How fintech companies can innovate in a regulated environment

Regulation, competition and market changes in the fintech industry have fostered new innovations and enabled businesses to create new opportunities with their product and services in order to build a meaningful customer base.

Regulations such as PSD2 and GDPR, combined with innovation, have been widely debated and ultimately pushed businesses in Europe to transform their services to stay ahead of the curve. Although there’s a set of updated standards, these new regulations are challenging the way the payments industry operates and have brought on a stream of opportunities for fintech companies.

Sushil Kuner from Gowling WLG says: “With PSD2 the banks’ unique control over customers’ data has disappeared. Now, with open banking, bank customers are able to give third party providers permission to retrieve their account data from the banks.

“This could pave the way for Big Tech to engage in the provision of payment services on a large scale.”

The power of data

Fintech companies recognise the power of data and how it can increase customer loyalty, revenue and brand value. However, these businesses need to ensure that they have the right capabilities in place to adhere with new regulations around customer data protection and security.

Consumers have typically put their trust behind traditional banks, however in the last few years we’ve seen a switch from traditional financial services institutions to challenger fintech companies.

Traditional financial services firms may have an established customer base on their side, but fintechs offer a more customised solution, are faster, more agile, and multichannel. New regulations have created more opportunity to innovate and for fintechs to partner with larger organisations to leverage their agility and technological edge and keep the industry competitive. 

Kuner adds: “Equally, banks are increasingly eager to collaborate with fintech startups/ entrepreneurs to harness new technology and the power of data to help them remain competitive.”

A report published by Oracle has revealed that less than 40% of companies in Europe, the Middle East and Africa are confident they can “master their data” – this means the way they manage, secure and gain insight from their datasets and use it responsibly.

Data is key for fintech companies as they launch new products based on analysing customer interaction, spending habits, and even insight into their bank balance. Traditional financial services still have a lot of catching up to do when it comes to harnessing the power of data. 

The Payment Service Directive 2 (PSD2) and Strong Customer Authentication (SCA) has been met with a series of challenges from merchants and acquirers. New rules under PSD2 mean that transactions above €30 (based on certain merchants) will require SCA and Two-Factor Authentication to place more security and scrutiny on a business’ capability to detect and prevent fraud.

“Two-Factor Authentication is essentially a double layer authentication process that is based on the use of two or more elements categorised as knowledge, possession and inherence,” says Sushi Kuner.

“Knowledge means something only the user knows, the typical example being a password. Possession means something that only the user possesses and this can include a smartwatch, for example, or a security device issued by a bank to enable an individual to access online banking services. Finally, Inherence relates to something the user is, for example biometric data such as a fingerprint or facial recognition.”

Jeremy King, international director of PCI Security Standards Council says that in order to face the challenges, as an industry we are “trying to find a way for our standards to simply find a process for anybody in this room to be able to undertake payments in whatever sector in a frictionless way.”

However it’s clear that while PSD2 puts a series of limitations on spending for merchants and perhaps slows down the consumer journey, it also fosters greater innovation. Fintech companies have started to work with larger ecommerce businesses and cybersecurity experts to ensure they have the processes in place to comply with the regulation. This can also lead to new products, services and platforms being built from analysing how consumers are transacting with the new limitations. 

GDPR pushes for greater transparency  

The General Data Protection Act encourages stricter guidelines around data and considerations to be taken early on by business across Europe. 

More regulated fintechs in the UK will impact the way international companies handle their business, as they must consider that each new market must navigate the varying legal regimes and requirements and make costly infrastructural investments – with high potential costs (fines, operating restrictions, even criminal culpability for business owners) for getting it wrong. 

In order for fintechs to stay ahead of innovation and avoid any complications with data protection, it’s important to have transparency on data strategies. 

Most businesses work with third-party businesses and these companies can provide a lot of data back into the business, so it’s important to have a concrete strategy on how marketers and publishers implement a strategy around the security of data, that they know the source and trust the reliability. 

A recent EY report revealed that consumers still worry about the security implications of their data and privacy, and that four in ten households don’t believe their personal data will ever be fully secure, and it comes as no surprise. 

Firms need to have appropriate systems and controls in place, including robust stress testing, and should ensure that data is protected and that systems cannot be hacked or penetrated by external parties. 

Fintech companies operating within the EU, especially those handling large data sets and aggregating data to create personalised experiences need to bolster their security to ensure that they are following the guidelines associated with any security breaches, costs of processing data and protecting data privacy.

Sushil Kuner adds: “Combating financial crime (including fraud) and promoting cyber resilience are two of the highest priorities for regulators around the world. While GDPR and PSD2 offer enhanced protections for consumers and financial services firms, they also bring opportunities to enhance competition in the interests of consumers and the economy as a whole.”

Regulation will only get tougher in the UK, and it’s important for fintech companies to stay ahead of the curve, collaborate with businesses to leverage their technology and build their brand as a reputable and trustworthy entity that fosters innovation. 

For more information, insight and advise on regulation in technology click here.