Sanctions screening alerts have shifted from a light snowfall to an avalanche. 

• Since 2023, Russian-based sanctions alone have increased 816%
• 73% of compliance professionals expect regulatory activity to increase
• And more than 44% of compliance professionals report their firm is ramping up spending to keep pace

Today, compliance is going through yet another revolution, a digital one. 

No matter how expert they are, humans alone do not have enough hours in the day to get through the never-ending requirements. 

Technological tools are vital. But they are not all created equal… And as we've seen with the likes of Binance, Starling and Synapse, the wrong digital strategy leads to failures, fines, and even forced closures. 

This article explores where some firms have taken wrong turns in their digital journeys and how to avoid them.

1. Never sideline regulatory compliance

Following the 2008 financial crisis, incumbents learned the hard way that regulatory compliance must come before profitability, as charges and fines came rushing in from newly minted regulatory bodies.

That crisis was fueled in part by a systematic failure to enforce compliance, where risk and profit-taking were prioritized over internal controls, leading to significant consequences and many consumers getting harmed in the process.

That same harsh lesson is now playing out for fintechs and challenger banks, who have mostly become mainstream since the 2020 fintech boom. In just 24 months, the world watched between its fingers as the likes of Block, TD Bank, Binance, Evolve Bank, Synapse, Mercury, and even Starling came under fire. 

• TD Bank was especially hard hit. With an eye-watering $3 billion fine for facilitating money laundering. 
• To date,  60% of fintechs have received fines of over $250,000 from regulators.
• We’ve also seen a wave of OCC Consent Orders against banks owing to fintech partnerships, and inadequate AML/CTF controls at their 3rd parties.

Fintechs and BaaS providers, in an effort to provide a better user experience and serve more populations that had been left behind by traditional financial services, often sidelined compliance. The drive to reduce friction, launch innovative products, and leverage alternative data to reach higher-risk or underserved segments came at the expense of robust risk management. In many cases, compliance was treated as a speed bump to growth rather than a strategic pillar, resulting in weak internal controls and elevated exposure to regulatory scrutiny.

As a result, we saw a wave of OCC Consent Orders against banks due to fintech partnerships, and inadequate AML/CTF controls at their third parties. U.S. federal regulators even issued a joint statement warning about fintechs and third parties being "incentivized to promote growth in a manner that is not aligned with the bank's regulatory obligations, resulting in insufficient attention to risk management and compliance obligations." Similar warnings have emerged from the EU and the UK's FCA, with more jurisdictions expected to follow suit.

Lesson: Never sideline regulatory compliance. It’s not just a legal requirement. It's a foundational part of fintech success.

2. Ensure your compliance systems are scalable

The tech world loves to bring things in-house. From custom chips to proprietary data centers and even private power plants, the "build it yourself" ethos is practically gospel among the Magnificent Seven.

But in finance, that mindset can become a liability. The regulatory environment is too important, too specialized, and far too dynamic for a DIY approach.

This is precisely where so many fintechs have stumbled, often with steep consequences. The homespun tools that served the first hundred thousand or even half a million users weren’t designed for the realities of operating at scale. As fintechs rocketed into the mainstream, those early systems began to crack. And the growth spurt has been rapid. Revolut, for example, has grown more than six-fold since November 2019 from 7.84 million customers to over 50 million. 

As the authorities noted in their joint statement, “Rapid growth [...]  may result in risk management and operational processes struggling to keep pace”.

Fintechs that failed to upgrade their compliance tooling as they scaled found themselves falling behind on critical obligations - from KYC refreshes to transaction monitoring - leaving regulators, partners, and customers uneasy. These gaps have led to enforcement actions, license delays, and in some cases, shutdowns.

Lesson: Ensure that compliance solutions are scalable, getting more intelligent, not just bigger, as data and risk exposure grow. In regulated industries, growth without smart compliance is a time bomb.

3. DIY compliance can be a false economy

Another issue with DIY compliance is the persistent belief that doing things in-house will save money while keeping quality high. On paper, it sounds like a smart move. In practice, it turned out to be dangerously shortsighted.

Between 2020 and 2021, at the height of the DIY compliance era, financial crime skyrocketed. U.S. citizens reported a 30% increase in fraud, driven by pandemic isolation, a surge in digital activity, and limited cybercrime awareness. During that same period, 63% of financial institutions saw a rise in attacks. By mid-2024, cyberattacks had doubled compared to pre-pandemic levels.

The inadequate compliance infrastructure at many fintechs made them an easy target. Criminals exploited gaps in onboarding, KYC, and transaction monitoring to open accounts and move stolen funds. Challenger banks became particularly vulnerable to Authorized Push Payment (APP) fraud. In the UK, Monzo, Starling, and Metro Bank were found to have the highest proportion of fraudulent transactions.

The homegrown compliance platforms simply weren’t built to defend against this level of sophistication or volume. What started as a way to control costs quickly turned into a liability. Now we are seeing the aftermath: multi-million dollar fines, mounting regulatory pressure, and public trust wearing thin.

The DIY compliance platforms were a disaster waiting to happen. Sure enough, we are now witnessing the avalanche of multi-million dollar fines and a whirlwind of regulation hitting fintechs. 

Lesson: DIY compliance is a false economy. Cutting corners early on may reduce expenses, but it leaves the door wide open to criminals.

4. Data sharing builds industry-wide resilience

For years, traditional banks worked together to build secure consortiums for sharing risk insights with law enforcement and peer institutions.

These consortiums, developed under strict legal frameworks, became critical tools in the fight against financial crime. But the threat landscape has shifted. Criminals now use modern payment rails, fintech apps, and crypto exchanges to move illicit funds in ways legacy systems were never designed to detect.

Fintechs are not blind to this challenge. Many want to contribute to and benefit from industry-wide data sharing. But gaining access to these networks has proven difficult. Approval processes are obscure, eligibility criteria are outdated, and the infrastructure was never built with fintechs in mind. As a result, the firms facing some of the most agile and creative fraud schemes are often left without the tools to collaborate effectively.

Meanwhile, bad actors take full advantage of the gaps. They exploit the lack of coordination between platforms, slipping through the cracks.

We should be sharing more data, more widely. 

In the words of the USA's Cyber Defense Agency, “Information sharing is the key to preventing a widespread cyber-attack". This is one avenue the Fintech companies have not exploited.

Fintechs can maintain their cost advantage and strengthen compliance by leaning into data and intelligence sharing through initiatives like Sonar. This means having both experienced compliance professionals in-house and purpose-built industry-wide technology.

Lesson: Data sharing builds industry-wide resilience, and we need to tap all parts of the financial stack to get the best risk insights.

Sardine is built for the needs of modern compliance

At Sardine, we don't wait for the fines to roll in to take compliance seriously. From day one, it's been a central pillar of how we build. Compliance isn’t an add-on or a last-minute checkpoint. It’s embedded into our roadmap, baked into our architecture, and guided by subject-matter experts who shape product development with a compliance-first mindset.

Our systems are designed for scale, so that what works for your first 10,000 customers still works for your next 10 million. We've built the fastest-growing global network of profiled devices, surfacing risky behavior across 136+ countries and over 2.5 billion devices. That means better intelligence, better detection, and better protection from day one.

We also founded Sonar, a member-led consortium that unites banks, fintechs, payment processors, merchants, and crypto platforms to securely share insights on first-party fraud and counterparty risk. It’s a space where collaboration meets action, because resilience isn’t built in isolation.

Best of all, clients often call us an extension of their team.

Working together, we can be more than the sum of our parts, creating a stronger and safer onboarding process without the hefty price tags. 

If you find yourself getting a shiver from the compliance ghosts, get in touch! We're just a few clicks away.