Mandy Cooper is head of payments risk management at First International Bank & Trust, bringing more than 25 years of experience in financial services, compliance and risk management.

Navigating the intersection of innovation and regulatory compliance in the U.S. has always been a complex endeavor. Recent shifts in federal administration have introduced significant policy changes, amplifying uncertainty and complicating efforts to anticipate and adapt to evolving regulatory landscapes.

Rather than attempting to time regulatory cycles, banking and fintech leaders should focus on what responsible stewards in this industry have always done: drive growth while maintaining strong, adaptable risk management strategies. By embedding compliance into the core of their operations, organizations can maintain stability and resilience amid shifting political and regulatory landscapes. For example, First International Bank & Trust’s Kotapay division eliminated middleware to establish direct relationships with third-party fintech partners through its banking-as-a-service platform, Kavinu. This approach gives compliance teams full control and real-time visibility into account activity, enhancing oversight and ensuring alignment with evolving regulatory standards.

Regulatory rollbacks may offer temporary relief, but underlying risks persist and can lead to costly enforcement actions, operational disruptions and reputational damage. Let’s recall the 2008 financial crisis. Institutions that scaled back compliance and allowed for excessive risk-taking eventually faced massive fines, failures and lasting reputational harm.

Most recently, the 2024 collapse of Synapse Financial Technologies highlighted the dangers of weak compliance practices and unchecked risk. Synapse’s bankruptcy disrupted millions of users due to financial mismanagement and poor reconciliation of FBO accounts, exposing risks in third-party banking services and emphasizing the urgent need for stricter oversight and operational resilience.

These examples underscore the importance of maintaining robust compliance frameworks, even amid regulatory shifts. Proactive risk management and adherence to compliance standards are essential to safeguard institutions against potential pitfalls and ensure long-term stability and trust. Below, I break down a few essential strategies banking and fintech leaders should consider as they maintain high compliance standards while driving innovation.

Building agile compliance frameworks

A well-structured compliance management system (CMS) should be adaptable, ensuring internal governance frameworks, internal controls and oversight processes remain even when regulations become less stringent.

Prioritizing an organizational culture of ethical behavior and ongoing staff training beyond mere regulatory compliance requirements ensures resilience and alignment as mandates shift. For example, when a fintech launches a new digital financial service, embedding compliance early in product development builds operational resilience from the start and fosters accountability at all levels.

Core risks, such as fraud, money laundering and data security remain constant regardless of regulatory changes. Those requirements are agnostic to the political environment. Maintaining a risk-based mindset at all times is essential, rather than reacting solely to shifting mandates.

Integrating compliance into innovation

Embedding compliance across all levels of the organization — from leadership to product development and beyond — fosters ethical practices and effective risk management. Compliance professionals should work closely with product teams to fully understand new offerings, ensuring that risk assessments and compliance reviews are integrated into the development lifecycle. Demonstrating a compliance-first mindset builds trust with customers and regulators and avoids costly remediation.

It’s significantly harder to repair cracks in weak compliance practices than it is to have sound practices from the beginning. For instance, proactively engaging with regulators and tailoring risk management to specific products helps mitigate unforeseen regulatory issues. Risk is not one-size-fits-all. Applying specific compliance measures to each product line ensures effective oversight and controls are in place to mitigate potential exposure.

Strengthening partnerships through due diligence

Thorough due diligence of third parties is essential to prevent gaps in risk management. The collapse of Synapse highlighted how gaps in third-party risk management can expose organizations to significant risks, including reputational damage and substantial financial losses. In contrast, fintechs that thoroughly assess potential partners’ data management, policies and risk frameworks build resilient partnerships.

Similarly, as cyber threats grow more sophisticated, organizations must implement layered risk management. Banks and fintechs must invest in advanced technologies like AI-driven fraud detection and behavioral analytics to combat threats effectively. For instance, AI-powered compliance tools are now enabling real-time anomaly detection and adaptive risk models, helping organizations stay ahead of emerging threats.

Responsibly leveraging advanced technologies

As banks and fintechs adopt AI and machine learning tools, these technologies must also be carefully vetted for compliance and consumer protection. Organizations should document AI models, conduct regular audits for fairness and bias, and implement consistent regulatory monitoring. Proactive risk management practices that balance technology and human oversight help keep technology investments in check with existing compliance standards.

‘Set-it-and-forget-it’ or predefined models aren’t suitable for any risk environment. Good data is key to a strong regulatory framework. Ensure the data being ingested into systems is accurate and complete — not just that the technology is advanced.

Balancing compliance and innovation for sustainable growth

Considering all stakeholders in the value chain is essential for sustainable, responsible growth amid shifting federal policies. Innovation and compliance aren’t mutually exclusive. Making compliance part of your organization's DNA sets the stage for ethical practices and risk management that are central to all operations, including product development and partnerships. This is especially critical for innovative fintechs seeking bank partners. In a climate of regulatory uncertainty, it’s essential to collaborate with banks that balance compliance and innovation, particularly through direct integrations and alignment with established compliance frameworks. Partnering with a bank that holds its third-party risk program to a high standard gives fintechs confidence that their solutions are well-managed and able to withstand regulatory ambiguity and inherent risk.

As the financial industry races to adopt innovations such as real-time payments, embedded payments, and BaaS, aligning compliance frameworks across partnerships is crucial to advancing the industry at a responsible speed and scale. By prioritizing risk management and due diligence, organizations can set the tone for resilient partnerships that boost market confidence, underpin long-term success, and acclimate to any political climate.