Like brakes to a bicycle, fintech must exist within the realms of regulation if it is to ditch its ‘wild west’ persona. Indeed, the adoption of various elements of the industry, like cryptocurrency, has ultimately suffered due to the lack of regulation that surrounds and supports them. Throughout the entire month of May, The Fintech Times will be dedicating its focus to highlighting the most current developments in this ever-perplexing and constantly-changing foundation of fintech.
When analysing the impact of regulations on fintech, you can make an analogy to the question of what came first, the chicken or the egg? In the fintech world, you could ask what came first the regulation or the technology, as the development of either is dependent on the other. With this in mind, we asked various experts what they believed the arrival of new regulations would have on existing technology.
Regtech companies are essential to ensure regulatory requirements are met when developing new technologies
Sara Costantini, managing director at CRIF Decision Solutions said, “Regulation is a key force for driving innovation, and as such the regulatory technology (regtech) industry is enabling this innovation to reach the market faster.
“Regtech plays a key role in assisting companies with adapting to new regulatory requirements and compliance needs. Similarly, the industry is crucial to advancing the use of open banking and compliance with regulatory requirements that support it, such as PSD2 and GDPR.
“Regtech solutions often demonstrate greater accuracy and speed and can thus improve the efficiency of regulatory compliance and enhance risk management. Prevalent regtech segments are currently focusing on fraud detection, anti-money laundering (AML) and ICT security but to a lesser extent on creditworthiness assessment. The latter is a great opportunity to bring about better consumer outcomes, enhance access to credit and preserve financial stability. Regulatory standards that guide and support the use of new technologies in regtech, such as the European Commission’s recent proposal for a regulation laying down harmonised rules on artificial intelligence, are welcome developments.
“Domestic regulators and international standard setters are also now focusing their efforts on Environmental, Social and Governance (ESG) considerations. New ESG legislation came into force on 6 April 2022 enshrining the previously voluntary regulations created by the Task Force on Climate-Related Financial Disclosures (TCFD) and affects over 1300 of the UK’s largest traded companies, including banks and insurers. Even though this regulatory and policy area presents many challenges, I believe that it will develop soon, and more organisations will work to assess their supply chains and become ESG-compliant
“Open Banking, and in the future open data, can promote real-time data collection and contribute to ESG assessments. But the road ahead is long, and it will require international coordination between policymakers, regulators, and the industry.
“At CRIF we are actively working with regulators, whilst keeping a close eye on the emerging regtech startup players, to define and support the best initiatives and provide clarity and integrated solutions for our clients.”
PSD2 reiterates the importance of up to date processes in fintech
Adam Holden, CEO of NorthRow said, “The second Payments Services Directive (PSD2) is a significant evolution of existing regulation for the payments industry – and for technology providers like NorthRow.
“It reiterates the importance of robust Know Your Customer (KYC) and identity and verification (ID&V) processes in financial institutions. While PSD2 may query the legitimacy of transactions at more frequent intervals, the need for early verification and ongoing KYC checks still stands.
“A consumer authorising a payment today is futile if the individual was not thoroughly verified via a robust KYC process when the account was initially opened.
“The arrival of regulations such as PSD2 has placed significant emphasis on the customer onboarding process, ensuring that businesses and individuals are legitimate and not fake fronts for corruption, fraud or money laundering. Financial institutions must continue to take carefully considered steps to ensure that knowledge of their consumer remains current and is consistent with the expected behaviour and purpose of the relationship.
“As regulations continue to evolve, we too, as technology providers, must also evolve.
“The arrival of PSD2 and other recent regulations has us to step up our game in terms of truly global, enriched data coverage and by driving the team here at NorthRow to continually innovate and develop a platform which meets diverse risk appetites and the ultimate needs of our customers.
“With access to and actionable insight from a wide (and ever-growing) range of data sources, including sanctions lists, PEPs and CCJs via NorthRow, organisations can safely onboard customers within a single, unified platform. This, coupled with liveness checks, voice verification, biometric facial recognition and machine learning, ensures that organisations can collate and verify all the information that they need to achieve compliance.
“Not only do these checks help to protect financial institutions from money laundering and other economic crime, but they also protect individuals from falling prey to personal fraud, financial loss and other anti-social activities.
“Tools to support compliance must be conducive to efficiency and contribute to streamlining client onboarding, ultimately freeing up talented compliance professionals to focus on more complex cases where their expertise is most needed.”
Open banking ensured banks used APIs
Gabriele Musella, CEO and co-founder of CoinRule, said, “Put simply, Payment Services Directive Two (PSD2) is a regulatory framework that ensures payments across the EU are secure, easy and efficient. The changes regulate entities that access or aggregate account information for electronic payments. This ultimately drives financial institutions to improve the overall electronic banking user experience through technological adoption and infrastructure revitalisation. There’s no question that the directive was created for standardising regulations for banks and payment providers, but it’s also about making payments safer (which leads to increasing customer protection), fostering innovation, and to help banking services adapt to new technologies.
“The revised regulation introduces the concept of open banking to Europe, by requiring banks to utilise Application Programming Interfaces (APIs). The APIs are open to any entity PSD2 recognises as a Third-Party Provider (TPP) that follows specific security requirements, such as multi-factor authentication (MFA). PSD2 focuses on enhancing consumer protection and experience through modernisation of the payments market and competition within the European payments industry.
“The regulation acknowledges the rise of payment-related ‘fintech’ companies and aims to create a level playing field for all payment services providers while ensuring enhanced security and strong customer protection. Overall, payments across Europe will be more competitive and faster for the end consumer, which means more choices and better services. This will also result in greater consumer trust in the payments market.
“Besides establishing a new, common set of standards for payments, PSD2 encourages payment services to implement ‘strong customer authentication’ and it also widens the regulatory net to include services that have access to an individual’s bank account, but are not the account service provider. The changes are being made to reflect developments in payment technology and to lessen existing security, data, and fraud concerns.
“PSD2 scope extends to innovative payment services and new providers in the market, such as fintechs. These players are also called third party payment services providers (TPPs). The other major development in PSD2 is the introduction of new security requirements, what is known as Strong Customer Authentication (SCA). This involves the use of two authentication factors for bank operations that were not previously required, including payments and access to accounts online or via apps, as well as a stricter definition of what counts as an authentication factor. For example, customers will notice changes in the way they authorise their purchases, primarily in the authentication factors they use, with reinforced authentication in the level of security by default, and the written information on the card (card number, expiration date and CVV) will no longer be a valid factor for authentication.
“PSD2 is reshaping the payment and fintech domains and introducing Request To Pay (RTP) technology that makes transactions instant. For merchants, RTP will serve as the ultimate solution to bring the customer purchase experience to the next level. With RTP, transactions are transparent, hard to compromise, fast, and efficient for both customers and merchants.”
Both structured and unstructured data can traverse across geographic barriers
Robert Cruz, VP of information governance solutions at Smarsh “The moves toward harmonisation and creation of a global view of an individual’s financial profile aligns very well with the Smarsh objective to create a single, unified view of the individual’s electronic communications activities across networks. It is clear in today’s financial landscape that both structured and unstructured data can traverse across geographic barriers, and the market is clearly demanding solutions that have that same agility to meet these new requirements.”
A long way from seeing the benefits of PSD2 fully realised in practice
David Monty, founder of tell.money “PSD2 was designed to improve payments for end users by making the environment more secure and enabling innovation through access and competition. These are noble ambitions which will ultimately be achieved, but we’re still a long way from seeing the benefits fully realised in practice.
“In order to harness the value, account providers and the value chain need to actively embrace all that PSD2 and open banking bring rather than continuing to see it as simply a regulatory burden. And this can only be achieved through regulatory technology.
“Banks and account providers are now required to support a higher level of security, protecting their customers to a greater degree than pre-PSD2. They must also offer complex APIs allowing third party access and payment initiation, which is no easy task. Layer in the complexities associated with regulatory reporting, third party validation and beyond, and you can see why these players need help. RegTech to the rescue.
“We’re living through unprecedented times in terms of the rapid pace of technology, speed of adoption, and the ability of consumers to embrace innovation. While some players are reverting to type by doubling down on existing systems and paradigms, others are building tech to address the market.
“Regulatory technology is out there, and it is expanding exponentially, filling the gaps created by a combination of PSD2 itself, and a lack of capability built into existing structures.
“From plug-and-play open banking compliance services such as tell.money’s gateway, through to provider validation, regulatory reporting tools, and much more, the fintech industry is providing the tools that PSD2 requires.
“By increasing security and opening up access, PSD2 has created both an opportunity and a burden on banks and account providers, which technology firms such as tell.money are solving through regtech innovation.”
