Earlier this week, the American Banker spotlighted an experienced M&A hand’s prediction of “hundreds of fintech failures.”  Wirecard of course does not augur well for this sector, but many so far dismiss its strategic implications on grounds that the German fintech was essentially a fraud.  True, but while not all canaries are in the best of health when they go down the mine shaft, they at least start out singing the same song.  The weakest croak first, but even the fittest soon expire.  Wirecard succumbed due to the climate created by investors and regulators alike. It has somehow become a given that taking a financial activity and turning it into tech magically dematerializes risk.  As two FedFin papers demonstrate, here and here, of course it doesn’t – risk changes.  Sometimes it changes for the better, but often there turn out to be a lot of little bodies on the mine-shaft floor.  As a result, a regulatory reset is already under way in Europe and will soon be joined by one in the U.S.

To forecast the future of fintech regulation, one has first to create a risk taxonomy.  Fintech is of course a broad rubric, subsuming everything from Robinhood’s day-trading platform to P2P lending to payment-service firms such as Wirecard and to far more business models and product suites.  And, as we’ve noted, fintech is different not only in scope, but also scale.  An activity housed in an ambitious start-up partnering with a bank is materially different than one undertaken on its own by a giant bigtech platform company.  Add in central-bank digital currency and the risks change still more, albeit for the better if CBDC is well designed.

Wirecard is nonetheless an illustrative mugshot.  The company is in the dock because its behavior may well have been criminal and was certainly unduly imaginative.  However, it is not the only fintech with once-accommodating auditors and regulators now brutally exposed to the rigors of a newly-unforgiving market.  There will be more.

Further, even if other payment fintechs were more scrupulous – and most are – there are signal failings in the governing and regulatory construct – such as it is – that promote a structurally high-risk business model.  In sharp contrast to the ponderous, costly, and capital-intensive process it takes to set up a bank, fintechs around the world are allowed to take people’s money first and build systems and controls later.  This powers them up to move fast and break the thing that is the old banking business model, but it also includes in the wreckage the hard-earned dollars of vulnerable consumers and small businesses.  That the U.K. Financial Conduct Authority is only now demanding that fintech payment companies keep adequate documentation of whose money they take and where it has gone speaks volumes about the risks embedded in this build-first, fix-later regulatory construct.

It has also come suddenly to the attention of global regulators that there are faint, if any, boundaries between the money some fintech payment processors take from consumers and the money that they keep for themselves.  Account segregation is a new thought in this sector even though it is an established artifact of traditional banking for very good reasons.  The absence of legal boundaries between fintech companies and parent firms is also a time bomb, enabling not just fluid accounts, but also acute conflicts of interest.  The FDIC is seeking to resolve these in the U.S. with new rules for nonbanks that own industrial banks, but this source-of-strength doctrine may still be hard to enforce here and is wholly lacking when the fintech eschews an insured depository affiliate.

FedFin’s previous reports also highlight regulatory asymmetries between bank and fintech products based not on what the service is, but how it’s delivered.  These asymmetries are often ill-understood by merchants and small businesses, exposing them to risks also coming into view as COVID strains the current infrastructure.  These will also come under renewed regulatory attention around the world.  In the U.S., Congress will also get involved – see for example legislation introduced just a week or so ago to mandate that merchants accept cash.  Fintech sometimes leaves not just rules behind, but also many lower-income, older, or disabled consumers.

Does this mean that fintech is evil and regulated finance must be the new norm?  Of course not.  What it does mean is that innocent victims of high-flying finance have again been hurt by a pervasive market myth.  Before 2008, the myth had it that subprime mortgages “democratized” credit.  Lately, it’s been that unregulated finance empowers inclusion.  Now, we know better.  This time, I hope the regulatory response is also better, enhancing sound innovation without unduly suppressing it.