Data Security

Compliance and the Cloud – A Match Made in Heaven?

Move fast and break things. That’s been the mantra when it comes to innovation for over a decade, championed by the likes of Facebook, Google and Amazon, who tore up the rulebook to establish innovative services that dominate across the world.

But for sectors such as banking, there are rules and regulations to follow when it comes to being compliant. And this can come at a price to innovation. According to our Future payments research, almost a third of businesses (28%) think regulation and compliance hamper innovation.

However, innovation and compliance, in my opinion, shouldn’t be an either/or decision. In fact, innovation, particularly in the banking sector, can be fueled by compliance and regulation – helping businesses work better internally and with partners and suppliers, particularly when it comes to the cloud. Let me explain. 

Regulation, regulation, regulation

Know Your Customer (KYC), Anti-money Laundering (AML), Payment Services Directive 2 (PSD2) and the General Data Protection Regulation (GDPR) represent the recent raft of regulation that financial services providers must contend with. These vary from nation to nation and sometimes even within the same country.

The cost of making compliance errors – failing to check all relevant documents, lack of secure storage, incorrect permissions for data access – is significant. There are the standard fines, of course. But beyond this is a core issue of trust. Poor use of customer information costs you customers – it’s as simple as that.

But not only do businesses have to navigate compliance when developing new ideas, they also somehow have to mitigate the effects that compliance has on their customer experience. Going through the KYC process as an end-user of financial services is a bore. So many pieces of paper evidence, many of them originals and with expiration dates. So much time waiting for them to be processed. And, on occasion, having to repeat the process because someone’s finger slipped during the data entry stage. This presents a tangible hit to providers’ bottom lines.

Regulation to fuel innovation

However, while not often familiar bedfellows, regulation in banking is driving efficiency and innovation. The recent release of two seemingly contradictory regulations – PSD2, which opens up notoriously data sensitive bank accounts to third party access, and GDPR, which cracks down on data use without explicit permission – is actually creating an environment where the digitisation, and adoption of cloud-based technology, of KYC, AML and other processes is being encouraged rather than challenged.

Increased regulation means companies working with data will have to shore up their own lax procedures, assessing data held in public cloud environments or stored on unsecured personal devices. But the regulation also pushes the agenda for increased digitisation of data, the need to hold it securely in centralised sources while improving access for legitimate users. So much so that governments around the globe are joining the push for electronic identity documents – driving the need for innovative new ways to adapt to regulation.

As with mobile payments, the inspiration for innovation has come from developing countries. In 2008 the Indian government created the Unique Identification Authority of India (UIDAI) to give a unique digital identity to every resident. Targeting the whole population, but in particular the large numbers of undocumented individuals, the electronic ID called Aadhaar gave people access to healthcare, services and banking.

A GSMA study found the consequence has been to speed up e-KYC, primarily in the mobile sector but with implications for MNOs to become payments banks for low-income customers. In doing so, it reduced the cost of KYC processes from $0.60 per customer to $0.07.

Cloud-based KYC is the way forward, it relies on centralised, protected data sources that are expertly maintained to ensure that they remain current and compliant. Centralisation provides the access needed to make cross-border payments a reality. From finding common integrations across different national banking systems to validating customer IDs in more than one territory, Cloud-based KYC is breaking down barriers both real and virtual.

Elsewhere, the notion that regulation supports innovation is echoed in the way the Competition and Markets Authority (CMA) in the UK is actively supporting PSD2 as a way to open up competitiveness in the banking sector. This in turn is driving better customer experience, as well as streamlined business practices. Regulation is being used as a catalyst for many organisations to ‘clean house’ in a way that many have put off for reasons of ‘tradition’ or ‘legacy’. 

Moving towards a world of digital-first financial products is both inevitable from a customer satisfaction point of view and desirable for institutions. What’s required is an innovative mindset that’s willing to use the various rules and regulations as a source of information, rather than an inconvenience, adapting to the regulations to ensure that you can move as agile and as fast as possible.

Source: Compliance and the cloud – a match made in heaven?

Leave a Reply

Your email address will not be published. Required fields are marked *