Building a compliant user experience in fintech

In almost all post-revenue fintech companies with a consumer-facing app, there is an unspoken layer of friction between compliance risk management and user experience.


Building a compliant user experience in fintech

Almost all post-revenue fintech companies with a consumer-facing app have an unspoken layer of friction between compliance risk management and user experience. This friction increases as revenue grows. When revenue is small, companies usually take more risks to enable growth. Once revenue becomes significant, protecting it becomes more important in order to maintain licenses, maintain a good relationship with the regulators, and showcase rigid compliance practices to banking partners/service providers. The key challenges might vary based on the risk appetite of the company.

A compliance or risk officer might ask for a compliance layer where every transaction has to be checked and flagged as safe or risky before any payment is processed. This is to ensure all suspicious behavior can be caught in flight prior to fulfillment of the transaction and before exposing the business to various risks. Below is a dummy visualization.

https://cdn-images-1.medium.com/max/600/1*rT9kY4Rd8Q9e1RMwBQGz8Q.png

Now pay attention to the relationship between the three stages. The only way for the end-user to get feedback is to make sure the compliance layer completes its job. If you think about any average-quality consumer app, users will expect to get near-real-time system feedback (for example, instant payments). This is one of the key reasons why risk management and compliance can put so much pressure on great user experience. The only way to mitigate this while meeting requirements is to enable the compliance layer with near-real-time processing.

You might be asking why it has to be near-real-time. To answer this question, we need to analyze the consumer finance market and benchmark user experience. Say all of the competitors of a startup can process payments much faster for their users, assume instantly. This means the competition doesn’t allow this startup to wait for minutes or hours until transaction monitoring can be completed and the transaction can be marked as safe. This is not to say there cannot be any other differentiators. For the sake of this article, we will focus on speed and instant processing.

A more relatable (and user-facing) example is the ID verification process, also marketed as KYC (Know Your Customer). Not so long ago, there were apps asking you to go to a branch to show your passport or upload the pictures of your documents just so you could get a bank account. Then came the eKYC providers like Veriff, Onfido, Sumsub, Jumio, etc. Now, most apps have a much more seamless verification process where users can complete all the required steps in one session. Takes only a few minutes in total.

Similarly, this is why the speed of your transaction monitoring software becomes critical. From the moment a user takes action, until the moment they receive system feedback with a success message is the cornerstone of building a frictionless user experience. Making your user wait so that you can go check their transaction against some rules makes no sense from an experience perspective.

Let’s recap the core requirements that are conflicting without a real-time transaction monitoring solution:

  1. All transactions have to be scanned and marked as safe or suspicious.
  2. Users need to get instant feedback to at least be as good as the competition.

These two requirements leave startups with two choices:

  1. Find a provider who can handle all types of rules in real-time, and can empower risk management with a self-serve, no-code back-office platform.
  2. Build everything in-house by diverting limited engineering capacity from the core business.

Traditionally, all providers in the market can provide near-real-time speed only for light rules that don't require intensive data processing. Once the rules become data-intensive (e.g. few million data points), their architecture cannot bear the load. There are only a handful of companies that can handle this type of data intensity. And those are tailored to the needs of enterprise-sized companies with deep pockets. Their pricing reflects that clearly starting at ‘few’ hundred thousand Euros. That is not feasible for an early-stage startup with limited resources.

Consequently, that forces startups to build a primitive solution in-house by reallocating their valuable tech resources instead of focusing on their core business. This is where Flagright’s tailored architecture helps startups handle large amounts of data near-real-time, even with complex rules. Further, it’s built for startups as a turnkey solution to get young businesses up and running within hours. Providing a large set of rules that cover anti-fraud and anti-money laundering use cases, it arms startups with off-the-shelf compliance capabilities within a week from scratch.


When you talk to compliance managers or risk operations managers, you will hear them talk about manual workload, case management, and false positives a lot. That’s because it’s a big pain point. Imagine there are 100 transactions. 50 of them are legitimate. The other 50 are frauds. The safest way to catch them is to stop all of these transactions and treat them as suspicious, which triggers a manual investigation for each. But blocking the legitimate 50 doesn’t only lead to wasted manual effort, but it also diminishes customer lifetime value, unit economics, and satisfaction metrics, and it increases churn. This is why it’s so critical to catch the bad actors and enable the good ones. False positives are a huge problem that hurts both the back-office teams and good users. Hence eventually the company itself. Flagright uses advanced anomaly detection algorithms and data enrichment techniques to triangulate millions of data points and minimize false positives. From SDK-enabled device analytics to criminal and sanctions databases, the wealth of data points lets Flagright solve the data problem instead of the primitive and outdated rules engine approach.

Drop your comments below and let us know how you are solving your risk management challenges. Contact Flagright here to learn more about what’s possible at affordable startup pricing.

Baran Özkan

Co-founder & CEO at Flagright

Similar posts

Dark Blue Bg