THANK YOU FOR SUBSCRIBING
By Nelson Cheung, Compliance Director, Oriente
Fintech opens up business opportunities for both traditional financial services company and fintech start-ups. Not only does it provide operational efficiency, but it also enables delivery of financial services cheaper and more convenient to customers who could be living in remote area where traditional financial services are not available.As fintech evolves over time, it becomes challenging for the regulators in striking a balance between fostering technological innovations and protecting the consumers. While fintech specific regulatory requirements are yet to be released, we have seen regulators showing concerns in a number of areas. Digital Customers Onboarding (DCO), as the first step to bring in the customers, although it sounds straightforward, it is equally challenging for internal compliance professionals to ensure compliance as the regulators setting out Fintech specific requirements (that is, innovation versus protecting consumers). The key challenges a compliance professional would face when reviewing a DCO initiatives will be discussed below followed by appropriate approaches to handle them. Regulators Expected KYC in DCO to be as Robust as KYC Conducted Face-to-Face With DCO, the financial services companies can no longer use traditional face-to-face approach to verify the identity of the customer, question the customer the purposes of opening a bank account/applying a loan or determine whether the customer looks suspicious. However, regulators do expect due diligence controls, which are at least as robust as those performed face-to-face. There are number of electronic Know Your Customer (eKYC) service providers available in the market. While some of these service providers claim that their eKYC solutions meet regulatory requirements, financial services companies have to study these products carefully to ensure the product fulfils your company’s compliance obligations, especially when your company is operating in different countries, meaning the regulatory regime can be varied. Consent is not Always Bullet Proof Whether to improve customer experiences, to learn more about your customers or for internal risk management purpose, financial services companies might make use of the mobile app to obtain as much information from the customer’s smartphone as possible, for example, the contact list, geographic locations, and so on. Of course, your legal and compliance colleagues would have already included such access in the terms & conditions (T&C) or privacy notice that the customers have to “read” and “accept”. Such acceptance is considered as a consent by the customers for the use and disclosure by your company as stated in the T&C or the privacy notice.
As Fintech Evolves Over Time, It Becomes Challenging For The Regulators In Striking A Balance Between Fostering Technological Innovations And Protecting The Consumers