Technology and financial compliance – an inevitable symbiosis by Noel Bartolo
As a financial institution in Malta, we are bound to comply with the requirements of a number of regulators, principally,the Central Bank, the MFSA, and the FIAU. Running a successful fintech company is possible, in our view, by applying a forward looking approach to the regulatory frameworks..
This stems from our own view that business should be equitable. We view ourselves as a financial partner to our clients, an essential and supportive role in any business, and for this to be successful we need to be extremely adept at distinguishing between regular business practices and those that are suspicious.
The technology that is available to us and to our clients does, for the most part, enable a rapid and efficient interface between the business and its transactions, but, as with any technology, there are those who seek to make nefarious use.
One of the innovative tools that is available to us is the ever-increasing popularity of the electronic ID – the eID. Originating in the Nordics and growing in popularity there first, this technology has made it across Europe and has now become widespread in Malta. Effectively, an eID makes it possible for us to identify and onboard a client quickly, safely, and without the necessity for us to meet them in person.
New ID cards are equipped with an NFC device that includes a digital certificate. When comparing this technology to a regular, handwritten signature, one can quickly see the massive increase in security. A handwritten signature is significantly easier to forge than it is to spoof an NFC ID signal.
We add a biometric layer of security to this. A photo and video of the person applying for an account provides us with unique biometric data from that individual in the form of a wealth of measurement data that is unique to each individual. When adding biometric data to the NFC certificate, we have an approach to identification that’s likely more secure than that of a face to face interaction conducted by traditional banks.
This is one example of the way technology is contributing to enhanced security while making the customer journey a quicker, convenient and streamlined process. Of course, it requires vigilance on our part, but this is part of the compliance oversight to ensure that technology works in a way that is assistive.
An even broader application of technologies that aid compliance with regulation is that of transaction monitoring. We must be permanently vigilant to prevent actions that could be linked to money laundering and we will return to this further on in this blog, but will take a moment to highlight one kind of transaction monitoring that is in the news right now – that of international sanctions.
With the plethora of sanctions impacting businesses that operate directly or indirectly with Russia, we are required to ensure that our client base is adhering to the respective controls imposed by the sanctioning authorities. As an Electronic Money Institution we have a dual obligation – one towards our client and the other towards the financial institutions involved in a transaction. We’ve worked with our clients that had direct business activity with Russia following the publishing of sanctions, to establish if we are still in a position to attend to their payment requirements. While vendor due diligence is a responsibility of our client, we must remain one step ahead of our compliance requirements and do all we can to pre-empt actions such as blocking client accounts.