FinTech Security and Regulation Suggestions

May 30, 2022

I'd like to offer suggestions for how authorities should handle the application of Virtual Banking in Singapore's financial industry. Given the highly regulated nature of banking, the relationship between Virtual Banking innovation and regulation is often tense. There is a universal understanding that regulatory organizations are necessary to mitigate the risks and unanticipated consequences associated with new business models and financial products. My advice to regulators is to keep pace with the rapid changes in the fintech industry.

2022 05 30

Virtual banks have posed new questions for the supervisory organizations that regulate how market players operate. This has led authorities to carefully assess the risks associated with emerging technologies in the financial services industry. While cloud technologies offer unprecedented potential, they also present new risks.

Four major motivations for regulation should be considered: uncertainty, resource conflict, disruption and unforeseen events, and public benefit. The adoption of cloud technologies will fundamentally change how the financial system operates, necessitating safeguards to prevent system collapse due to unforeseen events.

More specifically, precautions should be taken to protect virtual banking consumers from the drawbacks of a completely market-driven system. Monitoring within the fintech sector offers numerous benefits, but implementing effective regulation presents significant challenges.

Many market players may view regulation skeptically, believing it could hinder their prospects or operations. Therefore, implementing insightful regulation for the fintech industry won't be straightforward. Regulatory authorities could consider three approaches to fintech innovation:

  1. Rule-Based System: The regulatory authority sets strict rules and processes that market participants must adhere to.

  2. Principles-Based System: The regulatory body provides principles to guide market players, allowing them some freedom in achieving their regulatory responsibilities.

  3. Performance-Based System: The regulatory body sets specific benchmarks for market participants to meet or exceed.

These approaches could help Singapore's fintech industry flourish. Careful regulation cultivates an ideal environment for innovation, building trust and fostering the widespread acceptance of new consumer goods and services. The Monetary Authority of Singapore (MAS) aims to make Singapore an "experimental center" for fintech innovation, in line with its long-term goal to attract fintech innovators to the Asia-Pacific region.

In an ideal world, one wouldn't have to choose between innovation and regulation. Virtual banks can leverage innovative technologies to streamline regulatory compliance. The burgeoning regulatory technology (reg-tech) industry offers software solutions that help regulators perform their duties more efficiently.

With shifts in the regulatory landscape, both existing and future virtual banks need to prepare for changes in daily regulatory operations. Establishing an open, respectful working relationship between policymakers and stakeholders in the fintech field will be critical for the effective adoption of virtual banking.

In July 2016, the MAS amended its Guidelines on Outsourcing for Financial Institutions (FIs) to acknowledge that FIs could benefit from cloud services. These guidelines require FIs to conduct due diligence and employ robust governance and risk management processes when using cloud services.

Cloud security environments should be regularly reviewed, and services should comply with various industry certifications. For example, ISO 27001 outlines best practices for security management, while ISO 27017 and ISO 27018 provide cloud-specific security recommendations. Additionally, MTCS Level 3 and PCI DSS Level 1 offer further security standards specific to Singapore and payment card industries, respectively.

By combining governance-focused, audit-friendly features with certifications and audit standards, regulators can ensure a secure control environment for cloud providers.

The MAS Guidelines provide recommendations for risk management techniques, including due diligence and risk assessment for cloud services. Financial institutions are expected to follow these guidelines and report their compliance to MAS annually or upon request.

The MAS Technology Risk Management (TRM) Guidelines and the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide provide additional guidance on risk management, governance, and controls for cloud outsourcing.

In conclusion, each virtual bank's path to cloud adoption is unique. Virtual banks need to understand their current state, desired state, and the steps required to transition from one to the other for successful cloud implementation. This understanding will assist virtual banks in setting goals and developing workstreams for successful cloud migration.

Profile picture

Victor Leung, who blog about business, technology and personal development. Happy to connect on LinkedIn