How to Manage the Cost Implications for Technology Compliance

How to Manage the Cost Implications for Technology Compliance

Changes made by the Office of the Comptroller of the Currency (OCC) on July 31, 2018, will enable non-depository financial technology (fintech) companies to apply for Special Purpose National Bank (SPNB) charters. These companies have two years to comply with the information security and the banking regulatory requirements which has been a challenge for traditional financial institutions. 

What is a Special Purpose National Bank (SPNB)?

According to OCC, SPNB is banks that are limited to only undertake certain activities including cash management, fiduciary activities, credit card operations, and developing the community. SPNB may include national banks that are limited to performing specific activities.

A good example of unregulated fintech market is the 2017 cryptocurrency boom since the federal government did not have regulations to control its operation. The Robo-advisors, a digital financial planning platform, is highly unregulated and it uses artificial intelligence to offer the advice. Also, the unbanked web-based services fall under the unregulated fintech market; this includes the pre-paid cards and mobile apps designed to enhance low-cost money wires.

Similarities between Traditional Financial Services and Fintech

Contrary to the New York Department of Financial Services’ beliefs, there are several similarities between fintech and traditional financial services.

Know Your Customer (KYC)

Compliance with KYC is necessary for traditional banking services to boost their protection against irregular creation of accounts. Similarly, fintech companies need to perform background checks; some allows you to link the payment processes to an existing account. Also, there is a need for the fintech company to adhere to states and international law since they operate on digital space and thus requires lots of protection.

If fintech companies apply for SPNB, it will be offering a more streamlined approach to the problem associated with KYC operations. The states’ regulations may mirror the federal KYC policies which complicate the compliance of fintech companies to the set privacy laws.

Customer Identification Program (CIP)

CIP regulatory requirements require that the banks collect the documentation related to the client’s legal entity (name, date of birth, social security number, address, and government identification number). This is the biggest information burden for the banks.

Anti-Money Laundering (AML)

The complexities brought along by the increase in third-party APIs, virtual technologies, and mobile payments make it possible for money laundering activities to occur away from traditional financial institutions. As such, both banks and fintech companies should comply with AML regulations to qualify for SPNB status. They need to produce Suspicious Activity Reports which may contain sensitive personal information.

Identity Theft Red Flags

OCC created the Red Flags Rule in 2007 which demands vigorous protection of information. Before SPNB certification, fintech are required to have regulatory measures on online account opening and other theft loopholes.

Overlaps between Regulatory Banking Requirements and Information Security

All regulations revolve around enhancing customer privacy by ensuring protection from outsiders and auditors. The process may involve anonymizing data.

The Compliance Costs, Economies of Scale, and Compliance Performance report written in April 2018 by the Federal Reserve Bank of St Louis indicated that the compliance with the Bank Secrecy Act represented 22.3% of compliance costs. In most companies, IT compliance does not appear among the top 5 in the compliance costs list. On average, the budget for cybercrime rose to $12.97 million per financial firm (2014-2017) which shows how it is a threat to a financial institution’s stability. However, most of the financial institutions include the cybersecurity into other compliance initiatives or leave it altogether.

Why Should Financial Institutions Invest in Cybersecurity?

Financial and fintech companies should protect the customers engaging in digital transactions to help them get the SPNB charter. The financial and fintech industry handles personally identifiable information and thus needs measures to ensure that the safety of the information. The digital applications should have security features that will ensure that there is no data breach which would be detrimental.

The increased use of digital wallets and connection to the Internet of Things should be a wake-up call for the implementation of water-tight security measures to monitor the data and seal all loopholes that threaten its security.

How Technology eases continuous compliance costs

Various GRC technology tools have role-based authorization ability which allows employees to access crucial information necessary for the implementation of risk mitigation strategies. This employees’ empowerment boosts the institutions’ compliance chances.

Also, the technology incorporates reporting tools that help you generate detailed reports for presentation to the Board of Directors. This will enhance efficiency and save time for your employees. Also, it enhances communication between employees and the management of security matters thus boosting the experience of your auditors.

What’s better about these technology applications is the fact that they offer a single source of all the crucial documents of the company including records, policies, reports, and control listing. Their consolidation saves you time and money as well as ensure strong audit performance.

Author Bio

Ken Lynch

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at

This is an article provided by our partners network. It might not necessarily reflect the views or opinions of our editorial team and management.
Contributed content