This article was written by Anthony Boogert.
Fast growing technology companies often employ a regulatory strategy of 'asking for forgiveness, not permission' when it comes to regulatory compliance in the hope that support from their customers will ultimately overcome any unhappy regulators.
Whilst all businesses should be mindful of their legal and regulatory obligations, this strategy is particularly risky for technology companies within the financial services sector ("fintech" companies), considering the numerous licence conditions and regulations that often apply to these companies. The regulatory environment for financial services businesses in Australia has also intensified lately following the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, which found that misconduct in the financial services sector was not being sufficiently punished. Particularly as the Government has committed to implementing all 76 recommendations from the final report that was released earlier this year. Now more than ever, regulators such as ASIC, APRA and AUSTRAC, are looking to enforce, and be seen enforcing, financial services laws and regulations.
It is also important not to underestimate the challenges of an IPO process. A listed company typically builds up 'trust' from the investment community over time by meeting its prospectus forecast and subsequent earnings guidance, without any other surprises. However, a company looking to list is likely to struggle if an issue, such as a regulatory investigation, emerges during the late stages of the IPO process. Furthermore, ASX has made it clear that a company is unlikely to satisfy Listing Rule 1.1 condition 1 (having a structure and operations appropriate for a listed entity) if its business does not comply with applicable laws in Australia and the other jurisdictions in which it operates.
So how should a fintech company go about overcoming these challenges?
Firstly, conduct a thorough review of the business' regulatory compliance and consider adopting best practice recommendations in advance of an IPO. The IPO due diligence process conducted by a company and its advisers should be designed to uncover any material compliance issues. An IPO prospectus must be lodged with ASIC and the IPO itself often generates significant media attention, so additional regulatory scrutiny during an IPO should be expected.
Secondly, engage with the relevant regulators on areas of uncertainty before the proposed IPO is publicly announced. An unexpected regulatory enquiry during the late stages of an IPO process can be just as damaging as a targeted regulatory investigation. If there are questions over whether an aspect of the business model is lawful, these should be resolved as early as possible in the process.
Finally, where material breaches of license conditions or other regulatory obligations are identified, it may be appropriate or even mandatory to self-report those breaches to the relevant regulator in order to minimise the extent of any enforcement action.
A light touch approach to regulatory matters can be common for technology companies who are more focussed on growing the business than compliance. However, while e-commerce companies may have succeeded with this strategy in the past, it may be particularly risky for more regulated fintech companies.