The compliance of banks is not necessarily superior than that of fintechs, says Yana Afanasieva, founder of the firm Competitive Compliance.
The executive explains that while the banking sector has defined and more consolidated rules for longer time, there are examples that show otherwise.
Too much documentation
For example, the banks have documents and authorization requirements that the regulation itself often does not require. Europe’s own legislation requires in many cases only a simplified due diligence, which is also done by fintechs.
“The banks think this regulation is not for them. But it is perfectly possible to do a simplified due diligence for customers who will use limited services”, says the executive.
Excess categories in banking compliance
Another example is the excess of customers categories created by banks for their customers. Institutions often divide them at low, medium and high risks, and in some cases very high risk. For Yana, it would be enough to have two categories, standard risk and high risk.
“The people of the banking world think that if the institution acts like that it would be out of the standard. But regulation only requires customers to be divided according to risk and not into various risk categories. In addition, it costs time, money and is artificial” she affirms.
Paper documents can be defrauded
The last example cited by the executive is that requiring paper-based documents, certified and/or validated, brings greater security. She recalls, however, that documents are subject to fraud.
“All these compliance requirements are adopted by banks and gives the impression that their compliance is safer than that of fintechs, but that’s not true”, she adds.
Compliance of fintechs in Brazil
In Brazil, the norm that regulates the compliance of fintechs is Bacen’s Resolution 4.658/18, which provides for cybersecurity policies and requirements for financial institutions to be allowed to operate. This standard was approved by the National Monetary Council (CMN) and aims to improve the protection of financial operations.
Therefore, the institutions in the industry – such as fintechs – must structure their security policies according to the provisions of the regulation. Some of the requirements are specific controls of records, analysis cause and impact of incidents, traceability of data and protection of sensitive information.
Transfero Swiss is a fintech based in Zug, Switzerland, which offers its clients different strategies for professional management of digital assets. All of the company’s activities comply with the Brazilian and Swiss laws. Learn more.