.jpg)
7 November, 2016
INTRODUCTION
The FinTech industry has had a great deal to celebrate – a recent report by KPMG International and CB Insights, suggested a record US$19.1 billion was raised across 1162 deals last year globally, and innovation has been rapid and impressive, bringing new products to a well-established and traditional sector. There is another side to this industry disruption, however, which is the heightened risk of fraud.
FRAUD IN FINTECH
FinTech has revolutionised financial services, introducing consumers to new products such as faster payments, robo-savings products, loan platforms, crowdfunding and more. FinTech companies are now household names and have certainly broken the dominance of financial service's largest players.
With this innovation, however, has come an increased risk of fraud. Recent fraud-related scandals involving peer-to-peer and crowdfunding platforms have served as stark reminders of the risks of using FinTech when appropriate regulation and/or compliance processes are not in place. Users of FinTech are concerned about fraud, so for the FinTech industry to survive, it must be protected against exploitation by fraudulent activity. Fortunately, entrepreneurs have identified this issue as yet another opportunity, and are busy developing a complementary
industry to address this: RegTech.
REGTECH, NOW AN INHERENT PART OF FINTECH
RegTech refers to technologies that work alongside FinTech services (as well as more traditional banking), allowing those services to operate more efficiently by ensuring legal and regulatory compliance in an increasingly regulated industry, while allowing innovation to continue.
The UK is widely seen as being a global leader in FinTech and now RegTech; the Financial Conduct Authority (FCA) is actively working with start-ups to streamline compliance, while continuing to heavily promote innovation in financial products and services. RegTech is a rapidly growing industry: at the time of writing, 137 start-ups listed on Crunchbase, the well-known database of the startup ecosystem, are fraud detection start-ups.
BIOMETRICS AND TOKENISATION
There are various types of RegTech which have been developed to reduce the risks of fraud. Biometrics and tokenisation are popular, often used in the context of mobile phone payments. Biometric verification methods are principally fingerprint and iris recognition. Tokenisation is where a unique “token” is generated for each transaction, keeping all sensitive data, such as the cardholder's name and card number, stored remotely. So, even if a fraudster obtained the “token”, they couldn’t use it to identify any personal information.
FASTER PAYMENTS CAN MEAN FASTER FRAUD
There is a growing trend towards real-time payments: an instant fund transfer service, whereby the funds appear in the recipient's account immediately. Real-time payments gives rise to greater risks of fraud, money laundering and terrorist financing and so, to counter these risks, technologies which act in real-time are required. Big data analytics and data clouds can help.
Data analytics collects and then analyses all of this data on a scale and at a speed which has only recently
become possible, in order to identify behavioural patterns.
In the consumer context, data analytics is able to monitor a person's usual spending habits and flag an unusual transaction, thereby identifying potentially fraudulent transactions faster and more accurately than before. In the corporate context, behaviour can be monitored and unusual or suspicious transactions which may constitute a breach of regulatory obligations can be flagged. Some providers have now produced bespoke tools aimed at identifying all correspondence and records relating to a series of payments, including SWIFT records, to better manage sanctions and money laundering compliance risks.
NEXT STEP: HARMONISATION
The International Institute of Finance's recent report “RegTech in Financial Services” noted that the effectiveness of such monitoring and reporting systems is hampered by the fact that different banks use different payment systems which are often not wholly compatible with each other. One example of this is the fact that participants are often unable to identify country information in payment messages.
Harmonisation of payment systems would allow for faster and more effective identification of transactions which could be linked to money laundering or terrorist financing.
A further area in which harmonisation of systems could be of use is in assisting with regulatory obligations to conduct “Know Your Customer” (KYC) checks in order to comply with regulatory anti-money laundering obligations. Cloud-based sharing systems could allow institutions to share KYC data in order to enable them to verify the identity of their consumers more quickly, although identifying what data is made available to whom, and ensuring it is kept secure, is likely to continue to be a major barrier to such systems for some time.
For further information, please contact:
Eng Hui Chua, Partner, RHTLaw TaylorWessing
