In the aftermath of the global financial crisis of 2008; new regulations, legislation and compliance requirements were put in place to curb financial malpractice. This gave rise to innovation within the regulatory compliance process, with built-in systems to mitigate risks of cyber security and protect privacy of consumers.
A key challenge in the regulatory technology ecosystem is cyber threat. While the seamless automated compliance of regtech minimises operational risks, enables more granular checks for AML and internal frauds, it also poses a challenge of cyber risks. Common risks are data breach, sabotage, data or identity theft – internal, external and state sponsored – any of which can have enormous and far-reaching consequences.
Regulatory compliance mechanisms like the KYC registry store extremely sensitive personally identifiable information (PII) and elaborate customer data. So it is important to devise systems to prevent unauthorised access, minimise cyber risks and control the possible consequences of data breach.
Cybersecurity has thus emerged as a critical component of regulatory technologies, whether for large financial institutions or SMEs who have consolidated their KYC functions onto a single platform.
Regulation technology for resilience against cyber threats
Risk and compliance functions have a multi-pronged approach towards regulatory challenges. They use SaaS in the cloud to identify risks, strategise risk tolerance, facilitate regulatory requirements across geographies and financial services and use innovative tools for niche products or services.
As financial relationships become more complex and interconnected, the regulations to track and monitor these relationships have also become complex. With the risks of non-compliance and fraud being high, many businesses have turned to strategising KYC for risk management. Smart solutions like integrating electronic identity verification (eIDV), combining resources and sharing third-party KYC data, are the new trends in the regulatory technology landscape.
Key area where regtech ensures data security and privacy:
- Fraud – Potential risks of ID theft can be countered with a two-way authentication process and a standardised system which allows users to protect, control and own their KYC data.
- Prevention and checks against money laundering and terrorist financing – A robust KYC compliance has been established as an important tool to counter situations or perceived risks of businesses being used for money laundering.
- National compliance standards – As countries have varying regulatory environments, businesses are developing various strategies to ensure data sovereignty and data residency, while maintaining privacy of the personal information.
- Regulatory technologies and tools are thus being developed to balance data protection with territorial laws. Technologies applied include hybrid cloud computing, cloud security, mobile security, advanced authentication, built-in encryption, cryptography, and biometrics.
Privacy protection – a prime challenge of global KYC registry
Regulations governing KYC compliance have created centralised KYC registries containing personal identifiable information. The digitised PII contains sensitive information like social security number, bank account details, telephone number, driver’s licence, address, gender, race, birth date, other geographic indicator or biometric information.
As more and more business collect PII, customers are concerned with personal data security and privacy. The 2011 World Economic Forum referred to personal data as ‘the new asset class’ and addressed the need for protecting privacy. SMEs competing to thrive in a competitive environment often develop innovative ways to collect, aggregate and use data. With data increasingly being considered a primary currency in digital finance or fintech development, the focus on data protection has become an important consideration. While many countries have come up with their own Data Protection Bills to regulate the KYC frameworks, it is incumbent upon the business to ensure that data of the user and associated entities is protected.
KYC registries thus need to ensure transparency and secure handling of personal data. With the right combination of process and regulatory technology solutions, PII can be safeguarded from data theft or consequences of data breach.
As consumers look at ease of doing business under the umbrella of KYC compliance, identity management systems have entered the threshold of technological revolution – a foolproof identity management. From securing PII to controlling its use, companies are incorporating high levels of regulation technology for data protection. With cyber security a critical component in the regtech process, start-ups are driving innovation to address the challenges and risks of KYC data. The ultimate goal is to ensure that user data in KYC registry is safe and secure, even as compliance is strictly adhered to.
Subscribe to our blog for updates and more