On 12 February, founders, investors and compliance specialists joined us for the latest instalment in our FinTech Breakfast series.
Over the course of a morning at 1 Lombard Street, in the heart of London’s financial centre, FinTech leaders engaged in conversations surrounding the evolving regulatory landscape for payments and e-money firms, as well as exploring the wider industry impact of compliance changes and the FinTech risk landscape.
An unprecedented risk climate
Per-Olof Ahlstrom, Head of Risk Assurance and Advisory Services, kicked off the event outlining the unprecedented risk landscape. With over 25 years’ experience in the sector, P-O remarked that he has never seen such a varied and complex risk landscape as that now facing financial services.
Amongst the most significant risks is unsurprisingly ongoing geopolitical uncertainty as the world faces trade wars and military wars alike. Over the last 10 years, an additional layer of risk has been created by the growing regularity of cyber-attacks and fraud and, consequentially, importance of cybersecurity continues to increase. High-profile cyber-attacks across retail, manufacturing and government & councils, as well as technological developments and the looming threat of state sponsored threats, have further reinforced the importance of preparation.
The regulatory landscape is also an increasing influence and source of concern, consistently featuring as one of the chief challenges according to our benchmarking. Although much of the messaging and sentiment from governments worldwide has signalled greater de-regulation, this has been contrasted in practice with the considerably increased regulatory compliance burden introduced in many sectors, including FinTech.
The impact of CASS 15
To this end, a matter of much conversation at the breakfast was the impending enactment of CASS 15, the new supplementary regulatory regime which takes effect from 7 May 2026. The new regime introduces an enhanced framework of rules that Payment Institutions (PIs) and Electronic Money Institutions (EMIs) within scope must comply with.
Karen Allan, Partner and Head of FinTech, detailed the important evolution that CASS 15 represents. Historically, firms were not required to have an annual safeguarding audit performed by a qualifying auditor, and many reviews were therefore carried out by compliance advisors. However, from 7 May, this will no longer be permitted, and audits must be conducted by a qualified auditor.
The update covers APIs, EMIs, as well as small EMIs and credit unions issuing e-money, and therefore will have a considerable impact on the FinTech sector. As regulation across FinTech tightens and evolves, a proactive response will be fundamental. The firms that thrive will be those that don’t cut corners, but instead work hard to set the pace for the wider industry.
As Karen highlighted, the landmark regulatory change in May in fact serves as an opportunity for firms to offer strong strategic signals to the market with robust governance, beyond mere obligations. From an investor’s perspective, those founders that can demonstrate resilient compliance will be providing considerable proof points and green flags for investment, inevitably boosting confidence at every stage of growth.
Compliance as a growth strategy
In FinTech, regulation is not a passive observance, but a foundational aspect of early and growth stages. In a landscape where rules can shift as fast as the market, speed needs to be grounded in expertise. Having a compelling offering to take to market requires bringing the right partners onboard, whether that’s compliance advisors, auditors or subject matter specialists.
The 7 May deadline is set to bring about deeper scrutiny than ever before, and detailed compliance work and statutory audits cannot be afterthoughts. Auditors with genuine cultured regulatory experience and the bandwidth to deliver under pressure will be essential.
For many FinTechs – particularly those at an early stage of growth – defined roles and responsibilities are blurred, and a substantial number of firms elect to operate leanly for maximum yield. Yet the compliance culture post-CASS 15 will be far more intricate, making such a minimalist structure an outsized risk. Instead, a dedicated Head of Compliance is likely to become a cornerstone of a successful FinTech, that scales in proportion with you and your organisation’s complexity.
With strong compliance keeping FinTech on the right side of the rules, founders and other leaders will be freed up to do what they do best: innovate, sell, and raise capital.
Taking the next step
For those looking to strengthen their compliance foundation at the tip of the spear for FinTech, if you want to stay ahead of regulatory change and build a company that scales with confidence, our specialists are here to help.
Get in touch with our team to discuss how we can support your compliance, audit, and growth ambitions – and turn regulatory readiness into a competitive advantage.
