A FinTech Dilemma: The Chief Compliance Officer
Almost all fintech companies have debated the need for a Chief Compliance Officer (“CCO”) by asking questions, such as:
Can one of our existing employees serve as the CCO?
When do we need to have an experienced CCO in place?
What are the right qualifications?
Can we afford and find such a qualified person?
Should we consider a part-time or outsourced CCO?
Companies offering innovative products, especially those in fintech, are finding that answering these questions and recruiting the right person, particularly in this tight labor market, is a difficult and frustrating process. Furthermore, many companies find that hiring a qualified CCO who understands the business and fits with the existing team is going to come at a significant expense that may frustrate the objectives of a growing business. Below, we summarize a few thoughts on why, when, and how to bring on a CCO that fits the company’s size and risk-profile.
Why do we need a dedicated and experienced CCO?
The CCO oversees all of a company’s compliance related functions, including the policies, procedures, processes, and technology that enable compliance with the industry’s regulatory framework. In addition, the CCO manages licensing, regulatory examinations, regulatory reporting, compliance training, and audits. Depending on the business model, the compliance program may need to cover a range of compliance areas, including anti-money laundering (“AML”), sanctions, customer protection laws, and information security. An inexperienced resource, or one that is dividing their time between business and compliance responsibilities, is likely to spend an unreasonable amount of time learning the subject and managing the compliance process. Ultimately, a resource dividing their time will need to forego their business responsibilities to manage the compliance workload on a full-time basis. More important, compliance requirements may conflict with business and revenue objectives. A dedicated compliance officer is necessary to ensure independence and a culture of compliance.
In addition, regulators, bank partners, and other partners such as law firms, RegTech vendors, and other associated businesses may be hesitant to engage with a company that does not have an experienced and dedicated counterpart in place to work with them and manage these processes and relationships.
Lastly, the CCO must stay abreast of any regulatory changes that might threaten the business model. Maintaining a dedicated CCO helps manage emerging risks and can bring them to the attention of senior management, the board of directors, and other stakeholders in a timely fashion and at regular intervals.
When to bring on a CCO?
Once the need for a dedicated CCO is identified, the next question is when the CCO must be in place. Although some licensing regimes and bank partners require a CCO before the company can commence a desired activity, there is otherwise no uniform date or deadline. However, for highly regulated industries, such as financial services, there are a few benchmarks that are useful when considering the appropriate time to bring on a CCO, including:
Fundraising: The fundraising stage serves as a good benchmark. First, as a practical matter, it may signal the ability to pay a compliance officer. Equally important, many FinTech investors who understand the regulatory climate will be keen to understand how a new company will be licensed and how it plans to comply with relevant regulations. Therefore, we generally recommend seeking a CCO around the time of a series A round of investment but almost always before a series B round.
Operations: The onset of operations is also a good benchmark. Commencement of formal operations and marketing of a product to the public often initiates compliance obligations. In this regard, it may be sound to conduct alpha and beta testing without a CCO, but the company will want to make sure that compliance is in order before go-live. As mentioned above, a company may need a CCO to assist with obtaining licenses and establishing a bank partnership. If not, the onset of licensing and bank partnerships are still useful benchmarks for when to hire a CCO, as further described below:
Licensing: The licensing process can be very time consuming. For example, obtaining money transmission licenses in nearly every state is a tremendous undertaking, even with the help of an external advisor, such as a law firm or consulting firm. The CCO can help manage not only the license filing process but also ongoing compliance obligations and communication with external parties, such as regulators, examiners, auditors, and external advisors.
Bank Partnership: Establishing a bank partnership can be a lengthy and time-consuming process but may be a necessity for conducting business. For example, the bank will request compliance-related documentation, such as an AML and sanctions policy, among many others. In addition, the bank will expect the company to maintain a framework of personnel and controls to promote ongoing compliance. Throughout the course of a relationship with a bank, there will be many interactions, site-visits, and document requests to manage. Thus, even if a CCO is not explicitly required as part of the relationship, a dedicated CCO will assist the company in fostering a healthy bank partnership.
In many cases, it is unlikely that the ideal point in time to hire a CCO using the fundraising benchmark will align with the ideal point of time using the operations benchmark. Therefore, we combined the two strategies in the table below and provide our recommendations for the best time to bring on a CCO.
How to select a CCO?
The CCO must have the requisite experience and seniority to satisfy the demands of regulators, bank partners, and investors. The required experience depends heavily on the business model and related compliance requirements. We generally recommend seeking someone with at least 10 years of relevant experience. It is important to remember that compliance is not “one size fits all,” and a firm should find a CCO that has the right experience and knowledge for the firm’s compliance efforts.
Qualified fintech CCOs are currently in high demand and are likely to come at a steep cost (e.g., $200,000-$300,000 for salary, bonus, benefits, etc.). In addition, it may take 6-12 months for an organization to identify and hire a full-time CCO if they are putting out feelers into the market and fintech community to let them know the company is seeking a CCO. There are also many recruiting firms that will assist with placing a CCO, but these firms are an additional cost and they may not understand the company’s particular compliance needs, thus risking a poor fit.
If the company is not yet in a position to hire a full-time CCO, there are a few options:
Outsourced CCO Service: We often recommend that clients use an outsourced CCO service as an interim solution until they are approximately 8-12 months post go-live, at which point a full-time CCO is likely justifiable from both a cost and proof of concept perspective. Outsourced CCOs often provide the requisite experience, industry contacts and relationships, and technical understanding needed to satisfy the company’s expectations, as well as those of regulators, bank partners, and investors. Companies offering outsourced CCO services often provide flexible pricing and staffing arrangements to accommodate changes in demand for their services.
Part-time CCO: Another option is to hire a qualified CCO part-time until the company can bring the individual on full-time. However, in such a tight labor market, it is difficult to identify and hire a quality CCO for a part-time role. Candidates willing to accept these positions should be highly vetted. In addition, part-time CCOs may take on additional part-time roles but often lack the staffing support to accommodate changes in workload, thus risking delays.