Publications & Events

Regulatory and business challenges to fintech M&A

Fintech's wealth of opportunities is attracting interest—yet the uncertainty of its future direction means the financial services industry needs to tread carefully.


do not think fintechs should be subject to tighter regulation

Source: White & Case fintech M&A survey 2016

As exciting as the growth of fintech has been over the past decade, and as powerful an enabler as its technology has proven to be for service providers and customers, the space has inevitably encountered the growing pains that come with rapid expansion. Cyber security, investment risk and regulation are among the main issues that fintech has been grappling with as it has increased in size and become more influential in financial services.

For example, banks and regulators have expressed concerns about the safety of customer data held by banks being made available to third-party fintech providers for use on their apps. New York's Department of Financial Services has gone so far as to request input from other regulators on the issue. There is a lack of clarity on whether customers will be reimbursed by the Federal Deposit Insurance Scheme (FDIC) if data is hacked from a third-party app. 

On the question of investment risk, meanwhile, huge drops in company valuations such as Lending Club in the U.S., the demise of UK mobile payments company Powa and the failure of high-profile crowd-funded companies such as Rebus and Zano have given investors reason to pause. Further, differing regulatory approaches to fintech across key jurisdictions have also been a challenge.


highlight lack of regulatory clarity/responsibility as the main regulatory issue

Source: White & Case fintech M&A survey 2016


find data protection a challenging regulatory issue in fintech

Source: White & Case fintech M&A survey 2016


Regulation in fintech

Developing an appropriate regulatory framework for fintech is no easy task for financial services watchdogs.

Existing financial regulatory frameworks are ill-equipped to oversee dynamic and rapidly changing fintech companies, but at the same time need to ensure that customers are protected and that there is a level regulatory playing field for fintech business and financial services companies that are already regulated. There is a delicate balance to be struck between robust regulation and fostering innovation.

"Regulation is a big challenge when technology is moving so quickly and developing across so many different jurisdictions. It is difficult to read where regulation is going and what it will look like in the future," a European banker says. "Once that picture becomes clearer, it will be to the benefit of the industry and will encourage more investment."

As it stands, fintech regulation differs markedly from jurisdiction to jurisdiction. In the UK, the Financial Conduct Authority (FCA) has been very supportive of fintech, laying on significant support for startups going through the regulatory process for the first time. The FCA has also set up a "regulatory sandbox", which allows unauthorised firms to obtain restricted authorisation to test innovative products or services in a live environment. It also assists authorised firms in a number of ways to test innovative products or services that may not easily fit into the existing regulatory framework.

"Regulatory innovation is as important as technological innovation if fintech is to continue progressing," says Alastair Lukies, chairman of Innovate Finance, an independent not-for-profit membership organisation serving the global fintech community. "This is also a new area for financial regulators, but there is a recognition that they can afford to be open to innovation without losing control."

Some jurisdictions are not as amenable, however. BaFin in Germany, although supportive of fintech, has been more cautious and reluctant to offer special arrangements for innovative fintech firms. On its website, BaFin notes that, "The challenge… is not to stifle innovation through excessively strict regulation on the one hand, while at the same time preventing these innovations from voiding the supervisory principles on the other, since [fintech firms] do not operate in a vacuum. Their business models also need to be in line with the regulatory requirements and consumer protection."

There is less clarity in the U.S., the world's largest fintech market. It's difficult to identify which of the many federal and state regulators should monitor the sector, and how to get them to work together. The Office of the Comptroller of the Currency (OCC) is currently undertaking an initiative in order to "improve how the OCC evaluates innovative products, services, and processes that require regulatory approval and identifies potential risks associated with them."

As for which regulatory or compliance issues respondents find most challenging, data protection tops the list (26 per cent), while 14 per cent identify consumer protection as the key challenge. Elsewhere, 12 per cent say intellectual property (IP) issues are particularly challenging. Twenty-five per cent identify other areas including money laundering and capital controls (Figure 19).

View full image

Data is a central and valuable asset for many fintech companies. This means that data protection is becoming an increasingly prominent issue as more and more information about customers, businesses and other stakeholders is stored online—indeed, more than a quarter of respondents cited data protection as their main regulatory and compliance challenge.

Failure to comply with data protection regulation can prove costly in the fintech space in both financial and reputational terms. Online payment startup Dwolla, for example, was fined in March 2016 by the Consumer Financial Protection Bureau for allegedly misrepresenting how it protected the data of its customers.

In the UK, these issues are only going to become more pronounced as the industry becomes more reliant on the free flow of data.

In August 2016, for example, the Competition and Markets Authority told the largest retail banks in the UK that they must develop and adopt an open application programming interface (API) banking standard in order to enable customers to share their data with third-party app developers and competitors within the next two years in order to help customers find better deals.

Striking a balance between the need to be more open with data and the need to keep data secure is likely to be a major challenge in the fintech sector for the foreseeable future. Data protection is only likely to become more serious. The General Data Protection Regulation (GDPR) enters into full force on 25 May 2018 and brings with it maximum fines of up to €20 million or 4 per cent of worldwide turnover—whichever is greater.

Existing regulatory frameworks are ill-equipped to oversee dynamic and rapidly changing fintech companies, but at the same time need to ensure that customers are protected


Assessing and calculating the unknown

Evaluating the risks associated with fintech assets and the values of such assets is a major concern. Fintech companies rely heavily on intangible assets such as software, databases, data, know-how and business methods. More than half of respondents (54 per cent) feel that doing due diligence on such assets is one of the top three biggest challenges to fintech deals (Figure 20).

View full image

Working out who owns the intellectual property rights or other rights in such assets is, for instance, usually complex and often requires rather extensive fact-finding exercises. It can also be difficult to assess the risks related to such assets, including potential open-source software issues, the danger that the rights in such assets will be infringed by third parties, or the risk that their use infringes third-party rights.

In addition, because fintech companies are so reliant on technology, it is likely that patent trolls will increasingly target them with the aim of extracting money through forced licensing arrangements by threatening to enforce patents primarily obtained for that aim. Establishing the value of intangible assets—which typically represent a large portion of the overall value of a fintech company—is another big challenge. For example, accurately vetting the growth potential of fintech startups that may not even be profitable at the time of acquisition can seem like a shot in the dark.


To read the full report, please click here.

To read other articles in this report, please click here.


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2016 White & Case LLP