We hear it many times from innovators:
“Regulation is stifling innovation.”
“These regulations were written a zillion years ago.”
“Why are there so many regulatory agencies, but no one is creating new regulations for tech?”
And from regulators:
“Innovators are conducting bank-like business, but not following any of the rules.”
“Tech companies are selling data with no regard for data protection.”
“Consumers deserve more transparency.”
You can rarely have a conversation about tech innovation without hearing the words privacy, security and regulation. Over the past 10 years, regulated industries are spending record amounts on tech strategy, tech investment and tech education. Marketplace lenders are now sourcing PPP loans, blockchain applications are tokenizing letters of credit, crypto is used to represent company ownership and AI is integrated into loan screening software to determine whether or not a lender should make a loan. While none of these are actually new products, they are introducing a new medium to process financial assets and inventing new ways to make strategic decisions.
Why is it so hard for innovation to comply with regulations?
Issue #1: Innovation has characteristics that fall under the mandate of multiple regulatory agencies.
Each regulatory agency has different reasons on why they want to regulate tech companies. Let’s take the example of crypto:
We want to regulate crypto because…..
Crypto is issued to consumers and we oversee consumer protection laws
Crypto is used as ownership in companies and trade like stocks; therefore, they are classified as securities
Crypto is used in derivative products and we regulate futures, swaps and options
Crypto is used fraudulently and we create rules to combat illicit activity and money laundering
Crypto is held at a custodian and we regulate trust and depository institutions
Crypto is traded on exchanges so these exchanges should comply with broker dealer regulations
Crypto might impact monetary policy in the future
Crypto is held by companies and individuals in our state. We should know the risks of products and services offered in our state.
A similar analysis can be applied to marketplace lending companies like Kabbage and SoFi. While lending is considered traditional banking activity overseen by the Fed, OCC, CFPB and state regulators, most marketplace lenders are packaging loans into securitized products which would require them to comply with securities regulation.
Get the point? No one wants 8 different regulators to regulate different parts of their business. Not only would this be an operational nightmare, but it’s expensive for a small or medium sized business to spend a huge chunk of revenue on compliance resources, legal expenses, regulatory assessment fees and fines and penalties.
Issue #2: Tech companies want to focus on creating new products, as they should, and not get bogged down by regulation.
No one is purposely trying to break the rules. However, following the rules can be expensive and often times the compliance experience necessary to build sustainable controls just doesn’t exist, or can’t be afforded adequately early on within a startup. Experienced lawyers can make huge dents to your balance sheet. And we all know, once you find a good lawyer, it’s hard to live without them.
Issue #3: Regulators and innovators don’t speak the same language.
When you’re a bank regulator, you’re accustomed to seeing certain types of reports and hearing specific terminology. It can be a huge turn-off when technologists are explaining bank-like products and not using proper banking terminology such as securitization, hypothecation and collateralization. It’s the same feeling a tech enthusiast has when someone tells them that cloud technology has strong privacy and security controls.
So what do we do?
Introducing Themis - compliance software for the modern world.
Themis allows your firm, large or small, to create the controls you need by guiding you through a process that selects the right compliance modules that apply to your product or service, regardless of which regulator oversees that rule. The Themis-derived compliance modules correlate to existing banking regulations overseen by the Fed, OCC, SEC, CFTC, FINRA, FinCen and state regulators.
Modules include templates that assist companies to comply with alphabet regulations (regulations developed for traditional banking products), securities regulations, consumer protection regulations and the Bank Secrecy Act.
Your company picks and chooses which modules apply to the products and services you offer – and many times the selected modules will span across six or seven different regulatory agencies. But this shouldn’t matter. Regulation shouldn’t be seen as federal regulation vs. state regulation or banking regulation vs. securities regulation. Emphasis should be placed on:
- Why was this regulation written?
- What was it trying to accomplish?
- How does it apply to my product or service?
Whether a company makes a loan to an individual in dollars or bitcoin, the same consumer protection laws apply. And the best part of Themis – we don’t just want to provide software that enables your company; we aim to be your partner in your overall regulatory journey and will guide you along the way. At Themis, we encourage innovators to accelerate their efforts, while keeping regulators happy at the same time.
So let's try to comply with the rules that exist, before we ask for new ones.