“We didn’t realise how much we were taking on until we were knee-deep in licensing calls.”
That’s how one product manager described their attempt to build an embedded accounts receivable (AR) solution internally. And they’re not alone.
As the embedded finance market heats up (expected to reach $588 billion by 2030) more platforms are trying to get in early. But June brings more than sunshine and the start of summer: it often marks the start of mid-year audits, regulatory reviews, and reality checks.
If you’re building your embedded AR/AP stack in-house, compliance is rarely just a checklist. It’s an everchanging maze of complexities.
Why Compliance Is So Complex in Embedded Finance
Unlike traditional SaaS features, embedded finance turns your platform into a regulated financial touchpoint. That means a raft of responsibilities, including:
- Licensing
- AML/KYC obligations
- Payment flow monitoring
- Data storage and jurisdictional compliance (e.g. GDPR, CCPA)
- Ongoing reporting to financial authorities
It’s not just about building great UX. It’s about satisfying auditors and regulators across multiple jurisdictions.
1. The Licensing Labyrinth
Building your own solution for embedded AR/AP means figuring out who needs to be licensed, where, and how often. Here’s what most companies don’t anticipate:
- You may need to partner with a Payment Institution or licensed Money Services Business (MSB).
- In the EU, PSD2 applies if your platform initiates payments or accesses account data.
- In the US, even managing invoice payments or holding funds temporarily can trigger licensing obligations.
In the US, certain types of payment flows ( like moving funds between businesses or holding them temporarily) can trigger licensing obligations. In some cases, this may require applying for multiple state-level Money Transmitter Licenses (MTLs), each of which can cost $30,000–$150,000 to secure and maintain. Even if not all 49 are needed, partial licensing can still create major delays and cost overruns.
2. Know Your Customer (KYC) Becomes Know Your Liability
KYC/AML checks are not optional. If your AR/AP solution allows users to send or receive payments, you’re expected to:
- Verify identities (especially for payers and recipients)
- Check for sanctions list matches
- Monitor for suspicious activity
Example: In 2023, Binance (the world’s largest crypto exchange) was fined $4.3 billion by US regulators for AML and sanctions violations. CEO Changpeng Zhao stepped down, and the company admitted to failing to maintain an effective AML program.
Even when you embed a third-party solution, regulators expect you to vet those partners and retain oversight.
3. Data Storage and Jurisdictional Grey Areas
AR/AP solutions often require handling sensitive data: payment methods, invoice details, customer information.
Questions you’ll need legal sign-off on:
- Where is customer data stored?
- Who has access?
- Are you compliant with GDPR, CCPA, and local equivalents?
4. Ongoing Reporting and Monitoring
Building AR/AP tools internally means you’ll need to monitor, log, and report:
- Suspicious or flagged transactions
- Onboarding and risk scoring logs
- Customer activity changes (e.g. spikes in invoice volume)
- Ongoing transaction limits and reviews
This is an ongoing function, not a one-off build. Many teams don’t realise the ongoing operational lift this creates.
5. Internal Expertise Is Rare…and Expensive!
Hiring a dev team is one thing. Hiring a team of compliance, legal, fraud, and audit specialists is another.
According to Glassdoor, the average salary for a mid-level compliance officer in the fintech space is $120,000–$150,000 USD- and you’ll need several.
Even if you find the talent, they’ll need tools, legal partners, training, and constant access to updated regulations.
Example: N26 had to halt onboarding new customers in Germany in 2022 after BaFin (German financial authority) mandated changes to its compliance staffing and tooling. The cost of rehiring and retraining nearly delayed product roadmap for a year.
What Happens If You Get It Wrong?
The risks aren’t just financial:
Reputation damage: One slip-up, and you lose platform trust.
Regulatory fines: Can reach into the millions.
Operational shutdown: Regulators have the power to suspend your service entirely.
Investor hesitation: Few VCs will back a platform under scrutiny.
What’s the Alternative?
Rather than taking the full burden in-house, many platforms are choosing to embed compliance alongside embedded AR/AP features by partnering with regulated providers like Monite.
Monite provides:
- Pre-built onboarding and KYC flows
- Licensing cover through regulated partners (so you don’t need to register for MTLs or PSD2 authorisation yourself)
- Ongoing monitoring, reporting, and fraud detection tools
- Up-to-date compliance infrastructure and legal frameworks
This allows product teams to launch embedded finance features faster while avoiding regulatory pitfalls and compliance overhead.
In Summary
Building embedded AR/AP solutions in-house is ambitious and potentially rewarding. But compliance is one of the most expensive, risky, and time-consuming aspects of the build. What seems like a shortcut in June can turn into a painful audit in December.
If you’re planning your roadmap this summer, ask yourself: Is owning the compliance risk really worth it?
Want to know more? Take a look at our Build vs Buy Guide for more clarification on what compliance considerations you need to consider when building embedded AR/AP.