COST OF COMPLIANCE SERIES

Compliance costs remain a significant challenge for smaller fintechs and start-ups, particularly as regulatory expectations continue to increase globally. Where are smaller firms feeling the greatest pressure today, and what practical steps could regulators and industry bodies take to make compliance more proportionate and accessible for smaller firms?

What our members consistently tell us is that compliance itself is not the problem. The challenge is that compliance obligations are not always proportionate to the risks involved, and the cost of meeting those obligations can be significant for smaller providers. A start-up and a large financial institution may ultimately be required to meet many of the same regulatory requirements, but they do not have the same resources, specialist expertise, or operational capacity to do so.

Smaller fintechs understand the importance of requirements such as Know Your Customer (KYC), Know Your Business (KYB), Anti-Money Laundering (AML), and Countering the Financing of Terrorism (CFT) requirements and recognise the role they play in protecting consumers, maintaining trust in financial systems, and supporting broader economic stability.

There is a perception that innovation and regulation are in tension. Innovation seeks to create new products, services, and business models, while regulation seeks to ensure safety, security, and consumer protection. Both are necessary. The challenge is not whether regulation should exist, but how it can be designed and implemented in a way that enables innovation while effectively managing risk.

One of the biggest pressures we hear about is regulatory complexity. Financial Service Providers (FSPs) are often navigating requirements from multiple authorities, such as central banks, securities regulators, telecommunications regulators, and data protection agencies. While each regulator has an important role to play, the cumulative effect can be overlapping requirements, duplication, and uncertainty. For firms operating across multiple markets, these challenges are amplified by differences in regulatory approaches between jurisdictions.

Our members also regularly highlight the pace of regulatory change. Keeping track of new requirements, interpreting legal language, and implementing changes can require significant investment in compliance and legal expertise. For smaller FSPs, these costs can have a direct impact on growth and scalability.

We also see examples of over-compliance. Many FSPs take a more conservative approach than regulators may actually require because they are concerned about regulatory scrutiny, penalties, or the risk of losing their licence. While understandable, this can increase compliance costs without necessarily delivering better outcomes.

From our perspective, the answer is not less regulation but smarter regulation. Regulators can help by adopting proportionate, risk-based approaches that reflect the size, complexity, and risk profile of FSPs and activities. Greater coordination between regulatory authorities can also help reduce fragmentation and conflicting requirements.

Clearer guidance is equally important. Many requirements are still communicated through lengthy legal documents that can be difficult for smaller FSPs to interpret. Increasingly, regulators should be looking at ways to make requirements easier to understand and integrate into compliance systems, including more standardised and machine-readable approaches.

Industry associations also have an important role to play by:

  • Representing the perspectives of the industry, including the smaller financial service providers, during regulatory consultations. 
  • Translating complex regulatory requirements into practical guidance and training for industry participants. 
  • Identifying common compliance challenges and presenting evidence-based recommendations to regulators. 
  • Facilitating collaboration between firms to explore shared approaches, including RegTech solutions and shared compliance utilities that can reduce costs while maintaining robust standards. 

Ultimately, effective regulation and innovation should not be seen as competing objectives. The goal should be regulatory frameworks that protect consumers and financial systems while remaining practical, proportionate, and accessible for FSPs of all sizes.

To what extent can technology-driven solutions, such as shared utilities, digital identity frameworks, or RegTech partnerships, help reduce the compliance burden on smaller fintech firms while improving risk management standards?

We believe technology has a critical role to play in making compliance more efficient, more effective, and ultimately more accessible for smaller FSPs.

One of the recurring themes we hear from members is that a great deal of compliance activity is duplicated across the industry. Multiple FSPs are often conducting similar customer due diligence, sanctions screening, and verification processes independently. Shared utilities have the potential to reduce this duplication, allowing FSPs to access trusted information while maintaining appropriate oversight and accountability.

Digital identity frameworks are particularly important. In markets where robust digital identity infrastructure exists, onboarding can be faster, more secure, and significantly less costly. This benefits not only providers but also consumers, especially those who may previously have faced barriers to accessing formal financial services.

RegTech is also changing the equation for smaller providers. Historically, sophisticated compliance capabilities were often only available to larger institutions with substantial compliance teams. Today, cloud-based solutions, software-as-a-service models, and specialist providers are enabling smaller FSPs to access advanced monitoring, reporting, screening, and risk management tools at a fraction of the cost.

That said, technology is not a silver bullet. The success of these solutions depends on regulatory acceptance, interoperability, data quality, and industry adoption. Technology works best when it is supported by clear standards and a regulatory environment that encourages innovation while maintaining trust.

Industry associations can help accelerate adoption by identifying common pain points, sharing best practices, and helping to connect providers with technology partners and regulators. We see a valuable role for industry-led collaboration in exploring shared approaches that reduce costs without compromising compliance outcomes.

For example, an industry association could coordinate a shared KYC or KYB utility that enables multiple financial service providers to access verified customer or business information through a common platform, reducing the need for each firm to perform identical checks independently. Associations can also act as a bridge between regulators, technology providers, and industry participants to ensure that new compliance technologies are practical, affordable, and aligned with regulatory expectations.

This approach is being developed in Nepal by the Payment Service Providers Association of Nepal (PSPAN), who brought together all their members to procure a RegTech solution that specialises in AML and financial crime compliance. When implemented, this will lower the cost of compliance for members and standardise regulatory compliance for the industry. 

Fraud and cyber threats increasingly transcend borders, yet the nature of these risks often differs between regions due to variations in financial literacy, digital maturity, and regulatory capacity. What regional differences are your members seeing at the moment, and what global patterns are emerging?

While the specific fraud typologies vary across markets, one thing our members consistently tell us is that fraud is becoming more organised, more sophisticated, and increasingly cross-border in nature.

In more digitally mature markets, FSPs are seeing increasingly complex forms of fraud, including authorised push payment scams, account takeover attacks, synthetic identities, and AI-enabled social engineering. Fraudsters are becoming highly effective at exploiting trust and using technology to scale their activities.

In many emerging markets, some of the most significant challenges remain linked to consumer awareness, digital literacy, and gaps in identity infrastructure. Our members frequently report concerns around social engineering, impersonation scams, SIM swap fraud, and account compromise. 

However, there are also important similarities across regions. Fraudsters are highly adaptable. They rapidly exploit new technologies, identify vulnerabilities in systems, and often target the weakest points in interconnected financial networks.

A trend we are increasingly hearing about from FSPs is the impact of real-time payments. While instant payments deliver enormous benefits for consumers and businesses, they also compress the time available to detect and intervene in fraudulent activity. This places greater importance on prevention, monitoring, and intelligence sharing.

Artificial intelligence is another emerging theme. While AI offers significant opportunities for fraud detection and risk management, it is also providing criminals with new tools to create more convincing scams and operate at greater scale.

The reality is that fraud is becoming less of a local issue and more of a global one. That means responses will increasingly need to be collaborative rather than institution-specific or country-specific.

One of the biggest obstacles to tackling fraud effectively is the lack of meaningful intelligence sharing between fintech ecosystems, regulators, and industry players across jurisdictions. How significant is this challenge, and what practical barriers still prevent more meaningful cross-border information sharing?

The lack of effective intelligence sharing is one of the most significant barriers to tackling fraud and financial crime. What makes this particularly frustrating is that fraudsters are often very effective at sharing information, techniques, and intelligence. By contrast, FSPs, regulators, and law enforcement agencies frequently face legal, operational, and technical barriers that make collaboration much more difficult. 

This creates an asymmetry where criminals often have better access to information than those seeking to stop them. As financial services become increasingly interconnected, improving intelligence sharing should be viewed as a collective resilience issue rather than simply a compliance issue.

Several barriers limit collaboration. Legal and regulatory concerns relating to privacy, data protection, liability, and competition law can discourage information sharing. In some cases, institutions are reluctant to share information due to concerns about reputational risk or uncertainty regarding how information will be used. These concerns are understandable, but they can result in valuable intelligence remaining siloed.

There are also practical challenges. Different jurisdictions collect information in different ways, institutions use different reporting standards, and systems are not always interoperable. Even where organisations are willing to share information, the mechanisms to do so effectively may not exist.

Smaller and non-bank FSPs can be particularly affected because they often have less access to formal intelligence-sharing networks than larger institutions, despite facing many of the same threats.

The industry needs trusted frameworks that enable secure and proportionate intelligence sharing while respecting privacy and regulatory requirements. This could include standardised fraud reporting and cross-border cooperation agreements. It is not about sharing everything; it is about ensuring that actionable intelligence can move quickly enough to help prevent harm. 

The European Union’s regulatory alignment has helped create a more scalable framework for fintech operations across multiple countries. Do you see similar regional alignment models emerging in Africa, Asia, or Latin America – for example through fintech passporting arrangements or interoperable payment systems?

As digital financial services are delivered increasingly across borders, regional cooperation is becoming a necessity, although the pace and form of alignment differ by region.

Across Africa, Asia, and Latin America, we are seeing growing recognition that digital financial services increasingly operate across borders and that greater cooperation can create benefits for consumers, businesses, and FSPs.

In Africa, there is significant momentum around payment interoperability and regional integration. Many of our members recognise that fragmented markets create unnecessary friction, increase compliance costs, and make it more difficult for smaller and non-bank FSPs to scale across borders. The Central Bank of Rwanda have launched Fintech Passporting agreements with both the Central Bank of Kenya and Ghana, making scaling services within these countries less burdensome. 

Across Asia, we have seen encouraging progress in connecting payment systems and enabling more seamless cross-border transactions. Initiatives such as the linkage of fast payment systems between jurisdictions including Singapore, Thailand, Malaysia, India, and Indonesia demonstrate how countries can improve cross-border payments while maintaining national regulatory autonomy. These arrangements show that greater interoperability can be achieved through collaboration. 

Latin America is also seeing increasing collaboration around instant payments, digital finance, and open finance initiatives. While the region has not developed a passporting model comparable to Europe, there is growing interest in reducing fragmentation and creating more consistent operating environments.

Full regulatory harmonisation is not a necessity; in many cases, practical interoperability, mutual recognition, and greater alignment between regulatory frameworks can deliver significant benefits while respecting local market differences.

Are there particular regions or regulatory models that you believe are currently setting a stronger example in balancing innovation, consumer protection, and operational resilience?

Identifying a single model that can be universally applied is difficult, as regulatory approaches reflect local contexts and market conditions.

That said, some common characteristics emerge among jurisdictions that have successfully balanced innovation, consumer protection, and resilience. These include proportionate regulation, strong stakeholder engagement, regulatory clarity, and a willingness to adapt frameworks as markets evolve.

Jurisdictions that actively engage with industry often achieve better outcomes because they gain a clearer understanding of operational realities and unintended consequences of regulation. Similarly, regulators that adopt risk-based approaches tend to create more space for innovation without compromising consumer protection.

Increasingly, the strongest examples are not necessarily those with the most regulation, but those with the most effective regulation: frameworks that are clear, predictable, proportionate, and outcome-focused.

What do you believe should be the top priority for policymakers and industry leaders seeking to build a more resilient and inclusive global digital finance ecosystem? And what role can organisations such as Alliance DFA play in supporting this?

If I had to identify one priority, it would be trust. Without trust, consumer adoption slows and the benefits of digital financial services cannot be fully realised.

Financial inclusion, innovation, industry growth, consumer protection, and financial integrity should not be viewed as competing objectives. Sustainable progress requires balancing all these goals simultaneously.

Building trust requires collaboration. No single stakeholder can solve the challenges facing the sector alone. 

For policymakers, this means creating proportionate regulatory frameworks that encourage innovation while maintaining appropriate safeguards. It also means investing in foundational public infrastructure such as digital identity systems, payment systems, and data governance frameworks.

For industry leaders, the priority should be collaboration. Many of the challenges facing the sector, including fraud, cyber risk, interoperability, and compliance costs, cannot be solved by FSPs acting alone.

Organisations such as AllianceDFA play an important role by bringing together diverse stakeholders. By convening industry, facilitating dialogue with regulators, generating evidence-based insights, and promoting practical solutions, we can help ensure that digital financial systems are not only innovative and resilient, but also accessible and inclusive for the communities they are intended to serve.

One such example is the collaboration between AllianceDFA and AGRC. Across our respective memberships, we were hearing a consistent message: the cost of compliance is a significant challenge for small and medium-sized FSPs. To better understand these challenges and identify practical solutions, we are convening a joint working group. The working group will explore the key drivers of compliance costs, review successful approaches from different markets, and identify opportunities for greater efficiency and collaboration. Its findings will be brought together in a White Paper with recommendations for the industry to support a more proportionate and affordable approach to compliance across the sector.

Sarah Corley is Founder and CEO of the Alliance of Digital Finance and Fintech Associations (AllianceDFA), and a recognised expert in inclusive digital finance. She has supported the creation of over 16 industry associations and led research on topics including most recently Instant Payment Systems (IPS), the cost of compliance, and creating sustainable, high-impact industry associations. Sarah is a skilled speaker, author, advisor, and facilitator, having moderated global discussions and working groups, authored publications, mentored fintechs, and established conferences on the topic of inclusive finance. She holds an MA and is a Tufts University Certified Digital Finance Professional.