Finding regulatory orifices for fintech products
Building a fintech product is a delicate balance of - illegal and undifferentiated. It's easy to know if your product is differentiated, but how do you know if it's not illegal?
The biggest sin of a fintech company is an undifferentiated product.
The high cost of starting and running a fintech company, regulatory barriers, legal and compliance expenses, and other factors make it difficult for a fintech company to survive without differentiation.
Few fundamentally new products are launched in fintech, and even fewer become large companies.
I’ve realized that to build a large fintech company with a differentiated new product, you need to find a “regulatory orifice.”
What’s a regulatory orifice?
Regulatory orifices are tight gaps in the regulations that make it possible for your product to exist but have not yet been legally tested for your product. These regulatory gaps allow you to offer a new value proposition without violating the law.
There is no consensus on the legality of the product. At least 50% of the people you talk to will think it’s illegal. The remaining won’t be sure. Most “fintech pundits” despise these products and pronounce them to be non-compliant.
That’s where the real opportunity lies in fintech.
Why does it matter in fintech?
Very few large opportunities lie around in a highly regulated and contentious sector like fintech. This is especially true for banking and credit.
Most fintech products are a “commodity.” More and more fintech companies look alike.
As we have all seen:
the next lender
the next credit card
the next checking account
the next robo advisor
They all look the same.
Money is the definition of commodity, and most fintech products offer money in some form.
Without differentiation, it becomes a battle of CAC (which is, in any case, high for fintech).
Why do fintech products look the same?
Financial services are among the most regulated industries, and the U.S. is the most litigious country in the world.
External forces push fintech companies toward proven, legally-safe product designs. Imagine all the banks—when have you ever experienced a differentiated bank account?
External experts push for a safe product because fintech is probably the sector with the highest number of lawsuits.
Even positive innovation is met with strong pushback and extreme competition.
In other words, there are no positive points for helping someone; only negative points for not following the regulations.
Below are a few examples:
District of Columbia AG filed a lawsuit against Earnin for deceptive marketing techniques
In May 2024, the CFPB sued SoLo funds for falsely advertising no-interest loans. The attorneys general of Connecticut, DC, and Pennsylvania also sued for multiple reasons.
FTC sued Dave (a banking app) in Nov 2024 for misrepresenting tips and false advertising.
In Aug 2022, CFPB sued Hello Digit for lying to consumers about its automated savings algorithm
Multiple agencies have sued most household names, including Chime, Robinhood, SoFi, LendingClub, GreenSky, Goldman Sachs, and PayPal.
In fintech, getting sued is not a matter of if, but when.
You can (mostly) recover from lawsuits for false advertising, exaggerated claims, and misrepresentations, but one that makes the product illegal or forces you to change your product’s value proposition can.
That’s why it’s important not to be sued for your “product construct.”
That’s why lawyers and consultants are the most conservative on product definitions.
Following conventional legal guidance leads to building compliant but undifferentiated products that mirror existing solutions.
Everyone fears getting sued on the core product construct and having to shut it down completely.
A simple test
I have a simple test to determine if you are on to something:
If you find yourself pushing back and asking a lot of “why” questions, and all you hear is, “It’s how it is,” you know you are on the right path. You should feel confident about the product if they can’t point you to specific regulations or legal statutes that make it illegal.
With this test, you can also filter for truly creative and forward-looking experts. The good ones will lean in; the bad ones will just repeat what they have heard.
All regulatory orifices share these things:
Unexploited gaps in the regulations to offer a unique value prop
Misunderstood concepts broadly accepted as “best practices”
Opened up because of new technology or change in consumer behavior
Without a clear answer by industry practitioners
Can only be figured out after building the product (but it gets there)
Legally expensive to figure out (generally in a regulatory gray area)
What regulatory orifices are not:
Going against established and clear violations of laws
Previously tested and fined by regulators
Gets your partners in trouble (either because they can’t support it or makes it illegal for them)
Confidently considered illegal by truth-seekers in the industry
There’s no right answer, but I have found the above heuristic to be a good indicator.
A few examples:
charging $10/month for a $250 line of credit (Brigit)
no interest with an optional tip (Earnin)
a debit card that helps you build credit (Extra app)
offering accounts in the US without a physical US presence (Mercury, Stripe)
lending based on school and GPA (Upstart, SoFi)
These value props sound like the norm today, and no one bats an eye. But when they launched, they all went through a trial by fire.
On the surface, these value propositions look like they partly violate a regulation.
Brigit* (and similar companies) are good examples of finding a regulatory orifice. These apps target low-income, low-FICO customers who are more likely to rely on payday loans.
Brigit charges a subscription fee to give consumers a cash advance of up to $250. The advance must be paid in full within one payment cycle (or the next payday). In theory, it’s like a payday loan, and accessing the loan costs $9.99 (subscription fee).
Regulators are cautious about products that put the most desperate consumers into debt. Many states including New York, New Jersey, Connecticut, and Massachusetts don’t allow payday loans.
Here’s guidance from CFPB on the definition of payday loans. According to the guidance, payday loans:
Usually small dollar amounts ($100-$500).
Relatively short term (2-4 weeks), usually on the payday
Require repayment authorization
Don’t need a credit check
Per this definition, Brigit’s original product would be considered a payday loan. Customers were charged $9.99 to access a $250 cash advance, which must be paid back at the next payment.
After extensive, expensive legal exploration, companies learned that a product that provides “valuable additional services” for the subscription fee is not a payday loan.
Because the subscription fee is not for the cash advance, it’s for the package of other services.
That’s why you’ll see all subscription plans have a ton of additional features/services like credit building, identity protection, rewards, financial planning, etc.
Consumers use these products primarily for cash advances (payday loans); however, because of the additional value-added services, they are not considered payday loans.
This is a “regulatory orifice” that consumer financial apps exploit, and it’s worth billions of dollars.
Another popular example is charging “tips” instead of interest or fees, which Earnin popularized.
Generally, lenders are required to show a Truth in Lending Disclosure (per Reg Z) summarizing the financial terms of the loan. For small-dollar loans, this APR could be in the hundreds of percent, making them unviable for most consumers.
But tips are voluntary, so they can’t be considered interest.
This interpretation allows the product to be widely available and not scrutinized.
However, according to multiple lawsuits, Earnin defaults on a minimum tip, which makes it more difficult to cash out again if borrowers decline to give tips.
Finding this regulatory orifice has generated billions of dollars of combined market cap for these companies (aside from the lawsuits).
How do you discover a regulatory orifice for your product?
The important thing about regulatory orifices is that you can’t start by figuring out an orifice and then build a product.
You always build the product first (with enough confidence) and then determine for certain whether it is a regulatory orifice.
It is always ex-post, rarely ex-ante, and it’s always to build a different product that customers value.
Here’s how it goes:
Founders start a company because they want to offer customers a unique product.
They start by building the product and validating their hypothesis.
Based on this validation, they raise their first round of funding.
Then, to fully build the product and offer it to a broader customer base, they talk to potential partners.
These partners could be bank sponsors, networks, processors, payment gateways, etc.
The partners, who have never seen this product, don’t quite understand whether it’s legal.
If the product has been seen before and is considered risky or illegal, it is immediately shut down. If it is not, this starts a discussion with the internal legal/compliance teams, external counsel, and consultants.
Sidenote: This discovery process costs a lot of money. That’s why many partners only engage with startups that have raised substantial funding.
Over time, it was discovered that the product could be legal because it is in a regulatory gray area.
The product is somewhat blessed after expensive conversations with all of the above.
The product inevitably changes to reduce regulatory risk but manages to keep its original shape (unique value proposition).
As the product grows and gains attention, it undergoes multiple rounds of regulatory review. If it survives, it becomes an industry standard.
Exploiting a "regulatory orifice" is the only way to build a differentiated product without being sued out of existence.
Important:
When the product value proposition is tested with external parties like lawyers or consultants, it is important to push to preserve as much of the original vision as possible.
Their incentive is to push the product to the standard norm because they are all risk averse and generally don’t have an incentive to offer advice that risky. They don’t want to be associated with a product that gets caught up in legal trouble.
Tips for navigating the path to a differentiated product
Founders must be keenly aware of the product they want to build and keep the consumer experience and value proposition sacrosanct.
You should be willing to go deeper than the presumed experts.
It’s easy to give in to legal and compliance pushback and slowly modify the product to hedge your risks. Even though that advice is generally correct, you have to ask a lot of “why” when building a new product that doesn’t exist.
If you stumble upon a value proposition loved by consumers and start working with external counsel, pick the right law firms, consultants, and experts to help you find long-term opportunities.
Incline towards external counsel who helps you find answers, not the ones who just cite “industry best practices.”
Finding believers and explorers (who are experts) is the best way to discover a “long-term regulatory orifice.”
Hope this post was helpful.
Founders should be optimistic that they
*Upbound recently acquired Brigit for up to $460M in cash and stock.