7 Legal Issues Every Fintech Should Avoid (and How to Diffuse Them!)

Knowing the Fintech Landscape

Although 2023 was rough for venture capital (VC) investment in fintech, the sector’s growth is still undeniable against other industries (it remained in the top 5 most funded industries). According to KPMG, the Americas fared better with a decreased investment of 18% (with the US taking two-thirds of total funding), while EMEA’s investment dropped by 50%. These numbers mean fintech experienced its weakest year in VC funding since 2017, but only after a couple of years of stellar growth.

However, while investors are expected to remain conservative and thread carefully during H1 2024, branches like Environmental, Social and Governance (ESG) and proptech will notice increased interest after having their second-best year in 2023. Meanwhile, some of the biggest players of 2023 will continue to rule in 2024, like Stripe, Revolut, Chime and Plaid — third parties, mobile banking and payment processing startups being the most prominent ones.

Fintech success will be further defined by how well companies can adapt to new regulations and comply with partner banks. For example, US regulators last year released a due-diligence roadmap for banks to safely work with fintechs, ensuring their tech counterparts comply with fair lending, privacy and Anti-Money Laundering (AML) regulations. This opens new doors for fintechs to expand, provided they play by the rules and stay on top of their processes. 

Likewise, the US Securities and Exchange Commission (SEC) will continue to pay close attention to AML strategies, especially in the crypto space, to enable innovative technologies to thrive while staying compliant, ensuring investor and user capital is safe to avoid another FTX-like debacle.

Top 7 Fintech Legal Issues

Fintechs deal with some of the world’s most important assets: personal information and capital. What’s more, they’re built digitally and mostly use the cloud, making their operations more sensitive to certain threats than other financial institutions. In the US, there isn’t one specific regulatory framework for fintechs but a group of institutions that enact federal and state laws, making legal compliance a tough endeavor for young companies.

1. Data Privacy and Security

Data privacy and security are paramount for companies dealing with a user’s social security number, date of birth, bank account details and address, just to name a few sensitive details. Additionally, laws vary significantly depending on the fintech service — trading, payments, banking-as-a-service, digital wallet, etc. 

Generally speaking, fintechs working alongside financial institutions must adhere to their data privacy regulations, falling under the Gramm-Leach-Bliley Act (GLBA) on the federal level. This act requires banks to disclose their data-sharing policies to users and safeguard their information. 

On the other hand, unfair, deceptive, or abusive acts or practices (UDAAP) enforced by the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) are also solid grounds for companies to comply with privacy rules. The definition of these acts and practices came in the wake of the 2008 financial crisis to prevent financial institutions from harming consumers and abusing their trust for their own gain. 

On the state level, fintechs must comply with data protection laws like the California Consumer Privacy Act (CCPA), which takes after the EU’s GDPR and which many other states have adopted. In it, fintechs must disclose data-usage practices and allow users to have control of their data, like who, when and what can be used and seen by third parties and other financial institutions.

One particular example of bad data privacy and security practices that made its rounds in 2022 is Veem, a B2B payment platform. Cesar Cerrudo, CRO of Strike, exposed the company for its unsafe security approach regarding password changes and sensitive data management. After expressing his concerns to the company via email and receiving disappointing and sketchy replies, Cerrudo concluded that the company preferred to deliver a better user experience while risking data privacy and security. In reality, the latter should be a top concern and override any other priorities for a fintech.

2. Emerging Technologies (AI/ML & Third-Party Risks)

AI and machine learning (ML) are some of the latest innovations that have helped improve several industries, and fintechs have also implemented them to improve their offering. For example, AI and ML are assisting companies to automate tasks for humans to focus on more specialized matters. They also provide tailored offers to customers by studying their credit scores, forecast investment trends and improve the customer experience with chatbots and behavior analysis. However, as with any new technology, regulators are finding ways to standardize AI usage and protect users from misuse.

Fintechs are embracing AI to revolutionize financial services, but its implementation raises ethical concerns and introduces new risks. To navigate this evolving landscape, fintechs need to explore effective ways of dealing with risk and ensure responsible AI development.

• Bias resulting in discrimination
• Data privacy concerns stemming from ML feedback loops
• Lack of AI regulatory frameworks
• User mistrust from lack of transparency in AI-powered processes
• Cybersecurity concerns

To reduce fintech legal issues when using AI, companies must hire trustworthy AI vendors by ensuring they know the inner workings of their ML algorithms (to reduce bias), comply with data privacy regulations and have excellent cybersecurity measures in place. Likewise, fintechs must be transparent about their implementation of AI and listen to their customers’ thoughts and concerns regarding the technology.

A recent survey revealed that 78% of companies polled use third-party AI tools, and these vendors are responsible for 55% of AI failures in businesses. These oversights translate into financial and reputational losses for fintechs and litigation that can be too costly to bounce back from. As such, companies must build a strong relationship with their AI services vendor and hold them to the same standards as fintechs do — after all, they become another leg of the business. Transparency, constant communication and disclosure of all practices are essential when licensing a service or hiring a third-party vendor.

3. Cyber Threats and Financial Crime

Cybersecurity encompasses almost all aspects of fintech; without it, user information and optimal financial operations are at risk. Last year, fintech surpassed healthcare as the industry with the most data breaches (27%). Other prominent cyberattacks include phishing, triggered by fraudulent emails to penetrate systems, and Distributed Denial of Service (DDoS) attacks, which crash servers with heavy traffic.

As an attractive target for hackers, and with smarter cyberattacks looming large, businesses must focus their efforts on enhancing cybersecurity on all fronts. Some best practices involve working with top IT talent led by a strong CSO so companies can build suitable cybersecurity strategies. In turn, they will begin enforcing cybersecurity awareness programs for employees to identify and flag phishing attacks, performing regular backups, securing attack surfaces and launching new system updates in testing environments before official release to catch vulnerabilities.

Revolut’s case is one of many examples of how cybersecurity can deeply affect a company’s finances. Last year, the Financial Times reported hackers stole over $20 million of Revolut’s funds (almost two-thirds of its 2021 net profit) by exploiting an unknown vulnerability starting in 2021. The fintech didn’t address the issue publicly, which left users worried about their transparency regarding data protection and financial breaches.

To help weather such losses and legal ramifications, fintechs should explore their cybersecurity insurance options — letting customers and investors know they will go the extra mile to protect their valuable assets.

4. AML and Know Your Customer (KYC) Compliance

Fintech companies must comply with AML and KYC requirements, which include document verification, customer identification, AML screening, and reporting suspicious activities. Non-compliance with these obligations can lead to severe sanctions and even millions of dollars in fines. Remember when gambling company Entain was fined £17 million or Santander UK over £100 million for failing to implement AML measures?

At Founder Shield, we understand the reality: The growing volumes of transactions and complex fraud schemes mean it’s challenging for fintechs to stay compliant and adopt all preventative measures against fraud — while providing a streamlined user experience, too. Money launderers often try to submit incomplete or false personal information and exploit the anonymity of online transactions provided by fintech products and services.

This is where automated tools for identity verification and AML screening can come in handy. By automating AML checks as part of your KYC onboarding processes, fintechs can ensure that genuine customers are processed quicker while confidently expanding their services to different regions as they know they can meet stringent regulatory requirements. 

To be extra careful, fintechs onboarding users and clearing payments should also perform risk-based assessments, continually monitor transactions, and screen sanctions lists. They must ensure that they follow local and global regulations regarding customer due diligence to avoid penalties and legal challenges — for example, the UK’s Economic Crime and Corporate Transparency Act. 

5. Crypto Regulation

According to the Financial Times, due to shortcomings in customer checks and AML controls, crypto and digital payments companies paid $5.8 billion in fines in 2023. Agencies like the SEC in the US are tightly regulating the sector, with noticeable lawsuits against Ripple, Coinbase, Binance, and others. 

For fintechs involved in this sector, there are many cryptocurrency laws and regulations to keep up with — especially as they differ per country — and they will just keep on coming. While the US is slowly approaching regulation, the European Union has adopted measures requiring crypto service providers to detect and stop illicit cryptocurrency use. This is all while crypto salaries are entering the workforce, too, with companies like Coinbase and GMP Group taking the lead. 

To navigate the complex regulatory system, fintechs must balance innovation with regulatory compliance and stay informed by monitoring government websites, subscribing to alerts or newsletters and even hiring legal counsel. 

6. System Outages and Technology Failures

It’s not just cyberattacks; simple IT outages cause fintech downfalls too. Technical failures, system outages, software bugs, hardware failures, or operational errors within fintech services can lead to downtime, affecting user experience and causing inconvenience, which leads to revenue loss and damaged reputations. 

For example, an outage on a trading platform during market hours could result in users having significant financial losses, leading to lawsuits. If an outage at a fintech is caused by negligence, such as failing to properly maintain systems or ignoring security vulnerabilities, the company could be liable for damages. Also, as user bases grow at fintechs, some platforms might struggle to handle increased demand, leading to crashes during peak usage.

All of these events can contribute to customer churn, penalties if regulations are violated, and operational challenges to fix outages. 

Data is everything for fintechs, so make sure you have backups for your data regularly on the cloud and on-premise, as well as setting up alerts to have visibility of issues like latency or downtime, having a disaster recovery plan, and diversifying cloud providers. 

7. Safeguarding Intellectual Property

In the fintech industry, where innovation and technology converge to redefine financial services, safeguarding intellectual property (IP) becomes paramount. Patents, trademarks, and copyrights not only protect the unique inventions and brand identities of fintech companies but also serve as crucial assets for maintaining a competitive advantage in the market. Furthermore, a strong IP portfolio is often a key factor in attracting investment, as it demonstrates a company’s commitment to innovation and its potential for long-term growth.

To mitigate the risk of infringement lawsuits — which can be costly and damaging to a company’s reputation — fintechs must proactively file for relevant IP protection. This involves not only securing patents for technological inventions but also trademarks for brand elements that differentiate their services.

Regular monitoring of competitors and the market is essential to identify potential infringements early. Additionally, engaging with legal counsel to develop a comprehensive IP strategy ensures that fintech companies navigate the complex landscape of IP law effectively, securing their innovations and sustaining their growth in the ever-competitive fintech sector.

The Role of Insurance in Navigating Fintech Legal Issues

Although we’ve mentioned a few best practices for avoiding legal issues, insurance is the main lifeline. Fintechs need to protect themselves from so many different risks while navigating the competitive industry comprised of promising new entrants and M&A-hungry behemoths. And that’s where policies such as directors and officers (D&O), errors and omissions (E&O), and IP insurance can step in. 

Whether fintechs are involved in payments, investments, advisory, or financing, D&O insurance protects fintech leaders’ personal assets from lawsuits alleging them of wrongful acts. We recommend blending this with E&O coverage to also protect your company from human errors, missed deadlines and budget overruns.

Lastly, IP-related lawsuits can end up being some of the most long-winded. So, if your company is in the payments space or holds patents, IP Insurance should be a priority on the insurance shopping list. It can help fintechs cover litigation costs related to disputes concerning the enforcement or defense of patents, trademarks or copyrights, and protect policyholders from patent infringement claims.

For fintechs, you can really split insurance into two boxes: foundation and fintech-specific coverage. The foundational insurance includes general liability, workers’ compensation, employment practices liability and property insurance, while fintech-specific includes cyber liability, IP and the blended E&O/D&O.  

Specialty insurance, covering unique risks, mitigates legal risks and continues to attract investors in the face of ongoing market hardening. In fact, in our experience, investors typically require D&O coverage before doling out cash or taking a seat on a board during a funding round.

Additional Risk Management Considerations

Beyond the primary legal hurdles, fintech companies must also consider additional risk management strategies to safeguard their operations and reputation. This section explores key considerations that extend beyond legal compliance, including operational, reputational, and strategic risks, ensuring fintechs are well-prepared for the multifaceted challenges of the financial technology landscape.

Importance of having a strong legal team or advisor for your fintech startup

Having a dedicated legal team or advisor is paramount for fintech startups looking to navigate the complex legal landscape successfully. An experienced lawyer or legal consultant can provide valuable guidance on matters ranging from contract negotiations and regulatory compliance to intellectual property protection and dispute resolution. They can also assist in drafting legally sound agreements, terms of use, and privacy policies—all of which are essential for maintaining trust among customers and investors.

Ongoing legal compliance checks and risk assessments

Regular legal compliance checks and risk assessments are necessary to identify potential areas of vulnerability before they become major issues. These evaluations should focus on existing and emerging legal requirements, such as data privacy regulations, anti-money laundering rules, and consumer protection guidelines. By staying up to date with changing legislation and identifying potential risks early, fintech companies can develop targeted solutions to mitigate legal liabilities and reduce the likelihood of costly disputes.

Understanding emerging legal trends and regulations in the fintech space

Given the fast pace of innovation in the fintech sector, it is imperative for entrepreneurs to remain abreast of emerging legal trends and regulations. Keeping track of legislative developments, court rulings, and regulatory actions can help fintech companies anticipate future challenges and adapt their business strategies accordingly. Engaging with industry associations, attending conferences, and subscribing to newsletters and blogs focused on fintech regulation are all excellent ways to stay informed about the latest developments in the field.

By staying on top of the key legal risks of the fintech industry, getting the appropriate insurance to protect the business, and taking into account additional risk management considerations, fintech startups can enhance their ability to navigate the ever-evolving legal landscape and position themselves for long-term success.

If you are a fintech leader and are unsure where you currently stand with your insurance coverage, we’ve got the solution. Book your 360 Risk Assessment with us today. We’ll provide a real-time breakdown of your current risks and future insurance needs.