Press page
Press Release

Over 60% of fintechs paid at least $250K in compliance fines last year, Alloy report finds

Survey of over 200 compliance decision-makers at fintech companies found challenges to meet BSA compliance

Aug 15, 2023, 09:00 ET

NEW YORK, Aug. 15, 2023 -- Alloy, the identity risk management company, today released a report that found 60% of fintechs surveyed report paying at least $250,000 in compliance fines, with one-third paying over $500,000. The report also found larger fintechs were more likely to report higher compliance fines—37% of fintechs with 1,000+ employees reported paying over $500K in compliance fines last year.

The State of Compliance Benchmark Report surveyed over 200 compliance decision-makers working at financial technology companies in the U.S. The survey ran from June 6-12, 2023, and included respondents from small (1-500 employees), medium (501-1000 employees) and large (1000+ employees) organizations. The report was conducted on behalf of Alloy by Qualtrics, a leading survey platform that powers +1B surveys every year.

Nearly all fintechs (93%) reported that bank secrecy act (BSA) compliance requirements—including anti-money laundering (AML) and know your customer (KYC) requirements—were challenging to meet. Even so, most fintechs (80%) are doing more than the minimum amount of risk management required to meet these compliance requirements—suggesting a robust compliance program requires labor beyond even what is mandated by the U.S. government.

"Because fintechs enable people to manage their money and make financial decisions, there's no wiggle room when it comes to compliance," said Gizelle Barany, General Counsel at Alloy. "In addition, the pace of bad actors is often faster than regulators are able to keep up with, so it's not surprising that many fintechs are doing more than the minimum to prevent financial crime."

When it comes to the consequences of mismanaging compliance, while fintechs are concerned with fines, they are even more concerned about customer confidence in their ability to properly handle operations. According to 34% of fintechs, customer confidence had the greatest impact on their BSA compliance decisions, followed by reputational damage at 25%.

Under the Bank Secrecy Act (BSA), financial institutions are required to assist U.S. government agencies in detecting and preventing money laundering, and report suspicious activity that might signal criminal activity (e.g., money laundering, tax evasion or human trafficking). Writing and filing suspicious activity reports (SARs), suspicious transaction reports (STRs), and currency transaction reports (CTRs) is a key part of compliance professionals' responsibilities, with 34% ranking it as the most time-consuming part of their work. More than one-third (36%) of fintechs filed anywhere from 5-10k SARs per year, with large organizations more likely to file 10-50k SARs. No matter an organization's size, SAR writing and filing is time-consuming: 25% of fintechs said that filing a SAR takes 1-2 weeks.

For more insights, read the full report here.

About Alloy

Alloy solves the identity risk problem for companies that offer financial products. Today, nearly 500 banks and fintechs turn to Alloy's end-to-end identity risk management platform to take control of fraud, credit, and compliance risks, and grow with confidence. Founded in 2015, Alloy is powering the delivery of great financial products to more customers around the world. Learn more at

See what you’re missing

First, we’ll learn about your needs, answer your questions, and then see how Alloy can help.