Disruptor or disrupted
An effective risk and compliance policy is vital for modern FinTechs. Customers today demand to know that their transactions and data are being properly protected, stored, transmitted and processed in a safe trusted environment.
Today, there are so many new ways of transacting, not to mention financial products and services, that it is no surprise to learn that many criminals seek to manipulate these with the intention of committing fraud, money-laundering and tax evasion. It is for this reason financial regulations exist, aiming to ensure financial stability and that consumers are protected against risks.
This is a particular risk for fintech companies, whose success is built on the delivery of new, technology-driven services to customers. According to Monica Peethum-Nanoo, manager for Risk and Compliance at NuPay, not only do these entities face challenges related to cyber crime, they also have to keep track of and implement the regulatory changes affecting businesses, as well as having to bear the high costs associated with implementing new processes and maintaining compliance.
“Today, fintechs are still dealing with the consequences of ongoing licence application processes, discussions with regulatory authorities and modifications of their own products. Furthermore, as with all other entities, fintechs also have to prepare for the implementation of both the General Data Protection Regulation (GDPR) and the Protection of Personal Information (POPI) Act,” she explains.
Peethum-Nanoo points out that what sets fintechs apart from other financial entities is their exciting use of new technology and innovations, together with people to create products that could be described as being ‘the future of finance’. Until now, the issue of compliance for these companies has been somewhat obscured by the whirlwind of innovation and disruption brought on by the fourth industrial revolution.
“An example of the type of innovations I am talking about would be DebiCheck, a system that enables customers to electronically confirm debit orders with their bank, before their account is debited – thereby reducing disputes and unauthorised debit orders. Now, if all banks and other financial services organisations use the same standard to respond to risks, it will not only prevent fraud and reduce risk, but give customers peace of mind as well. For this reason, NuPay is working closely with DebiCheck to ensure customer service delivery is smoothly regulated according to industry standards.”
However, she adds, fintechs are now driven forward towards a playing field that will play a critical regulatory role in the fintech arena, particularly as artificial intelligence, the Internet of things (IOT) and other forms of digital transformation make the regulatory and governance sides of the equation that much more complex.
“Therefore, only by creating a culture of proactive data compliance, coupled with a risk-based approach, can these fintechs pursue secure digital transformation and avoid the risks – such as substantial fines, loss of consumer trust and missed business opportunities – associated with regulatory non-compliance.
“Moreover, both the GDPR and POPI Act will set precedents for a new era of security legislation. The pressure to create strong data privacy standards is being fuelled not only by increased regulatory enforcement, but also by a growing global culture of accountability, and watchdog groups fighting for responsible corporate ethics and compliance.”
Most executives agree, she states, that the rush to digital transformation increases both data breach and cyber security risks. Yet, where there are risks, there are also opportunities, and creating business processes to support agile compliance can enable companies to seize those new market opportunities.
“Ultimately, in the fintech environment, it is vital to keep your risk and compliance programme aligned with the ever-changing and exponentially advancing technological and legal environment. Otherwise, instead of being an industry disruptor, the fintech will soon find itself in the ranks of the disrupted,” concludes Peethum-Nanoo.