Insights

Regulators increase scrutiny on banking technology

Written by 10x | 30 May 2022

As technology innovation continues to create new opportunities for banks, financial regulators are ramping up their focus on the use of technology and data and what this means for banking customers. In a recent 10x Banking webinar, Chief Marketing Officer Lucy Heavens was joined by 10x’s Head of Compliance and Regulatory Affairs Victoria Martin to discuss the emerging compliance trends that banks need to monitor as regulators seek to keep pace with rapid technological change.

Here are four takeaways from the webinar:

1. Buy Now Pay Later rules to get stricter

UK regulators are set to get tougher on Buy Now Pay Later (BNPL) products, in part to increase protections for vulnerable customers. The UK Treasury has signposted four key areas they intend to sharpen. One proposal is to introduce more friction into customer journeys to ensure they are given adequate disclosures in the same way as with traditional unsecured loans, says Martin. Other proposals include strengthening affordability assessments to ensure customers can afford the debt they are taking on, stricter rules around arrears management, and the ability for customers to refer complaints to the Financial Ombudsman Service to seek redress. To meet these challenges, BNPL providers should be using technology to support advisors when dealing with vulnerable customers. A next gen core banking platform can give a holistic view of customer debt levels, while using behavioral economics can identify customers suffering potential financial hardship, Martin says.

2. Kalifa Review points to increased data scrutiny

Last year’s Kalifa Review into the UK FinTech industry highlighted two areas where regulators are likely to increase their focus - how banks are using and processing data, and the broader use of cloud technology. The Financial Conduct Authority (FCA), for example, has highlighted that it will adapt its approach around technology to assess where it can lead to good customer outcomes but also potential customer detriment, says Martin. The post-Brexit regulatory environment will create changes, with the UK government pushing ahead with plans to reform data privacy laws. The FCA has also said that it plans to become a much more data-led regulator by utilizing cloud-based tech and artificial intelligence to identify risk hot spots across the banking industry, Martin says. “I would expect to see more supervision action taken on firms that aren't performing as they should,” she added.

3. Multitenancy tech models require robust controls

Banking-as-a-Service (BaaS) providers that operate a multi-tenancy model need to ensure they have robust security controls in place to ensure data is kept safe, particularly between tenants, says Martin. “This is quite a new concept for the regulator to understand,” she said. Regulators are likely to pay close attention to where the data is hosted, particularly if tenants operate in a jurisdiction that has strict data residency or data protection rules, says Martin. Multi-tenancy providers need to ensure customer data is either logically or physically separated and that there is no risk of data leakage between tenants.

4. Choose the right tech to mitigate BaaS risks

The growth in the BaaS model is creating new revenue opportunities for traditional banks, yet some may be hesitant due to the perceived risks of loaning out their banking license. Those risks can be mitigated, however, by selecting the right core banking platform and the right tenants. “The licensed entity will be absorbing the regulatory risk for those tenants, so it’s very important that before you take a tenant on that you do strict due diligence to make sure they have robust controls in place to meet the risk appetite that you have as a firm,” says Martin. Banks then need to ensure they have effective oversight policies to monitor ongoing tenant risks, such as educating new tenants on the controls they need, as well as utilizing third-party tech to mitigate those risks, says Martin.