Accelerating with controls: How fintechs can balance innovation, risk, and compliance for growth
Deloitte’s research based on interviews with fintech executive leaders highlights leading practices for collaboration between risk, compliance, and innovation teams
Zachary Aron
Lindsey Cooper
James Siciliano
Richa Wadhwani
Jann Futterman
Innovation is to financial technology (fintechs) enterprises what the accelerator is to a car—the force that propels them forward. After years of racing ahead on creativity, collaboration, and code, the fintech sector now finds itself at an inflection point. A decade of disruption and rapid scaling has given way to a new focus on profitability and consolidation amid slowing revenue growth and investors demanding proven, predictable revenue before committing capital (figure 1).
This maturing financial landscape signals a sector shifting from speed to sustainable growth. The question now isn’t whether fintechs can innovate—it’s whether they can do so responsibly and at scale, when investors and banking partners alike expect them to pair innovation with a solid risk and compliance foundation.1 Risk and compliance teams at fintechs certainly play a role in meeting these expectations, but what exactly is that role? Are these teams the brakes that slow things down or tools that let fintechs drive faster with safety and control?
Recent federal policy signals in the United States indicate a greater emphasis on enabling innovation while maintaining baseline supervisory expectations.2 At the same time, state regulators are taking a more active role in overseeing fintech activity and enforcing consumer protection, financial integrity, and compliance standards. For instance, a multistate coalition of attorneys general has demanded information from buy now, pay later providers about their products and practices.3 Some states are creating new enforcement structures, such as centralized consumer protection functions within attorney general offices, to streamline oversight and enforcement activities involving digital finance companies.4
Banks, too, seem to have become more selective about their fintech partners, especially after the lessons of bank and fintech failures in 2023 and 2024. 
According to a 2024 Alloy report on embedded finance, 80% of sponsor banks find meeting compliance requirements challenging, and 39% lost at least US$250,000 due to compliance violations.5
To understand how leading fintechs are navigating this terrain, the Deloitte Center for Financial Services spoke with 10 US fintech executive leaders across risk, compliance, product, innovation, and bank partnerships. Their perspectives, combined with our discussions with Deloitte fintech leaders and literature review, uncovered current engagement practices between risk and innovation teams, highlighted some frictions, and identified leading practices of collaboration from leading fintechs to accelerate with trust and confidence.
Where risk and compliance meet innovation, frictions are often inevitable
Fintechs, like other financial institutions, face risks that extend far beyond financial exposure. The fintech risk and compliance executives we interviewed highlighted four risk buckets at the top of their radar: 1) financial crime, fraud, and cyber; 2) technology model risk and AI explainability; 3) operational risk; and 4) regulatory compliance. Managing this full spectrum is central to scaling innovation responsibly.
Notably, there are many ways to gauge whether risk and compliance are embedded in a fintech’s DNA or not. Look at the size and scope of its internal audit function, whether a fintech has dedicated chief risk and compliance officers, if risk and compliance leaders have a voice at the board level, and how closely they collaborate with innovation and engineering teams. Together, these indicators can help reveal not just governance maturity but also how a fintech balances innovation with vigilance.
Deloitte’s 2024 fintech benchmark survey of 100 fintech companies found that 46% of respondents from early-stage companies (up to Series B) said their companies lacked an internal audit function entirely, and half of those that do have one employ five or fewer people. By Series C and beyond, that picture changes: Some 75% of mid-stage fintechs report having an internal audit function, signaling a pivot toward stronger controls as they mature and prepare for public listing or larger partnerships.6
Yet, gaps in fintechs’ risk governance persist. Only 34% of all respondents to the survey said they have a dedicated risk committee at the board level, while 75% of them reported having an audit committee.7 This could suggest that institutions’ approach to risk oversight is reactive, often surfacing through audit findings or incident reviews rather than through proactive monitoring or stress testing, especially for emerging risks such as fraud, third-party vulnerabilities, data privacy, or AI bias.
Equally revealing is how risk and compliance teams interact with innovation and product functions. At Marqeta, the compliance team engages in the product development process, offering both product and compliance teams the opportunity to identify potential pitfalls early and shape solutions that balance regulatory rigor with customer experience.8
Our conversations with fintech executives suggest two distinct realities. In some firms, risk, compliance, and product teams operate symbiotically, embedding risk and compliance early in the product design cycle. These fintechs see risk and compliance teams as partners that anticipate regulatory expectations and emerging risks and help innovation scale safely. Fintech executives cited reduced late-stage escalations, fewer incidents flagged during partner bank audits, and clean regulatory reviews as some outcomes of such collaborations. But in other fintechs, the dynamic can involve some friction (figure 2).
Our discussions with fintech executives reveal that in many firms, product and innovation leaders often worry that involving risk teams too early can slow down ideation and speed to market. They describe compliance tasks as sometimes time-consuming and explainability policies as a challenge when developing AI-enabled products. Many also believe risk teams tend to lack fluency with newer technologies, which can make governance reviews more mechanical than meaningful.
Risk and compliance leaders, for their part, express a different set of frustrations. One of their biggest concerns is the demonstrating the invisible ROI of risk prevention. After all, it is challenging to quantify something that never happened, such as “losses avoided,” “regulatory actions deterred,” or “reputational damage averted.” Risk and compliance teams rarely scale as fast as product and innovation teams, stretching each professional across an expanding universe of risks. Some risk and compliance executives also indicated that they’re brought into product discussions too late, and often close to launch, which can lead to rework and the perception that they slow things down. And while innovation teams chase the next shiny technology, risk and compliance leaders see their mandate to ensure explainability, auditability, and control, especially as emerging risks become more sophisticated and regulators’ expectations around AI governance and transparency develop further.
In truth, both sides are right. Any tension isn’t about opposition but rhythm. Product teams want to move fast; risk teams want to move safely. The fintechs that get it right are those where both sides instill trust through structured and thoughtful collaborative models.
Operating models that sync safety and speed
Addressing frictions between innovation and risk teams is the holy grail, but how do fintechs really go about building collaborative models? How do they embed risk and compliance across the entire product development life cycle, from idea to launch? That’s the essence of risk and compliance by design: where legal, compliance, and risk aren’t checkpoints at the end, but threads woven through ideation, build, and marketing.
Our research revealed several nuances before reaching a single conclusion. The most mature fintechs typically recognize that the right model depends on the use case, including the product’s risk profile, regulatory exposure, and speed-to-market goals. In practice, innovation and risk leaders toggle across a spectrum of operating models, each with its own strengths and trade-offs (figure 3).
In the approver model, product and engineering teams drive the process end to end, while risk and compliance step in at the finish line as final reviewers. A modern twist, the new-age approver, engages compliance only when ideas cross predefined risk or scale thresholds. This approach suits early-stage fintechs experimenting with minimal viable products or mature firms refining adjacent features. For example, a global payments company running a rapid innovation lab might use this model to prototype and test ideas in two-week sprints before routing the viable ones to compliance for review.
The parallel tracks model offers a middle path. Product and risk or compliance teams run side by side but on distinct workstreams, with structured coordination points and shared project trackers. For instance, where on the one hand, the product team prototypes in a sandbox environment and conducts usability testing, the risk and compliance team, in parallel, assesses feasibility and early exposure limits, validate data privacy compliance, and draft internal audit test cases. The two teams schedule “bridge sprints” every third week for purposeful alignments where they synchronize progress, identify dependencies, and reset assumptions before diverging again. This rhythm can help reduce late challenges and build a culture of mutual respect without constant overlap.
The embedded partnership model takes collaboration deeper. Here, risk and product teams work in sync from ideation to launch, with shared accountability for outcomes. This model often suits fintechs in regulated spaces such as lending, payments (both domestic and cross-border), or deposits, where every feature demands rigorous oversight. Risk and product heads co-own key performance indicators, sharing decision-making responsibilities. This model translates to compliance becoming a differentiator, inspiring confidence among banking partners and regulators alike.
Case study: The Adyen way of balancing risk and innovation
In our interviews with Adyen executives, they told us that risk and compliance teams in this organization aren’t approvers standing at the end of the product life cycle; they’re embedded partners, working alongside innovation from the very start. They described how no new product is scoped without their input, and that every idea, from concept to launch, passes through shared ownership. Weekly product reviews bring together product, engineering, operations, and compliance teams, while biweekly global updates keep the entire organization aligned. Risk and innovation teams were noted as not just meeting at milestones: They move together, continuously.
This partnership extends into one of the most defining frontiers of fintech: AI exploration. Adyen’s innovation teams are reportedly using AI and synthetic data to reduce the amount of time for prototype development. Yet, AI models advance together with explainability frameworks and bias controls, and human oversight remains non-negotiable for high-stakes decisions such as those involving anti-money laundering and know-your-customer processes.
Lastly, both sides share joint accountability. Product and risk teams are measured on the same metrics, including “time to margin” (that is, the speed from onboarding to revenue), productivity, and fraud-loss performance. The goal is to create a shared language of success where innovation thrives when compliance scales with it. Risk helps ensure growth is fast, trusted, and sustainable.
At the far end of the spectrum sits the co-creation model, where risk and innovation move beyond collaboration to true co-creation. Risk and compliance become a lever for shaping markets, not just protecting them. Picture a consortium of fintechs, banks, and AI vendors building shared ethical standards for the responsible use of AI in finance, or a fintech working on gen AI-based credit underwriting in a regulatory sandbox. Here, risk and compliance leaders cochair working groups while product teams prototype compliant data pipelines.
Cross-model leading practices to drive risk-innovation collaboration
No single model is universal. In the future, sustainable growth and scale will come to fintechs that can fluidly adapt their collaboration model to the situation, knowing when to move fast and when to slow down. Fintech leaders should be able to define explicit triggers that shift projects from one model to the other, with risk teams empowered to design the guardrails for each model. Our executive interviews highlight several leading practices to consider for risk–innovation collaboration that can be applied across operating models, regardless of which approach a fintech adopts for a given use case.
Set the tone at the top: Strong leadership that gives risk and compliance a seat at the table, such as designated C-suite roles and board-level risk or audit committees, could provide structured oversight without affecting pace, offering a forum to anticipate emerging issues like AI bias or third-party risk. This tone at the top, in turn, could become the culture for the rest of the organization. Both risk and compliance and innovation heads could cochair governance forums and celebrate customer wins together.
Design organizational structure for agility: Embedding risk and compliance professionals directly within product teams helps ensure risk awareness evolves in real time with design decisions, not after them. Cross-functional risk councils and rotating product–risk hybrid roles that straddle both disciplines could drive collaborative operating models where teams evolve beyond their departmental instincts where the product team pushes and the risk team polices.
Develop a common “customer-centric” language of risk and reward: Product teams often talk in customer metrics, funnel conversion, and velocity. Risk teams talk about regulatory exposure, control frameworks, and reputational cost. Articulating a common vocabulary that translates both risks and rewards in terms of what they mean for customers should allow the two teams to see they are on the same side—the side where the customer wins. This is especially important for risk and compliance teams that can benefit from translating compliance implications into quantifiable business outcomes. For instance, they can replace “We can’t launch due to fair lending” with “We risk losing X% of bank partner trust and Y% of revenue exposure.”
Make data transparent and shared: Risk and innovation teams often have different KPIs that are also tracked on different systems. Fintech leaders should consider building shared dashboards where product metrics (launch velocity, net promoter score) sit beside compliance metrics (incident count, audit score) (figure 4). This degree of transparency creates accountability as everyone sees the same information, with the ability to track if metrics for one team are negatively impacting the ones of the other.
Celebrate trust as a product feature: Speed is visible, but compliance success often goes unnoticed until failure makes headlines. That can invariably skew recognition toward product teams, and away from risk and compliance. Fintechs should consider publicizing milestones like “100 days incident-free” or “passed audit with zero findings,” and including trust and reliability metrics in marketing and investor updates. Both risk and product teams should be recognized jointly when a feature launches cleanly, with teams taking pride in what they build and how safely they build it. By treating trust as a product feature rather than an internal function, fintech leaders can empower collaboration to gain emotional as well as operational value.
Offer talent broader exposure and upskilling opportunities: Collaboration failures often stem from knowledge asymmetry where product teams perhaps don’t understand compliance constraints and risk professionals don’t grasp product urgency. To address this, fintech leaders should focus on upskilling and providing broader exposure to talent. Funding joint training, whether it is regulatory literacy for project managers or design thinking for risk and compliance teams, can help build cross-team fluency.
Scaling responsibly with agility
In fintechs’ journey to scale, risk and compliance are the brakes that make speed sustainable. When engaged early, these teams can help curb overreach with discipline and foresight, and enable innovation to advance with resilience. Fintechs that foster true collaboration across innovation, risk, and compliance, and flex their operating models, are likely to position themselves competitively, earn the confidence of regulators and banks, and scale responsibly.
Continue the conversation
Meet the industry leaders
Zachary Aron
Lindsey Cooper
James Siciliano
Richa Wadhwani
BY
Zachary Aron
Lindsey Cooper
James Siciliano
Richa Wadhwani
Jann Futterman
The authors would like to thank Samantha Murphy, Austen Johnson, Val Srinivas, Jim Eckenrode, Patricia Danielecki, Roxane Li, and Abrar Khan for their contributions to this article.
Editorial (including production and copyediting): Abrar Khan, Aditi Rao, Pubali Dey, Hannah Bachman, and Cintia Cheong
Design: Pooja Lnu, Molly Piersol, Meena Sonar, and Govindh Raj
Cover artist: Pooja Lnu
Visit the Deloitte Center for Financial Services
Access more insights for the banking & capital markets, commercial real estate, insurance, and investment management sectors.