The standard framing in early-stage fintech is that compliance is friction. Regulatory authorisation takes time. KYC onboarding adds steps to the customer journey. Transaction monitoring generates alerts that require human review. Anti-money laundering obligations impose reporting requirements with material penalties for failure. These costs are real, and the temptation to minimise them — by using a partner institution's authorisation, by deploying the minimum viable transaction monitoring ruleset, by keeping the MLRO function as thin as legally permissible — is understandable at an early stage when operational bandwidth is scarce. The argument we have been making to founders since our first investments is that this framing systematically undervalues what a compliance capability, built properly, contributes to the business at scale.
The competitive advantage of compliance capability is most visible in enterprise sales. A mid-market professional services firm or an enterprise SaaS platform evaluating a financial infrastructure provider will, before any significant commercial commitment, conduct vendor due diligence that includes a review of the provider's regulatory standing, AML procedures, and data protection posture. A payment infrastructure company that can produce a current FCA authorisation, a documented MLRO function with a clear escalation path, a transaction monitoring system that has been calibrated against JMLSG guidance, and a data processing agreement aligned with UK GDPR will move through enterprise procurement materially faster than one that cannot. The compliance investment is not just a legal requirement — it is a sales enablement function.
The second dimension where compliance creates competitive advantage is in product design choices. Consider two embedded lending platforms. The first has built its credit decisioning model without explicit attention to the Consumer Duty requirements introduced by the FCA, treating the model as a technical artefact to be reviewed by regulators later. The second has designed its model with the Consumer Duty outcome tests built in from the start — specifically, the requirement to demonstrate that the credit product is in the customer's financial interest, not merely underwritten to the lender's acceptable risk threshold. In a supervisory review, the second company's approach is markedly more defensible. But more importantly, the discipline of designing around Consumer Duty outcomes tends to produce a better product: one that doesn't extend credit to customers whose cash flow analysis suggests they cannot sustainably service it, which in turn produces lower default rates and better long-term unit economics.
Reflow, a company we backed in 2024, is building automated compliance reporting infrastructure — the plumbing that converts transaction data into the regulatory returns that payment institutions and electronic money institutions are required to file. It is an unglamorous product category that sits entirely within the compliance cost centre of its customers. And yet the sales conversation at every financial institution they approach begins with a version of the same problem: regulatory reporting is currently a manual, error-prone process that consumes senior compliance staff time and generates audit findings. The willingness to pay for automation here is not reluctant — it is enthusiastic, because the risk of a material reporting error is a business risk, not just an operational cost. Infrastructure that takes compliance risk off the table for financial institutions commands premium pricing and exceptional retention.
We are not arguing that compliance investment always pays off, or that there are no cases where a lighter-touch approach is appropriate at the earliest stages. A pre-revenue company spending heavily on compliance infrastructure before it has validated product-market fit is misallocating scarce capital. The distinction we draw is between compliance as a product architecture input — deciding from day one that the data model will support the audit trail the regulators require, that the onboarding flow will be designed to satisfy KYC obligations at scale, that the transaction monitoring logic will be documented and defensible — versus compliance as a retrofitting exercise conducted under pressure ahead of a fundraise or a regulatory enquiry. The former is a strategic asset; the latter is a liability.