What are challenger banks?

Challenger banks represent an alternative to traditional high street banking institutions by offering a range of innovative online services that their ‘brick and mortar’ counterparts do not.

What are challenger banks?

Challenger banks represent an alternative to traditional high street banking institutions by offering a range of innovative online services that their ‘brick and mortar’ counterparts do not.

Taking advantage of advances in FinTech, challenger banks tend to be smaller start-ups that deliver their services online and offer customers convenient, flexible access to financial products via their computers or phones – rather than having to visit a bank in person.

Challenger banks have been growing in popularity all over the world, with the impact of coronavirus pandemic restrictions contributing to public uptake of digital services. A 2020 report revealed that 12 challenger banks had raised over $100 million in funding in 2019, while six had exceeded a $1 billion valuation. However, beyond disrupting the banking industry, the growth of challenger banks across the financial landscape has also created new regulatory compliance concerns as criminals seek to exploit their novel banking services to evade the scrutiny of authorities.

With that in mind, it is important that challenger banks, and organisations that deal with them, understand how their services fit into the financial landscape and the compliance responsibilities that they entail.

What services do challenger banks offer?

Challenger banks provide both traditional banking products such as current accounts, savings accounts, and credit and debit card schemes, along with a range of innovative new user-friendly services based on FinTech innovation and online connectivity. These include:

  • Investment products
  • Insurance products
  • Currency exchange services
  • Bill payment services
  • Mobile cheque depositing services
  • Spending analysis tools

While these institutions may compete with traditional banking services, many of the innovative products that they offer are not available on the high street. Similarly, since they do not have to maintain the same physical infrastructure as traditional financial institutions, or have the same staffing needs, challenger banks may be able to pass savings onto their customers and deliver their services at a lower cost.

Customer experience is also important to the appeal of challenger banks. Customers can access their services anywhere via an internet-connected mobile device, and choose from a range of flexible, versatile products. Similarly, creating an account with a challenger bank is often less onerous than in traditional banking contexts and can take place remotely.

Since their services are delivered online, challenger banks also promote banking access, providing new financial opportunities to customers in some of the world’s most under-banked regions.

Challenger bank legislation

While they may be smaller, more versatile and – in some cases – cheaper than traditional banks, challenger banks must still meet the compliance requirements applicable to banking institutions within their jurisdiction.

Most countries require banks to pass ‘fit and proper’ tests in order to obtain a banking license. In the United States, for example, challenger banks must apply to the Office of the Comptroller of the Currency (OCC) for a license, while in the UK, licenses are contingent on approval from the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA). In the EU, banking licenses are granted by the European Central Bank (ECB) after an assessment process.

Once authorised, these financial institutions must operate in accordance with jurisdictional legislation. Examples of important global banking regulations include:

Compliance risks

The relative regulatory unfamiliarity of challenger banks and the nature of the services they offer represent significant day-to-day compliance challenges. Online financial services carry inherent risks: criminals may seek to exploit the anonymity and speed that they offer to commit fraud or to avoid important AML/CFT screening and monitoring measures.

Similarly, regulators may not be able to match the pace of innovation in challenger bank services, struggling to adapt existing regulatory frameworks to emergent criminal methodologies. Consequently, these services may create regulatory blind-spots or disparities between jurisdictions

Regulatory concerns associated with challenger banks include:

  • Online anonymity. While traditional banks often require in-person account registration, challenger banks that do not have physical premises offer criminals opportunities to register and engage with financial services anonymously. In concealing their identities, criminals may be able to avoid important anti-money laundering and counter-financing of terrorism controls.
  • Speed of transactions. Since challenger banks transact in the digital domain, customers can move money between accounts, and around the world, quickly and efficiently. The speed of challenger banks transactions means that criminal activities become more efficient: funds may be introduced to the financial system and disguised before compliance teams are able to implement anti-money laundering (AML) restrictions.
  • Service exploitations. Criminals may exploit regulatory loopholes by using challenger bank services. By opening multiple accounts, for example, with different institutions, money launderers may be able to deposit illegal funds in amounts just under AML/CFT reporting thresholds.
  • Emergent criminal methodologies. The novelty of services and their integration of innovative FinTech may create regulatory blind-spots that present criminals with unforeseen opportunities to commit fraud, launder money, or perpetrate other illegal activities.

Achieving regulatory compliance for challenger banks

Given the risks that they face, and the increasing scrutiny of regulators, it is vital that challenger banks develop and implement effective compliance solutions. The risks associated with their services mean that Know Your Customer (KYC) measures are an important priority: firms must be able to identify their customers accurately, build accurate risk profiles, and use those profiles to inform ongoing monitoring and screening measures.

The online KYC process requires careful consideration: since challenger banks build their appeal on convenience and low administrative friction, the compliance process must be deployed in a manner that preserves the customer experience without compromising regulatory responsibilities

Risk-based compliance

Following guidance from the Financial Action Task Force (FATF), challenger banks should concentrate on risk-based solutions, deploying a compliance response proportionate to the threat that each customer presents.

For such banks, risk-based compliance means collecting relevant risk data during onboarding, building accurate risk profiles, and then monitoring customers on an ongoing basis to capture changes in risk. Low risk customers may be subject to a simplified level of scrutiny while higher risk customers may be subject to more intensive measures.

Digital identification

To manage the specific risks of online banking, challenger banks should consider a range of digital identification measures in order to strengthen the accuracy of their risk assessments. Digital identification requires customers to submit digitally verifiable identifying information, including:

  • Scans of official documentation such as passports and driving licenses.
  • Submission of unique identifying information such as social security numbers or national insurance numbers.
  • Biometric information including fingerprint scans, facial scans, and voice recordings.
  • Device confirmation such as unique access codes sent to mobile devices.


Related resources

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

What is Executive Order 14028 and who must comply with the US regulation? And will it affect the cyb...

What is the US’ Community Reinvestment Act?

What is the US’ Community Reinvestment Act?

Are you aware of the latest updates to the Community Reinvestment Act in the US? Learn more about fi...

What regulations are there for the payment services industry?

What regulations are there for the payment services industry?

Discover the regulations shaping payment services, from PSD2 to AMLD6. Stay compliant with CUBE's in...

What is the CISO (Chief Information Security Officer) responsible for?

What is the CISO (Chief Information Security Officer) responsible for?

CISO's face a number of challenges with regulations constantly changing. Learn more about some of th...

View More