In compliance-heavy industries, blame rarely stays upstream

This past week has been one of those moments where you can actually feel the momentum building.

I’m getting more recognition in the fintech space, and a few podcast episodes are in the pipeline.

And I’m having some genuinely meaningful conversations with founders and teams that I’ve wanted to connect with for a while. It feels like things are moving in the right direction, and the energy is high.

But there’s been a trade-off.

My LinkedIn reach dipped sharply - almost overnight. It’s probably because I’ve been diving deep into highly niche, technical topics instead of sticking to broader posts.

But here’s the interesting part: while the “reach” number went down, the connection requests and DMs have gone up. And those direct, high-quality interactions are the ones that actually lead to real opportunities.

So for me, it’s a win.

What’s Been Happening in the Industry

Something else has been on my radar lately - and it’s not just an isolated observation.

Regulators in India have been coming down hard on fintech companies that cross, even slightly, over legal boundaries.

And it doesn’t matter whether you’re a household name with billions in valuation or a small player that’s just starting out. The message is consistent and clear: no one is above the law.

The recent enforcement actions have made one thing obvious - many fintech founders are still making dangerous assumptions about responsibility and liability, especially when it comes to third-party services like KYC providers.

Assumptions Are Expensive in Fintech

Here’s the assumption I see all the time: “If our KYC provider messes up, it’s their problem.” It sounds reasonable. After all:

• They handle the verification process.

• They own the technology.

• They should deal with the fallout if something breaks.

On paper, it feels perfectly logical. But in practice, regulators don’t see it that way. If their system fails, here’s what actually happens:

• The regulator comes to you first because the transaction happened on your platform.

• The angry customer calls you because they trusted your brand.

• The media mentions your company name, not your vendor’s, when the story breaks.

Even if the KYC service is clearly at fault, the public and the regulator will still view you as the responsible party.

And if your contracts don’t explicitly state how liability is handled, guess who ends up paying for everything?

You.

That means:

• Fines for non-compliance.

• Full customer refunds.

• Loss of reputation and trust in the market.

All because someone thought “it’s obvious” was enough. Spoiler: it’s not a legal defence.

My Way to Stop Assumptions from Becoming Liability

In compliance-heavy industries like fintech, the rules are simple: don’t assume - define.

Here are four things I recommend you do before integrating any third-party service:

1. Be Clear On Liability for Failures

Write it clearly: if verification fails, who takes the blame and who pays the bill? You're protecting both sides by doing this.

2. Agree on Customer Handling

When something goes wrong, there should be one point of contact and a consistent, coordinated response. If the regulator hears conflicting stories from you and your vendor, it will only make things worse.

3. Pre-Split Penalties

If there’s a fine or settlement, decide upfront how the cost will be shared. This avoids ugly fights later when emotions are high.

4. Audit Before You Trust

Don’t assume that because a service worked once, it will always work flawlessly. Set up regular audits and test their processes to make sure they still meet your compliance standards.

Because in fintech, blame rarely flows upstream to your vendor. It rolls downhill, and more often than not, it stops right at your desk.

Unless your contract catches it first.

TL;DR

In fintech, regulators don’t care if your third-party KYC provider was at fault.

If the transaction happened on your platform, you are responsible in their eyes.

Without clear contract clauses that define liability, customer handling, penalties, and audit rights, you risk paying the price for someone else’s mistakes.

The Bottom Line

Momentum in business is exciting. But in industries like fintech, growth without strong legal foundations is like speeding down a highway without brakes.

You can work with third-party providers, you can outsource certain processes, and you can trust your partners, but never without defining in writing who owns the risk.

Because when regulators come knocking, “we thought it was obvious” is not just a bad excuse. It’s a very expensive one.