Technology and financial compliance – an inevitable symbiosis by Noel Bartolo
As a financial institution in Malta, we are bound to comply with the requirements of a number of regulators, principally,the Central Bank, the MFSA, and the FIAU. Running a successful fintech company is possible, in our view, by applying a forward looking approach to the regulatory frameworks..
This stems from our own view that business should be equitable. We view ourselves as a financial partner to our clients, an essential and supportive role in any business, and for this to be successful we need to be extremely adept at distinguishing between regular business practices and those that are suspicious.
The technology that is available to us and to our clients does, for the most part, enable a rapid and efficient interface between the business and its transactions, but, as with any technology, there are those who seek to make nefarious use.
One of the innovative tools that is available to us is the ever-increasing popularity of the electronic ID – the eID. Originating in the Nordics and growing in popularity there first, this technology has made it across Europe and has now become widespread in Malta. Effectively, an eID makes it possible for us to identify and onboard a client quickly, safely, and without the necessity for us to meet them in person.
New ID cards are equipped with an NFC device that includes a digital certificate. When comparing this technology to a regular, handwritten signature, one can quickly see the massive increase in security. A handwritten signature is significantly easier to forge than it is to spoof an NFC ID signal.
We add a biometric layer of security to this. A photo and video of the person applying for an account provides us with unique biometric data from that individual in the form of a wealth of measurement data that is unique to each individual. When adding biometric data to the NFC certificate, we have an approach to identification that’s likely more secure than that of a face to face interaction conducted by traditional banks.
This is one example of the way technology is contributing to enhanced security while making the customer journey a quicker, convenient and streamlined process. Of course, it requires vigilance on our part, but this is part of the compliance oversight to ensure that technology works in a way that is assistive.



An even broader application of technologies that aid compliance with regulation is that of transaction monitoring. We must be permanently vigilant to prevent actions that could be linked to money laundering and we will return to this further on in this blog, but will take a moment to highlight one kind of transaction monitoring that is in the news right now – that of international sanctions.


With the plethora of sanctions impacting  businesses that operate directly or indirectly with Russia, we are required to ensure that our client base is adhering to the respective controls imposed by the sanctioning authorities. As an Electronic Money Institution we have a dual obligation – one towards our client and the other towards the financial institutions involved in a transaction. We’ve worked with our clients that had direct business activity with Russia following the publishing of sanctions, to establish if we are still in a position to attend to their payment requirements. While vendor due diligence is a responsibility of our client, we must remain one step ahead of our compliance requirements and do all we can to pre-empt actions such as blocking client accounts.


Transaction monitoring is an area where remaining at least one step ahead of compliance monitoring is essential. As a financial institution, we are obliged to follow training by regulatory agencies such as the FIAU to be aware of emerging patterns in financial crime.
This stems from the evolving typologies that exist in this sphere. Gone are the days when money laundering was as simple as walking into a bank branch and depositing a suitcase full of cash with the teller. The practices being employed are infinitely more sophisticated and make use of technologies and financial instruments that are part of today’s complex systems.
As a player in the financial services industry we must examine the movement of money across the plethora of available financial instruments and ensure legitimacy.
One of the easiest ways to ensure compliance is to automatically refuse transactions of a certain type or that originate from particular territories, industries, or even demographics. This practice is unfortunately widespread and not the approach that regulators are targeting. We have a responsibility towards clients who are honest and upstanding citizens. If we were to be automatically suspicious of all activities related to certain financial instruments, we would be discriminating against legitimate operations.
‘Fast-food banking’ simply creates one-size-fits-all profiles and refuses service. This practice has become so prevalent across Europe that the European Commission had to issue a directive that declares basic banking provision to be a fundamental right. There has been widespread refusal of banking services to temporary asylum seekers, for instance, causing great difficulty to individuals who are already facing the toughest of situations.
EMIs and other financial institutions have an obligation towards individuals who require banking services and to fulfil these obligations we must be able to distinguish between normal and abnormal use of an account.
We employ technologies that establish patterns for normal use of an account and even account for legitimate abnormalities. Based on the nature and the duration of a client relationship, we can account for variations in account use that constitute perfectly legitimate activity.
Having the technology and awareness of standard deviations from typical behavioural patterns, and understanding the proportionality of these deviations, allows us to be alerted to suspicious activity while allowing correct use of an account to continue unimpeded.
Being ahead of compliance requirements requires us to understand typologies, to employ the latest tech to analyse emerging patterns, and to distinguish between legitimate and suspicious activity to make sure we don’t miss the wood for the trees.
We are continuously aware of our function in society and this goes beyond financial gain. Our services play a significant role in people’s lives and we have a responsibility towards them – we owe them the access to the financial services that they need while protecting society from illicit activity. It is with this in mind that we blend regulatory controls with the latest technology to remain one step ahead of all applicable compliance requirements.