Data rules create international strain, and opportunity for fintechs

Register now

Since the 2008 global financial crisis, we have seen the emergence of a wave of new regulations designed both to stabilize and help reshape the banking and financial services industries.

Many of the new rules, including the Second Payment Services Directive (PSD2) are set to have a worldwide impact, and are forcing banks to make wholesale changes to how they operate. International banks are also having to adapt to a raft of regional regulations that impact their operations in certain territories significantly but in others only negligibly.

Unraveling the complexities of the regulatory landscape both at a global and a regional level is a complex task. While banks are themselves inevitably focused primarily on their core business operations, fintechs can take a broader perspective on the regulatory landscape, which can be invaluable in helping banks achieve compliance with these new regulations. Indeed, both banks and fintechs should grasp the opportunity that new regulations present through working more collaboratively.
PSD2 is a great example of the scale of this opportunity. It is a real game changer for banks on a global scale. It heralds the open banking movement, which seeks to provide users with a network of financial institutions’ data using application programming interfaces (APIs). To comply, banks need to ensure they can open up their data to third party "regulated providers," normally relatively young, innovative and nimble fintech companies.

The implications of open banking for fintechs are huge, as it enables ready access to the largely loyal customer bases of banks as well as collaborative partnerships with highly regulated financial institutions. For banks, there is the opportunity to deliver the mobile apps that customers increasingly want to use, without the need to necessarily build them in-house.

Open banking is therefore driving innovation, no doubt about it. Fintechs can provide a layer that sits in front of bank systems and plug into open APIs. Many get ahead of traditional banks by spotting gaps in the market and moving quickly to build and test a new app. Smart traditional banks increasingly see the existence of fintechs as an opportunity to build an ecosystem of apps that help retain core banking loyalty, rather than as competitors focused on stealing customer business.

In terms of the regional regulations, fintechs are well placed to help banks look above the regulatory requirements of one country to understand where there is a higher level or broad-brush framework that encapsulates multiple regions.

If they are talking to a bank about compliance with a local set of requirements, they can look for the broader umbrella regulations or standards that are out there that effectively supersede them or operate at a much higher level. They will then find that they have ticked the compliance box in terms of the requirements that a particular region has, along with multiple other territories.

Another aspect of this is to focus on the most challenging and difficult to meet levels of regulation. One example is the newly introduced General Data Protection Regulation (GDPR) in Europe, which effectively replaces the patchwork of local data protection laws that existed beforehand.

Requirements in other regions of the world are not quite so stringent or advanced. If fintechs can demonstrate that they can meet these stricter standards and criteria, banks will be comfortable that they can meet whichever regulations exist in other regions.

It’s a different story in Asia, where regulations can be more country-specific. While regulations in Europe typically cover the whole region, in Asia they tend to apply to individual countries and can be so rigorous that, as is the case in China, restrictions discourage some bigger banks from operating there altogether.

However, it’s clear that in Asia there is a mixed bag between some markets with limited levels of regulation and others that are relatively strict. When the bar is set too high, banks will default to other areas of Asia that have a less stringent regime. But operating within the boundaries of those different countries’ regulatory frameworks is clearly still vital.

By partnering with collaborative fintech providers, banks can make the technological changes they need to comply with new regulations, whether that relates to open banking or broader regulatory risk regimes. And by adopting a flexible and best practice approach to meeting new standards and regulations, they can help ensure compliance with the latest guidelines and rulings springing up in every corner of the globe.

Despite the exciting opportunities that fintechs can provide, banks still need to be careful to complete their due diligence when it comes to selecting the most appropriate fintech to partner up with.

Existing legacy systems cannot be ignored or by-passed altogether, so potential partners must have the capability of working alongside, not against them. To err on the side of caution when it comes to financial loss and reputational damage means to seek partnership with fintechs which instil credibility and have an ability to scale up with the bank’s customer demands.

This scalability is important. Choosing the right fintech partner is not all about looking at the technological functionality they bring. Some very innovative apps and solutions in the market today are backed up by a small team that are delivering the solution and may not have the depth of capabilities to service the individual needs of the bank.

If the past decade of economic unrest has taught the financial services industry anything, it is that the only constant is change itself. Today’s banks understand that operating within the constantly shifting sands of the regulatory compliance framework is no longer the exception but the rule, and they appreciate that by partnering with fintechs and drawing on their expertise, they will be much better placed to navigate this complex landscape.

For reprint and licensing requests for this article, click here.
GDPR Data transparency Payment processing Compliance ISO and agent