Menu
Checklist for Auditing a Fintech Compliance Program

DIY Fintech Compliance

To support the financial services industry you may not trigger the same regulatory compliance requirements as of your customers, but basic compliance is still required in many jurisdictions as well as by contract.  Below are 3 steps toward creating your own compliance program.

Confirm you have Privacy, Cookies, Cyber-Security and Information Security policies and procedures including breach reporting. Also consider the following:

  • Designate a CISO/Privacy Officer
  • Consider security standards such as NIST
  • Create a data map and risk assessment of information collected and used including non-US information, employee information etc.
  • Determine due diligence standards and agreement terms for service providers and vendors. Review and confirm terms previously agreed to re: existing agreements
  • Calendar training, testing of data controls & annual review of your policies
  • Consider changes to use of data to streamline compliance

Confirm you have applicable sanctions (OFAC) and anti-money laundering (AML) policies and procedures. Also consider the following:

  • Designate an AML Officer
  • Consider work flow for know your customer (KYC) and to screen vendors
  • Consider if your company has an obligation to conduct transaction monitoring and file suspicious activity reports (SARs)
  • Create a risk assessment for customers and vendors
  • Determine due diligence standards and agreement terms for service providers and vendors. Review and confirm terms previously agreed to re: existing agreements
  • Calendar training, testing of data controls & annual review of your policies
  • Consider changes to the business plan to streamline compliance

Confirm your company, investors and board agree to other governance as needed, keeping in mind the Department of Justice (DOJ) sentencing guidelines continue to give credit to companies with well-designed compliance programs. Also consider adopting the following:

  • Consider a Code of Conduct and a Code of Ethics to address employee conflicts.
  • Consider a vendor management and oversight program that addresses applicable Foreign Corrupt Practices Act (FCPA) and other anti-bribery laws or government contracts.
  • Consider a record retention policy to address litigation risks.
  • Consider periodic independent audits as a reality check on marketing, requests for proposal (RFPs), compensation and other activities to confirm the business has not triggered a state or federal licensing requirement.
  • Consider changes to the compliance program to create a ROI while mitigating risks.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *