How Cloud Computing is helping FinTech Firms in being #GloballyCompliant


One of my colleague who is a dire fan of #cashless and #Digitization, while packing his bags asked me – Will I be able to pay with Amazon Pay during my onsite visit to Germany? You should be, they have their operations in Germany. But your account is in INR so maybe that needs to be changed to EURO? Then his next question was – The fintech firms in a country how do they manage cross country compliance?

Compliance  and Technology

Compliance and Technology


Even I wasn’t sure and assuring him to provide him with an answer before his landing, I started exploring, and the result is this blog post –

  • Are the #Compliance Standards same for all firms dealing with Money ?


Not really! All entities dealing with payments and money matters, need to follow standards from PCI [Payment Card Industry] or ISO [International Organization for Standardization]. While PCI is a mandatory for plastic cards issuer’s ISO is voluntary. Here are some of the key differences worth noting –.

Parameter
ISO
PSI
Compliance
Voluntary
Mandated
Scope
Firm Level
Process Level
Flexibility Offered
High
low
Depth of Compliance
Voluntarily Standards
Must meet all the standards

  • What are the Specific Standards Followed by Financial institutions ?


PCI and ISO both have a set of regulations to be followed by firms concerning information security management. Specifically, for money matters PCI DSS, ISO 27001 and ISO 20022 are adopted and followed. Although the goal is the same, the method differs in the way to protect and control customer data. Both need audits and regular checks to show compliance readiness with these standards. A big similarity that exists is one could use PCI DSS as a part of becoming ISO 27001 compliant. Let’s take a closer look at the specific compliances standards –

PCI DSS
Any merchant or service provider that handles, processes, stores or transmits credit card data.
ISO 27001
ISO 27001 has been developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." Many organizations have implemented the standard(s) without going for the certification – one obvious example is banks and other financial institutions. Regulations in most countries are such that they had to implement very strict information security and business continuity procedures and safeguards, and most did that that using ISO 27001.
ISO 20022
Most financial institutions that want to streamline their communication infrastructure and associated costs by opting for a single, common "language" for all financial communications, whatever the business domain, the communication network and the counterparty (other financial institutions, clients, suppliers and market infrastructures). ISO 20022 - Universal financial industry message scheme (which used to be also called "UNIFI") is the international standard that defines the ISO platform for the development of financial message standards.


Now we know the standards followed by different entities depending on whether they store the customer data or just use it for processing using a third-party API or need to use it for online transactions. But how these compliances are followed in different countries? Or Traditional Banks had a set of regulation and compliance to be followed, with fintech firms evolving signing customers at the global level, even compliance methods need to meet the current requirement.

Let’s take an example of Digital Payments, in India Cashless Payments increased by 22% in 2016 but has the compliance seen that growth? Compliance standards need to be automated with the help of technology to meet the needs of modern customers. One of the technology keen on helping Fintech firm is Cloud Computing! Thanks to cloud computing that Payment Banks, Financial Institutions and NBFC’s are expanding their horizons and going global!

  • How FinTech Firms are utilizing RegTech with Cloud Computing ?


Compliance  and Technology

Image Credit – Thomson Reuters


RegTech [or an amalgamation of Regulation +Technology] is the new buzzword to address the regulatory requirements and comes with exciting feature like –

  1. Speed
  2. Automated
  3. Seamless Integration with technologies like Analytics, Big Data, etc.
Many of the RegTech firms like London-based FundApps or Vizor in their design feature have considered Cloud based solutions. Using cloud computing loads these solutions with advantages like remote maintenance, cost effective, flexible in data sharing, secured and scalable.

  • A cloud architecture is comprising of virtual routers and firewalls, multi-redundant environments could help in creating an enhanced setup for disaster recovery scenarios.
  • Cloud computing could assist in automating the audits and check process thereby allowing Fintech engineers to work on product enhancement.
  • Cloud set up helps in offering solutions at a global level providing access to data 24*7*365.
  • Cloud computing allows you to keep up the performance even during those peak hours or end of month queues, by giving access to high-performance servers and data storage.
  • Cloud helps in making the production cycle continuously thereby reducing time-to-market of a product/solution.
  • Most of the Cloud based solution are now one-click solutions that could also be accessed via a smartphone.

Financial Institutions and regulations had been two faces of the same coin, with banking that has moved out to other entities even regulation need to venture out. Thanks to technologies that compliance is still maintained and customer data are secured and protected.

References:
PCI vs. ISO
Payment Card Industry Data Security Standard - Wikipidea
Who Needs to be PCI Compliant?
12 Reasons why you should be considering ISO27001
ISO 27001/ISO 22301 Knowledge base
ISO 20022 Universal financial industry message scheme

Author :

Samiksha Seth
Content Strategist

Share this post