“Talking Heads” in Fintech Compliance: An interview with Oli Greaves, Head of Risk & Compliance at Carmoola

When I reflect on my career to date, although I feel that I’ve almost stumbled into each role, I now realise that it’s been a very logical progression, and each role complements the next. Who knows, maybe stumbling is the best way. Each role has of course had its own challenges, but these have always presented opportunities for learning, and those learnings always seem to come in useful in my next position.

To provide the details, I started my career at the regulator, the FCA. I initially entered the FCA in their Resolution Execution department, dealing with firms at the end of their lifecycle and ensuring they fail in an orderly way, with the least risk of harm for consumers. This gave me a really strong grounding across the financial services industry and allowed me to think about business models with respect to the potential for consumer harm – essential for any compliance professional. During my time at the FCA, I also spent time working directly for Sheldon Mills, Executive Director of Consumers and Competition. This was invaluable experience which broadened my general understanding of the regulatory landscape and how the FCA prioritises. More importantly, it helped me to understand how the FCA thinks, supervises and acts as a deterrent. I was fortunate to work on high profile workstreams such as Consumer Duty. My final role at the FCA was working in the Early and High Growth Oversight department, where we were exploring alternative ways to supervise firms, harnessing data capabilities for risk indicators.

When leaving the FCA, I moved to Revolut as a Group Business Compliance Manager. As you can imagine, this was a completely different role. Completely different pace to the FCA. At Revolut I specialised in the Consumer Duty and played an advisory role to support the implementation across the group. This role taught me a lot about how compliance actually fits into a commercial organisation, where there are perceived conflicts between compliance ‘red tape’ and making money. This role taught me to review, analyse and advise with regards to the regulatory risk posed and how to influence decision making.

Finally, I made the jump to Carmoola as their Head of Risk and Compliance. This role presented me with an opportunity (although challenging) to build out a second line risk and compliance function completely from scratch. Naturally, due to the nature of fintechs, I wear many hats and have to juggle my time and expertise between many business areas. I love that this role provides me with ownership and autonomy; I make decisions that will ultimately influence the direction of the organisation.

The way I look at compliance is it’s not about deciding what is right or wrong. It certainly isn’t about telling the business everything they cannot or should not do. I think this is where compliance can be misunderstood – you don’t always have to be the ‘bad guy’ just telling the business what is not possible. It is about working with, and alongside, multiple business functions, acting with flexibility and agility to advise the businesses. By doing so, compliance plays an essential, and rewarding, role in supporting business growth in a sustainable way.

There is also more subjectivity within compliance than many people realise, especially with principles-based regulation. You have to make decisions about how the regulations were intended to work, and how they apply to your business. You have to use your experience to make informed decisions and interpret regulations, assess the risk posed, and design control mechanisms that work for the business. This, again, is a misconception for people who think compliance professionals are merely recalling black and white rules from a long handbook.

Finally, compliance roles are desirable from a career perspective; the demand for compliance professionals is consistently high and is unlikely to reduce given the ever-evolving regulatory landscape. Investors are increasingly looking for compliance insights on the risks to the business and whether the model is sustainable in the long term.

I think I can summarise the appeal of the fintech sector in 4 words: innovation, fast-paced, rewarding and collaboration. But let me explain a little more about what these words mean to me and why they make a sector a desirable career option:

Innovation: Fintech companies are at the forefront of innovation, constantly developing new technologies and solutions to improve financial services and make life easier for customers. My current company, Carmoola, is seeking to completely revolutionise the car finance market. Working in this industry allows me to be a part of the transformation of traditional (sometimes outdated) financial systems.

Fast-paced: Fintech firms are often fast-paced, where the business model can shift and things can change rapidly. I have to think on my feet and make fast, risk-based decisions.

Rewarding: Fintech firms make a significant impact on people’s lives by often improving financial inclusion and making people’s lives easier. It is rewarding to work for a company that is actively trying to improve the way that people interact with financial services; for example, Carmoola are materially improving the car buying process.

Collaboration: One of the things I really love about working in a fintech is getting to work closely with a wide range of employees and get to learn from others and their disciplines.

Compliance professionals play an essential role. The fintech industry is a particularly fast-paced and ever-evolving space, and compliance expertise is crucial to building trust as well as fostering and enabling innovation.

A strong compliance function helps to protect consumers, prevent financial crime, and safeguards the integrity of the organisation. Mitigating risks and promoting compliance contributes to the long-term sustainability and success of the company and the industry as a whole.

To be successful in compliance, my main piece of advice is to really take time to understand what the business wants in their compliance officer. Maybe they’re seeking someone who will just tell them the things they can’t do, but more likely they want someone who can help guide the business towards the activities they can, or should, do. It is essential to remember that different businesses will have different appetites for regulatory risk, and it is essential for the compliance department to understand how they can support the business proactively.

Following the above, when you understand your business and the risks they are willing to accept, it is important to frame your analysis, recommendations and decision-making in terms of the likelihood and impact of that regulatory risk. This provides the board, executives or other decision makers with the information they actually need to make an informed risk-led decision.

Apart from the Regulator, who should compliance officers be thinking about (or encouraging others to think about) when doing their work?

I think I can answer this question in one word: customers. For me, customers are actually at the heart of the compliance officer’s job – especially with retail financial services products. I spend so much time thinking about how a customer would interpret our product or understand our communications. This is more important than ever given the FCA’s Consumer Duty regulation: it is essential to deliver good outcomes to customers and you need to start by putting yourself in their shoes and thinking about how they will experience your business activities.

FinTechs are often fun, fast-paced places to work, but they aren’t without their challenges. The main thing for me is that FinTechs often don’t have a fully established business model, they are still testing ideas and the model will pivot and change depending on the market and what works. For a compliance professional this can be a challenge as it will manifest itself as a number of new initiatives to analyse, test and roll out in a manner that is consistent with delivering customers with good outcomes. You can’t just throw products out and see what sticks if it’s going to be detrimental to a customer.

Another challenge for me is that fintech firms often employ a larger proportion of intelligent individuals from the world of technology and data. These people have often never worked in a regulated environment before so there is a challenge for compliance to ensure suitable training and competency, plus take these colleagues on that learning journey to understand how to operate within financial services.

Finally, there is a never-ending list of new regulations which can be difficult to keep on top of. FinTechs often have smaller teams and may not have the budget to onboard specialised software to keep track of what new regulatory requirements there are, and how they will impact the business.

I think it’s an exciting time to be a fintech founder at the moment. My advice would be to look at the product/service from the perspective of the customer at the very start. This doesn’t mean thinking ‘will the customer be interested in my product?’, or ‘how many customers will I acquire?’, this is about asking yourself really challenging questions: ‘will the customer understand how my product is different to what they’re used to?’, ‘will they suffer harm from it?’, and if so, ‘how have I ensured they are aware of any risks?’ These are all key compliance questions which should be at the very heart of a new business.

Following this, I would advise you to focus on your regulatory business plan to really understand how the business model works and how it fits into the regulatory landscape. Don’t view this as just a requirement for the FCA, it is a tool to help you to understand your business and what compliance risks it poses. Engage with the FCA throughout this process, not just because you are required to, but ask the right questions and they will support you.

I think there are some universal challenges for FinTechs over the next couple of years. There will also be some challenges which arise from changes in the macroeconomic environment or are specific to certain business models.

To start with universal challenges, I think it would be remiss of me not to mention the FCA’s new Consumer Duty. This impacts all retail financial services firms. Although July 2023 was the implementation deadline, it’s important to remember this is only day 1 of the Duty being in effect; the coming years is where firms will really need to prove their activities to the FCA. We’re already seeing the FCA acting where they are seeing firms failing to meet the requirements of the Duty, most recently with banks’ saving rates and GAP insurance. For FinTechs, whose business model is often to disrupt the incumbents and offer lower priced products, I think there is a tendency to assume they meet the Duty. But it is no longer acceptable to merely feel comfortable you’re cheap and so must be offering fair value, firms need to actively build controls to monitor and evidence their compliance. If not, they can expect a visit from the regulator.

Another regulatory focus area will be financial promotions. The FCA has now introduced its new gateway requiring authorised firms that wish to approve financial promotions for unauthorised firms to seek prior permission of the FCA to do so. This is just one example of the FCA’s focus on the area and increasing accountability for firms authorising financial promotions. I anticipate we might see more enforcement action in this area. Firms need to ensure their promotions are understandable to the target market, meet the customer’s information needs and are clear, fair and not misleading.

To look at an industry-specific example, take my industry, car finance. This is quite a ‘hot’ area at the moment from a regulatory and commercial perspective due to the recent FCA scrutiny in relation to historic discretionary commission arrangements. This will impact a large number of firms who may be required to pay significant amounts of redress.

Embrace the agility and adaptability that defines fintech. Traditional compliance approaches might not always fit the mould of innovative technologies and business models, so be prepared to continuously learn, stay updated on emerging regulations, and think creatively to develop effective compliance approaches.

Remember, collaboration is key, so build strong relationships with your colleagues across different departments, from product development to engineering to marketing, to ensure compliance is seamlessly integrated into every aspect of the business.

Thank you for inviting me Jane!