Navigating the Challenges and Unlocking Opportunities in Fintech Compliance

In today’s fintech landscape, innovation is critical, but so is compliance. As the CEO and Co-Founder of Pier, where our API-first solution enables companies to quickly and compliantly launch credit products, I’ve witnessed firsthand how difficult it can be for companies to navigate the complex and fragmented regulatory environment, regardless of how groundbreaking their products are.

Compliance isn’t just a box to check; it’s essential for survival and long-term growth. For companies operating in the consumer lending, payments, or banking-as-a-service (BaaS) sectors, this means understanding and adhering to a maze of both federal and state regulations.

In this newsletter, we’ll explore the unique challenges fintech companies face when it comes to compliance, using consumer lending as an example, talking through examples like Affirm, Gusto, etc. These principles, however, apply to other areas of fintech, whether you’re building in lending, payments, accounting, banking-as-a-service (BaaS) and beyond. We’ll also look at how fintech can turn compliance into a strategic advantage, creating opportunities for market expansion, investor confidence and long-term success.

The past couple of years have been particularly challenging for fintechs operating in credit, Banking-as-a-Service (BaaS) and other heavily regulated areas. We’ve seen an increase in regulatory scrutiny, more aggressive enforcement actions, and shifting expectations for fintech companies and their bank partners. Fintechs that once relied on regulatory ambiguity are now under the microscope. Consent orders, fines and settlements have become more “common” than ever, and maintaining compliance is now more critical than ever for survival.

Several high-profile enforcement actions illustrate this tightening regulatory landscape: Evolve Bank & Trust came under fire in 2024 for deficiencies in its risk management, consumer protection and anti-money laundering (AML) regulations tied to its fintech partnerships. Cross River Bank faced a consent order in 2023 from FDIC for compliance failures related to the bank’s oversight of fintech partners.

So, what’s driving this? Part of this has to do with outdated laws, fragmented regulations across states, and evolving consumer and regulatory expectations around the impact of innovation. Let's unpack these challenges before we dive into the opportunities they unlock.

Many of the lending laws fintech companies must comply with were written long before the digital age. For example, the Michigan Regulatory Loan Act of 1939 and similar regulations in other states were drafted in a world where financial products were simple, and the concept of digital lending such as BNPL and earned wage access simply didn’t exist. It’s not news that these laws struggle to keep pace with innovations in fintech, leaving companies to interpret old rules in the context of modern, sophisticated financial products.

This disconnect creates ambiguity. Different states define basic financial terms differently—such as what constitutes a “loan” may be “non-revolving credit” in one state, while “non-zero-interest-credit” in another state. A good example is North Carolina, where parts of the consumer lending law contradict themselves, with one section setting a cap at 16% and another allowing up to 18%-33% depending on the loan amount. This lack of clarity leads to inconsistent interpretations, meaning that if you ask ten compliance experts for guidance, you'll likely get ten different answers. As fintech builders, we’re left to navigate these gray areas, balancing risk, product innovation and the need for clarity.

In practice, this ambiguity affects everything from how products are designed to how engineers code to accommodate differing regulations. Teams must decide how to move forward when faced with multiple interpretations of the law, and that decision can directly impact budgets, timelines, product roadmaps and priorities. These decisions altogether can shape the entire trajectory of your company.

If outdated laws weren’t enough, fintech companies also have to grapple with the reality that every state has its own regulatory environment, oftentimes driven by economical and political agendas. Over the last five years, state regulators have become much more aggressive in enforcing rules, even in areas that aren’t clearly defined. For instance, BNPL and payroll advances aren’t always specifically addressed in state and federal laws, yet regulators have pressed charges and meaningful fines against fintechs operating in these spaces.

Affirm, for example, started lending back in 2016 but faced a consent order from state regulators (e.g. $2M settlement with MA), requiring them to settle and acquire licenses on a state-by-state basis. Gusto, a payroll platform, also faced compliance challenges despite not being a traditional lender (e.g. Connecticut in 2020, New Hampshire in 2022). Some states like California have become particularly aggressive about enforcing their own lending regulations. California’s Department of Financial Protection and Innovation (DFPI) has cracked down on fintech companies offering BNPL and payday lending products, even when these companies partner with federally chartered banks. Other states, like Connecticut, have taken a similarly hard line on enforcing usury limits, even in cases where fintechs rely on bank sponsors located in states with higher interest rate caps.

The licensing process itself can be slow and cumbersome. While most applications go through the Nationwide Multistate Licensing System (NMLS), several states such as TX and FL maintain their own systems. In some cases, the backlog of applications can delay market entry for months or even years. The fragmented regulatory environment forces fintechs to devote significant resources to ensuring compliance in every jurisdiction they operate, making expansion a strategic and operational challenge.

This patchwork of state laws makes expansion a logistical headache. Companies operating across multiple states must carefully manage their compliance obligations, ensuring they’re licensed in each state where they operate and staying on top of changing regulatory requirements. Failure to do so can result in cease-and-desist orders, hefty fines, and legal battles with state regulators.

Once you’ve navigated the maze of outdated laws and state-level regulations, you’re faced with the ongoing demands of regulatory reporting and examinations. Every state has slightly different reporting requirements, timelines, and breakdowns.

For example, Texas and Maryland each have different forms – how interest is calculated, what counts as origination fee, how you report a loan under $500 for one state but loans from $100-5,000 for another state, etc. Moreover, states have different fiscal quarters and year end, like Georgia on October 31 and Arizona on July 31, creating yet another layer of complexity.

For a fintech operating across multiple states, managing this reporting can feel like a game of Overcooked. It requires coordination across compliance, engineering, operations and finance teams. Examinations and audits from regulators can also be incredibly time-consuming and resource-draining, often diverting attention from core business activities. Yet, these processes are essential to maintain the licenses and relationships that allow a fintech to operate.

Now that we’ve covered some of the key challenges, let’s talk about the opportunities compliance presents. While it can be tempting to think of compliance as a cost center or a distraction, it’s actually a strategic lever that can create significant value for fintech companies.

The traditional approach to compliance in fintech was reactive—waiting until a consent order or other enforcement action forced a company to address compliance gaps. However, fintechs are now moving toward a proactive approach. Instead of waiting for regulators to take action, forward-thinking companies are obtaining licenses, building robust compliance programs and working directly with regulators from the start.

Taking this proactive stance creates contingencies across your core infrastructure and reduces your reliance on a single bank sponsor or regulatory interpretation. It’s the difference between being in control of your destiny and constantly playing catch-up. Investors are also placing greater emphasis on compliance structures during due diligence, viewing them as a key requirement for success.

For years, fintech companies treated compliance as a checkbox—a necessary evil to be dealt with as quickly and cheaply as possible. But the landscape is changing. Today, compliance can serve as a competitive moat. Just as companies are proud to show off top engineering talent or the latest product/feature, they should take pride in robust compliance structures.

Building a strong compliance program not only protects against enforcement actions but also allows a company to move faster and more confidently into new markets. For instance, having state lending licenses means you’re less reliant on the shifting policies of bank sponsors, which can change overnight due to consent orders or other regulatory circumstances. Companies like Apple, Tesla and Avant have recognized this, acquiring their own lending licenses to better future-proof their operations.

The ROI of compliance is long-term. Just as how there’s a “known return” on hiring top talent, investing in compliance pays off over time. While the upfront cost may be high, the benefits of being in control of your regulatory destiny are well worth it. As fintechs grow, there’s a strong argument to view compliance as a core investment, much like hiring, cloud infrastructure or office space — something you can’t really cheap out on, without suffering the consequences down the line.

One of the biggest challenges for fintech leaders is balancing the need for rapid growth with the reality of long-term sustainability. Compliance plays a critical role in this balance. Companies that invest in compliance early can avoid costly mistakes down the road, whether in the form of fines, consent orders or lost market access.

Building a sustainable compliance strategy starts with understanding your product’s scope and determining which licenses you need to operate in various states. This requires a deep understanding of state-by-state regulations and a thoughtful allocation of resources. Whether you build your compliance program in-house or partner with a vendor, the key is to strike the right balance between speed and thoroughness.

Ultimately, compliance is not a one-size-fits-all endeavor. It requires strategic decision-making and a willingness to invest in the long-term health of your company. But for those who do it right, the rewards are clear: a stronger market position, more investor confidence, better unit economics and a foundation for sustainable growth.

The challenges of fintech compliance are real, but so are the opportunities. A proactive approach to compliance as part of business strategy can enable companies to unlock new markets, build trust with regulators and customers, and ultimately scale more sustainably.

Navigating the maze of federal and state regulations may seem daunting, but for fintech founders who take compliance seriously, the rewards are clear: a stronger market position, more investor confidence, and a foundation for long-term growth.