a lending solution that has MRM built into it? And so each individual tool has its own safety guard around it.

The ones that I think are probably being smartest about doing some of this and evaluating the models and keeping them in check are using some form of generative ai, but then also using that traditional machine learning and creating so that they're testing their model. In some ways it's keeping it in check because it's deterministic. So you can say is this a yes or no? And if there's red flags, you can then come and check them. But I think it's just, that, that loan space is just tricky right now. And it's hard, especially for the larger banks, they have such large volume.

I think that a lot of the companies are using data sets from these larger companies and larger swaths. So then when they're doing their loans, they actually can mimic more what the larger banks are seeing at these smaller institutions. The models and what's being created may not actually mimic their customer set.

And they may not have enough volume in what they've done historically to do that. And so we have to look into things like creating synthetic data. And then to your point, you get into that, like, how do we think about creating fairness in this? Or are we just creating synthetic data on top of, historically, that data and I honestly think the answer has been, we just don't wanna deal with that right now. Or, it's just not going to be the first place we go to for ai, which is not a very satisfying answer. But that's where we are. It just hasn't been a top priority.

And I don't think until there's really clear ROI and also clarity on what's regulation gonna look like for using AI to do underwriting, that there's going to be a large take. But what I do think is that the companies who are using underwriting, they need to build in their own version of model risk management into it.

And that they need to assure them and create some really easy ways for the bank to talk to the regulator about, this is what we're using, this is how we're getting our data, and helping them have the conversation and put it into really approachable terminology. And clearly explain that they understand the data that's going in, the data that's coming out.

And that's, I think what we spend a lot of our time evaluating and also talking to our companies about, how do you help empower the bank to have these conversations so that the regulator can say yes to it.

I would say one of our banks that has been in the forefront of adopting AI solutions and specifically generative AI solutions, has really gone back and looked at their third party risk management and continued to add additional questions and depth to what they're doing. To them this is still evaluating solutions. "We know how to do this and so let's put this in our framework, but just develop it into a stronger way." And I think that also makes it more approachable for banks. They have the capability to do this, they just need to dig in deeper, in the right spaces.

And that might mean now adding, again, like model risk management becomes part of that conversation more than it had been previously or just bringing in other parts. But I do think it's still part of that same process of just making it larger and expanding on that.

Zarik: Yeah, I just, I heard model governance. I rarely hear that term as a compliance person. You want to hear more of that. Closing on a somewhat lighter note. You mentioned American FinTech Council, so my understanding is there's a partnership that has recently been established. So, maybe just talk a little bit about that and some of the advantages you could see, especially from a compliance perspective in terms of how you're dealing with companies, your partners, et cetera and just for the organization in general BankTech.

Pam: Yeah. I think that was a partnership long in the making needed to happen a long time ago. We've been very close with them for a while. I think we have a lot of strategic alignment both on the bank and FinTech side. Of course, they represent both banks and fintechs.

For us it's great to be able to keep a pulse on, what are some of the regulations and things coming down the pipeline, what side are we standing on and how can we help support that? And how do we communicate those back down to the fintechs and banks that we work with as well? 'cause that's obviously a big part of us as our strategic investor. For both the FinTech and bank side is that we help 'em figure out and navigate this space. Right? So that's been a great pulse check for us in DC and just at the state level as well. And I think great for our portfolio companies to be able to connect into that and help have a voice of what they think regulation should be and how certain regulations impact them.

And again, what side should they stand on, same for the banks. We help them keep a pulse on the ecosystem, on FinTech, on BaaS, on regulation.

So I think we, we will have a great opportunity to work very closely with American FinTech Council on some of those things, like, here's what we're hearing on the bank side and here's what we're hearing on the FinTech side, and being able to collaborate and help create unified messaging for the entire ecosystem based on that.

Zarik: And that was the end of our conversation. I want to thank Pam and Katie for their time and for an insightful and fun conversation. Thanks for joining us on another edition of FinTech Compliance Chronicles podcast.

Last year, this newsletter hosted its very first in-person meetup during NY Fintech Week. Sadly, I had no voice during the event itself (laryngitis) and so things didn’t go as well as they could have. However, since then we’ve gone on to host many more events, panels, dinners and coffee-fueled convos across the country.

This year, we’re joining NY Fintech Week again, hosted by , to present in collaboration with our friends at ComplyCo:

Compliance & Pastries – a casual morning hangout for fintech compliance, legal, and risk folks. No panels, no pitches—just good people, good conversation, and a croissant or two.

📅Tuesday, April 22, 2025
📍New York City
🕗 8:30 AM
🥐 Register here

If you’re in town for the week, swing by and say hey. We’d love to see some familiar faces and meet a few new ones.

(Additional Note - Let us hope that by the time you read this, I am back on LinkedIn and able to post this over there. If not, once again I’d appreciate you passing along this newsletter to anyone you think would benefit from or enjoy it - colleagues, friends, family, etc. Thank you!)

Continuing our series from Fintech Meetup 2025, with more great conversations with fantastic leaders in the space on compliance. This week I’m featuring my conversation with Lauren McCollom, SVP and Head of Embedded Finance at Grasshopper Bank.

Grasshopper is “a client-first digital bank serving small businesses, startups, and investors supporting them across the innovation economy. Our digital solutions cover small business, venture-backed companies, fintech-focused Banking-as-a-Service (BaaS) and commercial API banking platforms, SBA lending, and commercial real estate lending.”

Some background about Lauren: “Lauren McCollom leads Grasshopper's efforts to establish mutually beneficial partnerships with financial technology (fintech) and neobank companies by offering a variety of API-driven financial tools and solutions for the consumption of the fintech’s clients. During her 16-year commercial banking career, Lauren has worked alongside entrepreneurs to solve complex problems and ultimately help them build great companies. While working at Wells Fargo, and later at Square 1 Bank, she was instrumental in the formation and growth of the Startup Services groups where her skills in working with the investor community along with portfolio companies were leveraged.”

It was really interesting to hear from the perspective of the “other side,” aka partner bank, who are usually the ones getting wooed at these conferences, and refreshing to hear just how tech-first they have been which likely contributes to their success at landing innovative yet resilient fintech partnerships. Thank you again to Caliber for setting up the discussion and to Lauren for making the time! The transcript of our discussion is below and the recording is at the beginning - enjoy:

Zarik: Lauren, really excited to talk to you, today about Grasshopper. So, maybe a good place to start would be, to understand how grasshopper as a digital bank. How it's navigated the whole FinTech bank partner model, some of the history behind the organization and how it's evolved.

Lauren: So Grasshopper was started and received our charter in 2019. We are an OCC Chartered bank. The name Grasshopper actually pays tribute to Grace Hopper, who was a rear Navy admiral, and founded the language, that a lot of banks programming is built off of today, which is instrumental as a, initially a female founded bank.

We are a business bank focused on serving the innovation economy and small and medium sized businesses. We have our direct business offerings, to businesses that come to our website to sign up for our services. The VC and private equity community as well. And then indirectly, we have embedded finance, which is the group that I lead.

And the efforts there are really to forge partnerships to enable those financial technology companies and non-bank entities to serve their customers with bank products and services. So deposit accounts, payment facilitation, card issuing as well. And we look for a number of things in the partnerships, but really try and focus first on a alignment culturally with the organization, that they have a strong focus to compliance and risk mitigation and, that they want to get into a partnership that's gonna be long term, that's gonna be mutually beneficial for all of us, mostly including their end users who are gonna benefit from the additional products that we're leveraging in the partnership.

Zarik: Got it. And your view on their end users, talk to me about how Grasshopper's philosophy is towards those end users. Like do you see them as your customers.

Lauren: Our FinTech partner knows their customers best. But ultimately their users are our customers as they're getting onboarded at the bank, and leveraging our products and services. But we think about it kind of in the partnership effort that it is. Our fintechs do know them better than us.

In some instances in their behaviors, they may be serving them with other products and services outside of banking. Which gives them that other lens into, being able to be the best first advocate for, keeping the banking infrastructure that they're bringing to us safe. Ultimately they are our clients and we want to make sure that the products and services that we're building, that our roadmap of product delivery aligns with what our FinTech partners need to serve their end users and what they're asking for so that we can all mutually, meet the needs of those users.

Zarik: Got it, got it. Just thinking back to what you said about your origin story, you look at a lot of the partner banks that are out there without getting into any specific names, but you see many instances where you have legacy institutions that are small in size, tried to get in the space of basically sponsoring and partnering with fintechs and they, they tend to run into a lot of trouble.

So you all were established in 2019. Got your charters. That's great. I'm curious, like maybe talk a little bit about how you think your relatively young age as a bank is kind of a competitive advantage to the extent that it can be when you're working with, uh, fintechs.

Lauren: I think it allows us to have foresight into speed and transparency. I know in my history, Working with, startups and founders, I've been in banking for 20 years and I've been working closely with those companies that are at that infancy stage. And, when you are building, you need to know kind of what is the path look like.

And so I think that taking that lens and approach to partnership with a strong foundation of risk mitigation and compliance that our team has, we were able to leverage the efficiencies of being a digital bank of, wanting to build this as a line of business within the organization. It wasn't something that we built at the beginning of the bank's, infancy or when it was first chartered, but it was something that was in the vision of it.

One of the things I read as I was looking to join the bank --I was like, oh, they wanna do this, this is something I've wanted to do for many years in my career at different organizations. And so there was, overwhelming acknowledgement of that this is something the bank will be getting into.

And when we finally have the opportunity to do so, with the hiring of Mike Butler [CEO] and a couple other team members that came over from Radius Bank, Chris Tremont [Chief Digital Officer] as well, they were instrumental in banking as a service, going back to 2013. I kind of raised my hand and said, I need a team that knows what they're doing.

This is really hard to do from scratch. And so taking the best practices that they had and learnings that they had from their prior organization really kind of gave us a leg up. Also having a board that knows what we're doing is bought in on what we're doing and very supportive of the efforts that we're putting forth to grow this business. Like all of that aligns so that we're not retraining people to figure out how to do this. It is just kind of core and native to what we do as an institution.

Zarik: That part about the retraining, really resonates. And, you talk about the board-- as a former internal auditor, hearing for so long the board is the one who's responsible-- like having a dynamic forward thinking board, which understands its responsibility and influence? That's gotta be super fantastic.

Lauren: It's a powerhouse I think. And it really allows us to set ourselves apart, both with the regulators and the partnership and relationship that we can forge with them as we look to develop more and more products to grow the bank, in multi directions that we wanna go.

So, it's nice to know that what I'm doing and the efforts on the ground are known and appreciated by the folks that are leading the organization, C-Suite and board.

Zarik: Yeah, embedded finance partnerships. At least the last couple years from my vantage point, one of the hottest topics in the space right now, and I think unfortunately recently, 'cause so many folks can't seem to get it right and they're getting in trouble.

So I'm curious, maybe before we dig further into that, the concept of help, you can't do it alone. You've, recently partnered with Cable, and I would love to learn a little bit more about that relationship. Selfish reasons, being compliance person, you're a compliance focused platform.

Talk to me a little bit about that and how that has helped create efficiencies, especially from a risk and compliance perspective.

Lauren: From my vantage point appreciation is that it allows our risk team to have visibility across all of the BSA assurance, I believe is what they're leveraging it for. And as a result, it's not doing spot monitoring of historical information, but it is real time and a hundred percent exposure to our end users in the system.

So that really helped. Give a huge lens into what's going on within our programs. And it's critical and having the API integrations that they enable makes it seamless or smooth for our customers to provide information that we require and takes out a lot of the back and forth.

So that just saves time. And also just the robustness of the information and the access to the information I mean, it's paramount in running a client organization.

Zarik: Sure. Maybe not necessarily like specific to Cable, but just generally, the fact that you're partnering with them I think is fantastic. I'm kind of curious, just zooming out, alluded to some of the troubles that some of your peer partners, sponsor banks may have, let's say consent orders unfortunately getting in trouble.

Regulators, like this has been the whole backdrop of the BaaS movement for at least a couple of years, if not the last three years. And potentially maybe things will change now, but I'm just curious, what do you think, whether it's from a compliance angle or not from a compliance angle, how do you think Grasshopper is able to, succeed, if you will, where others maybe have had challenges?

Lauren: I think that we take compliance as a competitive advantage. And I know there's, different ways to look at that, but, we really think that we're able to meet the needs of our customers in a compliant manner. We can do it efficiently and effectively is really a huge piece. With the resources, tools, and humans that we have augment the technology that we utilize with the human interaction, it really sets us apart to be able to do things in a way that's gonna allow us to do more.

I don't wanna say with less because it's not. It's just, with assistance to be able to do more. So I think that we really are able to use the compliance resources team and infrastructure that we have to stay lean and efficient in the areas while not compromising on any risk mitigation tools or compliance areas.

Zarik: Obviously the way the business model works and the way the relationships work. You're essentially providing your charter and the fact that you are a bank in service of these fintechs. So do you find that your approach as in considering compliance as a competitive advantage, partnering with Cable, what have you seen from the actual FinTech partners, the technology companies? Do they appreciate it. Do they give some initial resistance and then you have to do some convincing. The other efficiencies and advantages you bring as partner bank ,do they just dwarf any concerns about compliance? What's your take on the reaction from the partners that you work with, having such a buttoned down house from a compliance perspective?

Lauren: I think that goes back to the thing I said about selecting our partners, right? We get to work with partners and choose to work with select fintechs that are aligning with the values of how we're organizing our programs. And when we say this is something that's gonna help it be easier and more streamlined and more robust of a compliance program overall, that's gonna keep the banking system safe and sound, and it's gonna make sure that your customers are well served. Quite frankly, maybe not at the beginning, if you have to do an integration, there's gonna be some resources that are gonna have to be put towards that. But over the long term, really help to lift the ability for them to do more and maintain a strong foundation.

Zarik: Short-term pain for long term gain.

Lauren: But I think that the technology that Cable's able to put through really anything that they can, do, whether it's our technology partners integrating the Cable APIs to streamline that for us as well is another advantage that our partners get to benefit from.

Zarik: Maybe zooming away from compliance a little bit, I think it's actually a goal of regulators and why I think they aren't just saying, alright, this whole bank FinTech partnership space, let's just get away from it. But when you look at why embedded finance is taking off so much like the financial inclusion angle, just gimme your thoughts, if you don't mind, on how Grasshopper thinks about that as it partners with FinTech and maybe just some, examples or instances that you can think of that you're able to mention where you've seen, your involvement actually contribute to that scenario of financial inclusion, unlocking access to financial products that individuals wouldn't have had otherwise.

Lauren: The simplest thing is making wire transfers, right? I tried to go wire to make my down payment for my home and it was during the pandemic and I had to make an appointment at a branch, and I was like, why do I have to make an appointment? So there was resistance there.

If I could just do it online. Do it through the bank itself. Which I wasn't able to because of the dollar amount. I needed to go in person. Like allowing our product to be digitally delivered to consumers, allows them to do what they need to do, when they need to do it, where they need to do it, and the financial provider of their choosing, and really get the best of both, right?

They get a lovely user experience and they can do their banking when and how they need to, it really opens the door for people to be able to do, and transact and have access to, products and services that they may not otherwise be getting from their direct financial institutions.

Zarik: It's very powerful. I mean, when you really stop and step back and think about it. I was talking with someone else who was elaborating on the legacy system of banking and the way it's set up is whether it's intentional or not, designed sometimes to exclude certain folks from being a part of the system.

And so, I think it's great that institutions like yours, your partners, obviously there's components like we're a business, we want to make money, but you're giving access to customers who otherwise would've had no recourse. So I, I think it's, it's fantastic.

So, I'm curious though, like on the topic of AI, does this come up a lot in your conversations with your partners? Is it something that you as an institution, are already incorporating into your operations, especially from an embedded finance perspective?

Is it something more that you're happy to partner with third party institutions to supplement your capabilities? What's grasshopper's take on AI particularly when it comes to embedded finance capabilities?

Lauren: I'm not seeing it much yet with my partners directly in terms of our interaction, or even the bank's operational interaction.

I mean, we're certainly utilizing it for efficiencies, right? It's nice to not have to write the full email and have some help with that crafting so we can be more efficient in reaching our customers and prospects and things like that. But, certainly on the compliance side, I think we're utilizing it in a couple of different areas, to really help bring those efficiencies to the humans that are behind the scenes.

So there's a lot of data checking and sources that need to be evaluated and you can leverage the AI to be able to pull those sources together, raise relevant information, and allow the expert that we have on staff to focus in on areas that are most efficient and effective of them doing their job well.

Zarik: Yeah. And so, to kind of try and wrap this up in a bit of a bow. What do you think the future holds for this space? Do you think that there's more potential for these kind of partnerships being transformative. Do you see opportunities for even more regulatory enablement? What can you predict, without holding you to it, about the space?

Lauren: Without a crystal ball? Sure. I'm very bullish on the space. I mean, not because I'm a leader in it and I'm excited for the customers and clients that we work with, but also because I love to see the transformation that's taking place, right? Getting access to financial services across the board, even for many of the business customers that we support at Grasshopper, allowing them to do more, quicker, faster payments, right? Allowing them to do it in a compliant manner and allowing them to do it anywhere they want with the FinTech provider that they choose, to have access to all of the financial information that they have across a number of different, companies is also really key for them to be able to take control of their, financial health and wellbeing.

Zarik: I said that was the last question, but now you mentioned this so I couldn't resist. Open banking 1033 rule. From that perspective, do you think that there's opportunity there? Because the whole premise of that is giving consumers centralized control of all their data across different institutions. Do you have a view on that.

Lauren: I mean, my personal view is that I'd love to see more access and availability to the data. I, though, haven't seen any restrictions on my side being able to get the data that I need to the partners that I choose. So I might not be a power user in that way to be able to answer that.

But I think that data sharing and doing it in a compliant manner, doing it with the consent of the user, consent of the FinTech, doing it in a safe manner. As long as those things check the box, I'm all for it.

Zarik: It's great to hear that it's top of mind for you clearly and your organization.

And, just want to thank you for the time and yeah, look forward to seeing all the success that Grasshopper will have in the future.

Lauren: Thank you for chatting with me.

Zarik: Likewise.

(Additional Note - I have seemingly been temporarily restricted from LinkedIn since last week (long story) - so for the next week or so until it (hopefully) expires we’re going to be posting exclusively here on Substack. Now more than ever, I’d appreciate you passing along this newsletter to anyone you think would benefit from or enjoy it - colleagues, friends, family, etc. Thank you!)

I’ve tried to stay away from the CFPB beat since the beginning of the year, as you can probably tell, after devoting a good chunk of the life of this publication to it. I think it’s a story that so many are covering extensively up until this point, that I’m not sure what more I could contribute.

However, today I couldn’t resist - this morning in Washington D.C., the House Subcommittee on Financial Services held a hearing titled “A New Era for the CFPB: Balancing Power and Reprioritizing Consumer Protections.” But what unfolded was less a technical policy review and more a heated ideological battle over the very role and legitimacy of the Consumer Financial Protection Bureau.

Republican members leaned hard into themes of regulatory overreach, political bias, and abuse of power—accusing the CFPB of weaponizing enforcement, stifling innovation, and operating with little to no accountability. Democratic members pushed back, characterizing the GOP's framing as little more than deregulatory cover for corporate interests, while warning that consumer protections were being gutted behind closed doors. And smack in the middle of it all sat Seth Frotman, the former CFPB General Counsel turned vocal critic of the Trump administration’s approach to financial regulation—who found himself the target of some of the sharpest barbs of the day.

Witnesses included attorneys, credit union leaders, industry reps, and Frotman himself, offering clashing visions of what consumer protection should mean in 2025. There were genuine policy disagreements, sure—but also snark, shouting matches, and soundbites tailor-made for headlines.

I’m not going to get into full blown analysis due to wanting to focus on the last few days of Ramadan. But here are 10 of the most revealing, ridiculous, or just plain riveting moments from the hearing:

Rep. Ralph Norman (R-SC) to Seth Frotman:

"You resigned twice… I kind of wish you’d stayed, ‘cause you’d be the first one to get fired."
"Do you not have any decency? This isn’t your platform."
— Norman slams Frotman for participating in student loan forgiveness and praises Elon Musk. Frotman tries to interject and gets completely shut down.

Rep. Andy Barr (Chair, R-KY):

“Let’s examine who the real predator is: the Orwellian Predator—the Consumer Financial Protection Bureau.”
— Delivered with theatrical flair. Pitched as a philosophical challenge to the CFPB’s mission itself.

Rep. Sean Casten (D-IL):

“We gonna defend capitalism around here? We gonna defend competition—or we gonna put on a ball gag, climb down in the dungeon, and just do whatever Trump tells us to do?”
— Wildly vivid and definitely spicy. Casten goes full-on HBO.

Seth Frotman (opening statement):

“The CFPB must get back to work. A hearing that purports to be about consumer protection that focuses on anything else is an insult.”
— Throws down the gauntlet, asserting the hearing is a distraction from real consumer issues.

Rep. Brad Sherman (D-CA):

“Today isn’t a hearing about whether the CFPB has a good or bad regulation. Today is a day when Elon Musk says ‘CFPB – RIP.’”
— Emphasizes the existential nature of the hearing; bold framing.

Rep. Tim Moore (R-NC):

“I’ve been an attorney for 30 years. To approach something like this with a clear political agenda… it shocks my conscience.

—A bold statement from a freshman Congressman, especially given that the entire hearing was dripping in political agenda from both sides.

Rebecca Kuehn (Hudson Cook):

“The CFPB can simply declare an existing practice abusive and penalize companies—without giving them a chance to adjust their policies. That’s regulation by enforcement.”
— One of the most damning and concise criticisms of the Bureau’s modus operandi.

David Pommerehn (Consumer Bankers Association):

“The Bureau misrepresented its own data to justify rules… That’s not regulation. That’s political theater.”
— A brutal accusation of intellectual dishonesty.

Rep. Bill Foster (D-IL)

“This hearing feels a bit like Republicans rearranging the deck chairs on the Titanic after they torpedoed it.”
— Strong metaphor, turns the blame on those calling for reform.

Rep. Juan Vargas (D-CA)

“In the San Diego region, we have 96% more CFPB consumer complaints filed by service members... Could you talk about how we've helped them before and how we're not helping them now?”
—Centers the hearing on real-world impact—specifically how veterans are being left behind amid deregulatory shifts.

You can watch the full hearing below. Amidst the spiciness, there are some interesting proposals in there, but given the sheer unpredictability of the last few months in Washington who knows if they will become reality, or if the CFPB may just not even exist by the end of the year. We live in interesting times.

Have a specific question you'd like me to ask on air? Shoot me a quick email at zarik @ fintechcompliancechronicles.com, and I'll include the best listener questions in the conversation!

Last week I had the pleasure of attending Fintech Meetup 2025 - my first time attending. I’ve already shared my broad thoughts here, but one thing I also had the opportunity to do was record some great conversations with fantastic leaders in the space on the topic we all know and love here, compliance. This week I’m featuring the first in a series of discussions from the event, with my first being with Laura Kornhauser, CEO of Stratyfy.

Stratyfy is “on a mission to accelerate financial inclusion by providing greater transparency and less bias to critical financial decisions that impact millions of people. Stratyfy's interpretable AI solutions enable financial institutions to make more accurate, efficient, and fair financial decisions in credit risk, fraud, and compliance.”

Some background about Laura: “Laura Kornhauser is the co-founder and CEO of Stratyfy, where her team’s mission is to accelerate financial inclusion by providing greater transparency and less bias to critical financial decisions that impact millions of people. A known thought leader, Laura speaks frequently on the application of AI in financial services and practical methods for addressing bias in data and decisioning. Laura has two decades of experience as a financial services leader, working with financial institutions, technology providers, and regulators to advocate for the use of transparent, responsible AI and machine learning (ML) in the financial sector. Prior to founding Stratyfy, Laura was an Executive Director at JP Morgan Chase, where she focused on developing risk strategies and products for the bank and its largest corporate/institutional customers. Throughout her career, Laura has championed the use of ML to drive financial inclusion – including as a founding member of MoreThanFair, a research participant in the groundbreaking study on fairness in ML with FinReg Lab and Stanford University, and an expert contributor for MIT’s AI Policy Forum. She has a BSE in Operations Research and Financial Engineering from Princeton University and an MBA from Columbia Business School. During her time at Princeton, Laura was recognized for her prescient thesis that correctly identified, quantified, and predicted the inflating housing market bubble years before its collapse. Laura has received the Inspiring FinTech Female Award twice, was named to Innovate Finance’s Women in FinTech Powerlist, and won BAI Global Innovation Rising Star Award in 2023.”

I really enjoyed this conversation - as you can tell, we both got pretty fired up about financial inclusion, the intersection of fraud and compliance, and AI. Thank you to Caliber for setting up the discussion and to Laura for making the time! The transcript of our discussion is below and the recording is at the beginning - the first of what we hope to be a more regular podcast series (prior episodes can be found here on YouTube) - enjoy:

Zarik: It's a pleasure to meet you, Laura. Excited to talk to you about Stratyfy and some of your products like Unbiased, which is the one that interested me the most. And also your partnership with FIS, I was intrigued by that.

So elevator pitch. Stratyfy - how did you come about starting, creating this organization, products that you have? What was the inspiration, motivation, et cetera. Let's start with that.

Laura: Yes. So at Stratyfy we help financial institutions make better decisions across credit, risk, and compliance.

Laura: When we say better, we mean more efficient, more profitable, and fair. That's our definition of better. We're focused on decisions like who to lend to, who to approach for your products, and what types of transactions or behavior to stop for fraud, these are the types of decisions we're talking about.

Laura: Prior to starting Stratyfy almost eight years ago, I spent over a decade at JP Morgan Chase in both lending and risk roles. I come from a family of entrepreneurs. My parents started a technology company around the time I was born and then built and grew it for the next 30 years before selling to a strategic.

So I always had entrepreneurial hopes and dreams, went the very different route initially out of school. And while I was at JP Morgan, I actually, as I mentioned, worked in lending and risk and towards the end of my time there, I was responsible for our quantitative investment solutions. So those were our algorithmic trading strategies that we were selling to corporates and institutions.

And it was also around the time that Dodd Frank came out. And if you recall when Dodd Frank came out, it was very unclear what was in scope, what was out of scope for Dodd Frank. It was very unclear how to comply with that regulation. And we basically ran into a brick wall where we had this huge new product category while getting ready to launch and we weren't going to be able to launch the products because they came under scope of Dodd Frank and we didn't have the proper technology to disclose as we needed to.

Zarik: Even in a large institution like JP Morgan?

Laura: Yes, and the tech team couldn't build it. I often joke that our tech, we went to our tech team and they said, well, we'll get it done in Q5.

Because tech teams at a lot of financial institutions are overwritten by managing existing systems. And often don't have the bandwidth and sometimes even the mandate to do other things, right? So I ended up scotch taping something with one of my engineering friends together, nights and weekends, it wasn't pretty, but it got the job done. We were able to launch the product, but that was a big aha moment for me. decided to quit. People thought I was crazy. I went back to business school full time.

Zarik: Where did you go?

Laura: I went to Columbia.

Zarik: Okay, cool.

Laura: I wanted to stay in New York City because I knew I knew I wanted to stay in the FinTech scene, if you will, and then, was fortunate through a friend to meet my co founder, Dmitry.

He had spent about a decade developing the technology that's still at the core of our products. He was a quant at a trading shop looking for a better way to make decisions. He was very early on in the AI wave and really believed that there’s a lot that we could do with AI, but still human contextualization of information was going to remain important. That was what he was building with his tech. I thought it was super cool. And this -

Zarik: - was in -

Laura: 2017. Yeah, that's when we met.

Zarik: That's really cool. So he was a quant, you are also a quant, working at JP Morgan. I'm just curious, from that experience to building Stratyfy - what were some of the key learnings? I imagine when you were at JPMorgan, complex sort of decisioning happening. You've talked about some of the challenges you had in adapting the technology to Dodd Frank requirements.

Were you able to get into the guts of some of the decisioning, especially from a credit perspective and then how did you leverage some of that learning at Stratyfy when you were building the product?

Laura: Yeah, absolutely. I would say the biggest thing that we realized, and I'd love to say we realized it on day one, it took a little longer, but we always knew that it was really important to be able to bring - we always knew it was important to be able to bring the advancement in technology to where your customers were, right? And bridge that gap between what is possible with cutting edge technology and what is actually happening at your institutions right now.

Zarik: Yeah.

Laura: So we always were really focused on how do we bridge that gap? How do we give people, the visibility and control to feel empowered to start using more advanced analytics, which is ultimately what our software is all about.

What I think we didn't fully appreciate when we started, which we've definitely learned now, is that we had a vision from day one that all of these different areas of risk I mentioned - credit, fraud, compliance - all have inner workings and should have interoperability. I should be able to see what happens in a fraud check when I'm then evaluating a decision of lending or not lending to someone.

And then when I'm looking at that decision afterwards to make sure that I had, the proper compliance controls across that decision - that should be kind of a unified view.

Zarik: Yeah.

Laura: It's not today.

Zarik: You would think it should be because some of the same attributes are getting, different combinations maybe, but -

Laura: I think we're still seeing that in the market today in the fraud space, right? Many, solutions focus on one type of fraud or their point solution for one type of fraud. What happens, when you're looking across an entity and seeing, maybe their score on this type of fraud wasn't enough to trigger an action, but cumulatively we should be looking into this further. It's still a pain point. We realized we wanted to solve all that right out of the gates.

Zarik: I love that you brought up that point because I think what I've seen from a lot of solutions is so much of “Fraud equals Fincrime and AML” and there's so many other dimensions of fraud. And card not present seem to have been forgotten. Maybe they're not explicitly tied to a regulatory requirement like BSA, KYC, AML, but at the end of the day, they're still going to impact your institution. You're still going to lose money. It seems like that just gets lost in the shuffle. From a safety and soundness perspective, to a regulator, if you lose a lot of money for fraud, if you have a breach, they are going to care about that.

Laura: And then that puts your whole growth strategy, depending on what size of bank you are, in jeopardy, as well as many other things. So we always had and continue to have that same vision. But what we realized after starting the company is that it's very hard for a financial institution to buy that solution out of the gates. So what we've done with our products is we've broken them down almost into their building block pieces.

There's still the interoperability between all of them. So what we do in credit and what we do in fraud and what we do in compliance, there's that interoperability, but we allow a customer to have an entry point at different places and not need to fight everything off all in one go. And that goes to meeting the customer where they are and what they're ready for.

And yes, having opportunities to grow with them, but not asking for all of it to happen out of the gates. I'd say that's our biggest learning.

Zarik: Yeah. I love that you mentioned the customer centricity. Because so many times, a lot of these offerings, they talk about the customer being the end partner bank or the end fintech, or the end credit union, but the actual person who they’re all trying to help - the customer, the user - is sort of forgotten in the shuffle.

Laura: Yes. And we are very much a B2B company, but everything we're trying to enable is all about what happens in the B2C.

Zarik: That's cool. So I want to shift and talk a little bit about the offerings that you have. Talk to me a little bit - let's start with Unbiased because that's the one that stood out to me. What is Unbiased? And am I right to say that's kind of the main offering at Stratyfy?

Laura: So, I would say that it's one of three main offerings, right? And, that's our main offering in the compliance space.

It actually came out of our offering in the credit space. When we were in the credit decisioning, the place we started was how do we help lenders make better decisions throughout a loan life cycle? Though, primarily it's that approve / decline decision that they're making on a borrower and associated terms after that.

We always believed that one of the ways you should evaluate a given model or decisioning strategy is on the metrics of biases or fairness measures. Just like I may compare a AUC or KS between two models, I may look at two decisioning strategies and see what's my expected approval rate, my expected default rate.

I should also be able to look across two strategies and say, okay, what's my disparate impact. Right? Across different protected classes is one of these strategies raise fairness concerns or issues, while another one does not. You can almost think of it as that less discriminatory alternative search or mindset upfront.

We received such positive feedback on that, if you will, fairness piece alone, that we spun it out such that it can be available. Even if someone built their models and decisioning strategies using another provider, that's kind of the genesis of where Unbiased came from.

Zarik: One thing I was thinking when I was looking at the product and I was thinking back to past life and my own experience was the concept of disparate impact, maybe more so from a third line perspective. We were told - don't design any tests to look for disparate impact.

Because if you do, you're creating a paper trail that a regulator is going to be able to grab and say, boom, we got you. So that was a legitimate risk that, some of the folks who were advising us from the legal side - this is like 10 plus years ago, so I don't mind talking about this - but they saw that as a risk.

In my mind it didn't make sense. Wouldn't you want to know if you're doing that? I get that you don't want to gift wrap something for a regulator, but at the same time, do the right thing.

Laura: That’s the see no evil, hear no evil approach that still exists in the market today.

Zarik: How do you deal with that? Have you dealt with that as you've tried to bring this to market and what's your mechanism around it? Do you just not work with institutions like that?

Laura: Yes, we deal with this today. I would say it's a dying viewpoint, for lack of a better term. Two and a half years ago when we first launched this new product, I spoke with a Chief Compliance Officer at a large community bank who told me, “I don't want you to pick up a rock because if I know what you found underneath, I have to find it.” Hence the see no evil hear no evil mantra. So, it exists. It's dying. Right? And I think that that is because, historically, it was very hard to do this type of testing on a frequent and robust basis.

So it was like anything, maybe you don't sleep very well at night, but if you don't know about it, you can't say that you didn't do something about a problem. You knew about where we are today. Technology like what Stratyfy offers enables a financial institution to do this type of testing on a frequent basis, in a robust manner, in a proactive fashion.

So what we're seeing now is folks - regulatory bodies, industry groups - that are focused on seeking out this kind of behavior and as a result have been pushing more on institutions to say, okay, show me where you tested things. The law says you have to test it, right? It's very clear in the law that you have to test it, so, that has made it harder for people to hide behind this.

Zarik: Very old school mindset.

Laura: But it still exists. It's still there. It's an increasingly smaller population of folks feeling that way. Increasingly professionals in the space recognize that it's worth the time and effort to get the stuff right the first time.

The other thing that's changing is folks are also realizing that it's good for their business. And so this is not just a, “I'm going to check the blocks on compliance.” I also have an opportunity to find a way to extend capital to a new customer base.

Zarik: Yeah. That have never been marketed to, or are new to credit.

Laura: You want to create the most loyal customer of all time. Do that, find that person and then nurture that relationship and don't compete for a basis point here or there in the super prime area. Find ways to find the good folks, that are a bit more out the risk spectrum and more and more lenders are recognizing the profitability benefit of that, and the growth benefit of that.

Zarik: Yeah. I think just given how saturated banking, at least in the U S seems, why wouldn't you want to tap into a untapped base of customers? But let's rewind a little bit.

You talked about the regulators. You were working in a large regulated institution, so I'm sure you had your encounters, directly or indirectly, with regulators. In Stratyfy, your experience with this company, what have your interactions with regulatory bodies been like, what kind of feedback have they given you or indirectly, what have you heard through some of your clients?

Laura: Yeah.

Zarik: Would love to get some of that perspective.

Laura: So part of our strategy since day one of founding the company was to form relationships across the regulatory body, across the regulators. We have always had the view that we want them to know us. We want them to know what we're doing.

We want them to know about the type of change we're trying to drive. We want them to understand that there's a way to leverage AI, more specifically machine learning technology, without it being a black box. And that there's different levels of transparency, and you have to ask things like, who is this transparent to?

Is it just transparent to the data scientists on your team? Or is it transparent to the subject matter experts, the compliance professionals, the external and internal audit committees, for example. So we wanted to be the ones talking to them about these topics. And we found a very strong reception across the regulatory bodies.

And we encourage this with all of our customers. And most of our customers already have this position. If they don't, we encourage it. You know, the worst thing you can do is hide from your regulators.

The worst thing you can do, going back to our previous topic, is not be the person that found the problem.

You always want to be the person that found the problem and did something to remediate it. The regulators, they've said it to us, they've said it to our customers - they view that very favorably.

Zarik: I'm curious if you've seen this as well - when I was at Discover, the institution I worked at years ago, we launched free FICO scores, which at the time, why would anybody do that?

The regulators actually cited it and they said, we like this. And then, some of our peers and rivals followed suit. So in the same vein, I think that kind of feedback will come at some point.

Laura: And that's part of our commitment, right? Teamwork is a core value of ours. We believe in that collaborative nature. It extends to our customers, our partners and the regulator. And that's how we want to work with them. We find that there's this belief that regulators are anti-innovation. We find that is not the case whatsoever. They're actually very pro innovation. They just want to make sure it's coming from folks that understand what's going on in the industry and understand the uniqueness of financial services versus other industries.

These are decisions that truly impact people's lives. So we think the higher level of scrutiny on those decisions is actually warranted. If you come to a regulator an advocacy group or other groups, and you have a proposition for how to leverage innovation to drive positive change. They are very receptive.

Zarik: Yeah. And I think that's a win for everybody in that case. Talking about the end user who's benefiting from this, a sense I got from looking into and understanding more about your company is a lot of talk about financial inclusion and I'm curious if there's any motivation behind your passion behind making finance and banking, consumer FinTech, more accessible, to those folks we talked about previously, like the new to credit, looking at things like alternative data, et cetera. What would be a motivation or driver behind that for you? Looking at that as an angle, you could certainly say, “Hey, this is great for, businesses.” Clearly there's something more here that I sense when I look at this?

Laura: It comes from at its core to back to the founding story, why we founded this company and why we wanted to do this for me very personally.

It comes from background. My parents - my father's an immigrant, my mom's second generation, right? - came to this country, worked, built themselves up from the bootstraps, blood, sweat and tears to get to a place where they could be business owners. One of the motivators behind why I left my previous job is I really wanted to feel like I was making a positive impact on the world. Financial inclusion is not just about doing the right thing. It is ultimately about contributing positively to our GDP.

It’s actually been shown that when we provide fairly priced financial instruments to a wider group of people our economy thrives. And when we don't it stifles our economic growth. Citi had a report that they put out where they estimated that 16 trillion had been lost in revenue due to biased lending practices since the year 2000.

So it’s not just the right thing to do. It's also good for our economy. That's very inspiring and motivating to me. You may say, there are plenty of ways to do that that aren't in financial services. That's what I know and love. And this is how I make my impact.

And you think about things like, having a fairly priced loan when you lose your job or when you have an unexpected financial expense that changes a person's life. If they can have access to a fair financial product then they can buy their first home, that changes people's life. It's the way that we have wealth accumulation and intergenerational wealth - if they can get the capital to start a small business, these are all the things that give people opportunity and change lives and I wanted to be part of that.

Zarik: I think that's fantastic. And it resonates with me as well because I'm, first generation myself, both my parents are immigrants. This leads into my next question. It's really amazing how it seems to be the same guardrails, almost the same bouncers, if you will, to the club, that everybody seems to need to find a way to get around. [For most people, they will say] “my first credit card was a Discover. And then you slowly build your credit and you get in there. But I'm curious, specifically thinking about the bureaus, the three credit bureaus, do you feel that your product - does it sort of work around them?

Do you see a future where everybody's going to realize that to achieve that goal you're talking about where everybody gets it - financial inclusion means more GDP, better economy, revenue for companies - is everybody going to have to start working around them or are they going to need to look at solutions like yours and others and say maybe we should adapt.

Laura: Yeah, I think it's the latter. I think that there's a place for the credit bureaus, right? We have partnerships with some of the bureaus and relationships with all of them and they get that and know that they want to find a way to better assess the risk for thin file, no file, and get better separation in the lower credit score bands - the same objectives. It's a hard thing. Everything ultimately goes back to a FICO and VantageScore today. And having a three digit number describe 330 million people is a hard thing to do. I expect most scorers that are looking to do a wide purview of things where they need to evaluate, there's always going be this band of credit scores where you need more advanced analytics like what we offer. Or you need supplemental data, more information. You need a better way to pick through to find the goods from the bads - I don't see that need going away anytime soon.

It doesn't mean that there's not still a lot of value that credit scores and the credit bureaus provide. But that need to pick through, the harder stuff, I think is always going to be present.

Zarik: Sure.

Laura: I think it's always going to be present.

Zarik: Those are the diamonds in the rough you're going to miss out.

Laura: You're going to miss out. If you look by the score, it looks quite risky, but -

Zarik: You can't just say 660 FICO.

Laura: 100%. You know, 70 percent of Americans have prime credit scores yet only 50 percent of Americans have - there's a lot of people being missed in there that have never defaulted on a loan product, right? And never had a bad experience with the credit product. They're just not getting access - I love what you said about the bouncer analogy.

People call it financial literacy, and I actually think that's a misnomer. It's understanding the tricks similar to getting by a bouncer at a club, it's their tricks to how to do it. Certain people haven't been taught those tricks.

And, that's why they come from a community that has financial trauma and then doesn't trust the banking sector, often for good reason, right? And that's what's missing. It's more about access to those tricks of the trade than the literacy piece. People always group it under literacy, and I think it's a bit of a misnomer.

Zarik: Yeah, and this will lead me to our last question, because I know we're right at time here, but there's clearly an element of humanity that's been permeating all these questions in this conversation.

I'm curious, even though we're talking about using amazing technology to solve these problems, I'll end with the AI topic, right? How do you see, from your perspective, as more AI use grows in institutions and fintechs and partner banks, do you see increasing risk that these individuals we talked about are going to get increasingly shut out and that they won't be able to access any human being to have some of these considerations? There's a lot of users having their own stories as you talked about for yourself – [in response to that] maybe you see a groundswell of people coming up with AI assisted solutions, but ones that don't forget about the human element. You know what I'm saying?

Laura: That's a phenomenal question. So where to begin? I believe strongly that the right path forward with AI is the second one you outlined with the human assistant.

It's an enabler, not a replacer. It takes over the tasks that are tedious and challenging for humans to do and provides greater information for the humans to ultimately contextualize. We are a long way from an AI system being able to contextualize information, let alone go between different tasks.

But even just in one specific task, it takes that contextualization a long way. being able to do that. Humans are good at it. Let's bring the two together such that the result is better than either of the parts on their own. That is our vision,

I do think that there is a real risk that we don't have the proper checks and balances on the AI - and that is mainly due to the fact that AI learns from data, period, full stop, right? Based on the data that you feed it, it will learn different things. All data is biased. It's not a question of if your data is biased, it's a question of how.

All data is biased. And if the person feeding the data in is not trying do something nefarious - even if someone's not – and they're just feeding it data and they don't have the control and the visibility to understand what biases are embedded in that data, then all we're going to get is faster iterations of the same thing that we've had in the past.

And I don't think anyone would claim that our financial system is perfect. So we have a real risk that the snowballs could start going down the hill and getting larger, and that's why we believe so strongly in smart regulations,

That's not over regulation. It's smart regulation. Smart regulation to us means regulation that's focused on that visibility, that understanding behind what's happening in the AI system, making sure that the humans that are running it and using it to service their customers can trust it. And we believe very strongly that trust doesn't come without that level of understanding of knowledge into how the thing is working.

I can't just know the inputs and the outputs.

Zarik: You have to have that experience.

Laura: And I’ve got to know what's going on in the middle. Otherwise, how can I then allow it to help me do more of the tasks that I would otherwise be doing with any level of confidence?

Zarik: Well, Laura, it's been an absolute pleasure, really appreciate it. Best luck to you at the conference thank you so much.

Laura: Thank you, Zarik. It’s been really great.

Zarik: Likewise.

[Note: Although I wasn’t planning to contribute any articles directly during Ramadan, this was sitting in the hopper and I decided to power through and get this out - enjoy!]

Thanks for joining us for the final part in our 2025 preview series! Last time we toured the globe to look at upcoming M&A deals and how regulatory factors could play in. In this edition, we stay out of the States (covered that in Part 1) and dig into what to expect from a regulatory perspective from some of the top fintech markets in the space. Due to time (and space) constraints, we can’t make this a truly global tour, but rest assured we’ll make sure you have a good trip. Sit back, relax and enjoy your flight!

China

mBridge

We haven’t talked about mBridge before, so here’s a primer for the uninitiated. Assuming you’ve heard of Central Bank Digital Currencies before, mBridge is an ambitious effort that is seeing the People’s Bank of China (PBC) collaborate with the Hong Kong Monetary Authority (HKMA), Bank of Thailand (BoT), the Central Bank of the UAE (CBUAE) and the Saudi Central Bank. The effort was spearheaded by the Bank for International Settlements (BIS), the nearly 100 year old consortium of Central Banks which has driven a ton of innovation as of late in the payments space.

So what does it do? Powered by central bank digital currencies, the platform enables real-time cross-border payments and foreign exchange transactions. The real goal is to look at legacy solutions like SWIFT and jump leaps and bounds in terms of transaction times and cost. Some of the goals on the horizon:

• Interoperability protocols to connect mBridge with non-participant CBDCs, including the EU’s digital euro and India’s e-rupee.

• Smart contract integration for conditional payments, such as trade finance escrows tied to IoT sensor data (e.g., shipping container temperature verification).

• Scalability upgrades to handle more transactions per second (TPS).

The reason this is framed as a China-centric project is because the global organization (BIS) overseeing the project exited in late 2024, and the initiative is now led by a consortium that the PBC is leading. The focus of the consortium is a rulebook that focuses on AML compliance across jurisdictions (global initiatives have to take local nuances into account!), dispute resolution (customer has to come first!) and liability frameworks for outages (if the system goes down, the operators are going to be on the hook - not the users). There’s also an interesting overlaps between the BRICS Bridge project and mBridge’s observing members that includes Egypt and Iran - in other words, a path out of jail for countries like Russia that are facing massive global sanctions. Many central banks have pushed back on mBridge, claiming that institutions that transact using it especially with Russian or Iranian entities, could fall afoul and be subject to sanctions - with this being speculated as the primary reason why BIS exited the project. However, the PBC has contributed anonymization technology to mBridge’s operations that may make that impossible.

Goals and challenges for mBridge in 2025:

1. Transaction Volume: Its pilot back in 2022 transacted $22 million USD worth. Given the project has had more new joiners since, it is likely that number has massively grown since and will certainly keep growing.

2. Technical Risks: Validator node conflicts could emerge if a central bank unilaterally adjusts FX rates for example, causing significant amounts of settlement failures.

3. Regulatory Fragmentation: The EU’s Markets in Crypto-Assets Regulation (MiCA) (we’ll discuss this later) and U.S. Crypto-Asset National Security Act (CANSEE) impose conflicting compliance requirements on mBridge-participant banks

4. Onboarding India and Brazil - true BRICS cohesion won’t be possible without adding the two letters of the entire equation to this. India is deeply anti-crypto, and Brazil has been knee deep in its focus on expanding its PIX payment system.

5. Diversify. The majority of CBDCs under mBridge are e-CNY, which creates insufficient incentive for other countries to participate.

6. Prevent forks - there are rumored spinoff fork currencies that would tokenize reserves to XRP and USDT, both of which are not supported by governments but could destabilize the whole pitch of the CBDC.

Regulator Paycuts

Chinese authorities reduced salaries by 50% for key personnel at major financial regulatory bodies such as the PBC and China Securities Regulatory Commission starting January 2025. Analysts believe this so-called austerity measure seeks to prevent regulatory capture as the banking sector faces corruption investigations.

Data Privacy and Security Regulations

China's data privacy and security landscape underwent significant changes with the introduction of new regulations and compliance measures. The big update is the Measures for Data Security Management of Banking and Insurance Institutions, issued by China’s “mega-regulator” the National Financial Regulatory Administration (NFRA) on December 27, 2024. Key points:

• Regulatory scope - wide, including commercial banks, insurance companies, and other banking/insurance entities including foreign-funded banks

• Data Governance - a system focused on this must be established by institutions with a focus on data life cycle protection, security risk assessment, and monitoring

• The creation of a Centralized Management Department in institutions, to handle tasks like data classification, security assessments, emergency handling and risk monitoring

• Security Assessments and Audits - these must be conducted where there is sensitive or higher level data. Every three years, annual data security risk assessments and comprehensive audits must be performed.

• Penalties - between RMB 200K - 500K, along with business suspension or revocation of licenses.

Historically, China has faced criticism for perceived security risks, including government intrusion and a wide network of hackers. The U.S. and other countries have expressed concerns about Chinese companies' potential role in espionage and data breaches. However, these data regulations should boost domestic governance while simultaneously addressing global security issues. China is clearly aiming to reassure its international partners by strengthening data protection standards and offering regulatory transparency, which will enable local and international businesses to operate more seamlessly worldwide.

Unified Compliance Management Requirements

At the end of last year, the NFRA also issued the Measures for Compliance Management of Financial Institutions which went into effect this past week. Some of the features/focus areas:

• A Comprehensive Compliance Framework - Establishing a top-down responsibility system, assigning compliance duties to all levels of departments and employees within financial institutions

• Defining the role of the Chief Compliance Officer - as a senior management leader leading compliance management at the org.

• Compliance Management Department - defined as either a concentration within a single department, or distributed across multiple non-conflicting departments with a “leading department” clearly designated.

• Reporting and Supervision - Ensuring the compliance management departments report to the CCO, with provincial level branches reporting to compliance officers at the same level.

• There is a one year grace period to comply.

European Union

MiCA

We haven’t really touched on this regulation in the past, but MiCA is a set of rules created by the EU to regulate cryptocurrencies and related services across Europe. It aims to provide a clear framework for how cryptocurrencies (like Bitcoin or Ethereum) and other digital assets are issued, traded, and stored within the EU. The focus is on things like licensing, transparency, consumer protection, and capital requirements. The hope is that it will help to create a safer and more trustworthy environment for people using cryptocurrencies in Europe. The goal is also to standardize how crypto businesses operate, making it easier for them to expand across different EU countries.

The regulation went into full effect in December 2024, and it will be interesting to see whether companies are able to handle the regulatory burden successfully. There have already been supplemental rules published that are focused on technical standards, business continuity, an approval process for white paper publication, how to value transactions, and supervisory authority updates.

DORA

If MiCA was one area of focus for the EU that kicked in this year, the other is DORA. Similarly, we haven’t really talked about it, but as a quick primer, it stands for the Digital Operational Resilience Act. It's a regulation created by the European Union (EU) to help financial institutions and their technology partners protect themselves from cyber threats and other disruptions that could affect their operations. The focus is on information and communication technology (ICT) system risks, incident reporting, operational resilience testing, encouragement of information sharing between institutions on threat intelligence, and third party risk management.

While this isn’t a fintech/financial services specific regulation, fintechs should consider the cost of complying with the ICT provisions, along with the opportunities that could arise like innovating in cybersecurity, resilience testing, and third part risk particularly for offering solutions to help financial institutions come into compliance.

Project Guardian

This is an initiative launched by the Monetary Authority of Singapore (MAS) in May 2022 by implementing asset tokenization - for the uninitiated, this is taking traditional assets like bonds and fonds into digital tokens that can be traded more easily. The EU has not formally joined, but two member state central banks (Germany ‘s Deutsche Bundesbank and Switzerland’s FINMA) are part of the effort, with Bundesbank coming aboard just a few months ago.

The Bundesbank’s involvement is important as it is testing a blockchain platform for tokenized and digital funds, which aligns with Europe’s focus on distributed ledger technology and blockchain. Clearly, at least one central bank wants to be involved in shaping global standards for digital assets and tokenization. However, it will be interesting to see how the ambitions of European regulators runs up against MiCA’s valuation rules and whether it creates any friction/tension.

India

The big shift here is Sanjay Malhotra becoming Governor of the Reserve Bank of India (RBI) in December 2024. Who is this guy??

• Background - Degree in Computer Science from IIT Kanpur in 1989 and later earned a Master's in Public Policy from Princeton University.

• Career: Malhotra has extensive experience in finance, taxation, and administration. Before becoming RBI Governor, Malhotra held several key positions 1) Revenue Secretary: Played a crucial role in tax policy formulation and financial services management. 2) Secretary, Department of Financial Services: Instrumental in launching the initial public offering (IPO) of the Life Insurance Corporation (LIC) and served on the RBI board.

• Views - He could contribute to a more pro-business environment by potentially adopting a more accommodative monetary policy stance. This might include interest rate adjustments to stimulate lending and economic activity. However, whether this translates into a deregulatory environment remains to be seen, as his focus is on balancing growth with financial stability rather than eliminating regulations.

However, the following present evidence of the direction he’s going in:

Microcredit Rule Relaxation

In February 2025, the Reserve Bank of India (RBI) implemented a major revision of its microcredit rules. They exempted loans under ₹50,000 ($600) from stringent income verification requirements. The RBI implemented this policy to enhance financial access for rural populations by simplifying the process of obtaining small loans.

Microfinance serves as a key tool in India to deliver financial services to households with limited income. The microfinance sector encountered difficulties when RBI raised risk weights for microfinance loans in November 2023 making bank lending more costly. By relaxing these rules, the RBI is essentially admitting it was wrong and now hopes to boost lending to small borrowers and support economic growth.

Even though this policy relaxation enables greater credit access for people it creates potential risks of growing non-performing assets (NPAs). NPAs represent defaulted loans that place financial burdens on the lending institutions. Experts express concern that relaxed lending standards could lead to higher default rates in sectors where nonpayment is already prevalent.

First Rate Cut in Five Years

On January 7, 2025, the RBI cut its benchmark interest rate, known as the repo rate, by 25 basis points to 6.25%. This was the first rate cut since 2020 and marked a shift in the RBI's monetary policy stance.

India's economic growth was slowing down, with GDP growth projected to decline to a four-year low of 6.7%. The RBI aimed to stimulate lending and economic activity by reducing borrowing costs for businesses and consumers. Lower interest rates can make loans cheaper, encouraging people to borrow and spend, which can boost economic growth.

This rate cut may lead to slightly lower mortgage and credit card rates, reducing borrowing expenses for businesses. However, it also reflects the RBI (and Malhotra’s) cautious approach, as it maintained a "neutral" policy stance, indicating potential for further rate adjustments based on economic conditions.

Regulatory Review Mechanism

As part of India's Budget 2025, a new regulatory review mechanism was introduced. This framework requires the RBI and the Insurance Regulatory Development Authority (IRDAI) to conduct a comprehensive review of financial regulations every three years.

Regulators must now calculate how much it costs businesses to comply with new rules. Also, old regulations that are no longer needed will be phased out. Lastly, within six months of implementing new regulations, regulators must publish detailed analyses of their expected benefits and drawbacks.

If you’re in the US, does all of this sound familiar? There’s clearly a deregulatory wave sweeping the globe here, and while there’s a lot of energy behind this movement right now, whether you’re in India or in the US it will be interesting to see whether the impact of these helps consumers and businesses or creates new challenges (or worse, revives challenges long thought dormant/dead).

Singapore

Payment Services Act Expansion

The primary payments regulation in Singapore is the Payment Services Act. We’ve touched on this briefly in prior editions, but the PS Act was passed in January 2019 and came into effect in 2020. It's designed to regulate payment services and systems in Singapore, providing a single framework for various types of payment activities which include account issuance (i.e. e-wallets), domestic money transfers, cross-border transfers, merchant acquirers, e-money issuance, digital payment tokens, and currency exchange.

So what’s new with this regulation? Over the last year and spilling into this year, there have been some key updates. In April 2024, the MAS updated the PS Act to include more types of payment services under its regulation, including those that offer custodial services for crypto or other digital tokens, those that transfer or exchange crypto/digital tokens, and cross-border money transfers including where money is being sent outside of Singapore.

In terms of the compliance timeline, by May 2024 payment institutions had to notify MAS about their activities. Then by October they had to submit license applications. Finally, in January they had to provide auditor reports confirming their compliance with the new rules. This isn’t just some threat - when the original rules rolled out, several high profile withdrawals occurred, with Binance being the biggest one in 2021. It remains to be seen whether there will be more to come under these revisions.

Equity Market Development Program

In February 2025, MAS launched a S$5 billion equity market development program. This initiative aims to boost Singapore's stock market by:

• Investing in local stocks: MAS will invest with fund managers who focus on Singapore-listed small and mid-cap companies.

• Tax incentives: Fund managers get a 5% concessionary tax rate, encouraging them to invest more in local stocks.

• Supporting IPOs: The program includes tax rebates for companies listing on the Singapore Exchange (SGX).

Singapore's IPO market had seen a significant decline since 2022. This program aims to reverse that trend by making it more attractive for companies to list in Singapore and for investors to buy local stocks.

Global Fintech Network Expansion

Let’s break down what the GFTN is - it’s an initiative started by the MAS in November 2024 to connect fintech ecosystems around the world. Some of the key features include cross-border collaboration, fintech innovation, and regulatory cooperation. High level stuff, but there are tangible benefits like expanding global reach for certain markets by essentially partnering with the MAS.

The size of this network is 18 countries, which includes as its latest members Georgia and Namibia. More specifically, countries that are joining this are getting access to Singapore’s leadership in cross-border payments. While it’s unclear if Project Guardian plugs into this, the organization says its main techniques will be to convene forums, offer advisory services on innovation ecosystems, provide access to transformative digital platforms, and invest in technology startups with the potential for growth and positive social impact.

One might wonder, what is the difference between GFTN and BIS? (Okay, at least I’m wondering). At first glance, it would seem that GFTN offers an alternative to the more well-established BIS, which is older and more European in its origins. And to some extent that’s likely true as BIS is focused on global financial stability and cooperation among central banks, while GFTN is focused on innovation and connectivity. GFTN is also fairly niche in its focus on innovation and technology, while BIS covers monetary policy, financial stability, and international cooperation. Rather than being competitive, it can be argued they are complimentary, with BIS focusing on getting its member central banks to a place of stability, and then GFTN pushing some of those same members to think creatively and push the boundaries.

In any case, it will be interesting to see what develops as the GFTN matures into this year.

Conclusion

Let’s simplify all of this. In 2025, regulators globally are going to be facing big challenges (here in the US, their entire existence is being challenged or fundamentally reshaped, but that’s for another time). On one hand, they want to protect their country’s data and digital currencies and maintain control over how they are used. But at the same time, they want to make sure there’s cross-border interoperability. There’s a push and pull between standardization efforts like MiCA and Basel III coming up against fragmentation risk. However, using AI to help adapt to changing regulations along with joining collaborative forums like GFTN can overcome these challenges - provided countries are willing to cooperate especially when it seems like the world is hunkering down into various camps (BRICS, EU, ASEAN, etc) in response to the void created by the US going into full cutback mode, with reversals on foreign aid and ramp ups in tariffs.

One thing’s for sure - no one can truly predict what this year is going to hold. But I hope our series gave you somewhat of an idea of what to expect!