.

RegTech adoption and implementation amidst regulatory gaps. Should we care?

By Fitswemila Philip, Chief Superintendent, Economic and Financial Crimes Commission

Virtual products like cryptocurrencies and Fintechs have continued to revolutionize the digital economy. With the constantly changing terrain of the digital ecosystem triggered by emerging technologies and the demands for compliance to KYC and AML requirements, financial institutions are expected to keep up to date with these changes yet, this aspect poses peculiar challenges of operational risks. For the FinTechs, due to the nature of the products they offer, it becomes even more challenging. Their attempt to deploy Regulatory Technologies (RegTech) to comply with the requirements comes with its own challenge. Regulatory lapses regarding the digital identity standards seems to leave the responsibilities to various developers adopting their own level of compliance and safety measure applications with varied practices and security risks.

Fintechs offer one major benefit of bridging the gap between the banked and the unbanked thereby driving inclusion by offering user-friendly interfaces. (Forbes, 2023) But typical of emerging techs, the integrity of design usually by 3rd party companies, data volume, fluid jurisdiction, Insider threats or cyber attacks vulnerabilities can lead to weak encryption, unauthorized access and data exposure especially in this age of ransomware attack.  And for businesses, affordability of the techs with capacity to conform to various standards across board and across multiple jurisdictions remains one of the complexities difficult to deal with.

Regtech relies on advanced technology of Machine Learning and Artificial Intelligence to deal with the volume and sensitivity of data from complex web of Internet of Things. With AI, the complexities even get harder because of Its underlying concerns with data privacy. The increasing sophistication of cyber attackers has continually raised concerns as to the safety and reliability of RegTechs in the face of scams. If the failure is not due to system glitch, it will be insider connivance or weak infrastructure. Where the infrastructure is not attacked, employees can be tricked into taking decisions that can breach compliance guidelines as the case of the UK Engineering firm, Arup. (Guardian, 2024)

Compliance or lack of it in KYC/AML requirements remains a recurring issue that has plagued Fintechs whose products are more risk prone than traditional banking as their customers may opt for anonymity of their identity, ownership, source and the purpose of transactions.

KYC verification process, especially onboarding new customers far apart, and monitoring transactions makes it impossible without relying on emerging technologies to carry out these functions hence the adoption of RegTech to perform some functions in compliance with legal and regulatory demands. RegTechs also, “deal with risk assessment and management, identity management and control, transaction monitoring, data structuring and fraud prevention like anti money-laundering” (Johansson ‘et ‘al, 2019). KYCB in Transaction monitoring after onboarding is equally important because it is at this phase that money laundering activities are detected, established and evidence collected.

In Nigeria, not only Fintecs but the entire financial sector players have suffered attacks resulting in huge financial losses. Traditional banks, agent bankers, payment processors and Fintechs; MTN Nigeria, Flutterwave, Patricia have all had a fair share of breaches with losses due to fraud. (WT, 2023, CCD, 2022)

The quick profit drive encouraged the adoption of relaxed transaction rules that negated non adherence to customer verification standards gave rise to the incessant fraud incidents in Nigeria’s financial system. (WT, 2023) except said,

Phishing attacks have become prevalent, with scammers impersonating verified social media handles of local banks to collect customer information and carry out unauthorized fund transfers. These scams, combined with inadequate verification and identity management processes, have made both banks and digital challengers vulnerable to malicious actors”.

Incidences of Fintechs  relying on Regtech for verification of customers has revealed some level of porosity and disaster. Investigations have revealed that the use of Biometric data is either not sufficient or simply loose. For instance, incidents abound where a customer’s picture, Bank Verification Number (BVN) are taken by scammers, and used to enroll a new account with another person’s phone number. The platforms have also accepted photoshopped blurry pictures of minors as against live facial verification of fake customers. The implication is that the technology used has obviously failed to detect the variance between genuine and fake data. The scammer’s only link to the account is the proceeds.

Cases with such complexity where the victim, address on account and actual IP address of operator shows different locations are common. Yet, the Fintech’s RegTech claimed to have ‘verified’ all information supplied to be correct. Money Mullers and professional money launderers referred to as ‘Pickers’ or ‘Aza Men’ who are mostly cyber criminals have discovered these loopholes, seized the opportunity to perpetrate fraudulent schemes of laundering proceeds of their criminal activities in syndicates.

The above case is evidence that one of the basic and efficient components of RegTech which is to enhance due diligence and monitor transactions to safeguard its integrity and possibly detect money laundering has failed. However, Regtechs failure is only one side of the coin as there are success stories but the stories are not the same across the board. JP Morgan has a different story which stresses the importance of this technology to banking. According to Fincrime Blog, 2024, JP Morgan’s AI powered KYC slashed manual work by almost 90% with accuracy.

For Nigeria, the complex nature of the regulatory landscape did not help the situation. The Nigeria Data Protection Act, 2023 recently enacted is not enough. Making regulations to incorporate numerous regulatory bodies with the statutory function towards achieving a goal is not readily visible due to Knowledge gap on the functions of the digital ecosystem and conscious effort must be made in this regard to close the gap.

While everyone acknowledges the need for regulations and look forward to effective compliance with a view to protect the integrity of the market and consumers alike. The reality of the dynamics of fintechs, evidence of risks, need for automation while ensuring seamless compliance cannot be wished.

In conclusion, availability of regulations does not translate to efficiency until applied hence compliance is key, but not having regulations that set standards across board can altogether be disastrous. Smart criminals will explore the loopholes to distort the digital ecosystem. Until this is done, we might be left to be tossed by the wind of emerging technologies whose direction may not be determined or controlled by us.

References

Fincrime, 2024. JP Morgan’s AI powered KYC Operations boost productivity by up to 90%. Available at https://fincrime.news.blog/2024/05/25/jpmorgans-ai-powered-kyc-operations-boost-productivity-by-up-to-90/

Forbes, 2023. How Fintech is transforming the finance world. Available at https://www.forbes.com/sites/forbesbusinesscouncil/2023/10/10/how-fintech-is-transforming-the-finance-world/?sh=6457a39a50b7

Johannson ‘et ‘al, 2019. RegTech, a necessary tool to keep up with compliance and regulatory changes? ARCN Journal of Finance and Risk Perspectives. 8 (2023)

The Guardian, 2024. UK engineering firm Arup fell victim to ₤20m deepfake scam. Available at https://www.theguardian.com/technology/article/2024/may/17/uk-engineering-arup-deepfake-scam-hong-kong-ai-video

WeeTracker, 2023. Nigeria’s FintechScene is wrestling with a worsening fraud problem. Available Online at https://weetracker.com/2023/11/03/fintech-banking-fraud-nigeria/

Hot Topics

Related Articles