Compliance Challenges in the Evolving Fintech Regulatory Regime: Key Challenges in Digital Customers Onboarding

Led by increasing number of complaints against the abused access to personal data available in the smartphone, regulators have started to regulate such access. Some regulators have issued a white list of information a mobile app can have access to; some regulators, although yet to issue new requirement, publicly provide their view that relying on traditional “read” and “accept” of a lengthy T&C and privacy notice as the basis to extract personal data from the customers’ smartphone as unfair.

Applying General Data Privacy Principles in Big Data/Artificial Intelligence Initiative Can be Challenging

Insights generated from big data analytics, when used properly, can be useful for various purposes, for example, calculating the risk of default payment of a borrower, to determine what products are suitable for a particular customer. Big data when coupled with artificial intelligence (AI), which can learn and evolve without the need for human intervention, is even more powerful. The question is whether the outcome or the process itself is fair to the customers.

There is a real-life example: a credit card company rated all customers of a shop as higher credit risk because a number of customers of that shop had poor credit card repayment records. From the credit card company perspective, it may help reduce default payment rate. On the flip side, from the consumers perspective, I can be a diligent consumer and just happen to walk into a shop which, unfortunately, has numbers of bad customers. Is it fair for the credit card company to rate me as a high risk customer?

Data protection authorities and financial services regulators have shown their concern on the Big Data/AI use cases, however, how to define fair collection and use of data are yet to be seen. Financial services companies still have to apply general data privacy principles when reviewing their big data and AI aspects of the digital customers’ onboarding initiatives and have a guess on whether their collection and use of data would be considered as fair.

Product Review and Approval Process

Once the product team has an idea, legal and compliance should be consulted to determine whether there are any laws and regulations that ban such product. Once the product’s preliminary design is ready, legal and compliance should be further consulted to identify all relevant laws and regulations that apply and suggest controls to be implemented.

During the development phase, close collaboration between legal and compliance and the production team is crucial as how the product team interprets the controls suggested by legal and compliance can be quite different from their expectation. Another reason is product team focuses primarily on the product features and ensuring a pleasant customer journey, adding a new screen to include necessary disclosure that requires the customers to read and accept can affect the total time required by the customer to complete the account opening process, which can be one of the most important KPIs.

Finally, legal and compliance should be one of the sign-off parties before the product is launched to ensure all suggested controls are in place and there is no surprise (that is, features deviate from the design).

We will Get There

While the regulatory regime and industry practice around fintech are still evolving, compliance professional will have to be both creative and conservative, that is, being creative in finding new ways to ensure compliance, while being conservative when uncertainties arise as to whether the fintech initiative is acceptable from regulatory perspective.

When clear guidelines or even fintech specific regulations are released by the regulators, we, as a compliance professional would have a better idea on how to ensure compliance, by then, there might be new technologies and new areas of compliance concerns that change the compliance landscape. After all, we are living in an ever-changing world.