In this column, she discusses how abiding by regulation is not only necessary – it can also trigger innovation.
Alignment with regulatory guidance is essential
Although fintech firms are not governed by financial regulators, we must still align with regulatory frameworks to make sure platforms can be used by intermediaries, lenders and distributors.
To stay aligned, we follow guidance from the Financial Conduct Authority (FCA), comply with data protection and GDPR requirements, and meet cybersecurity standards.
Additionally, our firms are overseen by standards set by the International Organisation for Standardisation (ISO), particularly ISO 27001 for information security. This plays an important role in demonstrating best practice in managing sensitive financial and customer data.
One Year On: Helping You Add Value with Halifax’s Green Living Reward
Sponsored by Halifax Intermediaries
Responding to change proactively
Fintech firms work closely with lenders, brokers and regulators to ensure we are aware of any regulatory changes as early as possible. Once announced, we carry out impact assessments on our platforms, talk to partners and customers, organise our development and plan structured roll-outs so that users can adopt changes seamlessly.
For example, we were instantly aware of the recent loan-to-income (LTI) changes impacting lending, which then called for us to adapt our systems so we could continue to support lenders to introduce these changes and for advisers to be notified of them.
Such a regulatory or policy shift can trigger a significant amount of re-engineering. This is especially true where product eligibility rules, affordability criteria or advice practices are affected.
Tech platforms need to be agile and capable of managing an influx of new rules, so they can be delivered without disrupting the day-to-day business.
The challenge is not just in updating the systems, but also in ensuring that changes are deployed consistently and reliably across our user base, while balancing the backlog of business as usual change.
Regulation as a driver of innovation
Regulatory and policy changes do not just shape compliance – they often spark innovation. They encourage lenders and fintechs alike to explore new ways to improve the customer experience.
Referring back to recent market updates, the increasing significance of LTI limits in product criteria has prompted fintechs to introduce new filters, search tools, or integration points to help brokers identify suitable products more efficiently.
In many cases, regulation shapes the roadmap for new features, because compliance and usability go hand in hand.
Some proposed regulatory reforms are more pointed, and the FCA’s interest in artificial intelligence (AI) in financial services, along with the government’s push for a more tech-driven sector, shows that innovation is being actively encouraged.
When regulators signal openness to innovation, it creates a framework of confidence and clarity for tech firms. It allows us to test new capabilities while ensuring consumer protection is built in. This balance between innovation and oversight is vital for advancing the industry responsibly.
That said, fintechs can be held back by the pace of regulatory change, as firms can only move as quickly as the slowest link in the chain and apprehension can create limitations.
A perfect example of this is the gap between tech firms that are ready to digitalise the exchange process and the continued practices of some lenders and conveyancers.
The technology is ready to support fully digital journeys, but legacy requirements such as the use of paper documents, the need for ‘wet signatures’ and manual checks are hindering progress.
As a result, for now, fintechs must continue to design systems that are flexible to handle both digital and traditional processes.
This can limit how far and how fast innovation can go, but over time and as regulation evolves, we expect to see fewer of these barriers and a smoother path towards end-to-end digital solutions.
Commitment to compliance
For tech firms, staying compliant is not a one-off exercise but an ongoing responsibility. It requires continuous monitoring, testing, updating, and staff training to ensure that systems are built with a security-first approach, data is secure, and resilience is built in.
It requires keeping a close eye on developments, as well as regular audits and certifications to fill our partners and regulators with the confidence that we are meeting the highest standards.
