Originally appeared in BAI Banking Strategies

Implement collaborative monitoring and feedback loops, defining risk and compliance as a shared responsibility.

Over the past few years, many in the banking and fintech space argue they’ve faced significant regulatory and supervisory intensification by the Federal Reserve, FDIC, OCC and other agencies to ensure they tighten controls and add consumer protections.

Now, facing potential changes to various regulations and shifts in the structures of the regulatory bodies themselves, the industry must navigate regulatory uncertainty while facing tough decisions on where, how and how much to invest to ensure that their ability to operate and serve customers continues.

From our perspective, while challenging, the increased scrutiny and oversight in recent years brought positive developments and helped the industry to mature offerings and collectively commit to building and delivering products that place customers’ best interests and protections front and center. In fact, a recent survey found 58% of embedded finance decision-makers regard complying with strengthened regulations in the money movement and embedded finance space as a worthwhile effort that will enhance their businesses over the long term.

Nonetheless, most also agree that failure to meet compliance requirements and risk of regulatory enforcement actions are concerning, and we expect that as the regulatory landscape changes, strong risk management and customer protection will remain an important focus in 2025 and beyond.  As such, the following are three areas banks and fintechs should consider investing in and enhancing for the interests of their customers and their business.

1) Technology

The platforms and processes that support priorities such as Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance can have a tremendous impact on the effectiveness and efficiency of these programs.

As firms navigate these complex issues, many should consider advanced technologies like AI and machine learning, which can improve real-time monitoring, risk scoring and anomaly detection. These technologies can be useful in efficiently and effectively monitoring, assessing and predicting potential risks in real time by identifying patterns and outliers that traditional methods might miss, especially when coupled with human judgement and analysis.

Firms must also institute clear governance structures and strong compliance frameworks that align with regulatory requirements, have well-defined risk management policies, and update processes continuously to adapt to evolving risks and regulations. Robust risk management processes not only foster collaboration between departments within a firm, but also between fintechs and their partners. Sharing information on emerging risks, fraud patterns and cyber threats, both internally and where permitted, externally, enables proactive risk mitigation and strengthens overall security.

2) Teams

Banks and fintechs should take a close look at their regulatory and compliance teams, as the skill sets and capabilities required today have and are continuing to dramatically evolve.  Not only should talent possess strong backgrounds in regulatory compliance (BSA/AML, Know Your Customer, data privacy and more) but they should also contribute deep technical skills in areas like data analytics, cybersecurity and financial crime prevention, particularly as the complexity of these areas grows.

The right talent and team composition can help companies bridge the gap between tech adoption and regulatory adherence, ensuring new platforms and processes meet compliance requirements and mitigate risk.

3) Training

The buck cannot stop with the regulatory and compliance teams. Banks and fintechs must establish a strong culture of compliance by taking a more active role in ensuring employees in all parts of the organization understand their role in compliance. Start with clear communication and role-specific training, where each department receives tailored training on how compliance applies to specific functions. This ensures employees at all levels – from IT to marketing – understand their unique responsibilities in protecting the customer from consumer harm, preventing siloed compliance failures and adhering to regulations.

Leadership must also hold the entire organization accountable for maintaining compliance standards in their respective roles. Banks and fintechs should implement collaborative monitoring and feedback loops, defining compliance as a shared responsibility that requires regular collaboration between departments. This communication encourages proactive issue resolution and ensures a collective effort toward compliance from all teams and departments.

Today’s heightened regulatory environment seeks to protect consumers. As large-scale embedded finance programs evolve to bring customers more banking options, the calls for multi-party partnerships to adhere to expanding regulatory compliance requirements only grow more urgent.

Banks and fintechs should strive to develop a strong risk management strategy that both meets the industry’s ever-changing regulatory requirements aimed at protecting customers and also serves their evolving needs. These critical measures, supported by enhanced technology, the right talent and team composition, plus training, can assist in properly safeguarding consumers from an expanding and evolving set of risks, and help the providers of embedded finance strengthen their businesses over the long term.

Kim Olson is Chief Risk Officer at Green Dot.