Regulations in Fintech

This fast and global growth of the Fintech industry doesn’t come without challenges. Because fintech companies are interfering more and more in the financial transaction operations, regulators are increasing their focus on Fintech regulations.

And even if you are not an investor and are not going to create your own startup to transfer money, you need to know the basic regulations about these technologies because they are all around you.

The technologies completely changed the money transactions world. It’s getting easier to handle money operations, the banking system world is clear and safer, we have a diversity of transferring options and all of these are possible because of Fintech –  one of the most promising areas for investments. As a technology that is fully integrated into financial services, regulatory problems for such processes are increasing, that’s why it’s essential to determine the regulatory obligations of any business.

Fintech vs. traditional banking

Fintech is a new tech industry of the economy that includes applications, websites, and other technological solutions that modernize traditional financial services. 

It makes conservative banks more innovative, moves banks from a monopoly on money transactions, allowing customers to make insurance contracts and transfer money within a couple of minutes, receiving financing not from banks only, but from crowdfunding platforms, managing financial assets without human intervention, and with the help of artificial intelligence, it’s possible to estimate the paying capacity of individuals and save money in electronic wallets. It frequently operates in more than one country. And this is only one part of all possible Fintech options. 

Fintech is about technologies used in industries connected with money, and it definitely changes our lives every day. 

Current Fintech challenges

In previous years, the Fintech industry faced various challenges that stay solidly on the agenda for both the financial sector and its regulators. Listed below are a few of the main challenges that companies face today:

• Regulation of data access
  The increased awareness of the value of data in the digital economy caused the necessity to initiate the new value propositions for the customer, taking in mind their privacy concerns. This resulted in creating two regulations in Europe: the General Data Protection Regulation (GDPR), and the ePrivacy regulation, that addresses the issues of data resulting from web communications, such as requirements for consent to the use of cookies, site logs, etc. At the same time, open banking regulations have been expanded in some states in America Mexico. According to the recently approved Fintech Law, access to data and the right of data portability are under regulation.
• The New Payment Services Directive (PSD2) was created to encourage competition and establish payment security throughout the European Union (EU) and European Economic Area (EEA). It regulates third-party access to customer payment accounts and is aimed to encourage the development of payment systems and the security of payments. To strengthen support for startups, banks will be required to implement access interfaces for payment service providers to customer accounts. According to European Commissioner, this is a step towards a common digital market. The limit of compensation for losses by payment service providers in case of losses due to unauthorized transactions (for example, stolen credit card details) will decrease from € 150 to € 50.
  There are several strong points of PSD2:
  1) It protects the client’s rights in online financial transactions – which means that businesses will have to give more guarantees;
  2) It introduces the mandatory implementation of interfaces for access to payment service providers and customer accounts. This will greatly help startups whose legal entities have the status of non-bank financial institutions.
• Cybersecurity
  In large ecosystems, all participants influence each other. Therefore, the response to cyberattacks and counteraction to them should include companies as well as their clients. On the one hand, the development of Fintech leads to the increasing of frauds’ options to acquire data. On the other hand, Fintech companies are developing solutions to protect against cyberattacks and try to include all possible vulnerabilities at the design stage of the next digital product. Fintech companies try to use all modern technologies and AI to protect the financial markets, for detecting and counteracting cyber attacks before they cause harm and faster data recovery.

Best Fintech compliance practices

Throughout Europe, compliance practices in the Fintech industry differ from country to country and fall within a number of jurisdictions. In some countries, Fintech had no regulations and was an easy target for fraud. It’s not an easy task to regulate and formulate only one approach to all Fintech services and their impact on various industries. In most cases, governments have applied the current regulations and customized them to Fintech. While in the USA, Fintech companies don’t depend on Fintech regulatory framework by one regulating state or law. The specific activities of the company can be subject to various state or federal requirements on many different levels. However, for the recent year, regulations of seven states of America agreed to simplify the compliance practices for their Fintech businesses. This is a currently-developing process and many Fintech business models have multiple regulations in Europe as well as in the USA because some operations are international and must be compliant in multiple jurisdictions. 

1. Digital-only enterprises
   The regulators are constantly improving the Fintech and digital-only banking systems. In 2019, the OCC compiled a proposal for a national Fintech charter, that makes it possible to allow full banking services but conducting more strict regulations. That caused a great division of opinions among Fintech experts. Now digital-only operators are considering the option of full-service banking.

2. AML compliance
   Compliance with internal and external requirements and standards of conduct in the banking market, the ALM (anti-money laundering) is a prerequisite for protecting the reputation of any banking institution and its customers. The ALM compliance includes such areas as, counteraction to the legalization of crime and terrorist financing proceeds, development of documents and procedures that ensure compliance of the company’s activities with current legislation, protection of information flows, combating fraud, and corruption. In 2015, the Financial Crimes Enforcement Network (FinCEN) had to pay a $700,000 penalty against a digital currency operator because they didn’t have an adequate AML program. Since then, the company made partnerships with many banks, showing that it’s important for banks to perform due diligence before starting a fintech partnership.

3. KYC compliance
   KYC (Know your customer) is a banking and exchange regulation term for financial institutions and other companies working with private individuals’ money, meaning that they must identify the counterparty before conducting a financial transaction. This requirement applies to obtaining reasonably complete information about counterparties-legal entities, the nature of their business, and individual business transactions. This compliance is used to prevent money fraud, terrorist financing, and tax evasion. Currently, the requirements and standards aimed at implementing this principle are established at the level of national legislation, regulatory documents of banking regulators, and international organizations such as the FATF. With banks trying to root out fraud and avoid terrorist financing, it is vital that KYC compliance with Fintech be top-level.

4. Payment Card Industry Data Security Standard
   PCI DSS (Payment Card Industry Data Security Standard) was established by Visa, MasterCard, American Express, JCB, and Discover. The requirements of the standard apply to all companies working with international payment systems, such as banks, trade and service companies, technology service providers, and other organizations that process, transfer, and store data on cardholders and their transactions. The PCI Data Security Standard determines twelve requirements for compliance, combined into six logically related groups called “control objectives”. The standard combines the requirements of various international payment systems programs for the protection of information, in particular:

• MasterCard – Site Data Protection (SDP);
• Visa in the USA – Cardholder Information Security (CISP);
• Visa in Europe – Account Information Security (AIS).

5. Consumer-focused strategy
   Banks and credit organizations are increasingly working with closed payment systems. This complicates the calculation of commissions and other fees, including currency exchange rates. With this purpose, the Consumer Financial Protection Bureau (CFPB) was founded in the USA. It creates and applies the rules for financial institutions, monitors, makes market reports, collects, and tracks consumer complaints. This has extended not only to established financial institutions, but Fintech as well. In 2019, a consumer lending company had to pay a $6 million fine after the CFPB stated it didn’t offer borrowers the proper chance to improve their credit or get loans at lower rates and violated the consumer lending law.
   
6. Digital Signature Certificate
   A Digital Signature Certificate is a secure digital key that is issued by the certifying authorities and is aimed at identifying, certifying, and validating the identity of the certificate holder. Digital Signatures use the public key encryption to generate the signatures. DSC contains data about the user’s name, email address, pin code, country, date of issuance of the certificate, as well as the name of the certifying authority. Thus, the electronic digital signature is used in electronic document management, in electronic reporting for regulatory authorities, in public services (information from state registers, submission of applications, appeals, etc.), in interaction with the court (electronic litigation), etc. Electronic digital signatures are a common practice in Europe. They are most actively used in Estonia, where 90% of public services are implemented online.

Fintech planning

Due to the interrelated global trends and possible financial risks that banks can face, the innovations enable large organizations to process high data volumes more efficiently and rationally. In this regard:

• The regulators are constantly reviewing the rules, expanding them, and responding to threats from both organized crime and the growing threat of global terrorist networks, many of which have become stronger and more complex in recent years;
• Integrated networks and an increase in the number of cross-border operations have created gaps in the infrastructure of banks, increasing their vulnerability; 
• The work of banks is affected by the wider use of economic sanctions for individuals due to foreign policy;
• Regulatory authorities are wary of potential threats, and their increased expectations entail the creation of demanding regulatory conditions for banks and financial institutions.

How we can help

Regardless of your location, Fintech regulations should be thoroughly examined as far as almost every Fintech solutions and standards developed these days can go globally. 

Also, you should be sure to partner developers that are aware of Fintech development standards and limitations. 

Over the last 5 years, we at UppLabs mastered the latest Fintech technologies and gained experience in creating reliable, secure, and sophisticated Fintech solutions and products:

• Fintech web and mobile development
  We follow Fintech trends and innovations, constantly learn, visit the best fintech conferences, and have the best team of professional web and mobile developers.

• Money transactions platform engineering
  Our fintech payment ecosystem is transparent and multifunctional.

• Online trading and exchange platform engineering
  We create online e-trading platforms that offer real-time solutions with various trading fintech opportunities.
  
• AI-based Fintech solutions
  We are ready to use AI-based solutions to collect and process huge volumes of data aggregated by Fintech companies.
  
• Payment systems integration and optimization
  We automate your accounting and ERP creating the best fintech services and apps.
  
• Existing services maintenance and modernization.
  Our portfolio includes the use of modern architecture that guarantees easy maintenance and easy integration with the best fintech services.

If you need IT consulting on Fintech – ask UppLabs!