At the start of the year, I planned a multi-part countdown of the biggest compliance stories of 2025 (Part 1 here). Instead of dragging that series out, I’m closing the loop here with a single synthesis: what actually mattered, what didn’t, and what compliance teams should still be paying attention to going into 2026. Let’s dive right in!

8. California’s “Mini-CFPB” Starts Cracking Down on Fees and Sloppy Crypto

The story: Last time we checked in on the NYDFS, New York’s version of a “mini-CFPB” state regulatory body. This time, we start with the DFPI, California’s edition. Two trends stood out - one, targeting crypto kiosks (think of the ATM-style bitcoin terminals that are available in random places) specifically for accepting cash transactions that surpassed the $1K daily AML limit, and for charging excessive fees on transactions; second, going after lenders (namely Apoyo Financiero, a lender that markets itself to the unbanked and primarily targeting Spanish speakers) for charging interest and fees that exceed the caps set by the California Financing Law.

Analysis: Here’s a quick table that shows some of the key fines and penalties across some of the larger state regulators in 2H 2025:

Based on the above, while NYDFS takes the cake from an overall monetary perspective, California is unique in that it appears to be the only major state regulator that is hitting hard on not just one two areas that seemed to have been the bread and butter of federal regulators and namely the CFPB - fintech lending/junk fees and cryptocurrency violations of AML and fees. Reg E, Reg Z, BSA/AML all come into play here. The other thing of note is that the DFPI appears eager to cross state lines (and even country lines in some cases) and tackle institutions based out of California that happen to operate there. Clearly, the CFPB “going to sleep” has simply opened up the doors for the DFPI to step in and leverage authority granted by regs like CCFPL, essentially their local version of UDAAP.

7. Aflac and Powerschool - When People, Not Systems, Become the Breach

The story: Neither of these players are true “fintech” institutions. However, these breaches are worth highlighting because of the attack vectors. In the case of Aflac, the popular insurance provider (yes, that’s why we had the ducks last time at the end of our post) in June of last year a social engineering attempt occurred by simply calling Aflac’s customer service line, asking for a password reset and stating that an urgent meeting was about to begin, and then also got the Helpdesk to reset the MFA. The individual whose credentials were compromised also had admin access to key systems. For a good read and further deep dive on this incident and how something seemingly simple can actually be pulled off, check out this post by cybersecurity expert Asad Syed.

In the case of Powerschool, it was a bit more of what I’ve seen in similar breakdowns (and probably many of you have seen for not just cybersecurity but other failures for institutions generally) - a vendor dropping the ball. Quick background, Powerschool is a cloud provider with front-end tools specifically for K-12 students, teachers and administrators. In this case, a contractor’s credentials were stolen who happened to have access to PowerSource’s portal, allowing access to what PowerSchool described as “sensitive personal information” that “may have included” Social Security numbers and medical data (!!!)

Analysis: The Aflac breach is a textbook example of why technical MFA is a secondary defense to social engineering; ultimately it is your classic human error leading to a huge breach situation. The Powerschool breach stands out to me more because of how it has been handled post-breach. First, they actually paid a ransom to the hackers - which flies in the face of the mindset “we don’t negotiate with bad actors” - to delete the data, which they have no true guarantee was actually done. Secondly, the types of information are way more than just your standard SSN, Driver’s License, credit card numbers - it turns out sensitive information about students was included that ranged from restraining orders to medication information, but again, no complete transparency was provided. The last update from Powerschool is a not-so-comforting announcement that someone is extorting impacted students/families with the stolen information and that in response, they will offer credit monitoring and identity protection services to those impacted. It has been 8 months since the last update.

One final thing of note here - PowerSchool was taken private by Bain Capital prior to the breach in late 2024, just months before the breach occurred, which almost certainly would have shifted its governance incentives and its focus for accountability. The reality is, when who you answer to changes, this sort of change in ownership will also change the context for risk prioritization, incident response, and disclosure practices even if it doesn’t cause operational failures. Specifically in the case of private equity acquisitions, Ownership transitions, whether to private equity or public markets, can create 'integration blind spots' where legacy controls may not scale at the pace of new strategic goals. This is inherent from acquisitions of Clear Channel to healthcare platforms. For compliance teams, the lesson isn’t about private equity itself, but about how ownership changes can quietly alter risk tolerance, oversight, and investment in control infrastructure.

6. The "AI-Washing" Crackdown at the SEC

The story: After the departure of Gary Gensler, who was quite reviled in the crypto world, the SEC has been headed up by Paul Atkins, who came into the organization in April 2025 shortly after the agency had already slimmed down by 10%. The SEC’s focus area has been more targeted towards “AI-washing” while decreasing the focus on registration violations and things like “off-channel communications”. In addition, the signal from the SEC as well as the DOJ and Congress (i.e. passing the GENIUS Act) is extremely pro-crypto.

But despite the federal government’s simultaneous pro-AI stance as evidenced by a recent executive order, the SEC seems to be unfazed as it converted its previously entitled “Crypto Assets and Cyber Unit” division to the “Cyber and Emerging Technologies Unit”, reflecting the de-emphasis on crypto and the broader coverage of technology risk in general - and this unit was responsible for two major actions, with one taken against the founder of prominent fintech Nate in April 2025 and a more sweeping action against a slew of crypto-related companies that touted their “AI wealth” capabilities in December of the same year. In addition, the 2026 SEC Enforcement priorities included AI as a continued focus, ensuring this is likely the beginning, not the end of targeted focus in this.

Analysis: Looking at the raw number of SEC enforcement actions in the 1 year since the Trump administration took office, the amount has gone down by 22% (311 between Jan 20 2024 - 2025, 242 between Jan 20 2025 - 2026). But in addition to the above activity, the SEC also launched an AI task force in August of this past year and appointed Valerie Szczepanik to head it - an interesting pick as she served in the agency through the Biden administration leading its innovation hub, proving this is no longer a party-line issue.

The aforementioned enforcement priorities also talk about evaluating AI in the context of cybersecurity, which should be interesting as to date the focus has been more on fraud perpetrated by registrants but this seems to indicate the scope will expand in the new year.

5. The Impending Advent of PSR in the EU

The story: If you lived in or interacted with any EU payments related regulatory matters, you were probably familiar with PSD2, the latest iteration of which went into effect in 2018 and was best known for mandating Strong Customer Authentication (SCA), for which enforcement was fully implemented in 2021. In English, this mandated multi-factor authentication, more accessibility/portability for customers (think open banking), and customer liability limits, just to name a few. PSD3 doesn’t introduce anything fundamentally groundbreaking, instead focusing on strengthening and clarifying some of the minutiae in PSD2 and making it clear that this will head to the issuance of PSR (a true Payments Services Regulation), so that the rollout is not forced to align with national regulations (something a non-PSR directive has to do, resulting in time-consuming legislation in each member state).

Analysis: The specifics of PSD3 are focused on two key areas - liability for spoofing (which now falls on the bank, even if a customer “falls for” a spoofing attempt) and firming up requirements for banks to “open the doors” to allow PSPs access to APIs so that open banking can start to scale (with a specific expectation of providing a dashboard where customers can see all third party access they have provided).

Check this article out for a great primer on where things currently stand - their prediction is that the PSR will be passed this summer and compliance will likely be expected by early 2027. This leaves precious little time for IT organizations of banks to get it together, particularly those that have not been modernizing their infrastructure. Aside from this, I was also curious whether there is going to be any customer awareness campaign so that customers know what their rights are. The data to date about consumer awareness has been telling:

• A 2023 YouGov survey found that only 34% of EU-based adults were aware of “Open Banking” (a core PSD2 pillar).

• A 2019 study by Riskified found that as many as 76% of consumers had never heard of PSD2.

• Awareness is lowest among younger users (ages 16–24), where knowledge of the directive is below 30% (using a survey of Swedish consumers as an example).

This all begs the question - a more comprehensive regulation is great, but what is the point if the people it’s intended to serve have no idea what it’s supposed to do?

4. The Billion-Dollar Message Down Under (or is it?)

The story: The SEC’s Australian counterpart, the Australian Securities and Investment Commission, took massive action late last year against the Australia and New Zealand Banking Group (ANZ). ANZ happens to be the second-largest bank in Australia - which makes it a more prominent target. In essence, ANZ was invited to join a government panel that, among many things, influences government bond markets. To join the panel, ANZ would be evaluated by the government on how active it was in the secondary bond market (aka bonds already issued and being traded between investors). However, ASIC identified that ANZ had found a way to puff up its numbers here.

Beyond this, ASIC also identified (likely triggered by more scrutiny after identifying the first gap) instances of misconduct, including tacking on fees towards accounts of deceased customers being run by the estates, and ignoring hundreds of customer-initiated hardship notices. In the end, the fines between both items (manipulation + misconduct) added up to $240 million Australian dollars, which happens to be the biggest fine ASIC has ever levied and is more than double the size of the previously largest fine (levied in 2022).

Analysis: A lot of “biggest” or “second-biggest” in this case. However, what is the real impact of this? Does it do anything in practicality to dissuade this behavior in the future or is the government trying to grab headlines? For context, the fine of $240 million is about 4% of ANZ’s full-year profit of $5.8 billion.

And how did ANZ respond to this, while publicly settling with the government? Just earlier this week, they announced their first quarter results, showing an increase in profit of 6% powered by cost-cutting - specifically, slashing 3500 jobs that took place at the beginning of the last quarter. This comes as just months before, Consumer NZ conducted a poll that revealed of all the major banks in New Zealand, ANZ ranked last in customer service satisfaction.

This raises a critical question about the efficacy of monetary penalties: if the cost of misconduct is simply passed on to the workforce through job cuts, the 'deterrent' hasn't actually changed the institution's risk culture.

3. The OCC Signals the End of Rent-A-Charter

The story: After a year of its enforcement action output slowing to a crawl, with several months of no enforcement activity, something that would have been unthinkable prior to 2025, the OCC took a wide-ranging action against the First National Bank of Pasco in Florida covering a slew of areas including corporate governance, capital planning, BSA/AML and FinCrime, and more.

The biggest driver here is that FNB Pasco was going way beyond their seeming profile as a community bank with only $285 million in assets. Thanks to the strain of markets and margins being squeezed, they had numerous partnerships with foreign FIs. However, per the enforcement action, these partnerships did not get the appropriate scrutiny required for correspondent banks that is supposed to be the hallmark of AML compliance. And this comes at a time when the Synapse case has already been dragging on for years now, showing that scrutiny is in full swing for both fintechs and the banks powering them. In this case, the cost of a mandated overhaul of board governance will likely wipe out any profit earned from fintech partnership.

Analysis: Two things stand out that are not immediately clear if you only look at the OCC’s action in isolation. First, the likely identities of some of these FIs. While the enforcement action doesn’t go into detail (which is typical for these sorts of documents), the FinCEN files were released in 2020 as a result of a collaboration between the International Consortium of Investigative Journalists (ICIJ) and 109 media parters. The documents that the journalists obtained revealed specifically for FNB Pasco correspondent accounts for banks in Tanzania, Latvia, Estonia and Russia, of which four were later involved in major money laundering concerns and actions. Interestingly, at the time of this disclosure, the sources stated that most SARs are not read or acted upon by FinCEN. The fact that an action like this took 6 years to be issued adds some credence to this concern.

Second, shortly after this action, a cannabis-banking related lawsuit was filed against the bank from minority shareholder based in the UK, citing the fact that the bank had significant experience to handle the nuances associated with cannabis banking. A quote from the lawsuit about the bank’s Board is something else, with some quotes you have to read, with the most comprehensive one being “Not a single one of the directors identifies any prior banking experience.”

2. CFPB Funding Cliff

The story: Almost anyone who has been keeping up with the activity of the federal government in 2025 knows that the CFPB has been in the crosshairs of the Trump Administration. Despite a lot of rhetoric in the first Trump administration, the Bureau soldiered on and continued to operate into the Biden administration. However, this time around things are quite different. A timeline-style format follows:

• 2/1 - 2/7/2025 - Trump fires CFPB Director Rohit Chopra and appoints Russell Vought, one of the key minds behind Project 2025, as Acting Director.

• 2/9 - 2/14/2025 - Vought issues a stop work order at the Bureau and the headquarters are locked, after which a team from DOGE enters the building and starts accessing sensitive data. A federal judge issues a Temporary Restraining Order to stop this data access and any attempts to fire employees. Most notably during this time period, Vought claimed the Bureau had “excessive “ reserves and declared that the “spigot” of Fed funding that had contributed to the “CFPB’s unaccountability” was being turned off by requesting $0 from the Reserve.

• 5/9/2025 - Trump signs resolutions repealing the credit card late fee and overdraft fee limit rules that had not yet gone into effect but had been finalized during the Biden administration.

• 10/28/2025 - Senate Democrats claim that Vought intends to “close down” the agency in months against the requirements of court cases that say the Bureau must remain operational.

• 11/11/2025 - The CFPB sends a notice in one of its court cases that it cannot legal request funds from the Federal Reserve, reigniting the argument that had been seemingly tabled back in February.

• 11/20/2025 - Vought sends a letter to Congress stating that the CFPB would run out of money by January 15, 2026 and that the Bureau was $279.6 million short of what was needed to maintain operations.

• 12/30/2025 - DC District Judge Amy Berman Jackson, who has been involved with the actions of the CFPB throughout 2025, ruled that the CFPB can continue to draw funding from the Fed, in a scathing 32-page decision.

• 2/9/2026 - The Senate Banking Committee’s minority staff releases a report detailing that the CFPB’s self-immolation has cost American consumers $19 billion in late fees and lost relief.

Analysis: What else is there to say at this point that hasn’t already been said? Here’s a link to a good analysis from Consumer Reports of where things stand at the Bureau as of February 2026. In spite of all the efforts made to save it, its future is still not looking good.

1. Synapse Implosion

The story: We save the best (or the worst, depending on how you look at it) for last. Arguably the biggest story in fintech for the last two years and running. We covered this as it started to become a big deal back in May 2024, but a lot more has happened since then. Similar to the above, we’ll use a timeline-style approach:

• 6/14/2024 - A massive ledger discrepancy is revealed - customers are owed $265 million from Synapse, but partner banks only hold $180 million. The gap that was previously thought to be $14 million is now $85 million.

• 10/15/2024 - The FDIC proposes a new rule that will require banks to maintain their own daily records of fintech customers rather than depend on middleware providers like Synapse.

• 03/11/2025 - One of Synapse’s biggest competitors, Synctera, raises $15 million while touting its new partnership with FinCrime vendor Hawk.

• 06/18/2025 - Synctera hires Deb Bonosconi, a former examiner with the Fed and the OCC, as Chief Risk and Compliance Officer, touting her compliance credentials and talking about how much this area is a priority for them.

• 08/27/2025 - After all the drama noted in our previous story, the CFPB breaks out of its Trump-era slumber and actually uses its enforcement power for the first time in the new administration to sue Synapse for “systemic failures” in fund tracking, with the suit amount being irrelevant as the goal is to unlock $46 million of victim relief funds. But that doesn’t address the almost $40 million still unaccounted for.

• 02/06/2026 - The CFPB announces new limits on its complaint portal, with the changes making it difficult for victims to whom the $40 million is still owed to have advocacy for their claims.

Analysis: Out of curiosity, I decided to take a look at what is left of the middleware space (specifically ledger as a service) that was a big thing in the BaaS space at the time this all started. I put together this table demonstrating what was happening in 2024 vs today in 2026:

Paired with the new FDIC rule, when 4 of the 6 names above no longer even exist as independent companies it is truly the end of an era.

In addition, even though it’s focused on a different side of the space (crypto/stablecoins), the GENIUS Act which was passed last year has a few interesting elements that would seem to take inspiration from the Synapse debacle. It provides the regulatory blueprint for what the 'Synapse Fix' should look like for the digital age, specifically the 1:1 reserve and monthly proof of accounting:

• A 1:1 reserve mandate - Every 1 unit of stablecoin has to be backed by cash, short-term treasuries, or central bank deposits

• No more lending out/investing customer funds to earn extra yield - This was what many suspect caused the Synapse shortfall

• Monthly Proof of Accounting - Stablecoin issuers have to publish a certified breakdown of their reserves on their website every 30 days, with top execs signing off on the accuracy of these ledgers (similar to what SOX mandated after Enron).

• Source of Truth - Issuers have to have the technical capability to seize or freeze tokens upon a court order, preventing a Synapse-like scenario where users are stuck because the middleman turned off the dashboard and now no one knows who owns what.

For more on this, as always, check out Jason Mikula’s multi-year coverage of all things Synapse and Evolve (dating back to before the bankruptcy - latest update here).

Wrap-Up

That finally does it for 2025! For a good preview of 2026, check out this post on Reddit that does a no-frills, straight to the point prediction about what compliance issues will keep up CEOs at night in the upcoming year.

Keep an eye out for more content and hopefully for things to become a bit more regular around these parts. I'm currently exploring how these 2026 shifts will impact lending in particular. If you are navigating these waters, I'd love to connect. Thanks, as always, for your subscriptions and support!

In all seriousness, hope you all have been doing well! If you’ve noticed, I kind of…sort of…took a hiatus from our little thing here, including the broader fintech community. For the last 6 months, I made a conscious decision to step away entirely from all of this. Even LinkedIn. No fancy announcement, just a necessary, intentional disconnection for a variety of personal reasons, ranging from family matters to a massive marathon training block.

While the Chronicles went quiet, my focus on the industry’s moving parts did not. Stepping back from the daily ‘feed’ allowed me to prioritize health and recalibrate my perspective without the constant noise of the platform. So I’m returning with a much more disciplined cadence and a tighter focus on the stories that actually matter. As we turn the page on 2025, we take one final look at the 10 biggest stories in the fintech compliance world while we were away for the last 6 months; not just here in the US at the federal level, but in states and even around the globe. In tried and true tradition with some of our past editions, this is yet another series. This week we’ll focus on #10 and #9, with more coming over the next few weeks. Let’s dive in:

10. A £1 Million+ Data Integrity Screw-Up (that the FCA notices)

In the UK, the Financial Conduct Authority (FCA) - essentially the UK’s equivalent of the Securities & Exchange Commission (SEC) in the US - demonstrated that it has lost patience with firms that cannot manage their data. On July 29, the FCA fined Sigma Broking Limited £1,087,300 for transaction reporting failures. Interestingly, this story didn’t get a lot of play in the news beyond more technical legal publications, but this is a bigger indicator of where regulatory scrutiny is going (at least for British fintech) and we thought we’d start off by highlighting it.

Who is Sigma? Most of you tech savvy folks may have heard of Sigma Computing, which is a company that specializes in analytics and visualization. (Don’t worry, this isn’t a third/fourth party service provider horror story). This is actually a different company altogether - Sigma Broking is best described as a broker’s broker. Think of them as the plumbing that moves millions of dollars for the world’s biggest players, including investment banks, hedge funds, and massive portfolio managers. Sigma helps these giants move government bonds, oil and stock indices.

So what went wrong? The origin story for this screw-up comes back to MiFID II, an massive EU reg that became law in 2018 and among many things, requires institutions to deliver strict reporting on financial trades. While some may hear the phrase “regulatory reporting” and think “necessary evil,” to the regulator (in this case the FCA) it is a critical tool in their fight against market manipulation. And coming to Sigma, in this case - right from the jump of their MiFID reporting in 2018 - they transposed “Buyer” and “Seller” fields for what they were sending to the FCA to the tune of 924,584 transactions. In terms of what the reporting looked like to to the FCA, they were seeing the client as the seller and Sigma as the buyer - for all of their transactions. Meaning that Sigma looked like it was just the buyer on trades constantly, when in reality they are an intermediary and do both. To make matters worse, this lasted for 5 years and was never caught, all while they actually got an earlier action levied against them (in 2022) by the very same FCA on a related but different matter that was significant enough to lead the FCA to ban the CEO from senior management, essentially forcing his exit.

You would think that would alert them to beef up the internal controls, but no - it was the FCA that ultimately found the issue, and as is the case with many regulators they do not take it easy on what they consider “repeat offenders.” The FCA is pretty transparent about its methodology, and in this case they decided to double the base fine and apply a 40% aggravation increase due to the repeat nature of the offense, along with failure to self-report and not doing anything about the previously identified issue.

And speaking of the fine, one might be tempted to see £1 million and think “okay that’s bad, but how bad is it really?” For a private firm like Sigma Broking, a £1.08 million fine is a seismic event, not a line item. While a global bank might lose that much in a rounding error, this penalty represents roughly 3.5% of Sigma’s total net assets (£31.2M).

To put that in perspective: for an individual earning £100,000, this is the financial equivalent of a sudden, non-negotiable £3,500 bill. It’s enough to wipe out annual bonuses, freeze hiring, and force a complete audit of every internal system.

Sigma would have probably argued that they were on top of it after 2022, it just took them a while. But to the FCA, they saw a company that took 7 months to acknowledge the error, then over a year to remediate it, bringing in a third party to help them, and still couldn’t get things right. On top of this, a few months before the 2025 issue was publicly announced, Sigma announced they were putting themselves up for sale, while the new CEO resigned. What a mess.

To me, the biggest lesson here is that you can’t just fix a problem and expect that issues will be resolved. In fintech/banking/financial services compliance, it is critical that you not only solve a problem, but then put controls in place to make sure you can catch similar issues in the future should they occur. Had Sigma built an internal control environment, performed more internal audits, and reviewed their system logic, they would have probably avoided this mess.

9. The Multi-State Regulatory Surge

These pages have been very focused on the CFPB, in 2023 and 2024. Obviously, 2025 has been a different story. With the agency on the verge of shutdown (which - spoiler alert - is one of the 10 stories we’re covering), attention has shifted to state regulators. And no name loomed larger than the NYDFS, which historically has been seen as proposing NY-based rules that are precursors to activity later undertaken at the federal level (something that was apparent as early as 2014).

The new wrinkle is that this era has seen the rise in significance of the multi-state approach. Although this approach started showing up in 2020 for state regulatory exams (yours truly is a proud participant of a few of these in the past), the stakes are higher in the wake of federal pullbacks. The NYDFS is the example we use, and specifically their action against Wise for $4.2 million in July along with Massachusetts, Texas, California, Minnesota and Nebraska.

As a reminder, Wise used to be known as TransferWise, and historically has been a significant player in the overseas money transfer game (along with its biggest rival, MoneyGram) having been around since 2011. In the last five years, they decided to drop the “Transfer” while on the cusp of going public, and since then have wildly diversified their offerings, getting into everything from business cards to QuickBooks functionality while also expanding their global footprint.

But where there’s smoke there’s trouble. Leading up to this fine, there has been a flurry of activity suggesting all may not be well. Right as the company was going public, one of the co-founders stepped down as chair and a year later, the other (who was the CEO) was busted for tax evasion by our friends at the FCA. And in 2024, they got caught up in the mess with Evolve Bank, announcing their customers may have been impacted by a data breach.

The specifics of the action focus on failure to file SARs timely, inaccurate/incomplete data feeding their transaction monitoring, and failure to perform independent reviews of the AML program frequently enough. These are pretty basic failures, and suggest a story of a company that has had leadership issues while trying to expand its focus, and forgetting to do the simple things (SARS and transaction monitoring are about as core as it comes in AML governance).

As for the fine itself and the multi-state approach? Fine-wise, the amount is not much as $4.2 million is a drop in the bucket for a company with net assets of over £1 billion. But the multi-state nature of this is the more interesting aspect. The action was coordinated by the Conference of State Bank Supervisors (CSBS) (which has been around since 1902 and is best known for running the National Multistate Licensing System and the State Examination System) in conjunction with the Money Transmitter Regulators Association (MTRA) which started more recently in 1989 and focuses specifically on money transmitters and payments.

Both of these orgs have been around for a long time conducting multi-state exams, but what has been interesting is their recent proclamation - after testing it for a few years, the CSBS formally launched their “One Company, One Exam” framework this year of which there was a component called “Networked Supervision” - essentially, it allows states to pool resources and conduct a single, massive exam on a company rather than 50 individual ones. And the other bit to note here, it wasn’t just a bunch of states under the CSBS doing an exam on banking requirements, those same states were able to cover money transmitter license (MTL) requirements as well. Double-edged sword for the company - less exams, but way more hinging on a big one (and essentially the equivalent of a large federal exam).

The CSBS and MTRA continue to work closely beyond exams as well, having collaborated in the past on a report calling out bank de-risking practices that result in them terminating accounts for licensed fintechs without valid justification. I would say best to buckle in and watch the state regulatory space closely in the coming year. The Wise action tells us that multi-state exams are not just going to be administrative check the box exercises, but could very well be poised to replace the rigor of what CFPB exams used to bring pre-2025.

Next Time and In Closing

Join us next week as we bring you the #8 and #7 Fintech Compliance stories of 2H 2025. I’ll give you a hint with a word and picture. The word? “Mini-CFPB”. The picture?

Now, in closing and some housekeeping. To the 2,000+ of you who stayed subscribed, the small batch of people on Substack who decided to subscribe even though I didn’t produce anything for half a year, and the dozens who reached out about the podcast or pings - thank you. I’m currently triaging a mountain of messages. If I haven’t replied, it’s not for a lack of interest, but a commitment to moving forward with intentionality.

Finally, a note on the ‘Year-End Recap’ season. LinkedIn is currently a sea of ‘humbled and honored’ victory laps. But I know that for many of you, 2025 was a year of layoffs, personal loss, and quiet struggles that don’t make it into a highlight reel. If you’re just happy to have made it to December 31st, you’re in good company. Let’s make 2026 about the humans behind the compliance tech.

See you next week and happy new year!

~~

Further reading:

1. 2025 fines | https://www.fca.org.uk/news/news-stories/2025-fines

2. FCA fines Sigma Broking Limited for transaction reporting failures https://www.fca.org.uk/news/press-releases/fca-fines-sigma-broking-limited-transaction-reporting-failures

3. Final Notice 2025: Sigma Broking Limited - FCA https://www.fca.org.uk/publication/final-notices/sigma-broking-limited-2025.pdf

4. Notice in a nutshell: Broker fined for MiFIR transaction reporting failures https://connections.nortonrosefulbright.com/post/102l10p/notice-in-a-nutshell-broker-fined-for-mifir-transaction-reporting-failures

5. Sigma Brokings Compliance Collapse - A Case Study in Reporting Failures https://vinciworks.com/blog/sigma-brokings-compliance-collapse-a-case-study-in-reporting-failures/

6. Bank and Financial Services Orders | Mortgage Enforcement Actions - DFS https://www.dfs.ny.gov/industry_guidance/enforcement_actions

7. NYDFS and Other State Regulators Impose $4.2 Million Penalty on Money Transmitter

   https://www.consumerfinanceandfintechblog.com/2025/07/nydfs-and-other-state-regulators-impose-4-2-million-penalty-on-money-transmitter/

8. One Company, One Exam - Driving Forward Change - CSBS
   https://www.csbs.org/one-company-one-exam-driving-forward-change

Connecticut Digital Banking Innovation Summit, hosted by Bankwell

“This conference will be focused on initiating discussions in Connecticut on digital banking innovation. Our goal is to bring regulators together with banks and FinTech experts with the goal of fostering greater support of innovation in the CT Department of Banking and state government.

We have two senior regulators speaking on panels. I am moderating the first panel, which includes Joe Chambers, who is the Chief of Staff and General Counsel.

Our second panel is ”Managing Financial Technology Risk in a Digital Economy.” Faraz Rana (CEO/Founder Affinity) is on that panel along with Derek Henderson, the Chief Compliance Officer for DR Bank (based in CT) and Steve Brunner, Chief Risk Officer at Bankwell (based in CT). Jaspers Sneff Nanni of FS Vector is moderating that panel.

The third panel is focused on the “new” CT Innovation Charter, which is a non-depository charter. There are a few banks operating under this charter, including Banking Circle. As you can imagine, it is of particular interest to people in the payments ecosystem. Matt Saunig from the CT Department of Banking is participating in that panel.

Our event is Tuesday, June 3rd from 11 am – 2:30 pm at Fairfield University in Fairfield, CT.

We are viewing this summit as just the first discussion.”

As a bonus for our readers, if you use the code “FINSOLUTE” you will get free admission to the event. If you attend, kindly let us know and take pictures! Always proud to support the fintech compliance community.

As many of you know, I spent 8 and a half years working there, longer than anywhere else in my career. And if you throw in the 6 months I did a college internship with them, it essentially rounds up to 9 years. This is a subject that I didn’t really talk about publicly until seeing the initial cold, unfeeling media reaction to the surprise news last year prompted me to share my thoughts about it which more or less went viral, and spurred me to create the “Now What” series here which got a lot of views especially from current Discover employees. All that, for those of you who have been here since then, is old news.

Today I would like to share some of my reflections as a new entity now forms. These are not necessarily related to Compliance, so if you’re here looking for that maybe it won’t be the best read for you this week. No worries, we have a lot coming in store very soon. For those that want to take a trip down memory lane with me, read on.

• How did I even find out about this place? Late in my college career, I had gotten a B+ in a college class, and a professor told me he was going to “make it up to me” by facilitating an introduction that he promised would have an impact on me long after this course was over. He introduced me to the career counselor at our University, who facilitated my application for the summer internship program with Business Technology, and so I actually started off my career in tech doing a mixture of SQL coding, managing portfolio marketing campaigns, and working on intranet pages. When the time came to make a decision on what I wanted to do after graduation, Discover offered me to come aboard full time. Instead, I ended up going into public accounting where I was part of the post-busy-season layoffs about a year later. It took 4 years before I “came back to my senses” and found my way into Discover again, and the entire time between stints all I could think of was the amazing campus and the familial vibe. For some reason, the RAK in particular always stayed with me.

• Stint two was working in Internal Audit, and it was frankly, a hell of a ride. My sincere thanks to my boss of 7 years, Michael Nesler, who saw something in me during my interview and basically strapped a rocket to me - giving me opportunity after opportunity. I got to prove myself as an IC, then a project lead, and eventually got to lead and grow teams for the first time in my career, something that has truly become a passion since then. These sort of “trial by fire” skill building approaches are rare at any company, large or small, but I’m proud to have had the opportunity to experience it. I worked, traveled, and made lifelong friendships with incredible people, not just my own team but with stakeholders, colleagues in China, and even external peers. By the end of my time at Discover’s IA, we had done some wild innovative stuff that left management consultants we worked with asking me if they could set up time to learn more about some of it, and allowed our leaders to humble brag at conferences about our direction.

• The field, as we called it, was something that I’ll probably never experience again. Most of us have deal with call centers and it’s not really a pleasant experience. You have seen the Discover commercials, though. And the hype is real, the customer service is second to none - something that I hope Cap One does not mess with. The JD Power awards are proof of the fact that it’s no joke. However, all of this is one thing - actually visiting a call center is another. A few things stood out during my approximately 15 visits to Utah, Arizona, Ohio, and Delaware during my time at the company:

  • 1) The floor of the call centers were a constant buzz, and not in a bad way. It wasn’t just calls either. There were little subcultures formed in different wings, with decorations, different shared snack days, brief huddles that sometimes included offbeat things like costumes, and so on. All to keep folks happy, motivated and connected while they provided top notch quality to customers. It is a stressful job, and I remain in awe of how these folks did that while having actual smiles on their faces (it’s not just in the commercials)

  

  • 2) If you were a new employee and didn’t know how the product works, sitting down with the agents and watching them in action (or listening to their calls) was the best way to get up to speed. And as a bonus, because I was there doing audits, after the calls the agents would tend to offer extremely candid insights about the process and how they thought it could be improved, sometimes sharing things that their management wasn’t always eager to share but begrudgingly admitted later on.

  

  • 3) Speaking of management, our senior leadership up to and including the CEO constantly visited the sites. Not to gauge performance, but to remind the folks working in these centers, many of whom were hourly employees and did not have the luxury of corporate bonuses, that their opinion mattered and that even someone with years of experience working in big companies elsewhere could learn a thing or two from sitting back and just listening to the agents do their thing.

    

• Recognition programs! This was something that came as a shock to me when I started at the company and received my first “Smart Appreciation” coin. But over the years I realized how much these little nudges of encouragement meant to me and kept me motivated. Yeah, it’s great to get a salary, but if you want to ensure loyalty you build out formal programs like these. These extend all the way to the President’s Award which I was fortunate to win in 2014 with some of my fellow colleagues for revamping a training program, and the Pinnacle Award which is essentially the equivalent for those in the field.

  

• There are some things, as I look back, that I would imagine would be warning signs for any company in a similar profile to Discover because let’s be real about it - the Cap One deal did not happen because Discover decided it was a good business move. On the contrary, it happened in the wake of a major compliance and finance error that cost the longtime President his job and the deal likely was the cost of getting over the hump for the $300M penalty associated with this miss. Here’s a couple of things without getting into specifics:

  • 1) While a culture where you have folks who have been with the firm for over 30-40 years is amazing, it can also breed complacency and the classic “we’ve always done it this way” approach. Most notably, executive leadership remained largely static for over 10 years before undergoing change. Although recent years have led to a huge number of changes and management turnover since then, I’d argue a balanced approach is necessary.

  • 2) Partnerships are critical. They keep you out of your bubble and give you allies and new perspective. While many of the peer companies offered co-branded cards or partnered with cool up and coming entities, Discover did not always do so. Perhaps the biggest example of this is in 2014 when Apple launched Apple Pay, yet Discover was noticeably absent. Eventually, we know that things changed, and yes Discover did a lot of hard work on things like international payment network sharing, but does anyone remember the last real celebrity endorsement of Discover before Jennifer Coolidge of White Lotus fame?

  • 3) Compliance must be a priority and tone at the top on this matters a lot. Won’t say more about that but I think you get the idea.

I’ve interspersed some pictures from the 2012 “Voices of Discover” book we were all given after a company town hall which reflects the culture at the time and something that for better or worse, is going to change as the company, its employees and its customers embark on a new era. Thanks for the memories, and best wishes to everyone on the new chapter.

If you’re a current or former Discover employee, chime in with your comments and thoughts below. Would love to have this become a wall of good memories.

Welcome back to the podcast! This week, I’m excited to feature my conversation with fintech compliance recruitment leader at Madison-Davis, LLC and general compliance industry advocate Sanjeev Menon.

Madison-Davis is “a leading executive search and temporary staffing firm specializing in financial services and technology. Founded in 1982 with a single purpose: to provide top-tier talent through a strategic approach and unparalleled subject matter expertise. We pride ourselves on the relationships we cultivate and the success of our placements, and our role in building highly-skilled workforces across financial services and technology. We have partnered with more than 1,000 companies across traditional finance, decentralized finance (crypto & blockchain), healthcare, technology, consumer, and industrial sectors. Our tight focus on both financial services and technology has cultivated our subject matter expertise, which allows us to fill any role promptly and efficiently. We offer personalized recruiting in various specialty groups, including Accounting & Finance, Corporate & Investment Banking, Equipment Leasing & Commercial Finance, Legal & Compliance, Risk Management, and Technology.”

Some background about Sanjeev - he is “a Managing Partner in Madison-Davis’s Legal & Compliance Practice Area, joining the firm in 2023. His expertise resides in providing staffing and workforce solutions to clients actively creating best-in-class compliance and financial crimes programs in the financial services, fintech, telecommunications, pharmaceuticals, and health services industries. Sanjeev has assisted clients in dealing with consent orders and enforcement actions by providing both executive recruitment and contingent labor for projects. He is an ASA Certified Staffing Professional and holds a SHRM-CP. Sanjeev stays abreast of the latest human resources and staffing trends, analyzing the ongoing evolution of the employment market. He holds a BA from the University of Michigan, Ann Arbor.”

Grateful to Sanjeev for taking the time to join the show, and grateful to those of you who participated in our audience poll ahead of this episode with your questions.

Experimenting with no transcript this week, and trying something slightly different with the video. Please see below for a link to the video edition of this episode:

Welcome back to the podcast! This week’s guest is Andrew Jamison, an industry leader in B2B payments and spend management, and the CEO and Co-Founder of Extend.

Extend is a “digital credit card distribution platform for banks, fintechs, businesses, and their customers, that redefines how credit cards are issued. A certified Visa and MasterCard partner, Extend seamlessly integrates with legacy bank issuing systems to enable modern virtual credit card features and distribution capabilities. Extend offers both a virtual credit card distribution app (paywithextend.com) for business customers that want to instantly equip anyone with a secure mean of payments, and a suite of APIs for fintechs to leverage virtual credit cards to enhance their products, enable commerce at POS, and streamline payment operations.”

Some background about Andrew - he is a “virtual card expert, who managed all B2B payments solutions for American Express for 12 years with a mandate to drive digital payment innovation and adoption. Over the course of six years, he doubled B2B payment volumes by launching and scaling new capabilities and platforms. Prior to AMEX, Andrew spent eight years managing global SAP deployments for large multinational corporations. He earned an MBA from INSEAD.”

Grateful to Andrew for taking out his time to talk to us about the intersection of B2B payments and compliance! Special thanks to Avenue Z for helping coordinate the discussion.

Zarik: Welcome Andrew Jamison to the Fintech Compliance Chronicles podcast. Really excited to be talking to you today to learn a little bit more about Extend, the company of which you are the CEO. As I always like to start off with in these conversations, who are you and what do you do?

Andrew: Thank you Zarik, for having me on the show. So I'm the CEO as you rightly pointed out. I'm one of three co-founders of Extend. We are just approaching our eighth anniversary of creating this company. It's been an interesting journey. Upon which I've relied an awful lot on my prior experience.

That's spending the best part of 10 years working alongside SAP and understanding the enterprise resource planning space and the size and scale of business and specifically around finance functions. And then more recently with the 12 years I spent at American Express managing B2B payments, and the platforms over there.

So understanding the payments ecosystem. And so all this comes together, with the creation, of Extend, which is really a spend and expense management tool designed right for the middle market or the emerging middle market. The idea is to allow people to do more with what they already have.

It's really about spend and expense management from the card you already have from your existing bank provider in your pocket.

Zarik: Great. Thinking to the origins of the company, what would you say were some of the pain points? In spend management, particularly thinking about B2B payments in general, what were some of the gaps, pain points, opportunities that you and your co-founders saw, that you built Extend on, to try to resolve and, ease.

Andrew: Yeah, so for the segment that we really go and support, the main part of our customer base really is in that emerging middle market segment. It's companies with less than 75 million in revenue, and north of 10 million in revenue. So in that space there's somewhere between 150 and 200,000 companies, that represent a spend capacity of about $2 trillion.

So a sizeable spend. It's a top 10 global economy right there. What I saw though with the tools at our disposal is frankly, there was just too much friction. In the ecosystem specifically, the companies are seriously resource challenged. Whether it's to do with capital or people, they don't have the luxury of having departments, right?

The departments are often departments of one or two, and those individuals have so much diversity in what they do in any given day. And what they didn't have was access to tools that drove automation, tools that drove control. Tools that allow them to get to compliance right. In a more seamless fashion.

So for us, what we were trying to solve for is could a company of less than 200, 300 employees easily be able to manage both expenses after an event had happened, but actually more importantly, also then manage events before they happened. So, this is where the prevalence of subscriptions and how people run their businesses has changed so much over the past five years that actually just new tools are needed. There's so much more is happening through payments online, but you have to have control and you have to really understand that your subscription's not gonna run wild out there.

And so many businesses today rely on buying these services on behalf of third parties that actually just need a better way to reconcile and to automate billing and collections and all these pieces. So that was really the vision here was like, could we look at that customer segment and really think long and hard about how do we drive truly automation into that segment, right?

And access to tools that frankly, that'd been kept away from them, partly because they were not scaled enough as businesses, and typically those tools just took too many resources for it to be profitable for people to bring those capabilities to that segment.

Zarik: That makes sense. If I'm remembering correctly, your company started in 2017, is that right?

Andrew: That is right. Yeah. So we started in 2017. The company was formed in April, but we didn't raise our first fund until October of 17. So we had sort of a six months period where we got some friends and family money together, as much as anything else you have to prove to investors that you're worthy and that comes at the cost of having to lean in, to your network and have people be willing to back you, even if it's for a normal amount.

It's really an important part of the journey. And actually for our collective wives, it was a really important part of the journey. 'Cause I don't mind you giving your time because time is money given your careers. 'Cause we're not 22 starting the business, right. We're all in our forties at the time.

So for them it's like, I just don't want you to invest our own money given the fact you're giving up so much already. So how do you partner up to bring capital and skill together right? To develop this company.

Zarik: That makes sense. And actually what came to my mind when you were talking about subscriptions; it's interesting that in 2017, this was the vision you had because from my perspective-- certainly more I think on the B2C side than the B2B side, the subscription pain and the need for organizations to be able to support, subscription management recurring payments, if you will-- I think it's become much more of a going concern for individuals and organizations since then. So I would say kudos to you and your team for anticipating that, as a challenge and to some extent, I'm sure it did exist, but at least from my vantage point of seeing this as a problem to be solved, I think it's gotten more and more. So certainly, seems that you all have positioned yourself very well to be able to tackle it.

Andrew: I was gonna say, I'd love to take credit for that, but there's always luck in this. Right? And so this is where part of the story is luck because COVID has actually been one of the biggest reasons why this whole thing has, I think gathered speed and like a snowball running downhill. It's just gathered momentum.

And, I think if you go back to 2017, yeah, there were subscriptions. Absolutely right. We still stood up paying subscriptions for Jira, for managing tickets or for running essentially Slack or all those different things. But the reality is we also believe at the time, where anywhere between 10 and 20% of the workforce were contractors, long term contractors that didn't have access to a card, we thought originally there would be a lot more in that particular space. As it turns out, there was an even bigger problem, right in that sort of indirect spend where, there was frankly, a lot more problems to be solved there and much bigger tickets. And that's what's allowed us to scale, really fast is seeing that opportunity develop.

Like everything right, there's always elements of luck. And being there at the right place at the right time.

Zarik: Agreed. And you talked a little bit about partnerships. If you could talk through your partnership with, BMO, where, you focus on essentially creating a set of virtual cards and, having some really innovative ways to work through underwriting.

If you can talk through that and even how you manage things like AML, KYC identity verification to the extent that you need to, when you're partnering with them and when you're thinking about, the creation of virtual cards.

Andrew: So this is where we differ from others in the market, that instead of partnering with BMO and banks, have decided to go it alone, right? And so that's where our model actually is. We partner to overlay our technology, over the top of existing infrastructure. So it's dependent really on what processor they're using to issue cards, to manage cards, right?

What network they go and authorized transactions on and how transactions are routed through the ecosystem. So essentially our model there is really a white label model. And we do not onboard a customer because BMO does. BMO is the one running KYC and essentially all of those aspects.

And so that's the beauty of our model, we don't have to go down that path of KYC. Now, here's what's interesting in that model though, is when virtual cards are generated and now increasing, getting into the hands of individuals, now you start saying, we need to do OFAC screening.

And so we essentially have partnered up with them to drive that process. That's key because this is net new. You're delivering a card to an individual versus a business. And more and more bank partners are saying, well, the minute you straddle into that space, you do need to run that part of the process.

But the beauty of our model really has been the fact that I don't underwrite. Actually, I'm not the issuer of the cards. BMO underwrites, BMO issues. And then when a card gets presented at a merchant, be it online or, in retail with Apple Pay that whole, process runs through the normal rails.

So again, relying on the whole infrastructure that BMO has put in place around making sure fraud isn't happening and all these different things, my belief is they have all the resources to make that happen. And it would be very hard for a FinTech to hold that high standard.

And that's why we have relied on the model where we are gonna go out and partner with traditional banks, to make them really successful.

Zarik: Yeah, and I think it says something that BMO is willing to partner with a company like yours and take on some of that risk and infrastructure, regulatory infrastructure, if you will, to be able to perform those checks. 'Cause I've also heard of cases where there's tech / bank partnerships on the table, and sometimes the bank will say, you know what? We don't want to assume the risk for your customers. So, I think it's a testament to, the quality of partnership and their trust in you.

Andrew: Yeah, look, I mean, here's the benefit of having been in the industry and having been on the other side of the table for 12 years whilst I was at American Express: for me, compliance isn't an option. It's a necessity. And as long as you kick off with that as a mindset you build your company in a certain way.

And it's never been a case of circumventing. It's always been a case of addressing. And I think where technology and compliance sometimes goes a bit awry is people are understanding what each party's actually doing. And so the hardest part here is much more about being able to outline to different teams exactly the role you play and therefore what rules should be applied to that particular scenario.

Too often these things get bundled and sometimes it's, people say, there's too much compliance and oversight. It's like, well not really. It's just about can you understand which parts of this are relevant right to the process that you are supporting on behalf of your bank partner.

And I think navigating that gray zone is where most people have trouble. And I think that's where, having the benefit of having been, in and around industry and enterprise for the best part of 25 years before starting this business. It was very clear to us that if we were gonna be successful, we would have to be onboarded as a supplier, likely not just by the banks, but by the processors and by the networks. And so for us, we knew out of the gate, we were going up against the biggest of companies in financial services full stop. And so we would have to be able to pass all of these different gate reviews, and really be supportive in that process.

And that's actually been a huge asset because that's where we've built the trust and we all know this business and financial service trust is such a key element in being able to grow together. Because without trust, things fall apart really fast. As we've seen in the FinTech ecosystem where people didn't take something seriously, the thing unravels really fast.

Zarik: Agreed. It can go bad pretty quickly. Just staying on the topic of regulation more generally. I'm curious if either as a consequence of your past industry experience or given the increasing profile and exposure of Extend to the larger market, you've received any regulatory feedback, or just indirectly have heard from some of the organizations that are using your tool from their compliance teams perhaps.

You said a lot of the burden is picked up by partnerships like BMO, for example. Would be curious to hear what kind of feedback you're getting from some of your customers, your partners, et cetera.

Andrew: Yeah, so look, we've had great feedback, partly because we help accelerate timelines for our bank partners to be able to launch these capabilities for the customers they're trying to serve. A bank partner may say, I love the solution, but you do need to do sanction screening.

And it's like, well that's gonna take us two years to develop internally. And it's like, great Extend, can you help us here? And that's where it wasn't two years. Because our advantage is speed of building technology and integrations and different pieces. There we were 12 weeks later, having satisfied the compliance needs of our bank partner. And so that's where I think you get these great partnerships, right? It's about, leveraging technology and building the right process flows, where you get the benefit of being a FinTech. But then you get the benefit of size, scale, compliance, trust with the partner issuer that you have that's been in market and understands the market as well as anyone else.

And that's where we get the benefit of experience from them and allows us to drive clarity in how we're building and designing, our solutions. So look, overall, the other thing is having been onboarded by so many of these strategic partners, where there's PCI compliance and you go down the list they've commended us because we've thought through and every time we get assessed it's like, oh, you know, you've actually thought this through and you've thought it through in a way that you can go and scale your business without us having to be concerned, right? Around whether or not you're doing these different things.

So what I will say is, sometimes you can say, oh, it's frustrating. It's just added six weeks. It just added 12 weeks to the process. But I think compliance is a necessity. You can't go around it. And as long as you embrace it, I think you get to a really healthy place.

We always wanna move faster. They always wanna move slower 'cause they wanna make sure they get through the right gate reviews and somewhere in between we do really well together.

Zarik: I think it's all about balance, to be successful on, that topic of compliance. 'cause at the end of the day, compliance should be a competitive advantage if it's helping you achieve your bottom line in a way that maybe some folks don't think about. But I think you illustrated it really well.

How it can benefit and help you stay outta trouble at the same time.

Andrew: Yeah. And it goes beyond the banks, right? We struck up a partnership with SAP Concur invoice to essentially allow them to have bank partners of ours who are part of that ecosystem to be able to add virtual cards as a payment method to suppliers.

And the key part here is you have to have someone be able to register a card. Well, SAP does not want to get into this, PCI compliance world. We understood that and so we're able to create the infrastructure that ensures that we can authenticate. Someone owns a card without SAP Concur and their invoicing platform having to worry about it because we handle it on their behalf.

And so, it's interesting how it goes one step further always. You're trying to serve the banks who are trying to serve their customers, but those customers are already using certain software solutions. So actually you have to serve the software solution provider too. It's a really complicated web, and I think that's why B2B embedded payments has taken so much longer to take a foothold because of the complex nature of it.

The permutations are massive compared to the consumer world where we walk around with a device and that's the thing you need to worry about, and it doesn't go beyond that.

Zarik: Certainly agree. And if I could just hone in on the SAP part for a second, I would have seen them as a competitor of sorts from your perspective.

But you just mentioned that you've partnered with them, which I think is really fascinating and interesting. And my understanding is also you had a background that involved, some time in SAP consulting, if I'm not, mistaken. So I would love to just dig into that a little bit, the thought process behind, partnering with them.

How, if at all your prior background played into that, does it just come back to the thing you talked about earlier with credibility, experience, trust?

Andrew: Yeah, we're talking about a massive sort of enterprise partner. And I think, credibility is huge, right? It's being able to point right to people I knew within the company who had worked with in the past. It's about them having a full understanding that I actually understand the ecosystem.

I understand Concur. I understand Core SAP. I had also, whilst I was at American Express, done a partnership right with SAP around how we could really help customers send payment instruction files directly to Amex so that we could then marry up an instruction with a card to give to a supplier.

I'd done a bunch of those initiatives because I'd been with SAP and working with them as a consultant in Europe. And so I had a pretty good understanding of the ecosystem and what needed to happen. That is definitely one of the big advantages of having a few gray hairs, the fact you're able to parlay that experience into meaningful relationships that frankly outsize the size of the company. Punch above your weight. And that's really been a huge foundation for so many of the things that we are doing.

So yeah, it is critical in my mind to get to this space where you are embedded in those ecosystems because I do think the future of this goes into embedded payments. I think the challenge so far though, has been that outside of core payment rails, which is ACH, it's wires, it's checks, there hasn't really been any standards around how things should happen. Cards always had standards, but the standards were driven by the merchants and their point of sales and how data went from the point of sale to the networks and then got pushed down to the issuers and eventually to the customers.

So there was always a standard there, which is why that ecosystem grew really, really well. I think the challenge of software providers who work alongside small business all the way through to large enterprise is when it came to issuing cards. And in this case, digital cards. There was no standard.

There has been lots of partnerships where people have gone out and said, you know what? I'm gonna work with this bank or that bank, and everyone puts a ton of effort behind it, but it's not really scalable outside of that one bank partner. And then you realize that it's not a build it and forget it, it's a build it and support it forever.

And before you know it, you gotten yourself down a rabbit hole and seemingly you're never getting out of it. And you have to keep supporting this thing forever. And you're like, well, this was never our business model. How did we end up here? And so our vision has always been, let's also create that middleware that creates a standard for digital card issuance so that we can plug into software partners.

And they can do what they do best, which is develop standard software. And let us take care of the idiosyncrasies of how one bank may issue a digital card versus how another bank issues a digital card. And then we truly help you and we make it easier for those business owners to do the things they need to do inside of a cockpit that they chose and not having to have whiplash of being inside here, "well now I need to go and make a payment. I need to go over here and now I need to come back and rent reconcile back over there." And that's really what we've been trying to help with. And that's where APIs, frankly, have really helped to get us here. So a lot of this is about maturity of technology as well, and I think a better understanding of the baseline capabilities that need to be in play.

Zarik: Speaking of capabilities and technology maturing, would love to get your take on future trends, where do you see the space evolving, particularly as you think about embedded finance, how it's expanding into global supply chains. Even thinking about things like cross border transactions, real time payments. Certainly, someone with your payments background and obviously what you're doing now, I'm sure you must have a lot of thoughts about, where the industry's going and specifically where you think Extend, can play into that in the future.

Andrew: So when you think of rails clearly the rails are evolving, right? We've gotten to a place where we have real time payments. I think the big argument there is that, okay, but who's making the transformation from one payment method to the next? Checks are there and there's still a ton of 'em in the US but what people forget is we've automated most of the process around it.

It's a sunk cost. So what's gonna make someone move from there to realtime payments? Someone's gotta capture the details of the from and two, and so unless you're gonna put resources against it, are you gonna change it? Now, of course there's fraud and all these things that are gonna wanna make you move into that piece, but I do think from a foreign, and an FX payment side of things, you start looking at stable coins, it's no longer like you're trading a commodity. 'Cause the stable coins are linked to currency baskets and so they have stability in them. And that's what businesses have wanted.

It's like, I don't want to be using essentially commodity pay things that one day's worthless, one day's worth a ton. So the idea behind really the stablecoins is, okay, let's create a basket. And with that basket we create stability and then we can start thinking about how we do international payments, on those rails.

And so because international payments are so expensive in the end of themselves, there's a real appetite for people to solve it through these real time rails, that essentially drastically reduced costs. 'Cause I think at the end of the day, businesses are saying, help me reduce cost, help me reduce fraud.

Those are the two key drivers. I think for too long we were not coming up with that great innovation and so businesses stuck to what they were doing and automated their way around the problems.

And so that's one aspect. I think no discussion today is relevant without how AI is coming into the picture. And for a long time I've been somewhat dubious 'cause I've seen big data a million times, right? Data's not new, but really the ability, now to be able to query that data through a really simple query, has really what's transformed it.

And eventually then we get into a Gen [AI] tech where they start thinking, and taking actions. In the payment side of things, I don't think we're there yet. 'Cause you wouldn't want it to hallucinate and all of a sudden, boom, a million dollar payment went out the door. And so yes, there's gonna have to be approvals in there and all these different things, but as it comes to segmentation, as it comes to insights, as it comes to control, as it comes to compliance.

Even now when we take our APIs and we start plugging 'em in right to the Claudes of this world or the ChatGPTs of this world, you start saying there's real value. Because simple prompts now are allowing you to get great feedback and insights and ability to take action. And I think that's where, for a long time you've had to rely on building more of the report layers and the infrastructure to support these reporting tools. I think these BI tools are gonna get displaced really fast, right? This business intelligence. And that's where I get super excited because let's face it, there isn't a CFO or a VP of finance out there who wouldn't love to turn up to a report ready made that didn't have to go and build a report and think through it.

It's like I just asked a bunch of questions and now it's just feeding it to me every day. And next step it'll take action or send out emails to remind people of X or Y or query these different things. So that bit becomes really interesting and I think it helps finance and payments a huge amount actually.

So that becomes super interesting.

Zarik: The capabilities, I think, are just tantalizing to think about, for the future as the AI space in particular evolves and intersects with FinTech.

My last question, in the spirit of giving back, if you will-- let's say there's somebody listening, to this podcast who's in a similar space that you were in 2017. And it's a founder, maybe a group of founders that are, building something in the embedded finance space. And they're thinking about, how to navigate, how to operate.

I would say given this is a compliance focused podcast, would love to hear your take and lessons learned. For somebody in that position as early stage founder, what would be some of the pitfalls that they should be aware of, especially in today's environment? And how to navigate the compliance mindset and compliance expectations in general as you're building, an embedded finance organization.

Andrew: Look, I think the important thing is you need to know how to trust yourself, but trust and verify. And I think that's where building a really strong network right across the different functions is so critical. And I think number one is when I say you've gotta trust yourself, for me, that's about, it's your vision.

Don't let someone else tell your story. That's number one. I think number two is, as you go out and do the fundraise, I think you've also gotta be realistic about what it is that's truly achievable. 'Cause eventually it catches up with you, right? You can have a flash in the pan and outright success, but the reality is, it will catch up with you if you haven't really thought through the whole end-to-end process and the reality of the addressable market that you're going after. I'm fortunate in that I started the company with three founders. Now, many venture capitalists would say, well, that's a nightmare, right? You've spread the equity across three people.

And the way I look at it is, number one, if you don't believe the pie is big enough for three of you, then I think the opportunity's not big enough or, you haven't thought big enough. The other thing for me is, that's the beauty of having multiple founders is you hold each other accountable and you hold each other to a higher standard. And the three of us come from very different functions. I had more of the product and go to markets in terms of sales motion. Danny, one of my other co-founders was an iOS, developer, but also had frontend design experience. And my third co-founder had a strategy and operations background.

And so right across those three pillars, we had a really, really strong foundation. My advice there is be well surrounded because I have an utmost respect for people to do it on their own. The burden there must truly be prolific because having to net off all the different things, you need to check off as you build a business, especially in financial service where compliance and all these things are so important, you just can't afford to make mistakes along the way, and so experience counts and, experience in the right fields counts.

Zarik: I think that's a great place to leave it. Andrew, thank you so much for your time. Really appreciate it and best wishes to you and to Extend.

Andrew: Thanks for the engaging conversation. Really, really appreciate it.

The week kicked off at Rise, NYC’s Fintech Accelerator and Hub, with NYC Fintech Coffee. This is a monthly event that Rise has been hosting in partnership with Received and for quite some time, but what made this bittersweet is that it will likely be one of the last times the event occurs (at least at Rise itself) as Rise is closing down at the end of May - a sad development for me personally as I was a member for two years. The event was boosted by the presence of folks from out of town, and I’m certainly grateful to have linked up with many of you there.

On Tuesday the day was insanely packed - kicking off with our very own “Compliance & Pastries” breakfast event, which brought together ~ 20 founders, legal folks, compliance pros, and others from across the country. It was a privilege to be able to host such smart and way-cooler-than-me people for a second straight year during this special week (this time while actually having a voice!). For me personally, the impact of these get togethers is measured by how many friends from last year joined us again for this year’s edition. And this year, it was extra special joining forces with Dmitry Gritskevich of ComplyCo to host an event during this week. Kudos to the staff at The Smith - Nomad for providing great food, service and a cool venue in the heart of Midtown.

Then during lunch, I joined in a virtual webinar which featured one of my favorite people, fellow Ascend Executive Network member Edward Hida and Senior Executive Advisor as Secura/Isaac Group, entitled “Banking in the Crossfire: Earnings, Regulation and the Trade War Shakeup”.

Some of the takeaways of the event:

• Investor sentiment is heavily influenced by ongoing uncertainty - stemming from trade wars, tariffs, and shifting regulatory and political environments. This uncertainty is reflected in cautious bank outlooks and market volatility.

• Credit losses and charge-offs remain historically low, with only slight increases in certain consumer segments like credit cards. Banks have ample reserves and strong pre-tax, pre-provision revenue (PPNR), providing a cushion against potential credit deterioration

• The new administration is rolling back or pausing some regulatory initiatives, including higher capital standards and certain merger rules. M&A deal approvals have accelerated, and the regulatory environment is expected to become less burdensome, especially for smaller banks

• The CFPB is shifting focus to tangible consumer harm and passing more enforcement responsibility to states. CRA (Community Reinvestment Act) rules are reverting to pre-2020 standards, reducing compliance complexity for banks

• Significant layoffs at the CFPB and FDIC are not expected to materially impact bank examinations or deal approvals, given the agencies’ previous staffing levels

• Recent policy changes-such as the resumption of student loan collections and stricter enforcement on delinquent mortgages-are expected to increase financial pressure on consumers, potentially leading to higher delinquencies in the coming quarters

• While large regional bank mergers are expected to pick up in 2026–2027, small bank consolidation continues at a steady pace, aided by faster regulatory approvals. Stock price volatility and uncertainty are temporarily slowing deal flow, but the long-term trend remains toward consolidation

• The panel discussed ongoing political pressure on the Federal Reserve but expect its independence to be maintained. Most anticipate one rate cut in 2025, with further cuts possible in 2026, depending on economic conditions

• With Michelle Bowman’s expected confirmation as head of supervision, further tailoring of regulations for smaller and mid-sized banks is anticipated

You can view the full session on YouTube here.

I then hiked up near Grand Central, to the American Australian Association to see my former Google colleague Pedro Morales - who is the Global Head of AML/Sanctions Compliance and Payments Compliance - and several other regulatory/compliance leaders share Global Perspectives on Tomorrow’s Regulatory Compliance, organized by Fivecast. The panel also included ​Shawna Klatt, Senior Legal Customer Success, Thomson Reuters as the Moderator, ​Chad Longo, Director, Financial Crime Channels, Fivecast, ​​Síobháine Slevin, CEO, Realta Logic and ​​Sebastian Gonzalez, Chief Business Officer Americas, Roboyo.

This was one of those rare sessions where the panel not only jived but you actually wished they could keep talking and providing super valuable insights on all things regulation and compliance. Indeed, topics discussed ranged from the US deregulatory stance being dwarfed by regulation globally continuing to scale unabated, the value of RPA tools, transparency of algorithms, the value of centralizing sources of knowledge in the identity verification process, and more.

Some of the key takeaways, put in the simplest way possible:

• Compliance can help make money and is a differentiator

• Filter the noise

• Compliance is not your ex!

• Lean into the change/be innovative

• When in doubt, safe design will get you to compliance

The day ended with me swinging back near Battery Park, joining in a happy hour led by two of my favorite founders in the space, Faraz Rana of Affinity and Kalyani Ramadurgam of Kobalt Labs, along with Scale LLP. Although I couldn’t stay long, it was a great way to end the day by talking shop and connecting with founders who are making some seriously cool innovations in the RegTech area.

On Wednesday, I walked over to the Washington Square area to Aleo’s office to join in the Financial Club’s lunch and learn networking session on AI, featuring Oivind Lorentzen, Partner at Oak HC/FT and Sam Bobley, Co-founder & CEO at Ocrolus. While this wasn’t a compliance-heavy event per se, it was great to meet with fellow AI enthusiasts and learn about how AI has become a core consideration from an investment and operational perspective. We were blessed with great conversations, great food, and most notably, a great rooftop view:

Finally, on Thursday we closed out the week where we began, with a farewell party for current and past members of Rise. It was nice to take a final walk through the halls which have meant so much to me over the years, and connecting with folks familiar and new. Plus enjoying some custom-made tacos, some sweet coconut purple dumplings, and juices. A few parting shots from the place I have called a second home for the last few years:

That’s all for this year - a special shoutout to my friend , the mind behind this epic week that has become can’t-miss for anyone in the fintech world, for all he does for the community. Stay tuned as we plan our next in-person get-together coming in June during NY Tech Week!

Welcome back to the podcast! This week we sit down with tech veteran and product leader, Prashant Fuloria, CEO of Fundbox.

Fundbox is “a working capital platform based in San Francisco that offers credit and payments as a service to small businesses. Founded in 2013, the company innovates technology to help optimize cash flow for small businesses. Its primary offering is a revolving line of credit to manage cash flow. Fundbox uses a banking partner to give short-term funds up to $100,000. It also offers membership-based offerings and payments which include Flex Pay, which provides additional payment options for business expenses. Its services are offered online and through a tech platform that integrates with QuickBooks, FreshBooks, Xero and Indeed.”

Some background about Prashant - he is a “seasoned tech executive who has played senior leadership roles at companies across the consumer internet (Yahoo, Google, Facebook), mobile developer platforms (Flurry), and AI-driven fintech (Fundbox). He is a sought-after advisor who has advised companies in fields as diverse as executive recruiting (Spencer Stuart), musical instruments (Fender), energy tech (Bidgely), crowdfunding (Patreon), and advertising tech (Singapore Telecom). He is also a regular lecturer at leading business schools, teaching popular MBA courses in building consumer internet businesses.

Before joining Fundbox, he was senior vice president of advertising and data at Yahoo, reporting to the CEO and managing the 1300-person engineering, product and UX teams driving Yahoo’s $5B/year advertising business. Fuloria joined Yahoo through the acquisition of Flurry, the world’s leading mobile app analytics platform, supporting over 100,000 monthly active developers and over 2B monthly active mobile devices. At Flurry, he was chief product officer, responsible for product strategy and delivery. Fuloria played a critical role in the Flurry acquisition and led the highly successful integration of Flurry’s product and business into Yahoo’s, helping create a new $300M/year mobile advertising revenue stream.

Prior to Flurry, he was senior director of product management at Facebook. Fuloria was responsible for all of Facebook's advertising products during a period of intense 2.5X year-over-year growth, which saw the company cross the $1B/year and $2B/year revenue milestones. He also managed Facebook Credits, an attempt to monetize the Facebook platform that achieved a $500M/year revenue run-rate within just two years of its launch.

Before joining Facebook, Fuloria was product director at Google, where he most recently managed all of Google's products (search, ads, apps) for the Asia-Pacific region (including CJK, AU/NZ, South and Southeast Asia). He also worked for several years building monetization products at Google, both as an early product manager on Google AdWords and then as the first product director for Google’s global billing and payments platform.

He holds a PhD and an MA in business, a PhD minor in operations research and an MS in statistics, all from Stanford University. Before joining Stanford, Fuloria studied at the Indian Institute of Technology (IIT) Delhi, where he was awarded the President of India's Gold Medal, the most prestigious undergraduate engineering award in the country.

He is an avid guitarist, currently playing with the Silicon Valley tech exec band, Coverflow. While in college, Fuloria played guitar for Euphoria, which became India's largest-selling rock band. He lives in Los Altos, CA, with his wife, a fellow IIT Delhi and Stanford graduate, and their two children.”

I wish I had gotten time to ask Prashant about his music experiences! But we’ll save that for a follow-up down the road - really enjoyed hearing from a fellow Xoogler and grateful for him taking the time from an undoubtedly busy schedule. Special thanks to Avenue Z for helping coordinate the discussion.

Zarik: Prashant, welcome to FinTech Compliance Chronicles podcast. I'm happy to have you join us, to get us started quick background on yourself. As I like to say at the beginning, who are you and what do you do?

Prashant: First of all, thank you for having me excited to be here. I consider myself to be a recovering product manager. So today I lead Fundbox, which is an embedded platform for capital for small businesses. We serve the small business economy through capital, and we provide capital solutions to the ecosystems and tools and systems that SMBs already use to run and grow their businesses, whether it's an accounting software or a payment provider, or some sort of vertical SaaS platform, et cetera.

Very excited about what the company does, our mission and kinda where we are going, and including the compliance aspect of that. I've been at Funbox now for almost a decade, and so this is an important part of my career. Prior to that, I was an early product manager at Google, worked on Google AdWords when it was just getting started.

Eventually built Google's first global payment network. This was before we had companies like Stripe and Adyen to take care of this, do it yourself. Also ran Google's products, all of Google's products for the APAC region, the Asia Pacific region. Then actually went to Facebook, did the same thing. I ran Facebook ads for a couple of years, and then ran Facebook payments.

Did a startup called Flurry, which was a mobile analytics platform, which was acquired by Yahoo. I sometimes joke that I've done Yahoo, Google, and Facebook, but not quite in the right order. For the last, for quite some time, I've been at Fundbox and for me, the biggest thing has been in my previous career journeys, I had seen how technology could level the playing field between small businesses and large enterprises in areas like marketing in the Google auction.

It doesn't matter whether you are. Target, or a local grocery store, you're competing in the same auction on fair terms. And I think for me, the question was could technology also level the playing field between small businesses and large enterprises in other areas like access to financial services.

And a large enterprise has all of these people and talent and resources to manage finances, whereas the small business owner just has himself or herself. And what could Fundbox do to help with some of those financial questions? And that is the journey that, that I got started on, and it continues to be an amazing one.

Zarik: That's fantastic and this is actually a great segue into my next question, which has to do with Fundbox's focus on embedded finance and SMBs. So you talked about access to products and resources and capabilities. I think about consumers when I hear embedded finance and what it's enabled for them.

So, just your overall take on what embedded finance has been able to do. Specifically for small businesses, but even for the consumer as well, if you will, and how Fundbox fits into that equation.

Prashant: I'll stick with small business because there's so much to say there. This access to financial services has been so difficult for small businesses for years or decades or maybe even centuries. Capital has always been difficult. Getting paid and making payments has been hard.

Getting any kind of insurance product has been difficult. And the small business market is notoriously difficult because it's a big market. We all know that there are over 33 million small businesses in the US, for example, but it's very fragmented. So customer acquisition is hard. It's hard to serve small businesses because they also have, a high mortality rate.

You have a small business on average lasts for only five or six years, and for all of these reasons, this whole trend of embedded financial services, which is really bringing the financial service to the customer inside of their daily, weekly, monthly workflows, the tools they already use has been a game changer.

And we at Fundbox, have chosen to really use the embedded channel because it helps us in three ways. One, it helps us with distribution. When we partner with someone like Intuit and are embedded into their QuickBooks product, well, they've got millions and millions of customers using QuickBooks every day, and so it gives us access to those customers that would otherwise be very difficult for us to acquire. The second is gives us data, so I'll just continue with the QuickBooks, example there. We can, using the QuickBooks APIs, get access to a business' entire accounting ledger and underwrite instantly or in less than a minute, and assess their risk and their suitability for some sort of capital product. Imagine the old school analogy, going to a bank waiting for days to get a loan approved and the bank spending several thousand dollars in human capital to review your books. All that is being done through technology. And the third thing is that it's not just a matter of accessing users and getting data, it's also the opportunity to provide products that are really convenient and friendly for the customer. Products that are, somehow embedded inside my workflow. So, for example, we have a Payroll Guard product that our customers sometimes use to make sure that they never miss payroll, where we are actually making payroll for them, where their payroll backstop. So you don't have to worry as a small business owner on a Friday, I have to run payroll this afternoon.

Did that check from my customer clear or not? We are running payroll for you and we later decide or let you decide how you want to fund it. So there's little product innovations like that that just make the lives of our customers easier. So it's a very, very major part of our strategy and it's how we've shaped our product offerings.

It's how we've shaped our company, literally. So it's a very critical thing for us.

Zarik: Speaking of innovation, you had referenced your usage of risk assessment tools. And so when I hear risk assessment in my world, it starts to bring the compliance, regulatory part of my brain into activation. So how do you, on a day-to-day basis, balance your usage of tools like getting involved in a risk assessment with things on the regulatory side, like fair lending and UDAAP, for example, which gets into how you portray things to consumers? What's your thought process around balancing innovation with regulatory compliance?

Prashant: So there's a lot of depth to your questions, Zarik, but I'm gonna start with something very simple. It starts with the alignment of incentives, which is does the lender or the capital provider, in this case Fundbox, succeed if the customer succeeds? In this case, the customer is a small business owner, and if the small business owner fails for whatever reason, does the lender succeed in that case?

At the extreme case, you have lenders that do well financially. Whether the customer does well financially or not, those are typically predatory lenders. If, for example, you as a customer default on a loan and I seize your house, I'm probably going to make more money in the event that you default, in which case your incentive and my incentive are completely misaligned, like that's a, that's structurally a bad place to be.

Now for us that our best customers are customers that use Fundbox, not just once, but over and over and over again. And so we have customers that we've acquired right since we started. We launched our offerings in 2014/2015, who've been with us for like nine or 10 years. They love the product. Keep coming back, keep using us.

Our average repeat customer uses us, I'd say something like seven to 10 times a year. And those are our best customers and they're growing, and as they grow, our business with them also grows. So even before we get into the technology, I think fundamentally we've built our business model where we succeed if our customers succeed.

So that actually just helps us in a more structural way. Now, I think in, in the deployment of technology itself, there is sometimes people sort of frame this as a, how do you make sure you can use technology while, complying with things like the Equal Credit Opportunity Act or the Truth in Lending Act, or you know, all of that. Or the Fair Credit Reporting Act for that matter. And I think that there are a few things that go into this. One of them is just the interface and the interaction with the user. So things like having the appropriate disclosures are really helpful in making sure that you comply with, say, truth and Lending, or for that matter, making sure that you are communicating.

Why you've declined a customer in a transparent way, like adverse Action notice helps you with things like the Equal Credit Opportunity Act. So one part of it is just the interface you have with your customers. The other part of it is how much do you look at your models and keep checking to see statistically how they're performing.

There's "What features are you using to make predictions?" Clearly those features have to be free of bias, but that's not all, even features that are themselves free of bias when combined can have some implicit bias in them. So you kind check statistically that way as well.

And then you also run what you might call disparate impact assessments by third parties who look at a set of customers and may have access to data that you don't have access to and check to see how you're doing. Very important part of what we do. We are a FinTech or a financial technology platform and we partner with banks to originate these loans.

So our partner banks are, have national charters and are regulated by agencies like the FDIC. So the work that we do has to really pass the muster of the FDIC and other regulatory bodies that regulate the activities of our bank partners. So they get audited on a regular basis and as part of their audits our programs with these banks also get audited.

Zarik: Yeah. And to that point, I'm curious, have you had any either direct or indirect feedback about your products from a regulator? Obviously you're providing a solution for your customers, but, sometimes regulators are regulating financial institutions, right?

They utilize tools to help them succeed. So in your case, as providing a solution to help some of those folks succeed I'm curious if you received any direct or indirect feedback about your product and how that has informed your approach or validated what you've already been doing.

Prashant: We do communicate with regulators at the state and at the federal level, both directly and also through our partner banks. The banks that we work with know that when they interact with regulators, one of the most useful things they can do is use specific examples of programs that they think are working well. They might say, " For example, let's take Fundbox. This is what we are doing with Fundbox. Here's our program. Here's how it's helping customers." So you may have a lawmaker in some state saying, "Hey, I wanna better understand what you guys are doing."

If our bank partner can say "With Fundbox, here's our program and by the way here are the actual customers in Rhode Island that this program has actually helped," it just gives a lot of specificity to all of this. We get questions on a regular basis from regulators, and that's nothing out of the ordinary.

In fact, every audit generates questions like, how do you do this? How do you do that? And so on. We've also been commended by regulators, so for example during the COVID Crisis and PPP, the Paycheck Protection Program, we did participate and work with the SBA on PPP. We were originating there as well.

And you might recall, and a lot of it has come out in the years after 2020, there was a fair amount of fraud in the PPP program. And meanwhile we were very, very careful about not letting fraud enter our system. So the Financial Crimes Enforcement Network. Sent us a very positive letter that commended our efforts to fight financial crime and maintain the integrity of the PPP program.

So, I think the days when fintechs try to avoid talking to regulators are over. They should be working with regulators. Whether this is federal or state it's the way to go because I think now we have a pretty decent level of sophistication on all sides.

FinTech is not exactly new the industry has been around now for like a decade or more. I would argue that the first FinTech, truly FinTech company was probably Capital One. That's been 30 plus years. So I think there's a lot of interaction with regulators.

Zarik: That's where I was trying to nudge. I think this is the attitude that I hope folks who are watching this who are in early stage startups or have never really gone into the regulatory side of things with their business, [are] hearing this, that it is actually possible to get, commended by a regulator for your product.

And on top of it, actually have them look at you as basically a role model for the industry. And then you briefly talked about financial crime so I want to just touch on that.

In terms of AML and KYC, some of the more fraud based issues. How do you, in your role, working with partner banks, working with these small businesses, et cetera, how do you mitigate that risk of financial crime from where you sit or how do you work with the players that have a greater risk than you or equal risk perhaps.

Prashant: There are different vectors to financial crime, based on the product. I think a very basic thing is to make sure you have a good understanding of the identity of your customer. And now in a typical lending product, the customer that you're giving money to and the customer that you're collecting money from are the same.

So it's a different fraud vector than say, payments where you're taking money from one person and giving it to another person. So there's differences there. But identity is tricky in small business because the same individual can open a business A today, open a business B tomorrow, and a business C the next day. Those are all different businesses and there are many, many legitimate reasons why someone might do that. But it means that some of your KY B know your business, has to be small business specific and not generic kYC. We have our own tools. We also work with a number of third party vendors that have built up databases and machine learning tools around verifying identity. And when we end up having to move money around for some of our products, we have to be even more careful about financial fraud because it's money from one account into another account as well.

There are also all kinds of fraud, like first party fraud and third party fraud. I would say the distinction between first party fraud and credit risk is a little blurry. If someone, were to go to a lender and take out a loan with no intention of ever having to pay that loan back is that fraud or credit risk? That's a gray area in some ways. Clearly, if I've misrepresented my identity, that's fraud for sure. But we also sometimes see people revealing the true identity of their business, but then never making a single payment. We call them first payment defaults.

And that's sort of semi fraud risk and then semi credit risk. So there's an entire spectrum of risks that we have to manage and mitigate from a compliance perspective. The clear thing is just to make sure that you understand the real entity of your customer.

For example, they're not on any OFAC list. And it's a critical part of our product. It becomes more interesting in the embedded case because in many cases our partners already have done their own identity checks, so then it becomes a matter of, can we and our partner banks get comfortable with the identity checks that our partners have done. So imagine if you are, using a vertical SaaS platform as a small business, you're a hairdresser using a vertical SaaS, software with payments in it, someone, let's say Stripe or someone has already done a K Y B from a payments perspective.

Now, is that enough? For credit or not, it depends on the partner, but now you can see that there's a chain of trust that has to be built. We have to verify what our partner, the platform has done and satisfy the needs of our bank partners. This is happening now. There are more standards being set and so on.

But the whole idea here is how do you make it as frictionless for the good actors while catching all the bad actors. Right. That ultimately is the framing that we use.

Zarik: Appreciate that. I just wanted to zoom out a little bit and just ask, for those FinTech leaders that might be listening and trying to figure out how to balance compliance and innovation. Clearly talking to you, you speak the language, but you're also running this company. And I think it's great to get your perspective and I would just ask if you can provide some advice to folks who are struggling trying to figure out, " How do I balance at a high level running a business, being innovative, taking risks versus also staying out of trouble." And of course there's been shifts from a regulatory perspective, but I think as you had alluded to, at the end of the day, your customers are still your customers. Your customers are still gonna hold you accountable, regardless of what the regulatory direction is at that point in time. So, in summary, how, would you say for those folks if you had to give them advice, is the best way to balance compliance and innovation?

Prashant: I don't think that innovation and compliance always have to be at odds with each other. I think there are actually many situations where clever implementation can satisfy a regulatory need while being innovative. And I think an important part of this is making compliance a key part of your innovation process or product development process, or even ideation process.

I think one thing that I've found in financial services and FinTech financial technology is that it's really, really helpful to not only have experts in their field like a chief compliance officer or someone who's very deep in compliance, someone who is a great product innovator. But also having everyone at least have a basic understanding of all the domains.

And what I mean by that is ideally if you're a product person, thinking about a product, let's say in a credit context or an insurance context or a payments context, ideally you understand the domain IE credit, like what is the user experience, for example. But you also understand credit and what does credit mean?

The credit fundamentals. But you also understand compliance, at least at the very basic level, such that you have regulatory considerations be thought of from the very beginning of the product that way. You don't end up trying to build something and then running into a compliance roadblock.

It's more of a, you've thought about, oh, in this case I'm moving money. This is actually, we are originating a loan. Okay, that's great. So now there's a certain set of things that we need to be able to have in place before we originate a loan. And if that's not what we want to do, then let's think about a different way of solving this customer's problem.

But having that understanding at the very beginning is important. So at Fundbox, we try to make sure that all of the folks that are working on product are not only product managers or what have you from a traditional perspective. They also understand the business IE, this is credit and there are some analytical and constructs around credit and it's a regulated financial service.

So we'd better at least have the basics of. What does truth in lending look like? Or what does equal credit opportunity look like? Or what does fair credit reporting look like? So that we at least have that from the very beginning.

That's just the way we've built it and I'll make a pitch for having small teams where you have the end-to-end knowledge and expertise within the team as opposed to a very siloed way of building things where you've got like a product organization and an engineering organization and a credit organization, and then a compliance organization where things only come together at the top because that's recipe for disaster, right? A small team that has everybody talking all the time, and that has all of these viewpoints expressed and articulated from day one is a much more effective way to run.

Zarik: It's funny you mentioned that about product folks. I've also, in my career, I've encouraged compliance folks and audit folks and risk folks to think the same way. Where, you can't just know the regs and know the risks, but then not understand the product you're looking at.

And we've seen sometimes, unfortunately, even in, regulatory environments where the examiner doesn't understand the product, then it leads to unnecessary friction, between the companies they're trying to review. So I agree with you and I'm saying I think it would also, be good for it to go the other way as well from folks in compliance and risk.

We're coming up to the end here, and I wanted to close out with, your take on what's next for Fundbox. What does the future hold in terms of growth? In terms of next steps, where do you see, the company, particularly in this new regulatory environment, how you plan to play in it?

Any closing thoughts on that front?

Prashant: I mean, there's definitely a lot of uncertainty right now in terms of the compliance regime. I think that a careful adherence to first principles is always helpful. So I'll give you an example. We are a small business capital platform. We serve small businesses. It's a commercial product. At the same time, because we serve small businesses, we try to maintain consumer level compliance in what we do.

It's a degree of compliance that is perhaps more rigorous or more strict than what we need to. But we do keep consumer grade compliance in what we do. Similarly, I think that when you're making a really, really big decision around a product, your planning horizon may need to be more than just a few years.

If you're building a business on, and if the only way your business can succeed is, if a certain regulation is interpreted in way X versus way Y, that's a lot of risk you are taking, and it really begs the question, why is your business so dependent on the narrow interpretation of a regulation, right?

So I think while there's uncertainty, and I think everybody would agree that it would be good to get more clarity on certain things like. How, like what's gonna happen to, let's say all of the open banking discussions and so on so forth. I think first principles are always helpful.

The other thing I'll say is also that as you move from just the US to looking at other markets, you encounter different compliance regimes. That's another big consideration for us because we've focused primarily on the US and that has made all the sense in the world for us to get to our scale and, our economics.

But we serve partners who have a very large global footprint, and so we are now opening up in other markets where our partners want us to go so now we have to live in a world that has different compliance standards for different customers anyway, even in the us. To be fair, you think about different states, we've had to have different disclosures in let's say California versus Georgia versus Utah.

What did we have to do? Build the infrastructure to manage that. We work with multiple bank partners and even our same bank partners interpret different regulations slightly differently. So what's required to truly understand business ownership for a business? 'cause a business and like a consumer can have multiple owners, like what information do you need?

There's some subtle differences between how banks interpret it. Neither is right or wrong, it's just an interpretation of the regulation. And so we've had to build infrastructure to support multiple banks. So yes, life would be easier if there were just one set of regulations around the entire world and it, there was one set of interpretations around it, but life is not, and so you just have to innovate and kinda build.

The foundation such that you can handle different regulatory, regimes and so on.

Zarik: Great. We'll hope that maybe someday we can have that, set of unified standards. In any case, it has been a real pleasure talking to you, Prashant, and thank you so much for your time. Really appreciate it.

Prashant: Thank you for having me it's been a pleasure.

(Additional Note - the image accompanying this article was generated by ChatGPT)

In what should be completely unsurprising to anyone who has been watching developments in Washington since January, Russell Vought, Acting Director of the CFPB, announced mass layoffs yesterday (Thursday, April 17) at the agency. This follows an appeals court ruling last Friday that lifted some components of a previously enacted freeze on reductions in force along with a demand to reinstate previously terminated employees.

In the original freeze, Judge Amy Berman Jackson issued 8 provisions as part of her ruling, which included requiring the Bureau to:

1. Maintain all records

2. Reinstate all employees terminated since the first wave of layoffs in February

3. Halt any RIFs and only fire employees for cause/performance

4. Rescind a February stop-work order along with any administrative leave

5. Provide employees with office space if they are to RTO, or permission to work remotely if they cannot

6. Continue the collection of complaints

7. Rescind all contract terminations

8. Confirm compliance by April 4.

The appellate decision affirmed all of the above except #2, #3, and part #4, meaning the Bureau did not have to bring reinstated employees back, RIFs could occur, and the stop-work order could also resume provided “statutory duties” aka the CFPB’s legal requirements could continue - with the caveat that a “particularized” or “individualized” assessment had to occur before taking these steps. All the other provisions including recordkeeping, office space/telework, complaints, restoration of contracts, and confirmation of compliance, remained in place.

Well, the assessments have presumably been completed (any bets on whether they actually were or not?) and late Thursday, news sources began reporting about a notice that was sent by Vought about the upcoming RIF which he framed as “necessary to restructure the Bureau’s operations to better reflect the agency’s priorities and mission.” He added that impacted employees will be able to access their systems until Friday evening and will be formally terminated by mid-June. The initial projections are that only 200 employees will be left at the Bureau when all is said and done, a nearly 90% cut.

Jackson is not thrilled and has ordered an 11AM hearing today on whether the layoff violated her initial order.

While we wait for the court process to play out, here’s a recap of what has been happening with the Bureau in 2025 - something we had planned to do anyway before the layoff news hit:

• February 6, 2025 - The implementation of the Medical Debt Credit Reporting rule, which would have excluded medical debt from credit reports effective March 2025, was suspended indefinitely. This resulted from the CFPB essentially deciding to file a motion to stay the proceedings in a lawsuit raised by the Cornerstone Credit Union League and the Consumer Data Industry Association challenging the rule. We covered the rule extensively when the initial rulemaking was announced and when the rule was finalized (also here).

• February 10, 2025 - With the aforementioned work stoppage, the Big Tech Digital Payment Rule focused on supervision of nonbank actors like Apple and Paypal that had taken effect on January 9 was essentially halted.

• March 26, 2025 - The CFPB asked a District Court to stay litigation in a case that had originally been filed against the Bureau challenging a rule that had been implemented last year applying Regulation Z provisions to BNPL providers. The Bureau added that it plans to revoke the rule.

• March 28, 2025 - The CFPB announces that it will not be enforcing its payday loan rule which would have gone into effect March 30, 2025. The rule would have prohibited lenders from attempting to withdraw payments from consumers after two failed attempts, and would have required notice to consumers before attempting to withdraw for the first time and a notice of the consumer’s rights when back to back attempts fail.

• April 3, 2025 - The CFPB concurred with an industry group’s motion to stay the compliance date of its 1071 Rule, which would have required financial institutions to collect and report data on loan applications for credit to small business with a special emphasis on underserved groups.

• April 10, 2025 - The House voted to overturn the CFPB’s overdraft rule, finalized in December 2024 and effective in January, that would have limited overdraft fees to $5. The Senate had already voted in favor of overturning the rule as well, which means the bill will now go to Trump for his signature. Estimates were that the rule would have slashed fees from an average of $35 per transaction down to $5 and saved 23 million households that end up having to pay these fees $5 billion a year.

• April 14, 2025 - The CFPB announced that it would not enforce a rule requiring registration of nonbank lenders with the Bureau along with having to disclose any agency or court orders concerning violations. The idea here was to have the ability to leverage work being done at local levels to potentially inform future rulemaking at a national level, but that’s a moot point now.

• April 15, 2025 - A federal court vacates the Credit Card Late Fee Rule after the CFPB admitted that it violated the CARD Act and APA by proposing the rule. The rule would have lowered late fees to $8 for issuers with >1 million accounts and eliminated inflation adjustments; we covered it extensively back when it was first announced (here and here).

• April 16, 2025 - Likely connected with the layoff news, the CFPB laid out its 2025 Supervision and Enforcement Priorities, which stated that 1) it would reduce the number of exams by 50% 2) it would aim to meet the 2012 ratio of 70% of supervision on banks and only up to 30% on nonbanks as opposed to what it says is now 60% nonbank focused and 40% banks. 3) it will pull out of multi-state exams and cede much of its enforcement to states. The piece about pulling back on nonbank supervision appears to fly in the face of Dodd-Frank which says that the Bureau “shall require reports and conduct examinations on a periodic basis.” We will have much more on these priorities in a followup post next week.

Interestingly, the one rule that has not been commented on by the Bureau is 1033, the Open Banking Rule. That has not stopped it from coming up in the courts, where the Financial Technology Association, a group that represents fintechs like Plaid, Stripe, and Wise, is challenging a lawsuit filed by a group of bankers including the Kentucky Bankers’ Association - essentially pitting traditional banks against the new guard. Meanwhile, the CFPB sits on the sidelines while this inter-industry fight plays out.

We’ll have more on the new priorities next week. In the meantime a ton of talent with deep regulatory experience has just hit the market as a result of this effective shutdown of the Bureau (assuming nothing changes as a result of the followup hearing today). If you’re hiring, they deserve your consideration and even if you’re not, they deserve your support.

Welcome to the last of our interview series from Fintech Meetup 2025. This week we share our conversation with a standout voice in the payments space - Fernando Castellanos, Chief Revenue Officer at EverC.

EverC is “focused on powering growth for the online seller ecosystem. With the world’s first fully automated, AI-driven cross-channel risk management platform, we are transforming the internet into a safe and trusted place for ecommerce. Our easy-to-use solution rapidly detects, identifies, and removes high-risk merchants; online money laundering; and fake, illegal, and dangerous products and services. We also continually monitor activity to mitigate ongoing and evolving risk. Founded in 2015, the EverC team comprises domain experts in risk intelligence, data science, fintech, payments, and financial risk.”

Some background about Fernando: “With a distinguished track record in building high-performing teams and scaling revenue for SaaS and fintech companies, Fernando brings deep expertise in risk management, fraud prevention, and business development. Prior to joining EverC, he held executive roles at Merkle Science, SheerID, and Forter, helping global organizations navigate the complexities of online risk and compliance. Fluent in four languages and based in New York City, Fernando is passionate about leveraging technology to create safer, more transparent digital marketplaces.”

I have to give Fernando a special thanks for giving me his valuable time as he was shuffling between Fintech Meetup and MRC, which was happening across the street - one conference is a lot to manage, but combine that with walking back and forth between two venues and it’s huge. Thanks yet again to Caliber for setting this up! The transcript of our discussion is below and the recording is at the beginning - enjoy:

Zarik: Fernando, tell me, as a starting point, a 30 second elevator pitch on EverC, and how you came to be in the organization?

Fernando: So we're basically an AI machine learning, company, whose sole purpose is basically enable, the payments ecosystem, digital payments ecosystem to be, safe of, transaction laundering and anything that violates, regulation, acceptable use policies, card brands, and things of that nature.

We work with, all the largest acquiring banks, in the world. Basically where we sit is, when a merchant goes to acquiring we go through the KYC/KYB, PEP, address, media, adverse media, all the screenings that everybody does, and then that merchant gets clear from that aspect.

And what happens at that point? We get sent all the URLs that that merchant wants to process payments in, and our technology basically crawls all the URLs to make sure that the website is what it's being said it is, and that there's nothing hidden in it that violates, any card scheme regulation, and things like that.

And, also we bring our graph to make sure that, hey, maybe this is Fernando and yes, this is a bookstore, and the bookstore.com is actually accurate. We also know that Fernando has, another, store that sells guns or something that may be more, big no-no for you.

And sometimes we have also service where maybe they're not providing you a URL. We've been evolving into now, helping marketplaces not only with sellers, but also with product listings.

We work with the largest marketplaces, in the world as well, where we see up to 30 million product listing. Because a seller may be a legit seller. And they upload 50,000 products. And the example is, you can sell melatonin in the US but you cannot sell it in the uk. So those are ones you're like, okay, this is not a bad stock, it's just a seller that is big, has a lot of things and is not realizing this is a big no.

But if you do it, you are gonna have the card brands or the regulator fine. Also blog posts and IP infringement and then all the things that are for sensitive adult content, weapons, drugs, things of that nature. What sets EverC apart in my view, from other vendors in the space is we came as an AI machine learning company first to tackle the problem. And I think that puts us today in a forefront to deal with Gen AI and everything this company embraced a long time ago to make sure we were ready and prepared for it.

We also have our team of, specialists who do deep dive investigations, transaction laundering investigations. We also do some, services for companies like Discover, which are their own closed loop network.

Where they want to say, okay, find me anybody who's violating my acceptable use policy. And we do that for companies like that.

Zarik: I love the fact that it's not just limited to, the KYC and KYB, but your focus on compliance-- and compliance is maybe even a limiting term-- playing by the rules of whatever ecosystem is developed. Like you're trying to get and capture all that information as well for benefit of different parties, it sounds like. That's really cool.

So we're talking about these different players in the ecosystem. We've got issuers, we've got networks, we've got acquirers, I'm sure the merchants are there as well, but let's talk about the consumer for a second, right? So, on the false positive sides, right?

Like a lot of these competitors you might have, may have perhaps more stringent models that perhaps gets one of these merchants like incorrectly flagged and then suddenly it creates a lot of tension and unnecessary back and forth. So I had read that one of the things that you had done was to actually lower these false positives in some of the case studies that I found about your company. So talk a little bit about how like CE like able to do what you do from like an accuracy perspective.

Fernando: So going back because we came, and we started as a technology company, we've been obviously improving accuracy, our speed. What allows us is because our technology helps us, with pretty short SLAs, tackle about 90% with a previous inaccuracy. And then the 10% that is more complicated, but not plain vanilla, those actually sit a little longer to make sure that we're actually not creating a bad experience. While it's not ideal for any acquirer or anybody in the ecosystem to create friction with the merchants at the end of the day, it's better to create a bad customer experience than have somebody go through the doors that shouldn't have Now, that said, like in anything else, the merchants are way more demanding and, it's forcing everybody to get faster. Like, if you look at the big ones they're tech driven, like the Stripes of the world, the Adyens, all of them, their SLAs for onboarding.

From the time you onboard to the time you're processing a payment is pretty short, and I think it's gonna get shorter. And, then that creates a problem because on one end you have to be faster on the other end, Gen AI, when it comes to individual merchants, micro merchants and things, I could very easily create 20,000 fake merchants.

So it's gonna get quite interesting to see, how our industry starts to tackle those things and at one point, you get like, "okay, what do I need to make first?" Like the SLA from a customer and client experience, right? Versus, at this point, and it's top of mind, right?

MasterCard, last week here at ABP [American Banker's Payments Forum], was talking about scams and how [with] AI, you're getting a video from your father saying, "Hey, wire me the money and I need this." You're like, "look at it, it's pretty impressive." So I think that that's the conundrum that the service providers will have to deal with, with everybody expects like at the snap of fingers, everything needs to be there now.

On the other hand, it's super sophisticated, the way criminals are actually now leveraging technology.

Zarik: Yeah. Talking about scams, so, coming back to the accessibility piece, right? Your goal is obviously to help acquirers, as you said, detect fake merchants, fraudulent merchants, et cetera. Right? Or find instances where there's some sort of issue with a merchant that maybe needs to be resolved. Especially as you mentioned you're very global in nature.

How do you make sure that your tool doesn't become unintentionally, a means to shut out, certain market or certain type of merchant through the rigor? Fairness for certain type of SMB as a consideration.

Fernando: I think in our space is we don't go into those details, meaning, it's very clear what is legal, what is acceptable by the card schemes and basically those are the frameworks. We have also what is called a rules customizer, where a client may set up a different set of rules where some of them are less risk adverse than others.

"We don't want to take gaming, we don't wanna take gambling, we don't want to take adult, we don't wanna take marijuana, which is legal in some states, some not." Some are more aggressive on that end. That's basically entirely up to the client.

Zarik: And they're the ones who have like, opted into following certain rules or set of rules.

Fernando: Their own rules, customers, whatever risk appetite they can stomach.

Zarik: And so that leads me to ask about one of your products, I think it's called Merchant View. So tell me a little bit about Merchant View, like how you should think about it from a compliance perspective. And then we can talk about the customization to the extent it exists and how, let's say an acquirer might want to leverage that customization.

Fernando: So merchant view is the merchant onboarding and merchant monitoring solution. Basically the product we've been talking about. We have two ways we can integrate. One is through an API where we can feed a customer system and they get the inputs thrown into it. Or, we have our own user interface where you can upload the URLs. The models already are in compliance with card schemes. If that applies globally, regulation, legislation, things of that nature. Now we onboard the client, we provide training on how to customize our rules, then--

Zarik: --they're basically on their own.

Fernando: Now, they may reach out to customer success and say, "Hey, can you help me. I'm trying to establish these set of rules of things." But in general, that would be under their responsibility.

Zarik: Some regulatory bodies, I don't think in the US but other jurisdictions, have brought up, "oh, some of these tools to help detect fraud can be deemed as high risk," presumably because they're worried about ability for customization.

But from your perspective you haven't gotten mixed up in any sort of regulatory inquiry for these acquirers maybe that do go too far with dropping the guardrails, right. Like, "oh, let's actually create a little bit more risk appetite" and then they get in trouble for it. It hasn't come back to you, from your experience?

Fernando: If they decide to be lax on them--

Zarik: --that's on them.

Fernando: They sometimes come to us and ask for us to do deep investigations. We'll provide the results so they can go back to it. But at the end of the day, we are a solution that is tuned to their own criteria. So if they get in trouble with the regulator for being lax about it, it's on them. Like I said, there's some clients that have a little bit more appetite on riskier portfolios, but we don't participate in that.

Zarik: That's helpful to know. And then just talking a little specifically on some of the regulatory challenges, not for yourself obviously, but for the acquirers and by extension, the merchants. So one of the things that is a big pain point sometimes in the whole AML/KYC financial crime space is false positive OFAC hits, sanctions hits.

Where you're talking about an individual, the name is close. So, how do you work with the acquirers and by extension merchants or how do you work internally to account for some of these, how do you work to minimize some of the friction that could result if somebody was just trying to take the list and literally screen their merchants as is.

Fernando: We're gonna crawl URLs right? At the end of the day. If there's no URLs, we're gonna come back and say, there's nothing. We don't touch sanctions OFAC anything like that. Those are done by the client usually prior to sending. We are sort of like the last step.

After you go through sanctions screening, adverse media and things of that nature, we don't have those issues or anticipate those issues. It's prior to bringing in our services.

Zarik: So you're an AI driven company doing machine learning for quite some time before it became like a big buzzword that everybody's talking about. In terms of how data is stored and how it's used in building this intelligence model, so to speak, is it fair to say it's almost like a consortium of data because you're working with tons of different acquirers who in turn have tons of merchants?

You might have referred to this in one of your earlier examples, but do you run into cases where because you worked with one acquirer who has information and maybe you have a stored result for that merchant, that you come up with that same merchant for a different acquirer? Are you able to leverage that past data for the merchant and then basically use it in your decisioning for the next acquirer?

Fernando: So we do have our graph, which is basically leveraging all the data that the crawlers, accumulate throughout our big systems today. Our crawlers will start crawling, but also we ping our graph and say, okay, what do we know about this? So we do leverage.

Zarik: Also it sounds like Market View is the other tool for the marketplace. So just a brief overview of that.

Fernando: What we do is we work with the marketplaces and it's by product listing and categories.

Categories could be pharmaceuticals, contract bids, knockoffs, weapons. So those are the categories and then they send us, so when you go to marketplace and you go through the process, then you put it before it gets published, the marketplace sends it to us. We screen it and we say this violates copyright infringement as a knockoff, or we say, good to go.

And then, we earned the trust with some of the largest marketplaces to take our decision and just basically publish. The way marketplaces control it is you cannot make a change to the product listing. But if you do, you go through the same process.

"I'm gonna put a real Louis Vuitton and then I'm gonna change it to a knock off. Then it has to go back to the present."

Zarik: It's good change management, clearly. And, one other thing I wanted to ask is, we're talking about change management, let's maybe keep it specific to market view and marketplaces. You were talking about in the context of merchants, right? Like the acquirers have the card rules, they're responsible from your perspective for staying up to date with regulations, requirements, et cetera, for Market View, let's say. Some of these restrictions, especially in different jurisdictions, they change, what's your process for staying up to date with those requirements as they either A, become stricter, or B, become looser?

Fernando: So we have a team, that sits, under our, head of risk and basically, stays on top of all these regulations globally to make sure that we focus on the regulated markets, which today includes the US and the European Union. So we stay on top of those things and make sure that the models are fine tuned to the regulations.

And again, the card schemes basically are the most important, tunings that our clients care about. For the longest time, marketplaces were saying, "Hey, seller come in, buyer come in and they match. I'm not responsible for the transactions, buying something that is illegal," now that's not flying anymore.

Fernando: Regulation said that you are responsible for making sure that your marketplace is offering things that are actually within-- and that's why it's prompting a lot of this. Now a lot of the marketplaces do a first line of defense on their own. They're a tech company, so they build their own models. But there's certain categories to the places where their own models are not enough.

Because usually if a seller is gonna do bad stuff in one marketplace, most has like multiple things happening in different marketplaces, so we're able to detect that and be more effective in helping them with that.

Zarik: Last question here. Thinking about marketplaces and with like things like drop shipping for example, these have become quite large and complex and you have Amazon Marketplace, Facebook marketplace, what do you see as a future for the space and how do you think, others in your space will adapt as things in the overall ecosystem adapt.

Fernando: I don't have an answer and I don't think Amazon has the answer either, right?

There's two steps. One is, we are on the front end making sure that the listing is legit, like it's a legit product and it's authentic and that's it. Right? And then the transaction comes through. The problem is at that point we don't control that the seller actually puts the right product or ships something and the only way, is with central distribution centers controlling. Because otherwise, I think at one point probably AI would be like, okay, take a picture of the package and I get it and somehow AI will keep the picture. Like I took the picture of the package I'm shipping you and it's encrypted and you will take a picture that you got and somehow the platform saying it is a product that was shipped, right? I'm guessing it's a ways before we head in that direction. It's a little bit where, for example, companies like, Nike are focused on technology that allows them to make sure to avoid the lost product and here's how we're going to tackle that. But you're talking about a multi-billion dollar problem.

Zarik: Very insightful. Well, it's been a pleasure, Fernando. Appreciate your time.

(Additional Note - We will be hosting a breakfast-hour event during #NYFintechWeek on April 22! Spots are filling up quickly, learn more and sign up here.)

Continuing our series from Fintech Meetup 2025, with more great conversations with trailblazers and innovators on the topic of compliance. This week I’m featuring my discussion with two fantastic leaders from BankTech Ventures - Pam Kaur, Head of Bank Technology, and Katie Quilligan, Investor.

BankTech is “a strategic investment fund that was founded to support the community banking industry. Our mission is to generate both strategic value and financial returns for our investors. We accomplish this by sourcing, vetting, investing in, and introducing best-in-class bank-enabling technology solutions that enhance the competitive positions of our community bank partners. Backed by a seasoned investment team and General Partners from the community banking industry (including two of the nation’s most innovative community banks), we believe that BankTech Ventures is uniquely positioned to accomplish this mission.”

Some background about Pam: “Pam Kaur is the Head of Bank Technology at BankTech Ventures, where she supports the fund's rapidly growing portfolio of fintechs and limited partner banks. She plays a key role in both pre-investment diligence and post-investment activities, guiding fintechs on aligning their solutions with community bank needs and helping banks navigate their digital transformation journeys. Pam's efforts ensure a seamless onboarding experience, from sourcing fintech solutions to implementation, helping mitigate risks and drive success during hyper-growth stages. Before joining BankTech, Pam was VP of IT at a $5B+ community bank in California. She holds a BS in Computer Science from the University of the Pacific and an MS in IT Management from Golden Gate University. Pam currently resides in the Greater Sacramento, CA area and enjoys experimenting with new recipes, reading, and exploring local trails.”

Some background about Katie: “Katie works on the investment team, finding the bank-enabling fintechs that would best serve our Limited Partner banks and the broader banking industry. She supports the investment process from origination to execution and everything in between. Katie has previous fintech investment experience at a seed stage fund, as well as a track record of driving audience growth, revenue, and innovation for startups and Fortune 500 companies, including American Express.”

Although we didn't get a chance to dive into it during our conversation, I would be remiss if I didn't shout out their other venture Tech Sis, a fantastic initiative devoted to amplifying the voices and journeys of women in tech/fintech. It’s 2025 and tech and finance are still pretty male-centric, which is why we here at Fintech Compliance Chronicles are proud to support efforts like Tech Sis that are actively working to change the face of the industry.

It’s not every day you get to hear directly from the people writing the checks and thinking through the regulatory minefield. What stood out in our conversation was how deeply compliance is baked into BankTech’s thought process, from beginning to post-investment. Hearing Pam and Katie talk through how they evaluate and support fintechs gave me a whole new appreciation for the role investment funds can play in shaping the ecosystem. Thank you yet again to Caliber for setting up the discussion and to both Pam and Katie for making the time! The transcript of our discussion is below and the recording is at the beginning - enjoy:

Zarik: Who are you? What do you do?

Pam: Yeah. I'll start with BankTech. So we're a strategic investment fund. Backed by over a hundred community banks across the us. We invest in bank enabling FinTech companies. I've made 22 investments to date over the past three years.

I am Pam. I work on the post investment side as our head of bank technology. So I do all of our portfolios support, post-investment, and help our companies, one, help them figure out how to work together easier with banks. Two, help them figure out their product market fits their literally A through Z of anything that they need to actually work with a bank.

One of the major things that we do is take them through this banker style due diligence process. So they really get that crucial lens on their company of how a bank will evaluate them.

Zarik: I saw that you do audits essentially of their tech stack.

Pam: Essentially, yes. So similarly to when a bank is onboarding them as a potential vendor or some kind of partner with them, we'd also take them through this process, One, to make sure that they understand what that process is gonna look like. Two, to help them find any gaps that they might have there.

And then three, obviously help them figure out where we can plug in things for them to help build out that program long term.

Zarik: Do you have any relationships that you're able to pass along to from your perspective like, "Hey, you may want to connect with these parties", or is it more like you prepare them and then, after the fact, they're on their own? Describe to me, beyond your portfolio company, if you will the role in helping them in relationship management?

Pam: Yeah, so we definitely have a short list of partners and third party vendors and other things that we have formed our own relationships with that will either send them off to like here's a compliance lawyer, or here's somebody that offers like Chief Compliance Officer as a service to your company, or, here's somebody else in the ecosystem that is going through the same thing as you, what they did, and you can figure out next steps. It really depends on the company, what stage they're at. What their comfort level is to even, ask for help. But we are more than happy to help provide any services. I'm happy to help walk them through that myself with any of my own experience in banking in the past, and guide them through, here's how a bank might look at this, or here's why this is okay for right now because you're an earlier stage company and we don't expect you to have x, y, Z built out, and here's how you can talk to the bank about why you are where you are. So it just varies based on the company.

Zarik: Got it. Katie?

Katie: So I'm on the investment side of the team, and that means that we're going out and sourcing companies and trying to find the best solutions that will help make our banks continue to be innovative, competitive.

A lot of the diligence that we do, mirrors what a diligence process might look like at a bank. At other more traditional funds, it's probably a lot lighter. We're putting them through a lot more diligence and also a lot of what we do is looking through the lens of how can a bank actually use this?

And thinking from that customer lens, as well as evaluating what kind of financial returns and other things that we can get, really dual lens, I would say a big part of the value we provide to our limited partners is this market intelligence. If we're meeting so many companies, we're seeing what's out there and going back to them and saying, here's kinda what we're seeing in the market.

This is what you should be looking at, thinking about for your future and making introductions. Even the case we're not making investments. There might be a solution that a bank needs, where we can make that and facilitate that. So they're getting a lot of value beyond just financial returns from saying yes to investing in our fund.

Zarik: Got it. And so maybe just shifting to the angle that I love to talk about which is compliance. You mentioned the audits briefly, from either of your sides or both of your sides, do you have a methodology around compliance when you are evaluating an organization for fit.

I know you've talked about auditing and reviewing, but from your perspective how do you think about that when you're looking at prospective companies?

Katie: Well, one, we have the benefit of having Pam on our team, so as part of our diligence process, we'll bring her into the calls because she has the expertise of having worked at a bank.

And I think a lot of what we'll ask them is about different things, like, let's say generative AI, right? How is that data being used? Is it going to be shared? Let's talk through some of those, just depending on what the solution is, there might be different sets of questions that we're looking at.

But we are trying to do it from the frame of, "what would a bank be concerned about here and how can they evaluate that?" We look at third party risk management solutions for potentially investing and for our banks to use. But we've also looked from the side of, "Are there tools we should be using to be getting smarter and better in this area?" To go to that extra level of thinking and making sure that everything is intact, we have a pretty extensive list of the documents and things that we ask them for ahead of time.

Zarik: Pam back to you, when you're thinking about all the talk around third party risk management, BaaS, FinTech - bank partnerships, how do you see that in 2025 and beyond with the shifts in the regulatory environment?

Like do you think that anyone out there in DC is even thinking about this anymore?

Pam: Yeah. I actually just did a webinar on this last week. A lot of the conversations that I've heard from FinTech lawyers or people in DC that are either lobbying or doing something in the space to try to figure out like what's next for banks, and advice that we've also gotten from some of these experts in the industry have been, "a lot of what is already out there in terms of regulation is not gonna change very quickly."

The conversation that we had last week with the American FinTech Council talked about how much time it'll actually take for it to go from up here down to the actual examination level and actually changing at the per bank level and how your own banks examiner might either decide to ignore certain things or decide, " this is the way I've been examining for 25 years and these are the things that I care about and it's still gonna be the things that I care about." . Just in terms of like safety and soundness, we don't think that will change very quickly.

These people that have been working there as career examiners, have gone through many administrative changes and have had many different presidents, et cetera. Agency heads tell them different things. But I think, "As we are humans, this is what we care about and these are the things that we're gonna examine," I don't see that changing very quickly. I might be wrong, but hopefully I'm not. 'cause I think that would bring a lot of instability into how, banks. Are safe and sound. You know, we've seen banking crises in the past. And, I think some of these things that came out in the last 10, 15 years were to help prevent additional crises like that. So I don't foresee a lot of things changing very quickly at the per bank examination level. I think it takes time for that messaging and communication to get down. All the way down from executive to examiner. So I think there's gonna be a little bit of a lag there. Again, it's very unprecedented times in terms of, regulation and things.

I think for sure there won't be any new regulations coming out very quickly. A lot of existing things that have been in the air over the last one to three years are, again, a big question mark of which of these are still going to be existing at the end of the year, or even by summertime.

But I think the, at the bank level, the banks still need to make sure that they're acting in a manner that is beneficial to their customers and keeping their customers money and things safe. So I think at a core level, I don't see that changing very significantly. I think for sure, new regulation is gonna be neither here nor there. We don't know. Administratively we're at a huge pendulum shift this way. Again, in four years, three, four years, it might swing right back the other way or somewhere in the middle. So I think people that are doing these jobs day to day understand that and are hopefully not trying to get swept away in the "Oh no. Everything's changing now."

Zarik: Yeah. And I think there was similar talk in 2016 and if anything the focus was on larger institutions getting hit even harder. So, who knows what the future will hold, to some extent.

I wanted to circle to AI. From the compliance angle, one topic that I've been having some conversations about is like AI in fairness of evaluations of customers and that sort of thing. So I'm curious, what are some positive developments, any examples that you've seen about companies that have used AI to really solve issues of fairness or from a credit perspective, any stories of companies doing it right and solving some of the problems around lending using AI in a compliant fashion. Maybe that's kind of a unicorn, who knows but, would love to get your take on that.

Pam: Yeah. Katie's actually our AI, bank tech AI expert so I don't know if you wanna add anything on that specifically. We've definitely seen companies specifically working with fairness and how AI is gonna play into that in the lending space., I don't know that banks have been super quick to adopt solutions like that as of yet.

I think, again, it's a big regulatory question mark, so, it's been a little slow play of, let's see how it goes. I think the larger institutions are more likely to engage in those types of conversations.

Zarik: It's the large institutions that many would argue, need to be disrupted.

They've kind of created the problem, right? Of, folks getting shut out of the system.

Katie: Yeah. We talk to our banks about what they're using, a i for, it's mostly back office, compliance and creating the efficiency piece because they are worried about this regulatory piece. So thinking about fair lending or how they just don't even wanna get swept up into that, even though we believe that there's so much possibility for loan volume to be done faster, more efficiently, and potentially helping, like on the s and b side, if you can now do these smaller dollar loans and do them as efficiently as you can, these larger loans, then you're gonna say yes to them.

Whereas before you only had the bandwidth, the resources to do these larger ones. So you're gonna say no, but then it does bring into what you're talking about of, where's the fairness come in and understanding the data that's going into the model that you're creating. So we've spent time looking at, is model risk management now going to be more something that our banks need to bring on?

And so is that a standalone tool where the banks need to do this and be doing it and they'll have a lot more models coming in because they have technology to do things? Or is it something where we say yes to a lending solution that has MRM built into it? And so each individual tool has its own safety guard around it.

The ones that I think are probably being smartest about doing some of this and evaluating the models and keeping them in check are using some form of generative ai, but then also using that traditional machine learning and creating so that they're testing their model. In some ways it's keeping it in check because it's deterministic. So you can say is this a yes or no? And if there's red flags, you can then come and check them. But I think it's just, that, that loan space is just tricky right now. And it's hard, especially for the larger banks, they have such large volume.

I think that a lot of the companies are using data sets from these larger companies and larger swaths. So then when they're doing their loans, they actually can mimic more what the larger banks are seeing at these smaller institutions. The models and what's being created may not actually mimic their customer set.

And they may not have enough volume in what they've done historically to do that. And so we have to look into things like creating synthetic data. And then to your point, you get into that, like, how do we think about creating fairness in this? Or are we just creating synthetic data on top of, historically, that data and I honestly think the answer has been, we just don't wanna deal with that right now. Or, it's just not going to be the first place we go to for ai, which is not a very satisfying answer. But that's where we are. It just hasn't been a top priority.

And I don't think until there's really clear ROI and also clarity on what's regulation gonna look like for using AI to do underwriting, that there's going to be a large take. But what I do think is that the companies who are using underwriting, they need to build in their own version of model risk management into it.

And that they need to assure them and create some really easy ways for the bank to talk to the regulator about, this is what we're using, this is how we're getting our data, and helping them have the conversation and put it into really approachable terminology. And clearly explain that they understand the data that's going in, the data that's coming out.

And that's, I think what we spend a lot of our time evaluating and also talking to our companies about, how do you help empower the bank to have these conversations so that the regulator can say yes to it.

I would say one of our banks that has been in the forefront of adopting AI solutions and specifically generative AI solutions, has really gone back and looked at their third party risk management and continued to add additional questions and depth to what they're doing. To them this is still evaluating solutions. "We know how to do this and so let's put this in our framework, but just develop it into a stronger way." And I think that also makes it more approachable for banks. They have the capability to do this, they just need to dig in deeper, in the right spaces.

And that might mean now adding, again, like model risk management becomes part of that conversation more than it had been previously or just bringing in other parts. But I do think it's still part of that same process of just making it larger and expanding on that.

Zarik: Yeah, I just, I heard model governance. I rarely hear that term as a compliance person. You want to hear more of that. Closing on a somewhat lighter note. You mentioned American FinTech Council, so my understanding is there's a partnership that has recently been established. So, maybe just talk a little bit about that and some of the advantages you could see, especially from a compliance perspective in terms of how you're dealing with companies, your partners, et cetera and just for the organization in general BankTech.

Pam: Yeah. I think that was a partnership long in the making needed to happen a long time ago. We've been very close with them for a while. I think we have a lot of strategic alignment both on the bank and FinTech side. Of course, they represent both banks and fintechs.

For us it's great to be able to keep a pulse on, what are some of the regulations and things coming down the pipeline, what side are we standing on and how can we help support that? And how do we communicate those back down to the fintechs and banks that we work with as well? 'cause that's obviously a big part of us as our strategic investor. For both the FinTech and bank side is that we help 'em figure out and navigate this space. Right? So that's been a great pulse check for us in DC and just at the state level as well. And I think great for our portfolio companies to be able to connect into that and help have a voice of what they think regulation should be and how certain regulations impact them.

And again, what side should they stand on, same for the banks. We help them keep a pulse on the ecosystem, on FinTech, on BaaS, on regulation.

So I think we, we will have a great opportunity to work very closely with American FinTech Council on some of those things, like, here's what we're hearing on the bank side and here's what we're hearing on the FinTech side, and being able to collaborate and help create unified messaging for the entire ecosystem based on that.

Zarik: And that was the end of our conversation. I want to thank Pam and Katie for their time and for an insightful and fun conversation. Thanks for joining us on another edition of FinTech Compliance Chronicles podcast.

Last year, this newsletter hosted its very first in-person meetup during NY Fintech Week. Sadly, I had no voice during the event itself (laryngitis) and so things didn’t go as well as they could have. However, since then we’ve gone on to host many more events, panels, dinners and coffee-fueled convos across the country.

This year, we’re joining NY Fintech Week again, hosted by , to present in collaboration with our friends at ComplyCo:

Compliance & Pastries – a casual morning hangout for fintech compliance, legal, and risk folks. No panels, no pitches—just good people, good conversation, and a croissant or two.

📅Tuesday, April 22, 2025
📍New York City
🕗 8:30 AM
🥐 Register here

If you’re in town for the week, swing by and say hey. We’d love to see some familiar faces and meet a few new ones.

(Additional Note - Let us hope that by the time you read this, I am back on LinkedIn and able to post this over there. If not, once again I’d appreciate you passing along this newsletter to anyone you think would benefit from or enjoy it - colleagues, friends, family, etc. Thank you!)

Continuing our series from Fintech Meetup 2025, with more great conversations with fantastic leaders in the space on compliance. This week I’m featuring my conversation with Lauren McCollom, SVP and Head of Embedded Finance at Grasshopper Bank.

Grasshopper is “a client-first digital bank serving small businesses, startups, and investors supporting them across the innovation economy. Our digital solutions cover small business, venture-backed companies, fintech-focused Banking-as-a-Service (BaaS) and commercial API banking platforms, SBA lending, and commercial real estate lending.”

Some background about Lauren: “Lauren McCollom leads Grasshopper's efforts to establish mutually beneficial partnerships with financial technology (fintech) and neobank companies by offering a variety of API-driven financial tools and solutions for the consumption of the fintech’s clients. During her 16-year commercial banking career, Lauren has worked alongside entrepreneurs to solve complex problems and ultimately help them build great companies. While working at Wells Fargo, and later at Square 1 Bank, she was instrumental in the formation and growth of the Startup Services groups where her skills in working with the investor community along with portfolio companies were leveraged.”

It was really interesting to hear from the perspective of the “other side,” aka partner bank, who are usually the ones getting wooed at these conferences, and refreshing to hear just how tech-first they have been which likely contributes to their success at landing innovative yet resilient fintech partnerships. Thank you again to Caliber for setting up the discussion and to Lauren for making the time! The transcript of our discussion is below and the recording is at the beginning - enjoy:

Zarik: Lauren, really excited to talk to you, today about Grasshopper. So, maybe a good place to start would be, to understand how grasshopper as a digital bank. How it's navigated the whole FinTech bank partner model, some of the history behind the organization and how it's evolved.

Lauren: So Grasshopper was started and received our charter in 2019. We are an OCC Chartered bank. The name Grasshopper actually pays tribute to Grace Hopper, who was a rear Navy admiral, and founded the language, that a lot of banks programming is built off of today, which is instrumental as a, initially a female founded bank.

We are a business bank focused on serving the innovation economy and small and medium sized businesses. We have our direct business offerings, to businesses that come to our website to sign up for our services. The VC and private equity community as well. And then indirectly, we have embedded finance, which is the group that I lead.

And the efforts there are really to forge partnerships to enable those financial technology companies and non-bank entities to serve their customers with bank products and services. So deposit accounts, payment facilitation, card issuing as well. And we look for a number of things in the partnerships, but really try and focus first on a alignment culturally with the organization, that they have a strong focus to compliance and risk mitigation and, that they want to get into a partnership that's gonna be long term, that's gonna be mutually beneficial for all of us, mostly including their end users who are gonna benefit from the additional products that we're leveraging in the partnership.

Zarik: Got it. And your view on their end users, talk to me about how Grasshopper's philosophy is towards those end users. Like do you see them as your customers.

Lauren: Our FinTech partner knows their customers best. But ultimately their users are our customers as they're getting onboarded at the bank, and leveraging our products and services. But we think about it kind of in the partnership effort that it is. Our fintechs do know them better than us.

In some instances in their behaviors, they may be serving them with other products and services outside of banking. Which gives them that other lens into, being able to be the best first advocate for, keeping the banking infrastructure that they're bringing to us safe. Ultimately they are our clients and we want to make sure that the products and services that we're building, that our roadmap of product delivery aligns with what our FinTech partners need to serve their end users and what they're asking for so that we can all mutually, meet the needs of those users.

Zarik: Got it, got it. Just thinking back to what you said about your origin story, you look at a lot of the partner banks that are out there without getting into any specific names, but you see many instances where you have legacy institutions that are small in size, tried to get in the space of basically sponsoring and partnering with fintechs and they, they tend to run into a lot of trouble.

So you all were established in 2019. Got your charters. That's great. I'm curious, like maybe talk a little bit about how you think your relatively young age as a bank is kind of a competitive advantage to the extent that it can be when you're working with, uh, fintechs.

Lauren: I think it allows us to have foresight into speed and transparency. I know in my history, Working with, startups and founders, I've been in banking for 20 years and I've been working closely with those companies that are at that infancy stage. And, when you are building, you need to know kind of what is the path look like.

And so I think that taking that lens and approach to partnership with a strong foundation of risk mitigation and compliance that our team has, we were able to leverage the efficiencies of being a digital bank of, wanting to build this as a line of business within the organization. It wasn't something that we built at the beginning of the bank's, infancy or when it was first chartered, but it was something that was in the vision of it.

One of the things I read as I was looking to join the bank --I was like, oh, they wanna do this, this is something I've wanted to do for many years in my career at different organizations. And so there was, overwhelming acknowledgement of that this is something the bank will be getting into.

And when we finally have the opportunity to do so, with the hiring of Mike Butler [CEO] and a couple other team members that came over from Radius Bank, Chris Tremont [Chief Digital Officer] as well, they were instrumental in banking as a service, going back to 2013. I kind of raised my hand and said, I need a team that knows what they're doing.

This is really hard to do from scratch. And so taking the best practices that they had and learnings that they had from their prior organization really kind of gave us a leg up. Also having a board that knows what we're doing is bought in on what we're doing and very supportive of the efforts that we're putting forth to grow this business. Like all of that aligns so that we're not retraining people to figure out how to do this. It is just kind of core and native to what we do as an institution.

Zarik: That part about the retraining, really resonates. And, you talk about the board-- as a former internal auditor, hearing for so long the board is the one who's responsible-- like having a dynamic forward thinking board, which understands its responsibility and influence? That's gotta be super fantastic.

Lauren: It's a powerhouse I think. And it really allows us to set ourselves apart, both with the regulators and the partnership and relationship that we can forge with them as we look to develop more and more products to grow the bank, in multi directions that we wanna go.

So, it's nice to know that what I'm doing and the efforts on the ground are known and appreciated by the folks that are leading the organization, C-Suite and board.

Zarik: Yeah, embedded finance partnerships. At least the last couple years from my vantage point, one of the hottest topics in the space right now, and I think unfortunately recently, 'cause so many folks can't seem to get it right and they're getting in trouble.

So I'm curious, maybe before we dig further into that, the concept of help, you can't do it alone. You've, recently partnered with Cable, and I would love to learn a little bit more about that relationship. Selfish reasons, being compliance person, you're a compliance focused platform.

Talk to me a little bit about that and how that has helped create efficiencies, especially from a risk and compliance perspective.

Lauren: From my vantage point appreciation is that it allows our risk team to have visibility across all of the BSA assurance, I believe is what they're leveraging it for. And as a result, it's not doing spot monitoring of historical information, but it is real time and a hundred percent exposure to our end users in the system.

So that really helped. Give a huge lens into what's going on within our programs. And it's critical and having the API integrations that they enable makes it seamless or smooth for our customers to provide information that we require and takes out a lot of the back and forth.

So that just saves time. And also just the robustness of the information and the access to the information I mean, it's paramount in running a client organization.

Zarik: Sure. Maybe not necessarily like specific to Cable, but just generally, the fact that you're partnering with them I think is fantastic. I'm kind of curious, just zooming out, alluded to some of the troubles that some of your peer partners, sponsor banks may have, let's say consent orders unfortunately getting in trouble.

Regulators, like this has been the whole backdrop of the BaaS movement for at least a couple of years, if not the last three years. And potentially maybe things will change now, but I'm just curious, what do you think, whether it's from a compliance angle or not from a compliance angle, how do you think Grasshopper is able to, succeed, if you will, where others maybe have had challenges?

Lauren: I think that we take compliance as a competitive advantage. And I know there's, different ways to look at that, but, we really think that we're able to meet the needs of our customers in a compliant manner. We can do it efficiently and effectively is really a huge piece. With the resources, tools, and humans that we have augment the technology that we utilize with the human interaction, it really sets us apart to be able to do things in a way that's gonna allow us to do more.

I don't wanna say with less because it's not. It's just, with assistance to be able to do more. So I think that we really are able to use the compliance resources team and infrastructure that we have to stay lean and efficient in the areas while not compromising on any risk mitigation tools or compliance areas.

Zarik: Obviously the way the business model works and the way the relationships work. You're essentially providing your charter and the fact that you are a bank in service of these fintechs. So do you find that your approach as in considering compliance as a competitive advantage, partnering with Cable, what have you seen from the actual FinTech partners, the technology companies? Do they appreciate it. Do they give some initial resistance and then you have to do some convincing. The other efficiencies and advantages you bring as partner bank ,do they just dwarf any concerns about compliance? What's your take on the reaction from the partners that you work with, having such a buttoned down house from a compliance perspective?

Lauren: I think that goes back to the thing I said about selecting our partners, right? We get to work with partners and choose to work with select fintechs that are aligning with the values of how we're organizing our programs. And when we say this is something that's gonna help it be easier and more streamlined and more robust of a compliance program overall, that's gonna keep the banking system safe and sound, and it's gonna make sure that your customers are well served. Quite frankly, maybe not at the beginning, if you have to do an integration, there's gonna be some resources that are gonna have to be put towards that. But over the long term, really help to lift the ability for them to do more and maintain a strong foundation.

Zarik: Short-term pain for long term gain.

Lauren: But I think that the technology that Cable's able to put through really anything that they can, do, whether it's our technology partners integrating the Cable APIs to streamline that for us as well is another advantage that our partners get to benefit from.

Zarik: Maybe zooming away from compliance a little bit, I think it's actually a goal of regulators and why I think they aren't just saying, alright, this whole bank FinTech partnership space, let's just get away from it. But when you look at why embedded finance is taking off so much like the financial inclusion angle, just gimme your thoughts, if you don't mind, on how Grasshopper thinks about that as it partners with FinTech and maybe just some, examples or instances that you can think of that you're able to mention where you've seen, your involvement actually contribute to that scenario of financial inclusion, unlocking access to financial products that individuals wouldn't have had otherwise.

Lauren: The simplest thing is making wire transfers, right? I tried to go wire to make my down payment for my home and it was during the pandemic and I had to make an appointment at a branch, and I was like, why do I have to make an appointment? So there was resistance there.

If I could just do it online. Do it through the bank itself. Which I wasn't able to because of the dollar amount. I needed to go in person. Like allowing our product to be digitally delivered to consumers, allows them to do what they need to do, when they need to do it, where they need to do it, and the financial provider of their choosing, and really get the best of both, right?

They get a lovely user experience and they can do their banking when and how they need to, it really opens the door for people to be able to do, and transact and have access to, products and services that they may not otherwise be getting from their direct financial institutions.

Zarik: It's very powerful. I mean, when you really stop and step back and think about it. I was talking with someone else who was elaborating on the legacy system of banking and the way it's set up is whether it's intentional or not, designed sometimes to exclude certain folks from being a part of the system.

And so, I think it's great that institutions like yours, your partners, obviously there's components like we're a business, we want to make money, but you're giving access to customers who otherwise would've had no recourse. So I, I think it's, it's fantastic.

So, I'm curious though, like on the topic of AI, does this come up a lot in your conversations with your partners? Is it something that you as an institution, are already incorporating into your operations, especially from an embedded finance perspective?

Is it something more that you're happy to partner with third party institutions to supplement your capabilities? What's grasshopper's take on AI particularly when it comes to embedded finance capabilities?

Lauren: I'm not seeing it much yet with my partners directly in terms of our interaction, or even the bank's operational interaction.

I mean, we're certainly utilizing it for efficiencies, right? It's nice to not have to write the full email and have some help with that crafting so we can be more efficient in reaching our customers and prospects and things like that. But, certainly on the compliance side, I think we're utilizing it in a couple of different areas, to really help bring those efficiencies to the humans that are behind the scenes.

So there's a lot of data checking and sources that need to be evaluated and you can leverage the AI to be able to pull those sources together, raise relevant information, and allow the expert that we have on staff to focus in on areas that are most efficient and effective of them doing their job well.

Zarik: Yeah. And so, to kind of try and wrap this up in a bit of a bow. What do you think the future holds for this space? Do you think that there's more potential for these kind of partnerships being transformative. Do you see opportunities for even more regulatory enablement? What can you predict, without holding you to it, about the space?

Lauren: Without a crystal ball? Sure. I'm very bullish on the space. I mean, not because I'm a leader in it and I'm excited for the customers and clients that we work with, but also because I love to see the transformation that's taking place, right? Getting access to financial services across the board, even for many of the business customers that we support at Grasshopper, allowing them to do more, quicker, faster payments, right? Allowing them to do it in a compliant manner and allowing them to do it anywhere they want with the FinTech provider that they choose, to have access to all of the financial information that they have across a number of different, companies is also really key for them to be able to take control of their, financial health and wellbeing.

Zarik: I said that was the last question, but now you mentioned this so I couldn't resist. Open banking 1033 rule. From that perspective, do you think that there's opportunity there? Because the whole premise of that is giving consumers centralized control of all their data across different institutions. Do you have a view on that.

Lauren: I mean, my personal view is that I'd love to see more access and availability to the data. I, though, haven't seen any restrictions on my side being able to get the data that I need to the partners that I choose. So I might not be a power user in that way to be able to answer that.

But I think that data sharing and doing it in a compliant manner, doing it with the consent of the user, consent of the FinTech, doing it in a safe manner. As long as those things check the box, I'm all for it.

Zarik: It's great to hear that it's top of mind for you clearly and your organization.

And, just want to thank you for the time and yeah, look forward to seeing all the success that Grasshopper will have in the future.

Lauren: Thank you for chatting with me.

Zarik: Likewise.

(Additional Note - I have seemingly been temporarily restricted from LinkedIn since last week (long story) - so for the next week or so until it (hopefully) expires we’re going to be posting exclusively here on Substack. Now more than ever, I’d appreciate you passing along this newsletter to anyone you think would benefit from or enjoy it - colleagues, friends, family, etc. Thank you!)

I’ve tried to stay away from the CFPB beat since the beginning of the year, as you can probably tell, after devoting a good chunk of the life of this publication to it. I think it’s a story that so many are covering extensively up until this point, that I’m not sure what more I could contribute.

However, today I couldn’t resist - this morning in Washington D.C., the House Subcommittee on Financial Services held a hearing titled “A New Era for the CFPB: Balancing Power and Reprioritizing Consumer Protections.” But what unfolded was less a technical policy review and more a heated ideological battle over the very role and legitimacy of the Consumer Financial Protection Bureau.

Republican members leaned hard into themes of regulatory overreach, political bias, and abuse of power—accusing the CFPB of weaponizing enforcement, stifling innovation, and operating with little to no accountability. Democratic members pushed back, characterizing the GOP's framing as little more than deregulatory cover for corporate interests, while warning that consumer protections were being gutted behind closed doors. And smack in the middle of it all sat Seth Frotman, the former CFPB General Counsel turned vocal critic of the Trump administration’s approach to financial regulation—who found himself the target of some of the sharpest barbs of the day.

Witnesses included attorneys, credit union leaders, industry reps, and Frotman himself, offering clashing visions of what consumer protection should mean in 2025. There were genuine policy disagreements, sure—but also snark, shouting matches, and soundbites tailor-made for headlines.

I’m not going to get into full blown analysis due to wanting to focus on the last few days of Ramadan. But here are 10 of the most revealing, ridiculous, or just plain riveting moments from the hearing:

Rep. Ralph Norman (R-SC) to Seth Frotman:

"You resigned twice… I kind of wish you’d stayed, ‘cause you’d be the first one to get fired."
"Do you not have any decency? This isn’t your platform."
— Norman slams Frotman for participating in student loan forgiveness and praises Elon Musk. Frotman tries to interject and gets completely shut down.

Rep. Andy Barr (Chair, R-KY):

“Let’s examine who the real predator is: the Orwellian Predator—the Consumer Financial Protection Bureau.”
— Delivered with theatrical flair. Pitched as a philosophical challenge to the CFPB’s mission itself.

Rep. Sean Casten (D-IL):

“We gonna defend capitalism around here? We gonna defend competition—or we gonna put on a ball gag, climb down in the dungeon, and just do whatever Trump tells us to do?”
— Wildly vivid and definitely spicy. Casten goes full-on HBO.

Seth Frotman (opening statement):

“The CFPB must get back to work. A hearing that purports to be about consumer protection that focuses on anything else is an insult.”
— Throws down the gauntlet, asserting the hearing is a distraction from real consumer issues.

Rep. Brad Sherman (D-CA):

“Today isn’t a hearing about whether the CFPB has a good or bad regulation. Today is a day when Elon Musk says ‘CFPB – RIP.’”
— Emphasizes the existential nature of the hearing; bold framing.

Rep. Tim Moore (R-NC):

“I’ve been an attorney for 30 years. To approach something like this with a clear political agenda… it shocks my conscience.

—A bold statement from a freshman Congressman, especially given that the entire hearing was dripping in political agenda from both sides.

Rebecca Kuehn (Hudson Cook):

“The CFPB can simply declare an existing practice abusive and penalize companies—without giving them a chance to adjust their policies. That’s regulation by enforcement.”
— One of the most damning and concise criticisms of the Bureau’s modus operandi.

David Pommerehn (Consumer Bankers Association):

“The Bureau misrepresented its own data to justify rules… That’s not regulation. That’s political theater.”
— A brutal accusation of intellectual dishonesty.

Rep. Bill Foster (D-IL)

“This hearing feels a bit like Republicans rearranging the deck chairs on the Titanic after they torpedoed it.”
— Strong metaphor, turns the blame on those calling for reform.

Rep. Juan Vargas (D-CA)

“In the San Diego region, we have 96% more CFPB consumer complaints filed by service members... Could you talk about how we've helped them before and how we're not helping them now?”
—Centers the hearing on real-world impact—specifically how veterans are being left behind amid deregulatory shifts.

You can watch the full hearing below. Amidst the spiciness, there are some interesting proposals in there, but given the sheer unpredictability of the last few months in Washington who knows if they will become reality, or if the CFPB may just not even exist by the end of the year. We live in interesting times.

Have a specific question you'd like me to ask on air? Shoot me a quick email at zarik @ fintechcompliancechronicles.com, and I'll include the best listener questions in the conversation!

Last week I had the pleasure of attending Fintech Meetup 2025 - my first time attending. I’ve already shared my broad thoughts here, but one thing I also had the opportunity to do was record some great conversations with fantastic leaders in the space on the topic we all know and love here, compliance. This week I’m featuring the first in a series of discussions from the event, with my first being with Laura Kornhauser, CEO of Stratyfy.

Stratyfy is “on a mission to accelerate financial inclusion by providing greater transparency and less bias to critical financial decisions that impact millions of people. Stratyfy's interpretable AI solutions enable financial institutions to make more accurate, efficient, and fair financial decisions in credit risk, fraud, and compliance.”

Some background about Laura: “Laura Kornhauser is the co-founder and CEO of Stratyfy, where her team’s mission is to accelerate financial inclusion by providing greater transparency and less bias to critical financial decisions that impact millions of people. A known thought leader, Laura speaks frequently on the application of AI in financial services and practical methods for addressing bias in data and decisioning. Laura has two decades of experience as a financial services leader, working with financial institutions, technology providers, and regulators to advocate for the use of transparent, responsible AI and machine learning (ML) in the financial sector. Prior to founding Stratyfy, Laura was an Executive Director at JP Morgan Chase, where she focused on developing risk strategies and products for the bank and its largest corporate/institutional customers. Throughout her career, Laura has championed the use of ML to drive financial inclusion – including as a founding member of MoreThanFair, a research participant in the groundbreaking study on fairness in ML with FinReg Lab and Stanford University, and an expert contributor for MIT’s AI Policy Forum. She has a BSE in Operations Research and Financial Engineering from Princeton University and an MBA from Columbia Business School. During her time at Princeton, Laura was recognized for her prescient thesis that correctly identified, quantified, and predicted the inflating housing market bubble years before its collapse. Laura has received the Inspiring FinTech Female Award twice, was named to Innovate Finance’s Women in FinTech Powerlist, and won BAI Global Innovation Rising Star Award in 2023.”

I really enjoyed this conversation - as you can tell, we both got pretty fired up about financial inclusion, the intersection of fraud and compliance, and AI. Thank you to Caliber for setting up the discussion and to Laura for making the time! The transcript of our discussion is below and the recording is at the beginning - the first of what we hope to be a more regular podcast series (prior episodes can be found here on YouTube) - enjoy:

Zarik: It's a pleasure to meet you, Laura. Excited to talk to you about Stratyfy and some of your products like Unbiased, which is the one that interested me the most. And also your partnership with FIS, I was intrigued by that.

So elevator pitch. Stratyfy - how did you come about starting, creating this organization, products that you have? What was the inspiration, motivation, et cetera. Let's start with that.

Laura: Yes. So at Stratyfy we help financial institutions make better decisions across credit, risk, and compliance.

Laura: When we say better, we mean more efficient, more profitable, and fair. That's our definition of better. We're focused on decisions like who to lend to, who to approach for your products, and what types of transactions or behavior to stop for fraud, these are the types of decisions we're talking about.

Laura: Prior to starting Stratyfy almost eight years ago, I spent over a decade at JP Morgan Chase in both lending and risk roles. I come from a family of entrepreneurs. My parents started a technology company around the time I was born and then built and grew it for the next 30 years before selling to a strategic.

So I always had entrepreneurial hopes and dreams, went the very different route initially out of school. And while I was at JP Morgan, I actually, as I mentioned, worked in lending and risk and towards the end of my time there, I was responsible for our quantitative investment solutions. So those were our algorithmic trading strategies that we were selling to corporates and institutions.

And it was also around the time that Dodd Frank came out. And if you recall when Dodd Frank came out, it was very unclear what was in scope, what was out of scope for Dodd Frank. It was very unclear how to comply with that regulation. And we basically ran into a brick wall where we had this huge new product category while getting ready to launch and we weren't going to be able to launch the products because they came under scope of Dodd Frank and we didn't have the proper technology to disclose as we needed to.

Zarik: Even in a large institution like JP Morgan?

Laura: Yes, and the tech team couldn't build it. I often joke that our tech, we went to our tech team and they said, well, we'll get it done in Q5.

Because tech teams at a lot of financial institutions are overwritten by managing existing systems. And often don't have the bandwidth and sometimes even the mandate to do other things, right? So I ended up scotch taping something with one of my engineering friends together, nights and weekends, it wasn't pretty, but it got the job done. We were able to launch the product, but that was a big aha moment for me. decided to quit. People thought I was crazy. I went back to business school full time.

Zarik: Where did you go?

Laura: I went to Columbia.

Zarik: Okay, cool.

Laura: I wanted to stay in New York City because I knew I knew I wanted to stay in the FinTech scene, if you will, and then, was fortunate through a friend to meet my co founder, Dmitry.

He had spent about a decade developing the technology that's still at the core of our products. He was a quant at a trading shop looking for a better way to make decisions. He was very early on in the AI wave and really believed that there’s a lot that we could do with AI, but still human contextualization of information was going to remain important. That was what he was building with his tech. I thought it was super cool. And this -

Zarik: - was in -

Laura: 2017. Yeah, that's when we met.

Zarik: That's really cool. So he was a quant, you are also a quant, working at JP Morgan. I'm just curious, from that experience to building Stratyfy - what were some of the key learnings? I imagine when you were at JPMorgan, complex sort of decisioning happening. You've talked about some of the challenges you had in adapting the technology to Dodd Frank requirements.

Were you able to get into the guts of some of the decisioning, especially from a credit perspective and then how did you leverage some of that learning at Stratyfy when you were building the product?

Laura: Yeah, absolutely. I would say the biggest thing that we realized, and I'd love to say we realized it on day one, it took a little longer, but we always knew that it was really important to be able to bring - we always knew it was important to be able to bring the advancement in technology to where your customers were, right? And bridge that gap between what is possible with cutting edge technology and what is actually happening at your institutions right now.

Zarik: Yeah.

Laura: So we always were really focused on how do we bridge that gap? How do we give people, the visibility and control to feel empowered to start using more advanced analytics, which is ultimately what our software is all about.

What I think we didn't fully appreciate when we started, which we've definitely learned now, is that we had a vision from day one that all of these different areas of risk I mentioned - credit, fraud, compliance - all have inner workings and should have interoperability. I should be able to see what happens in a fraud check when I'm then evaluating a decision of lending or not lending to someone.

And then when I'm looking at that decision afterwards to make sure that I had, the proper compliance controls across that decision - that should be kind of a unified view.

Zarik: Yeah.

Laura: It's not today.

Zarik: You would think it should be because some of the same attributes are getting, different combinations maybe, but -

Laura: I think we're still seeing that in the market today in the fraud space, right? Many, solutions focus on one type of fraud or their point solution for one type of fraud. What happens, when you're looking across an entity and seeing, maybe their score on this type of fraud wasn't enough to trigger an action, but cumulatively we should be looking into this further. It's still a pain point. We realized we wanted to solve all that right out of the gates.

Zarik: I love that you brought up that point because I think what I've seen from a lot of solutions is so much of “Fraud equals Fincrime and AML” and there's so many other dimensions of fraud. And card not present seem to have been forgotten. Maybe they're not explicitly tied to a regulatory requirement like BSA, KYC, AML, but at the end of the day, they're still going to impact your institution. You're still going to lose money. It seems like that just gets lost in the shuffle. From a safety and soundness perspective, to a regulator, if you lose a lot of money for fraud, if you have a breach, they are going to care about that.

Laura: And then that puts your whole growth strategy, depending on what size of bank you are, in jeopardy, as well as many other things. So we always had and continue to have that same vision. But what we realized after starting the company is that it's very hard for a financial institution to buy that solution out of the gates. So what we've done with our products is we've broken them down almost into their building block pieces.

There's still the interoperability between all of them. So what we do in credit and what we do in fraud and what we do in compliance, there's that interoperability, but we allow a customer to have an entry point at different places and not need to fight everything off all in one go. And that goes to meeting the customer where they are and what they're ready for.

And yes, having opportunities to grow with them, but not asking for all of it to happen out of the gates. I'd say that's our biggest learning.

Zarik: Yeah. I love that you mentioned the customer centricity. Because so many times, a lot of these offerings, they talk about the customer being the end partner bank or the end fintech, or the end credit union, but the actual person who they’re all trying to help - the customer, the user - is sort of forgotten in the shuffle.

Laura: Yes. And we are very much a B2B company, but everything we're trying to enable is all about what happens in the B2C.

Zarik: That's cool. So I want to shift and talk a little bit about the offerings that you have. Talk to me a little bit - let's start with Unbiased because that's the one that stood out to me. What is Unbiased? And am I right to say that's kind of the main offering at Stratyfy?

Laura: So, I would say that it's one of three main offerings, right? And, that's our main offering in the compliance space.

It actually came out of our offering in the credit space. When we were in the credit decisioning, the place we started was how do we help lenders make better decisions throughout a loan life cycle? Though, primarily it's that approve / decline decision that they're making on a borrower and associated terms after that.

We always believed that one of the ways you should evaluate a given model or decisioning strategy is on the metrics of biases or fairness measures. Just like I may compare a AUC or KS between two models, I may look at two decisioning strategies and see what's my expected approval rate, my expected default rate.

I should also be able to look across two strategies and say, okay, what's my disparate impact. Right? Across different protected classes is one of these strategies raise fairness concerns or issues, while another one does not. You can almost think of it as that less discriminatory alternative search or mindset upfront.

We received such positive feedback on that, if you will, fairness piece alone, that we spun it out such that it can be available. Even if someone built their models and decisioning strategies using another provider, that's kind of the genesis of where Unbiased came from.

Zarik: One thing I was thinking when I was looking at the product and I was thinking back to past life and my own experience was the concept of disparate impact, maybe more so from a third line perspective. We were told - don't design any tests to look for disparate impact.

Because if you do, you're creating a paper trail that a regulator is going to be able to grab and say, boom, we got you. So that was a legitimate risk that, some of the folks who were advising us from the legal side - this is like 10 plus years ago, so I don't mind talking about this - but they saw that as a risk.

In my mind it didn't make sense. Wouldn't you want to know if you're doing that? I get that you don't want to gift wrap something for a regulator, but at the same time, do the right thing.

Laura: That’s the see no evil, hear no evil approach that still exists in the market today.

Zarik: How do you deal with that? Have you dealt with that as you've tried to bring this to market and what's your mechanism around it? Do you just not work with institutions like that?

Laura: Yes, we deal with this today. I would say it's a dying viewpoint, for lack of a better term. Two and a half years ago when we first launched this new product, I spoke with a Chief Compliance Officer at a large community bank who told me, “I don't want you to pick up a rock because if I know what you found underneath, I have to find it.” Hence the see no evil hear no evil mantra. So, it exists. It's dying. Right? And I think that that is because, historically, it was very hard to do this type of testing on a frequent and robust basis.

So it was like anything, maybe you don't sleep very well at night, but if you don't know about it, you can't say that you didn't do something about a problem. You knew about where we are today. Technology like what Stratyfy offers enables a financial institution to do this type of testing on a frequent basis, in a robust manner, in a proactive fashion.

So what we're seeing now is folks - regulatory bodies, industry groups - that are focused on seeking out this kind of behavior and as a result have been pushing more on institutions to say, okay, show me where you tested things. The law says you have to test it, right? It's very clear in the law that you have to test it, so, that has made it harder for people to hide behind this.

Zarik: Very old school mindset.

Laura: But it still exists. It's still there. It's an increasingly smaller population of folks feeling that way. Increasingly professionals in the space recognize that it's worth the time and effort to get the stuff right the first time.

The other thing that's changing is folks are also realizing that it's good for their business. And so this is not just a, “I'm going to check the blocks on compliance.” I also have an opportunity to find a way to extend capital to a new customer base.

Zarik: Yeah. That have never been marketed to, or are new to credit.

Laura: You want to create the most loyal customer of all time. Do that, find that person and then nurture that relationship and don't compete for a basis point here or there in the super prime area. Find ways to find the good folks, that are a bit more out the risk spectrum and more and more lenders are recognizing the profitability benefit of that, and the growth benefit of that.

Zarik: Yeah. I think just given how saturated banking, at least in the U S seems, why wouldn't you want to tap into a untapped base of customers? But let's rewind a little bit.

You talked about the regulators. You were working in a large regulated institution, so I'm sure you had your encounters, directly or indirectly, with regulators. In Stratyfy, your experience with this company, what have your interactions with regulatory bodies been like, what kind of feedback have they given you or indirectly, what have you heard through some of your clients?

Laura: Yeah.

Zarik: Would love to get some of that perspective.

Laura: So part of our strategy since day one of founding the company was to form relationships across the regulatory body, across the regulators. We have always had the view that we want them to know us. We want them to know what we're doing.

We want them to know about the type of change we're trying to drive. We want them to understand that there's a way to leverage AI, more specifically machine learning technology, without it being a black box. And that there's different levels of transparency, and you have to ask things like, who is this transparent to?

Is it just transparent to the data scientists on your team? Or is it transparent to the subject matter experts, the compliance professionals, the external and internal audit committees, for example. So we wanted to be the ones talking to them about these topics. And we found a very strong reception across the regulatory bodies.

And we encourage this with all of our customers. And most of our customers already have this position. If they don't, we encourage it. You know, the worst thing you can do is hide from your regulators.

The worst thing you can do, going back to our previous topic, is not be the person that found the problem.

You always want to be the person that found the problem and did something to remediate it. The regulators, they've said it to us, they've said it to our customers - they view that very favorably.

Zarik: I'm curious if you've seen this as well - when I was at Discover, the institution I worked at years ago, we launched free FICO scores, which at the time, why would anybody do that?

The regulators actually cited it and they said, we like this. And then, some of our peers and rivals followed suit. So in the same vein, I think that kind of feedback will come at some point.

Laura: And that's part of our commitment, right? Teamwork is a core value of ours. We believe in that collaborative nature. It extends to our customers, our partners and the regulator. And that's how we want to work with them. We find that there's this belief that regulators are anti-innovation. We find that is not the case whatsoever. They're actually very pro innovation. They just want to make sure it's coming from folks that understand what's going on in the industry and understand the uniqueness of financial services versus other industries.

These are decisions that truly impact people's lives. So we think the higher level of scrutiny on those decisions is actually warranted. If you come to a regulator an advocacy group or other groups, and you have a proposition for how to leverage innovation to drive positive change. They are very receptive.

Zarik: Yeah. And I think that's a win for everybody in that case. Talking about the end user who's benefiting from this, a sense I got from looking into and understanding more about your company is a lot of talk about financial inclusion and I'm curious if there's any motivation behind your passion behind making finance and banking, consumer FinTech, more accessible, to those folks we talked about previously, like the new to credit, looking at things like alternative data, et cetera. What would be a motivation or driver behind that for you? Looking at that as an angle, you could certainly say, “Hey, this is great for, businesses.” Clearly there's something more here that I sense when I look at this?

Laura: It comes from at its core to back to the founding story, why we founded this company and why we wanted to do this for me very personally.

It comes from background. My parents - my father's an immigrant, my mom's second generation, right? - came to this country, worked, built themselves up from the bootstraps, blood, sweat and tears to get to a place where they could be business owners. One of the motivators behind why I left my previous job is I really wanted to feel like I was making a positive impact on the world. Financial inclusion is not just about doing the right thing. It is ultimately about contributing positively to our GDP.

It’s actually been shown that when we provide fairly priced financial instruments to a wider group of people our economy thrives. And when we don't it stifles our economic growth. Citi had a report that they put out where they estimated that 16 trillion had been lost in revenue due to biased lending practices since the year 2000.

So it’s not just the right thing to do. It's also good for our economy. That's very inspiring and motivating to me. You may say, there are plenty of ways to do that that aren't in financial services. That's what I know and love. And this is how I make my impact.

And you think about things like, having a fairly priced loan when you lose your job or when you have an unexpected financial expense that changes a person's life. If they can have access to a fair financial product then they can buy their first home, that changes people's life. It's the way that we have wealth accumulation and intergenerational wealth - if they can get the capital to start a small business, these are all the things that give people opportunity and change lives and I wanted to be part of that.

Zarik: I think that's fantastic. And it resonates with me as well because I'm, first generation myself, both my parents are immigrants. This leads into my next question. It's really amazing how it seems to be the same guardrails, almost the same bouncers, if you will, to the club, that everybody seems to need to find a way to get around. [For most people, they will say] “my first credit card was a Discover. And then you slowly build your credit and you get in there. But I'm curious, specifically thinking about the bureaus, the three credit bureaus, do you feel that your product - does it sort of work around them?

Do you see a future where everybody's going to realize that to achieve that goal you're talking about where everybody gets it - financial inclusion means more GDP, better economy, revenue for companies - is everybody going to have to start working around them or are they going to need to look at solutions like yours and others and say maybe we should adapt.

Laura: Yeah, I think it's the latter. I think that there's a place for the credit bureaus, right? We have partnerships with some of the bureaus and relationships with all of them and they get that and know that they want to find a way to better assess the risk for thin file, no file, and get better separation in the lower credit score bands - the same objectives. It's a hard thing. Everything ultimately goes back to a FICO and VantageScore today. And having a three digit number describe 330 million people is a hard thing to do. I expect most scorers that are looking to do a wide purview of things where they need to evaluate, there's always going be this band of credit scores where you need more advanced analytics like what we offer. Or you need supplemental data, more information. You need a better way to pick through to find the goods from the bads - I don't see that need going away anytime soon.

It doesn't mean that there's not still a lot of value that credit scores and the credit bureaus provide. But that need to pick through, the harder stuff, I think is always going to be present.

Zarik: Sure.

Laura: I think it's always going to be present.

Zarik: Those are the diamonds in the rough you're going to miss out.

Laura: You're going to miss out. If you look by the score, it looks quite risky, but -

Zarik: You can't just say 660 FICO.

Laura: 100%. You know, 70 percent of Americans have prime credit scores yet only 50 percent of Americans have - there's a lot of people being missed in there that have never defaulted on a loan product, right? And never had a bad experience with the credit product. They're just not getting access - I love what you said about the bouncer analogy.

People call it financial literacy, and I actually think that's a misnomer. It's understanding the tricks similar to getting by a bouncer at a club, it's their tricks to how to do it. Certain people haven't been taught those tricks.

And, that's why they come from a community that has financial trauma and then doesn't trust the banking sector, often for good reason, right? And that's what's missing. It's more about access to those tricks of the trade than the literacy piece. People always group it under literacy, and I think it's a bit of a misnomer.

Zarik: Yeah, and this will lead me to our last question, because I know we're right at time here, but there's clearly an element of humanity that's been permeating all these questions in this conversation.

I'm curious, even though we're talking about using amazing technology to solve these problems, I'll end with the AI topic, right? How do you see, from your perspective, as more AI use grows in institutions and fintechs and partner banks, do you see increasing risk that these individuals we talked about are going to get increasingly shut out and that they won't be able to access any human being to have some of these considerations? There's a lot of users having their own stories as you talked about for yourself – [in response to that] maybe you see a groundswell of people coming up with AI assisted solutions, but ones that don't forget about the human element. You know what I'm saying?

Laura: That's a phenomenal question. So where to begin? I believe strongly that the right path forward with AI is the second one you outlined with the human assistant.

It's an enabler, not a replacer. It takes over the tasks that are tedious and challenging for humans to do and provides greater information for the humans to ultimately contextualize. We are a long way from an AI system being able to contextualize information, let alone go between different tasks.

But even just in one specific task, it takes that contextualization a long way. being able to do that. Humans are good at it. Let's bring the two together such that the result is better than either of the parts on their own. That is our vision,

I do think that there is a real risk that we don't have the proper checks and balances on the AI - and that is mainly due to the fact that AI learns from data, period, full stop, right? Based on the data that you feed it, it will learn different things. All data is biased. It's not a question of if your data is biased, it's a question of how.

All data is biased. And if the person feeding the data in is not trying do something nefarious - even if someone's not – and they're just feeding it data and they don't have the control and the visibility to understand what biases are embedded in that data, then all we're going to get is faster iterations of the same thing that we've had in the past.

And I don't think anyone would claim that our financial system is perfect. So we have a real risk that the snowballs could start going down the hill and getting larger, and that's why we believe so strongly in smart regulations,

That's not over regulation. It's smart regulation. Smart regulation to us means regulation that's focused on that visibility, that understanding behind what's happening in the AI system, making sure that the humans that are running it and using it to service their customers can trust it. And we believe very strongly that trust doesn't come without that level of understanding of knowledge into how the thing is working.

I can't just know the inputs and the outputs.

Zarik: You have to have that experience.

Laura: And I’ve got to know what's going on in the middle. Otherwise, how can I then allow it to help me do more of the tasks that I would otherwise be doing with any level of confidence?

Zarik: Well, Laura, it's been an absolute pleasure, really appreciate it. Best luck to you at the conference thank you so much.

Laura: Thank you, Zarik. It’s been really great.

Zarik: Likewise.

[Note: Although I wasn’t planning to contribute any articles directly during Ramadan, this was sitting in the hopper and I decided to power through and get this out - enjoy!]

Thanks for joining us for the final part in our 2025 preview series! Last time we toured the globe to look at upcoming M&A deals and how regulatory factors could play in. In this edition, we stay out of the States (covered that in Part 1) and dig into what to expect from a regulatory perspective from some of the top fintech markets in the space. Due to time (and space) constraints, we can’t make this a truly global tour, but rest assured we’ll make sure you have a good trip. Sit back, relax and enjoy your flight!

China

mBridge

We haven’t talked about mBridge before, so here’s a primer for the uninitiated. Assuming you’ve heard of Central Bank Digital Currencies before, mBridge is an ambitious effort that is seeing the People’s Bank of China (PBC) collaborate with the Hong Kong Monetary Authority (HKMA), Bank of Thailand (BoT), the Central Bank of the UAE (CBUAE) and the Saudi Central Bank. The effort was spearheaded by the Bank for International Settlements (BIS), the nearly 100 year old consortium of Central Banks which has driven a ton of innovation as of late in the payments space.

So what does it do? Powered by central bank digital currencies, the platform enables real-time cross-border payments and foreign exchange transactions. The real goal is to look at legacy solutions like SWIFT and jump leaps and bounds in terms of transaction times and cost. Some of the goals on the horizon:

• Interoperability protocols to connect mBridge with non-participant CBDCs, including the EU’s digital euro and India’s e-rupee.

• Smart contract integration for conditional payments, such as trade finance escrows tied to IoT sensor data (e.g., shipping container temperature verification).

• Scalability upgrades to handle more transactions per second (TPS).

The reason this is framed as a China-centric project is because the global organization (BIS) overseeing the project exited in late 2024, and the initiative is now led by a consortium that the PBC is leading. The focus of the consortium is a rulebook that focuses on AML compliance across jurisdictions (global initiatives have to take local nuances into account!), dispute resolution (customer has to come first!) and liability frameworks for outages (if the system goes down, the operators are going to be on the hook - not the users). There’s also an interesting overlaps between the BRICS Bridge project and mBridge’s observing members that includes Egypt and Iran - in other words, a path out of jail for countries like Russia that are facing massive global sanctions. Many central banks have pushed back on mBridge, claiming that institutions that transact using it especially with Russian or Iranian entities, could fall afoul and be subject to sanctions - with this being speculated as the primary reason why BIS exited the project. However, the PBC has contributed anonymization technology to mBridge’s operations that may make that impossible.

Goals and challenges for mBridge in 2025:

1. Transaction Volume: Its pilot back in 2022 transacted $22 million USD worth. Given the project has had more new joiners since, it is likely that number has massively grown since and will certainly keep growing.

2. Technical Risks: Validator node conflicts could emerge if a central bank unilaterally adjusts FX rates for example, causing significant amounts of settlement failures.

3. Regulatory Fragmentation: The EU’s Markets in Crypto-Assets Regulation (MiCA) (we’ll discuss this later) and U.S. Crypto-Asset National Security Act (CANSEE) impose conflicting compliance requirements on mBridge-participant banks

4. Onboarding India and Brazil - true BRICS cohesion won’t be possible without adding the two letters of the entire equation to this. India is deeply anti-crypto, and Brazil has been knee deep in its focus on expanding its PIX payment system.

5. Diversify. The majority of CBDCs under mBridge are e-CNY, which creates insufficient incentive for other countries to participate.

6. Prevent forks - there are rumored spinoff fork currencies that would tokenize reserves to XRP and USDT, both of which are not supported by governments but could destabilize the whole pitch of the CBDC.

Regulator Paycuts

Chinese authorities reduced salaries by 50% for key personnel at major financial regulatory bodies such as the PBC and China Securities Regulatory Commission starting January 2025. Analysts believe this so-called austerity measure seeks to prevent regulatory capture as the banking sector faces corruption investigations.

Data Privacy and Security Regulations

China's data privacy and security landscape underwent significant changes with the introduction of new regulations and compliance measures. The big update is the Measures for Data Security Management of Banking and Insurance Institutions, issued by China’s “mega-regulator” the National Financial Regulatory Administration (NFRA) on December 27, 2024. Key points:

• Regulatory scope - wide, including commercial banks, insurance companies, and other banking/insurance entities including foreign-funded banks

• Data Governance - a system focused on this must be established by institutions with a focus on data life cycle protection, security risk assessment, and monitoring

• The creation of a Centralized Management Department in institutions, to handle tasks like data classification, security assessments, emergency handling and risk monitoring

• Security Assessments and Audits - these must be conducted where there is sensitive or higher level data. Every three years, annual data security risk assessments and comprehensive audits must be performed.

• Penalties - between RMB 200K - 500K, along with business suspension or revocation of licenses.

Historically, China has faced criticism for perceived security risks, including government intrusion and a wide network of hackers. The U.S. and other countries have expressed concerns about Chinese companies' potential role in espionage and data breaches. However, these data regulations should boost domestic governance while simultaneously addressing global security issues. China is clearly aiming to reassure its international partners by strengthening data protection standards and offering regulatory transparency, which will enable local and international businesses to operate more seamlessly worldwide.

Unified Compliance Management Requirements

At the end of last year, the NFRA also issued the Measures for Compliance Management of Financial Institutions which went into effect this past week. Some of the features/focus areas:

• A Comprehensive Compliance Framework - Establishing a top-down responsibility system, assigning compliance duties to all levels of departments and employees within financial institutions

• Defining the role of the Chief Compliance Officer - as a senior management leader leading compliance management at the org.

• Compliance Management Department - defined as either a concentration within a single department, or distributed across multiple non-conflicting departments with a “leading department” clearly designated.

• Reporting and Supervision - Ensuring the compliance management departments report to the CCO, with provincial level branches reporting to compliance officers at the same level.

• There is a one year grace period to comply.

European Union

MiCA

We haven’t really touched on this regulation in the past, but MiCA is a set of rules created by the EU to regulate cryptocurrencies and related services across Europe. It aims to provide a clear framework for how cryptocurrencies (like Bitcoin or Ethereum) and other digital assets are issued, traded, and stored within the EU. The focus is on things like licensing, transparency, consumer protection, and capital requirements. The hope is that it will help to create a safer and more trustworthy environment for people using cryptocurrencies in Europe. The goal is also to standardize how crypto businesses operate, making it easier for them to expand across different EU countries.

The regulation went into full effect in December 2024, and it will be interesting to see whether companies are able to handle the regulatory burden successfully. There have already been supplemental rules published that are focused on technical standards, business continuity, an approval process for white paper publication, how to value transactions, and supervisory authority updates.

DORA

If MiCA was one area of focus for the EU that kicked in this year, the other is DORA. Similarly, we haven’t really talked about it, but as a quick primer, it stands for the Digital Operational Resilience Act. It's a regulation created by the European Union (EU) to help financial institutions and their technology partners protect themselves from cyber threats and other disruptions that could affect their operations. The focus is on information and communication technology (ICT) system risks, incident reporting, operational resilience testing, encouragement of information sharing between institutions on threat intelligence, and third party risk management.

While this isn’t a fintech/financial services specific regulation, fintechs should consider the cost of complying with the ICT provisions, along with the opportunities that could arise like innovating in cybersecurity, resilience testing, and third part risk particularly for offering solutions to help financial institutions come into compliance.

Project Guardian

This is an initiative launched by the Monetary Authority of Singapore (MAS) in May 2022 by implementing asset tokenization - for the uninitiated, this is taking traditional assets like bonds and fonds into digital tokens that can be traded more easily. The EU has not formally joined, but two member state central banks (Germany ‘s Deutsche Bundesbank and Switzerland’s FINMA) are part of the effort, with Bundesbank coming aboard just a few months ago.

The Bundesbank’s involvement is important as it is testing a blockchain platform for tokenized and digital funds, which aligns with Europe’s focus on distributed ledger technology and blockchain. Clearly, at least one central bank wants to be involved in shaping global standards for digital assets and tokenization. However, it will be interesting to see how the ambitions of European regulators runs up against MiCA’s valuation rules and whether it creates any friction/tension.

India

The big shift here is Sanjay Malhotra becoming Governor of the Reserve Bank of India (RBI) in December 2024. Who is this guy??

• Background - Degree in Computer Science from IIT Kanpur in 1989 and later earned a Master's in Public Policy from Princeton University.

• Career: Malhotra has extensive experience in finance, taxation, and administration. Before becoming RBI Governor, Malhotra held several key positions 1) Revenue Secretary: Played a crucial role in tax policy formulation and financial services management. 2) Secretary, Department of Financial Services: Instrumental in launching the initial public offering (IPO) of the Life Insurance Corporation (LIC) and served on the RBI board.

• Views - He could contribute to a more pro-business environment by potentially adopting a more accommodative monetary policy stance. This might include interest rate adjustments to stimulate lending and economic activity. However, whether this translates into a deregulatory environment remains to be seen, as his focus is on balancing growth with financial stability rather than eliminating regulations.

However, the following present evidence of the direction he’s going in:

Microcredit Rule Relaxation

In February 2025, the Reserve Bank of India (RBI) implemented a major revision of its microcredit rules. They exempted loans under ₹50,000 ($600) from stringent income verification requirements. The RBI implemented this policy to enhance financial access for rural populations by simplifying the process of obtaining small loans.

Microfinance serves as a key tool in India to deliver financial services to households with limited income. The microfinance sector encountered difficulties when RBI raised risk weights for microfinance loans in November 2023 making bank lending more costly. By relaxing these rules, the RBI is essentially admitting it was wrong and now hopes to boost lending to small borrowers and support economic growth.

Even though this policy relaxation enables greater credit access for people it creates potential risks of growing non-performing assets (NPAs). NPAs represent defaulted loans that place financial burdens on the lending institutions. Experts express concern that relaxed lending standards could lead to higher default rates in sectors where nonpayment is already prevalent.

First Rate Cut in Five Years

On January 7, 2025, the RBI cut its benchmark interest rate, known as the repo rate, by 25 basis points to 6.25%. This was the first rate cut since 2020 and marked a shift in the RBI's monetary policy stance.

India's economic growth was slowing down, with GDP growth projected to decline to a four-year low of 6.7%. The RBI aimed to stimulate lending and economic activity by reducing borrowing costs for businesses and consumers. Lower interest rates can make loans cheaper, encouraging people to borrow and spend, which can boost economic growth.

This rate cut may lead to slightly lower mortgage and credit card rates, reducing borrowing expenses for businesses. However, it also reflects the RBI (and Malhotra’s) cautious approach, as it maintained a "neutral" policy stance, indicating potential for further rate adjustments based on economic conditions.

Regulatory Review Mechanism

As part of India's Budget 2025, a new regulatory review mechanism was introduced. This framework requires the RBI and the Insurance Regulatory Development Authority (IRDAI) to conduct a comprehensive review of financial regulations every three years.

Regulators must now calculate how much it costs businesses to comply with new rules. Also, old regulations that are no longer needed will be phased out. Lastly, within six months of implementing new regulations, regulators must publish detailed analyses of their expected benefits and drawbacks.

If you’re in the US, does all of this sound familiar? There’s clearly a deregulatory wave sweeping the globe here, and while there’s a lot of energy behind this movement right now, whether you’re in India or in the US it will be interesting to see whether the impact of these helps consumers and businesses or creates new challenges (or worse, revives challenges long thought dormant/dead).

Singapore

Payment Services Act Expansion

The primary payments regulation in Singapore is the Payment Services Act. We’ve touched on this briefly in prior editions, but the PS Act was passed in January 2019 and came into effect in 2020. It's designed to regulate payment services and systems in Singapore, providing a single framework for various types of payment activities which include account issuance (i.e. e-wallets), domestic money transfers, cross-border transfers, merchant acquirers, e-money issuance, digital payment tokens, and currency exchange.

So what’s new with this regulation? Over the last year and spilling into this year, there have been some key updates. In April 2024, the MAS updated the PS Act to include more types of payment services under its regulation, including those that offer custodial services for crypto or other digital tokens, those that transfer or exchange crypto/digital tokens, and cross-border money transfers including where money is being sent outside of Singapore.

In terms of the compliance timeline, by May 2024 payment institutions had to notify MAS about their activities. Then by October they had to submit license applications. Finally, in January they had to provide auditor reports confirming their compliance with the new rules. This isn’t just some threat - when the original rules rolled out, several high profile withdrawals occurred, with Binance being the biggest one in 2021. It remains to be seen whether there will be more to come under these revisions.

Equity Market Development Program

In February 2025, MAS launched a S$5 billion equity market development program. This initiative aims to boost Singapore's stock market by:

• Investing in local stocks: MAS will invest with fund managers who focus on Singapore-listed small and mid-cap companies.

• Tax incentives: Fund managers get a 5% concessionary tax rate, encouraging them to invest more in local stocks.

• Supporting IPOs: The program includes tax rebates for companies listing on the Singapore Exchange (SGX).

Singapore's IPO market had seen a significant decline since 2022. This program aims to reverse that trend by making it more attractive for companies to list in Singapore and for investors to buy local stocks.

Global Fintech Network Expansion

Let’s break down what the GFTN is - it’s an initiative started by the MAS in November 2024 to connect fintech ecosystems around the world. Some of the key features include cross-border collaboration, fintech innovation, and regulatory cooperation. High level stuff, but there are tangible benefits like expanding global reach for certain markets by essentially partnering with the MAS.

The size of this network is 18 countries, which includes as its latest members Georgia and Namibia. More specifically, countries that are joining this are getting access to Singapore’s leadership in cross-border payments. While it’s unclear if Project Guardian plugs into this, the organization says its main techniques will be to convene forums, offer advisory services on innovation ecosystems, provide access to transformative digital platforms, and invest in technology startups with the potential for growth and positive social impact.

One might wonder, what is the difference between GFTN and BIS? (Okay, at least I’m wondering). At first glance, it would seem that GFTN offers an alternative to the more well-established BIS, which is older and more European in its origins. And to some extent that’s likely true as BIS is focused on global financial stability and cooperation among central banks, while GFTN is focused on innovation and connectivity. GFTN is also fairly niche in its focus on innovation and technology, while BIS covers monetary policy, financial stability, and international cooperation. Rather than being competitive, it can be argued they are complimentary, with BIS focusing on getting its member central banks to a place of stability, and then GFTN pushing some of those same members to think creatively and push the boundaries.

In any case, it will be interesting to see what develops as the GFTN matures into this year.

Conclusion

Let’s simplify all of this. In 2025, regulators globally are going to be facing big challenges (here in the US, their entire existence is being challenged or fundamentally reshaped, but that’s for another time). On one hand, they want to protect their country’s data and digital currencies and maintain control over how they are used. But at the same time, they want to make sure there’s cross-border interoperability. There’s a push and pull between standardization efforts like MiCA and Basel III coming up against fragmentation risk. However, using AI to help adapt to changing regulations along with joining collaborative forums like GFTN can overcome these challenges - provided countries are willing to cooperate especially when it seems like the world is hunkering down into various camps (BRICS, EU, ASEAN, etc) in response to the void created by the US going into full cutback mode, with reversals on foreign aid and ramp ups in tariffs.

One thing’s for sure - no one can truly predict what this year is going to hold. But I hope our series gave you somewhat of an idea of what to expect!

Housekeeping/Promotional Message - Are you attending Fintech Meetup? If you are, please contact me! I am putting together a Fintech Compliance dinner for folks in the space during the event, and want to gauge your interest, or even better, discuss co-sponsoring the event.

We interrupt our 2025 preview series to bring a special edition of Fintech Compliance Chronicles. It’s almost a year to the date from when the news of Capital One seeking to acquire Discover was announced, and yesterday’s shareholder vote marks a significant milestone in this financial saga. Let’s unpack the vote and understand the implications from a regulatory compliance lens.

Shareholder Approval: A Resounding “Yes”

The numbers speak volumes. At Capital One’s Special Meeting, an overwhelming 99.8% of voted shares supported the deal, representing 85.1% of total outstanding shares as of December 27, 2024. On Discover’s side, the enthusiasm was equally palpable, with over 99.3% of voted shares favoring the transaction, accounting for approximately 81.6% of outstanding shares.

This near-unanimous approval from shareholders on both sides is a major, albeit wholly unsurprising, vote of confidence in the merger. These figures represent a huge portion of each company’s total outstanding shares, indicating strong engagement from shareholders. I will point out these numbers are quite high - for comparison, a recent merger of two regional banks in Ohio only received approval from 85 and 65 percent of their respective shareholders.

Regulatory Hurdles: The Road Ahead

While shareholder approval is a crucial step, it’s just one piece of the puzzle. As we’ve discussed in our previous articles, the regulatory landscape looms large over this deal. Capital One anticipates closing the transaction in early 2025, subject to approval from the Board of Governors of the Federal Reserve System and the Office of the Comptroller of the Currency, along with other customary closing conditions.

Remember when we talked about the potential regulatory challenges? Well, they’re still very much in play. Capital One will need to play nice with the DOJ on this deal, which becomes much easier given the change to a more business-friendly Trump administration.

Compliance Considerations

Let’s revisit some of the key compliance aspects we’ve discussed previously and see how they might be affected by this vote:

Network Integration and Compliance

The overwhelming shareholder support might accelerate plans for integrating Discover’s network into Capital One’s operations. This could potentially lead to faster implementation of compliance measures across the combined network infrastructure. However, it also means that regulators will be watching closely to ensure that this integration doesn’t create new compliance risks or exacerbate existing ones.

Deposits and Banking Services

With shareholders giving their blessing, we might see quicker movement on integrating Discover’s deposits business with Capital One’s existing services. This could lead to new compliance challenges, especially if they decide to expand their physical presence or venture more aggressively into business banking, as we speculated earlier.

Fraud and Risk Management

The shareholder approval doesn’t directly affect the fraud and risk management strategies, but it does set the stage for potentially faster integration of these crucial compliance functions. Capital One will need to ensure that any changes or consolidations in these areas meet or exceed current regulatory standards.

The Regulatory Approval Process

While shareholders have given their enthusiastic support, the real test lies ahead with regulatory bodies. The extension of the merger agreement’s termination date to May 19, 2025, gives some breathing room, but also indicates the complex nature of the regulatory approval process.

It’s worth noting that the Office of the Delaware State Bank Commissioner has already given its nod to the deal back in December 2024. However, the big players - the Federal Reserve and the OCC - are yet to weigh in.

The political landscape adds another layer of complexity. With the potential shift in regulatory stance under the current administration, there’s speculation about a possibly less rigid approach to bank mergers. However, this doesn’t mean it’s smooth sailing from here. The size and market impact of this deal ensure it will face rigorous scrutiny.

Implications for Customers and Employees

While the shareholder vote doesn’t directly address the concerns we raised about potential impacts on customers and employees, it does set the wheels in motion for the next phases of the merger. The overwhelming support from shareholders might embolden the leadership to move more decisively on integration plans, which could accelerate any potential changes to product offerings, customer service structures, or employment situations.

Discover's Financial Restatement: A Bump in the Road

We didn’t cover it as it happened (I blame the travel and year-end business for that) but Discover's financial restatement stemming from its now-notorious card misclassification issue was a textbook example of the kind of compliance concern that can complicate even the most strategically sound deals.

The Background

In late 2024, Discover Financial Services found itself in hot water with the Securities and Exchange Commission (SEC) over a significant accounting error. The aforementioned misclassification issue led to a substantial understatement of liabilities. Initially, Discover had recognized a liability of $365 million related to this issue. However, after review and discussions with the SEC, this figure ballooned to a whopping $1.2 billion.

The implications were far-reaching:

1. Discover had to restate its financial statements for 2022, 2023, and parts of 2024.

2. The restatement involved reallocating $600 million from other expenses to a revenue error correction in prior periods.

An additional $124 million in interest payments had to be reallocated to the third and fourth quarters of 2023.

The company's assets increased by $190 million, accrued expenses and other liabilities jumped by $783 million, and retained earnings decreased by $593 million as of December 31, 2023.

The impact of this caused delays in business-as-usual filings; the New York Stock Exchange (NYSE) issued a non-compliance notice to Discover for failing to timely file its quarterly report for Q3 2024.

Impact on the Merger Process

Now, you might be wondering, "How does this affect the Capital One deal?" Well, it's not just about the numbers; it's about trust, regulatory scrutiny, and timing.

Regulatory Scrutiny: This kind of financial restatement inevitably attracts additional regulatory attention. The Fed and OCC, already eyeing this deal closely, now have another reason to put everything under the microscope.

Timing Delays: The need to restate financials pushed back several key steps in the merger process. Capital One couldn't file its pre-effective amendment to the Registration Statement until Discover got its financial house in order.

Shareholder Confidence: While shareholders have now approved the deal, the restatement could have shaken investor confidence. It's a testament to the perceived value of the merger that approval remained strong despite this hiccup.

Compliance Concerns: This incident highlights the importance of robust compliance and accounting practices. You can bet that regulators will be looking closely at how the combined entity plans to manage these risks going forward.

The Silver Lining

Believe it or not, there's a positive spin to this story. Discover managed to file its restated financials before the end of 2024, as promised. Literally the same day, Capital One filed the pre-effective amendment, demonstrating how critical fixing this was to the deal being able to continue to move forward.

B of A analyst Mihir Bhatia even noted that filing the restated financials was "another step towards gaining approval" for the Capital One acquisition. It cleared a significant hurdle in the merger process, allowing both companies to move forward with more confidence.

Looking Ahead

As we’ve seen time and again in the financial world, shareholder approval is a crucial step, but it’s far from the final word. The regulatory gauntlet that lies ahead will ultimately shape the final form of this merger and its impact on the financial landscape.

Welcome back! As we kick off 2025, the Fintech and banking sector are buzzing with M&A activity that have kept regulators on their toes, from the US to Europe to China. These deals are not only re-shaping the financial landscape; they are stress-testing regulatory structures in courts. With each transaction, we are seeing a complex difference of antitrust concerns, shareholder rights and market impact.

In this article, we will break down the major M&A deals on the horizon, which are facing regulatory obstacles, and explain the priorities of the involved financial institutions. We will see how regulators are considering these deals and what compliance professionals should keep in mind.

Capital One/Discover

We have covered the Capital One/Discover merger extensively in these parts. What we haven’t talked about is other deals involving mergers/acquisitions of relatively large US banking institutions that offer a contrast. The deal that came to our mind was the acquisition by Wintrust Bank of Michigan-based Macatawa Bank, which has comparison points in terms of regulatory scrutiny and approval processes. Let's examine the key differences and reasons behind their respective statuses.

First, Discover and Cap One:

Timeline:

- February 20, 2024: Merger announced

- December 18, 2024: Delaware State Bank Commissioner approval received

- February 18, 2025: Scheduled shareholder vote - keep an eye on this. We will be covering this next week as it happens!

- TBD: Regulatory approval

Why is the deal still pending?

1. Size and Market Impact: The combined entity would become the sixth-largest bank in the U.S. with approximately $625 billion in assets. This significant increase in size raises antitrust concerns and requires more thorough regulatory scrutiny.

2. Regulatory Complexity: As a larger institution, Capital One is primarily regulated by the Office of the Comptroller of the Currency (OCC). The merger requires approval from multiple agencies, including the OCC, Federal Reserve, and potentially the Department of Justice.

3. Updated Merger Guidelines: The merger is being evaluated under recently updated guidelines from various regulatory bodies, including the FDIC and DOJ, which focus more on competition and consumer impact.

4. Political Scrutiny: The merger has drawn attention from politicians, with senators like Elizabeth Warren expressing concerns about potential anticompetitive effects.

5. Network Consolidation: The merger would combine Capital One's card-issuing business with Discover's payment network, potentially raising concerns about market concentration in the payments industry.

Wintrust and Macatawa:

Timeline:

- April 15, 2024: Merger announced

- July 31, 2024: Shareholder approval received

- August 1, 2024: Merger completed

Why was the deal completed so quickly?

1. Smaller Scale: The combined entity resulted in approximately $62 billion in assets, significantly smaller than the proposed Capital One/Discover merger, likely raising fewer antitrust concerns.

2. Regional Focus: The merger primarily expanded Wintrust's presence in West Michigan, maintaining a more localized impact.

3. Different Regulatory Oversight: Wintrust, as a smaller bank holding company, is primarily regulated by the Federal Reserve, which may have different criteria for merger approval compared to the OCC.

4. Less Complex Integration: The merger involved integrating traditional banking operations without the added complexity of a major payment network.

5. Shareholder Approval Focus: News reports emphasized shareholder approval, with less public discussion about regulatory hurdles, possibly due to the smaller scale and regional nature of the merger.

BlackRock/HPS Investment Partners

We don’t talk a lot about the asset management space here, but we would be remiss if we didn’t cover BlackRock's acquisition of HPS Investment Partners based purely on the large size of the potential combined company. This follows closely on the heels of Blackrock’s successful acquisition of Global Infrastructure Partners (GIP) in October 2024. These deals showcase BlackRock's aggressive expansion strategy in the private markets sector.

HPS Investment Partners Acquisition:

Timeline:

- December 3, 2024: Merger announced

- Mid-2025: Expected closing date (shareholder, regulator approvals)

Deal Structure:

- Total consideration: Approximately $12 billion

- 100% equity deal using 12.1 million SubCo Units exchangeable for BlackRock stock

Size and Impact:

- Creates a combined private credit franchise with approximately $220 billion in client assets

- Increases BlackRock's private markets fee-paying AUM by 40% and management fees by about 35%

Regulatory Considerations:

- Subject to regulatory approvals and customary closing conditions - Blackrock is currently embroiled with its regulator, the FDIC, on disclosures for its stakes in banks, so who knows what impact this disagreement could have on its approval for this deal.

Strategic Implications for BlackRock:

1. Private Markets Expansion: The HPS acquisition, coupled with the earlier GIP deal, significantly bolsters BlackRock's presence in private markets. This push aligns with the growing investor demand for alternative assets.

2. Diversification of Offerings: By integrating HPS's $148 billion in client assets with its existing $89 billion private debt platform, BlackRock is positioning itself as a top-five private credit manager.

3. Synergies Across Platforms: The combined entity aims to provide seamlessly integrated solutions across public and private markets, leveraging BlackRock's $3 trillion public fixed income business.

4. Enhanced Insurance Sector Capabilities: The addition of HPS is expected to strengthen BlackRock's position as a full-service provider for insurance clients, an area where HPS has a strong presence.

5. Leadership Integration: HPS founders will lead a new private financing solutions business unit within BlackRock, potentially bringing fresh perspectives and expertise to the larger organization.

Potential Implications for BlackRock:

1. Market Position: These acquisitions could solidify BlackRock's status as a major player in both public and private markets, potentially rivaling specialized private market firms like KKR and Apollo Global Management.

2. Cultural Integration: The success of these deals may hinge on BlackRock's ability to integrate the entrepreneurial cultures of HPS and GIP into its larger corporate structure. This is something we’ve speculated about as we’ve discussed Cap One/Discover in the past.

3. Regulatory Scrutiny: As BlackRock grows larger and more influential across various market segments, it may face increased regulatory attention and potential challenges - the FDIC tangle-up is a great example of this.

4. Client Offerings: The expanded capabilities in infrastructure and private credit could allow BlackRock to offer more comprehensive solutions to its global client base, potentially increasing its competitive advantage not just within the US, but around the world.

5. Financial Impact: The acquisitions are expected to result in modest growth for BlackRock's earnings in the first full year post-close, potentially driving long-term growth for the firm.

Apple Card and its suitors

This isn’t a true regulated tie-up, as it’s more akin to a sale of assets, but we’d be remiss if we didn’t cover it - the potential acquisition of the Apple Card portfolio from Goldman Sachs has attracted interest from several major financial institutions, each bringing unique strengths and considerations to the table.

A Recap - Loan Volume and Customer Base

The Apple Card portfolio represents a significant business opportunity:

- As of September 2024, Goldman Sachs had lent out approximately $17 billion through the Apple Card program.

- In early 2024, the number of Apple Card holders in the US was announced as 12 million.

Potential Acquirers:

Several financial institutions are in discussions to take over the Apple Card portfolio:

1. JPMorgan Chase

2. Barclays

3. Synchrony Financial

Regulatory Status and Capabilities

JPMorgan Chase

- Regulated by the Office of the Comptroller of the Currency (OCC)

- Extensive experience in credit card issuance and management

- Strong technological infrastructure and digital banking capabilities

Barclays

- Regulated by the Federal Reserve and the OCC for US operations

- Previous experience partnering with Apple on the Barclaycard Visa with Apple Rewards

- Strong presence in both retail and investment banking

Synchrony Financial

- Regulated by the Federal Reserve

- Specializes in private label credit cards and consumer finance

- Already partners with Apple for buy-now-pay-later options

Potential Impact on Apple Card

JPMorgan Chase

- Potential integration with Chase's robust mobile banking platform

- Possible expansion of rewards program, leveraging Chase's expertise in this area

- Likely continuation of the Mastercard network partnership

Barclays

- Potential for international expansion of the Apple Card, given Barclays' global presence

- Possible reintroduction of Apple-specific rewards, similar to their previous partnership

- Strong retail banking experience could enhance customer service

Synchrony Financial

- Expertise in store-branded credit cards could lead to tighter integration with Apple's ecosystem

- Potential for expanded financing options on Apple products

- Possible challenges in scaling to match Apple's global presence

Key Considerations

1. Technological Integration: Any new partner will need to seamlessly integrate with Apple's existing infrastructure and maintain the user-friendly interface of the Apple Card.

2. Customer Experience: The chosen partner must be able to maintain or improve upon the current customer service standards, which have already been a point of concern under Goldman Sachs.

3. Regulatory Compliance: The new issuer will need to address or avoid the regulatory issues that led to fines under Goldman Sachs, particularly regarding dispute resolution and consumer protection.

4. International Expansion: While currently US-only, a new partner might facilitate the expansion of Apple Card to international markets.

5. Profitability: The new partner will likely seek to renegotiate terms to ensure profitability, as the original deal was viewed as "risky and unprofitable" by some potential acquirers.

Guotai Junan Securities acquires Haitong Securities

Going overseas, we proceed to China where two of the country’s largest state-backed brokerages merged - a significant event in the Chinese financial sector that closed in early 2025 after being announced in September 2024. Although this deal is done and not upcoming, it did close this year so we’re throwing it in as part of our preview.

Merger Timeline and Process

- September 5, 2024: Both companies announced the merger plan and suspended trading.

- October 9, 2024: Merger and restructuring preliminary plan released.

- November 21, 2024: Detailed merger and restructuring plan disclosed.

- December 13, 2024: Shareholders of both companies approved the merger plan.

- December 22, 2024: Hong Kong Securities and Futures Commission approved Guotai Junan as the surviving entity.

- December 23, 2024: China Securities Regulatory Commission (CSRC) and Shanghai Stock Exchange (SSE) accepted the merger application.

- January 9, 2025: SSE's Merger and Restructuring Review Committee approved the transaction.

- January 17, 2025: CSRC granted final approval for the merger.

- February 6, 2025: Last trading day for Haitong Securities.

- February 7, 2025: Haitong Securities submitted the application for voluntary delisting.

- February 10, 2025: Guotai Junan Securities resumed trading.

Key Details of the Merger

1. Transaction Structure: Guotai Junan will absorb Haitong through a share swap, issuing new shares to Haitong's investors in both mainland China and Hong Kong markets.

2. Exchange Ratio: 0.62 Guotai Junan shares for each Haitong share, applicable to both A-shares and H-shares.

3. Combined Entity Scale:

   • Total assets: Approximately 1.619 trillion yuan ($228.3 billion)

   • Net assets: 341.5 billion yuan ($48.2 billion) as of Q3 2024

   • Net capital: 177.4 billion yuan ($25 billion)

4. Market Position: The merged entity will become China's largest securities firm, surpassing CITIC Securities.

5. Capital Raising: Guotai Junan plans to raise up to 10 billion yuan ($1.4 billion) through a share placement to support the merged entity's development.

Integration Plans

1. Business Integration: The companies will swiftly integrate operations, licenses, and business divisions, ensuring smooth transition of business and clients.

2. Organizational Structure: A new corporate governance structure, management framework, development strategy, and corporate culture will be established.

3. Client Services: The merged entity will integrate and optimize retail, institutional, and corporate client service systems to enhance customer experience and expand client base.

4. Risk Management: A unified, vertically managed, and hierarchically authorized group-wide compliance and risk control management system will be implemented.

5. Technology Integration: The companies aim for safe and orderly system integration, effective utilization of basic resources, smooth customer experience transition, and rapid unification of company management.

Regulatory and Market Implications

1. Regulatory Significance: This merger is seen as a benchmark project in the current cycle of securities firm consolidation, being the first A+H listed securities firms' restructuring and the first involving top-tier institutions.

2. Industry Consolidation: The merger aligns with Beijing's strategy to create stronger, more competitive financial institutions capable of competing globally.

3. Market Impact: The combined entity is expected to lead in various business indicators, including investment banking income, net interest income, and scale of lending funds.

4. International Competitiveness: The merger is a step towards building a world-class investment bank, enhancing Shanghai's position as an international financial center.

BBVA / Banco Sabadell

Next we go to Spain, where the next deal is awash in history. BBVA traces its roots back to 1857 when it was founded as Banco de Bilbao in the city of Bilbao, Spain. Over the years, it has grown through mergers and acquisitions to become one of the largest financial institutions in Spain and a major player globally. Meanwhile, Banco Sabadell, founded in 1881 in the city of Sabadell, Catalonia, has a history spanning over 140 years. It has grown from a local bank to become Spain's fourth-largest banking group.

So on paper, the marriage makes sense. But this deal, unlike the aforementioned, has seen a bit of drama.

Deal Structure and Timeline

- Announced: May 9, 2024

- Expected closing: Mid-2025 (subject to regulatory approvals)

- Offer: 1 BBVA share for every 5.0196 Banco Sabadell shares, plus €0.29 cash per 5.0196 Sabadell shares (this was upped from the original May offer, in October 2024)

Where It Gets Ugly

BBVA initiated a hostile takeover bid for Banco Sabadell in 2024, bypassing Sabadell's board approval. If successful, this merger would create Spain's largest bank, significantly impacting the European banking sector. The combined entity would have:

- More than 100 million customers worldwide

- Nearly 7,000 branches globally

- Total assets exceeding €265 billion in Spain alone

BBVA argues that the merger would create a stronger, more efficient institution better able to compete in the European and global landscape. However, the proposal has faced opposition from Sabadell's management and shareholders, as well as concerns about potential impacts on competition and services for small and medium-sized enterprises (SMEs).

To address regulatory concerns, BBVA has proposed unprecedented measures to the Spanish National Markets and Competition authority (CNMC), including commitments to maintain branch presence in underserved areas and preserve credit lines for SMEs.

As of February 13, 2025, the outcome of this proposed merger remains uncertain, with regulatory reviews ongoing and Sabadell maintaining its opposition to the takeover.

The impact of the proposed BBVA-Sabadell merger on Catalonian banking customers is a subject of debate, with potential benefits and drawbacks:

Potential Benefits to Customers

1. Expanded Network: Sabadell customers would gain access to a larger network of branches and ATMs. The combined entity would have over 2,700 branches in Spain, more than double Sabadell's current network.

2. Enhanced Product Offerings: The merger could lead to a wider range of products and services, leveraging the strengths of both banks.

3. Increased Lending Capacity: BBVA estimates that the combined bank could lend approximately €5 billion more annually to households and businesses.

4. Global Reach: Sabadell customers, particularly businesses, could benefit from BBVA's international presence, potentially facilitating expansion into new markets.

Potential Drawbacks

1. Reduced Competition: The merger would create a dominant player in Catalonia, potentially leading to reduced competition and choice for customers.

2. Branch Closures: Despite BBVA's commitments, there are concerns about potential branch closures, especially in rural areas, which could affect access to banking services.

3. **Impact on SMEs:** There are worries that the merger could negatively affect credit availability for small and medium-sized enterprises (SMEs), which are crucial to Catalonia's economy.

4. Job Losses: Estimates suggest that up to 10,500 jobs could be lost, with a significant portion in Catalonia, potentially affecting customer service quality.

BBVA's Commitments

To address these concerns, BBVA has made several commitments, including:

1. Retaining branches in areas with limited competition[6].

2. Maintaining commercial terms for individuals and SMEs in underserved areas[6].

3. Preserving working capital lines for SMEs for 18 months post-merger[6].

4. Keeping the Sabadell brand alongside BBVA in certain regions[8].

Unicredit and Banco BPM

Lastly, we go to Italy. Here, we have Unicredit, a large European bank, looking to buy Banco BPM which is itself a newly created entity from the parts of Banco Populare di Milano, a bank that’s been around in Italy since the mid-1800s.

The proposed acquisition of Banco BPM by UniCredit represents a significant consolidation move in the Italian banking sector, with far-reaching implications for the industry, customers, and regulators.

Deal Structure and Timeline

- Announced: November 25, 2024

- Expected closing: June 2025 (subject to regulatory approvals)

- Offer: 0.175 UniCredit shares for each Banco BPM share (this has been sweetened from the original bid)

- Total consideration: Approximately €10.1 billion ($10.5 billion)

Size and Impact

- Combined assets: Approximately €995 billion (UniCredit's €800 billion + Banco BPM's €195 billion)

- Customer base: Over 100 million customers worldwide

- Branch network: More than 3,300 branches in Italy

- Market position: Would become Italy's largest bank by assets, surpassing Intesa Sanpaolo

Regulatory Considerations

- Primary regulators: European Central Bank (ECB), Bank of Italy, Italian market regulator Consob, Italian antitrust authority, Prime Minister's office (for golden power rules)

- Current status:

- UniCredit filed offer document with Consob on December 13, 2024

- Awaiting various regulatory approvals

Key Challenges and Concerns

1. Competition issues: Potential market dominance in several economically crucial regions, such as Lombardy (24% market share), Veneto (21%), and Emilia-Romagna (21%)

2. Job losses: Banco BPM CEO warned of up to 6,000 potential job cuts

3. Political scrutiny: Italian government considering invoking golden power rules

4. Integration challenges: Merging two large banking systems and cultures

Banco BPM's Response

- Rejected UniCredit's offer on November 27, 2024

- Cited insufficient valuation and concerns about dilution of geographic footprint

- Emphasized focus on its own strategic plan and recent moves (e.g., Anima Holding acquisition)

Financial Implications

- Expected synergies: €900 million annually before taxes (€800 million after taxes)

- UniCredit expects to fully integrate Banco BPM within 12 months and achieve the majority of synergies within 24 months

Broader Industry Context

This potential merger is part of a larger trend of consolidation in European banking, driven by the need for scale to compete globally and invest in technology. The deal, if successful, could spark further M&A activity in the sector and potentially lead to the emergence of stronger, pan-European banking institutions.

As of February 13, 2025, the outcome of this proposed merger remains uncertain, with regulatory reviews ongoing and Banco BPM maintaining its opposition to the takeover. UniCredit CEO Andrea Orcel has indicated that the bank has until March 2025 to consider improving its takeover bid, with a crucial deadline tied to UniCredit's shareholder meeting scheduled for April 10, 2025.

Unrelated Side Note - CFPB

Lastly, I’d be remiss if I didn’t acknowledge what is happening at the CFPB. Mixed emotions here, as there have been times where the industry has pointed out cases where the Bureau has gone past its mandate. But on the other hand, customers have received $21 billion directly as a result of the Bureau’s efforts, and most notably for this newsletter, it produced an extremely valuable database of complaints that comes directly from consumers and the institutions responding to them. Without their efforts, do we fall back into an era of BBB, Google Reviews, Social Media, and more but without the teeth and monetary compensation? It remains to be seen what will happen here, but hoping for something that achieves common sense regulation while respecting the work that the folks there have been doing and making sure consumers are not screwed over.

Join us next time as we take a quick break from the preview series to analyze the expected vote by shareholders on the Discover/Cap One deal!

Happy New Year! I hope everyone had a great time off. As folks make their way back from vacations and holidays, we will begin attacking our queue of promised writeups, with our first bit of coverage being a 2025 preview (which will likely require several parts).

Today in part 1 - our first order of business is to look at what we can expect from the Trump Administration as it prepares to take office, given the change of administration will have an impact on numerous regulatory bodies and pending regulations, which in turn will have an impact on a number of established fintechs, fintech startups, banks and other institutions. There are some great pieces that have touched upon what we can expect, but today we plan to take a different and potentially controversial angle at this question of “What’s next” that has been asked quite a bit since November - using the Project 2025 playbook to inform us on what we could see. Trump himself has denied links to the initiative, but many of the authors were in his past administration and many will be involved in the new administration.

Disclaimer: I fully recognize and acknowledge that we live in divisive times, and that many folks are currently concerned and even worried about what to expect with the next administration beyond just fintech compliance - with immigration, government benefits, and more on top of people’s minds. I want to let those readers know I hear your concerns and in no way trivialize them. This piece today is not to dismiss those concerns at all - but our focus here is on consumer banking/fintech regulation and so while we dig into the playbook to try and make sense of what to expect, we don’t do this to offer any position on the administration or agenda. Our goal is to try and help you the reader - whether you are an operator, investor, compliance professional, or consumer - by breaking it down.

What is Project 2025?

In a nutshell, Project 2025 is an ambitious initiative by The Heritage Foundation to lay out a game plan for the next conservative presidential administration. Think of it as a giant roadmap covering everything from economic policy to regulatory shake-ups, aimed at reshaping how the U.S. government operates.

According to their materials, it includes a policy guide called “Mandate for Leadership” and a training program for future appointees—essentially a way to get conservative-minded people ready to step into government roles on day one. They’ve also built a network of over 75 conservative organizations to back the whole thing.

Who is the Heritage Foundation?

The Heritage Foundation is a conservative think tank that advocates for limited government, free enterprise, and traditional American values. Founded in 1973, it’s one of the most influential voices in conservative politics, credited with crafting Reagan-era policies like tax cuts and defense strategies.

What makes Heritage stand out is how it packages its ideas. Instead of just churning out dense academic papers, they aim to deliver actionable policy blueprints, like Mandate for Leadership, which has seen nine versions, culminating in Project 2025. The first version became a key playbook for Reagan’s administration and around 60% of the proposals were implemented in the first year he was in Office. There have been various versions released over the years, with the last one coming out in July 2020 assuming Trump would be re-elected. The latest edition has been labeled as Project 2025, essentially the eighth follow-up to the original Mandate.

When was it published?

The playbook was published on April 21, 2023, setting the stage for a conservative administration long before the outcome of the 2024 election was decided. When Trump won in November, the playbook transitioned from strategy to action, with nearly 20,000 vetted personnel profiles ready to staff key roles across the government.

Interestingly, Kevin Roberts, Heritage’s president and a driving force behind the project, delayed his book, Dawn’s Early Light: Taking Back Washington to Save America, until after the election. One could argue that the timing wasn’t just strategic—it was deliberate, keeping the focus on the plan rather than the personalities behind it. On November 12, 2024, it was released.

Why does this matter now?

Because it’s no longer just a think tank idea—it’s about to become the playbook for Trump’s administration. Trump’s win, particularly with voters who’ve historically leaned Democratic, could push his administration to lean into their view of this as a mandate and give this agenda more room to operate than anyone expected.

At the same time, the project is facing plenty of pushback. Awareness jumped massively before the election, but the policies themselves aren’t exactly popular—especially with younger voters and women. Some see it as a power grab or a threat to democracy. For fintech, the big question is whether this public opposition slows down or derails parts of the agenda, especially the pieces tied to regulation and oversight.

How is it relevant to fintech compliance?

For fintech compliance, this could mean some big changes. For instance, Project 2025 talks about rolling back regulations from agencies like the CFPB and FTC, which could directly impact how fintechs handle compliance and oversight.

It’s not just about fewer regulations—it’s also about how fintechs adapt to a potentially new way of doing business. For example, if agencies like the CFPB face restructuring or reduced enforcement power, the responsibility for consumer protection and risk management might shift more heavily onto the fintechs themselves. This could mean less oversight in some areas but also more scrutiny in others, particularly as state regulators or private litigators step in to fill the gaps. Fintech companies might need to rethink their compliance strategies entirely, balancing innovation with an increased focus on self-regulation and risk mitigation. Whether all of this is good or bad depends on your perspective - regardless, something to keep an eye on if you’re in the space.

Who are the key authors involved, and what is their background?

There are a number of names that were involved in crafting the full document, but the two names to focus on are David Burton and Robert Bowes.

Burton is one of the biggest players involved in crafting the entire document, having the distinction of being the only person who authored more than one chapter/section of this document, with his co-contribution coming in the Treasury section/chapter and his solo contribution being the section on the SEC and “related agencies” (excluding the CFPB). He works directly for the Heritage Foundation and has been with them for over 11 years, focusing on securities regulation, tax policy, entrepreneurship, financial privacy, and even climate-related financial risks. He’s not just about theory—he is an attorney with a background including time as General Counsel for the National Small Business Association and leadership roles in business and tax policy at the U.S. Chamber of Commerce.

A look at his Linkedin reveals advocacy around a fairly consistent set of conservative principles - lower taxes, less government, pro-free market - but there are some interesting publications/events in there, like his Newsweek piece from nearly 8 years ago, “No Get-Out-of-Jail-Free Card for Bankers” and going after AML regulation from the angle of Financial Privacy, which is a common regulatory clash that frequently comes up when evaluating how to be a compliant institution.

Bowes is a bit more on-the-nose and what one might expect from the Trump Administration, in terms of a heavy presence on Twitter and actively and publicly engaging on all the major focus points of MAGA-world that are unrelated to banking/fintech policy (i.e. Hunter Biden, illegal immigration, election fraud, etc). His past positions give him credibility - he brings a mix of legal, financial, and political expertise to the table. During the Trump administration, he served as Senior Counsel for the Senate Judiciary Committee and later as Senior Advisor at HUD, where he worked on policy initiatives and advised key figures like Stephen Miller. His career also includes time at heavyweights in finance like Chase Manhattan Bank and Fannie Mae.

Bowes is no casual observer of Trump-era politics. He was a Field Director for Trump’s 2016 campaign and played a significant role in advancing the administration’s deregulatory agenda, including his advocacy for abolishing the CFPB (which is the chapter that he focuses on). Unfortunately for him, he’s also pretty well known for controversy stemming from dubious stock trades that emerged at the time he was nominated to head the CFTC - at a minimum, this seemed like day trading which raised questions about what he was doing at HUD on the taxpayer’s dime.

Where in the Project 2025 playbook do we find details about Fintech Compliance?

As stated earlier, there are two key sections where we get into our usual area of focus, consumer fintech compliance and regulation. The first is Section 4 - The Economy, specifically in Part 22 - talking about Treasury (which for us is honed in on FinCEN and the OCC). What stands out is the following:

• A statement laying out the intent to reform the AML and beneficial ownership systems - digging deeper into this, there isn’t much on AML itself but the real target is FinCEN and how it operates. The playbook calls FinCEN out for a few things - 1) having no consideration for the economic effects of its work - exactly what this is, isn’t described 2) no cost benefit analysis on its work, including operations and penalties/revenues 3) lax oversight by Congress and Treasury 4) they demand transparency but they are opaque, with their recent cessation of annual reporting and not providing CTR data. For beneficial ownership, rules were implemented as part of the PATRIOT Act in 2001 with the onus being on financial institutions needing to identify this as part of Customer Due Diligence (CDD). In 2021, Congress passed the NDAA which included the Corporate Transparency Act (CTA). This puts the onus on a number of businesses to report their beneficial ownership identity information directly to FinCEN. This rule is called out as “poorly drafted” although it’s unclear if the playbook is referring to the CTA or the original rule in 2001.

• There is also a proposal to merge the OCC, FDIC, NCUA and FRB. This is interesting - each of these agencies performs different functions and has different focus areas - however, by merging them there is a likely risk that the informed oversight and technical focus will become diluted. On the flip side, this is probably a good thing from the perspective of banks that have to work with 1, 2, 3 or more regulators at the national level. There isn’t any reason or justification given for why this is proposed.

In Section 5 - Financial Regulatory Agencies - Burton continues by focusing on the SEC. Two things that stand out which are pretty massive:

• A proposal to get rid of the PCAOB - remember, this organization came into being as a direct response to the Enron and Arthur Andersen scandals in the early 2000s, along with having oversight over public accounting firms. There is no reasoning given behind this proposal either, and the assumption is that the authors think that whatever the state of the accounting profession and public company financial statement compliance was, the risks no longer require dedicated focus on this. I will say, with respect to Sarbanes Oxley compliance this could be something to rally behind, but I’d argue the ethical and independence requirements that it imposes and the general oversight are still valuable and should be concentrated in a dedicated body, as opposed to just rolling its functions into the SEC which is what is proposed, which would yet again pack an already crowded organization with even more work.

• The playbook proposes that the SEC affirmatively state that digital assets are not a security. While this has been a common ask floating around the crypto space and beyond ever since Bitcoin exploded in the mid-2010s, the exchanges like Binanace, Coinbase, and so many others and how they handle trading activity reveals the challenge with this argument. Crypto traders almost never buy digital assets directly from the issuer and directly into their wallets. Most of the time, crypto purchased on exchanges will sit on the exchange until withdrawn, at which point it becomes an asset/commodity. While this is a compelling argument/ask, there really isn’t much dedicated to discussing this point other than stating the demand.

Bowes then closes the focus on regulatory bodies and fintech consumer compliance by focusing on the CFPB, going straight for the jugular by saying it should be abolished altogether (and not replaced, just done away with). Given the playbook was published before the CFSA decision from the Supreme Court that basically affirmed the Bureau’s funding and in turn all but says it has a right to exist, this passage likely won’t apply. However, Bowes does throw in a caveat that basically says “If you can’t get rid of it, then here’s all the other stuff you could do” with the following proposed:

• Funds not paid out to consumers and collected as penalties from CFPB consent orders should go to the Treasury department and not to the CFPB itself

• Section 1071, which was an enhancement to Reg B/ECOA to collect information about and provide opportunities to obtain credit for minority-owned, women-owned and small business, is proposed to be repealed. This is almost certainly based on ideology, as the playbook (and modern conservatism in general) pushes back hard against what they see as “woke philosophy” getting mixed into regulations and governance. The rule has seen publication in a final format, so this would require Congress to vote to repeal it. Congress in fact did try this in 2023, only to be vetoed by President Biden with an attempt to overturn the veto unsuccessful. GIven the full control of Congress and the White House by the Republicans, and given the Republican-led House has shown its hand by trying to repeal this in the past, we expect this rule to be overturned pretty early into the Trump Administration.

• Funds spent on enforcement actions should only be spent on those that tie to rulemaking that complies with the Administrative Procedures Act. This is a direct reference to interpretative rules, advisory opinions, CFPB circulars, and compliance aids (click for examples of each).

• The last bit relevant to us is focused on UDAAP - with the ask to specify exactly what this means in the context of CFPB’s enforcement. This does align with some criticism regarding UDAAP enforcement, that the interpretation of it by the Bureau at times is so broad and nebulous that it could refer to any instance of anything a customer doesn’t think is fair.

Further Reading

There isn’t really much else directly relevant in the playbook to Fintech Compliance per se, but here is some further reading on this and other topics that we think you’ll find useful or are written by folks way smarter than me:

• Project 2025 - Mandate for Leadership - The full text of the Playbook

• Project 2025 Assistant

• The CFPB in 2025: What to Expect Following the Election | Husch Blackwell

• Trump's appointment of Sacks bodes well for smarter fintech regulation | American Banker

• Trump's First 100 Days: Banking & Financial Services: Stinson LLP Law Firm

Next time, in part 2 of our 2025 preview - a look at expected big moves in the industry in the upcoming year, with the Discover/Cap One potential merger at the top of the list. Thanks for joining us!