Compliance Is the Real Product in Fintech
FX & Float: Operator Note
In 2010, I was in a meeting with a senior executive at Citibank. This was the early days of mobile banking, and the conversation turned to the wave of fintechs that were starting to emerge. I asked him whether he was worried. He smiled and said no. “Everything is moving to mobile,” he said. “But we have something none of them have. Our licence.”
At the time, it sounded like a defensive answer from someone who did not want to acknowledge the threat. A decade and a half later, I realise he was more right than I gave him credit for.
People trust financial companies with the one thing they cannot afford to lose. Their money – in the form of their savings, investments and payments. When a fintech does any of these, it is doing much more than selling a service. It is asking for trust. And a licence is the most credible signal of that trust.
Trust is the hardest asset to replicate. A well-funded competitor can replicate everything else in 12 months: a better UI, a faster onboarding flow, a cleaner dashboard, and a lower fee. But a regulatory licence, built across multiple jurisdictions and supported by the right compliance infrastructure, banking relationships, and regulatory track record, takes many years to build. This is the hardest barrier to entry for new competition, and doing it well is the most durable competitive moat.
But let’s not mistake compliance for the paperwork that supports the licence. Compliance is the operating layer that makes the licence effective. The KYC process to verify the customer, transaction monitoring to ensure the platform is not used for fraud or money laundering, sanctions screening to keep the company and its customers away from restricted counterparties, and regulatory reporting that demonstrates credibility to the regulator, year after year. All of this makes trust possible. The product and the interface on top of it, however well designed, are the wrapper.
The best evidence of this is what happens when the world’s best technology companies try to enter financial services. Apple Pay, Google Pay, and X’s payments ambitions all share a common characteristic: they are built on top of licensed financial institutions. Apple and Google work through card networks and issuing banks. X’s lofty financial services ambitions have started with a partner bank that holds customer deposits. These are not small companies with limited resources or engineering talent. They are the most capable technology organisations in the world. And yet, when it comes to financial services, they build within the regulatory infrastructure, not outside it.
Some see this as a system protecting incumbents. That is a superficial and incorrect reading. The licence requirement is not a moat that the Citibanks of the world built to slow down competition. It is the safeguard regulators built to protect the people whose money is at stake - the customer depositing their savings, the small business sending a payment to a supplier, and the worker sending money home to their family. These are people who cannot afford to have the system fail.
The fintechs that understand this treat compliance not as a function that permits them to operate, but as a signal they send to customers every day. That signal is: your money is safe here. We have the licence, we have the track record, and we have a compliant infrastructure. Everything we have built, we have built on top of that.
The Citibank executive was not being defensive. He was being precise. The fintechs that eventually threatened him did not win by replacing the licence. They won by earning one.

