Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
Fintech (2nd edition)
Not particularly. To the contrary, the central position of Brussels and the Brexit context tend to attract fintechs in the country. Since 2018, we also see more and more international (non-European) groups coming to Belgium (outside the Brexit context) willing to use this jurisdiction as a base camp from which they can easily passport their activities throughout the entire European market.
Banking in the fintech market has been a global issue as financial institutions around the world have been hesitant to provide financial services for this sector. As mentioned in Question 1, under the Banks and Deposit Companies Amendment Act 2018 financial institutions are able to apply to the Bermuda Monetary Authority for a restricted license enabling them to provide banking services to Bermuda-based fintech companies. As of the date of writing, no such license has been granted. However, Bermuda has made strides in forging connections with banks that are based in other jurisdictions which are willing to provide banking services to Bermuda-based fintech businesses.
No, on the contrary, in recent years, several new rules and guidelines have been introduced by the Brazilian Central Bank to foster the innovation and creation of new players within payment, peer-to-peer lending, personal finance management and among others financial technology segments.
Despite the collaborative approach towards the innovation in the financial sector, it’s worth mentioning that the new fintechs still face the consequence from a concentrated marked. As an example, given the regulatory requirements, fintechs struggle from the financial and operational costs, which in many cases prompts fintechs to partner with financial institutions.
Currently, regulatory uncertainty is what represents the greatest risk for the growth of the Fintech industry in Chile. The White Paper is a good step forward in developing a regulatory framework that considers the importance of innovation. This would be achieved with the application of the principles such as: proportionality and neutrality both defined in response to question 6 above; flexibility, which is the possibility that different business models coexist and that these can change over time without the need to continually adapt the regulation or that doing so is rather simple; and modularity, meaning to recognize the possibility of disaggregation of the value chain.
While the risks are not considered imminent or detrimental, the lack of harmonization among federal and state laws and the uncertainty over the applicability of laws to new and emerging technologies and business models remain key areas of concern. In the first instance, the application of the Commodity Exchange Act and related CFTC regulations is often a circumstance of first impression, carrying with it potential overlapping jurisdictions among multiple state and federal agencies, as well as, the potential for international regulators to assert jurisdiction depending upon the nature of the innovator’s business and customer base. These overlapping jurisdictional boundaries may result in significantly increased compliance burdens and costs that present fintech start-ups with an important barrier to entry.
The most obvious risk is Brexit. This is for three main reasons.
The first and most frequently cited is the potential loss of the passporting regime, under which firms that are authorised to carry out a regulated activity in one Member State of the EU are permitted to carry out that activity in other Member States on the basis of a registration in that Member State, rather than having to go through a full authorisation process, and without having to have an establishment in that jurisdiction. However, this will of course affect only those fintechs that operate in multiple jurisdictions, and which are carrying out regulated activities - so its effect may be limited in practice.
The second and more real risk is around immigration and access to talent. Fintech businesses need a wide range of skills that are sometimes quoted as not being available from within the UK in large enough numbers to support the UK’s thriving fintech ecosystem, particularly around experienced software engineers. As such, the immigration controls on talent of this type are likely to be key to the success of the UK fintech ecosystem as we leave the EU, and many are watching this particular issue with keen interest.
The third is the potential for regulatory divergence. In many respects, divergence from the rest of European law could of course be a disadvantage, but as with passporting this is likely to affect mainly those aspects of financial services that inherently operate on a cross-border basis, such as international payments. However, for non-international fintechs, there is every possibility that the divergence could be beneficial, allowing UK legislators to create laws that track innovations in financial services more quickly than has been possible at a European level, and perhaps providing templates for other legislators in the process.
However, as set out in answer to question 10 below, they are a great many reasons why the fintech ecosystem should continue to thrive in the UK, and none of the above is likely in our view to damage this materially in practice.
Motivated by legal grey-area business models and believing that government oversight may ease difficulty of doing business, fintech entrepreneurs are pushing for more regulation. If successful, fintech companies may have set up a regulatory landscape that hinders innovation since licensing comes along with burdensome compliance requirements that startups find difficult and costly to implement. Also, financial and innovation policies in fintech and payments industry modernization have yet to be issued as secondary regulation in the form of government decrees which shows a degree of improvisation in some of these initiatives and may be subject to repeal from future administrations or regulatory stagnation if policies change.
As previously stated, there is a clear mandate to encourage the growth of the fintech market in both the public and private sectors of the UAE.
From a general standpoint, strict legislation or none at all results in the risk of hindering the healthy growth of any industry. Legacy laws are often ill-suited for technology-driven business models. We have noted that regulators in the UAE are keeping a watchful eye on fintech activities in their respective jurisdictions. It is customary for regulations to lag behind developments in emerging technologies as regulators need to first assess the legal implications and consequences of such technology. These may be far-reaching, as illustrated by the emergence of AirBnb and Uber in their respective industries. It is expected that over the next couple of years, additional regulations will be issued by regulators to provide structure and clear policies in relation to the fintech market.
Another factor presenting important challenges to the growth of the fintech market are cyberattacks and security breaches. Federal Law No. 5 of 2012 on Combatting Cybercrimes criminalizes these activities and applies to both UAE Onshore and the Financial Free Zones. Cyberattacks constitute the biggest threat due to their increasing frequency, unpredictability, potential for systemic impact and existing gaps in risk management. Increased interconnectivity driven by financial technological developments and successful cyberattacks erode confidence in fintech and slow down the growth of the fintech market. The UAE has been a target of several cyberattacks including ATM skimmer malware. Pursuant to a Symantic cybersecurity threat intelligence report (2018), the UAE was the second most targeted country for ransomware attacks in the MENA region.
There are several other imminent risks to the growth of the fintech market in the UAE. These include ownership restrictions, gaps in talent and private capital:
Although the current eligibility requirements under the 2017 Payment Regulations restricts ownership of PSPs, it is still possible for fintech entrepreneurs to enter joint ventures as minority shareholders with more established partners or establish themselves as Technical Service Providers. However, the provision of fintech services on UAE Onshore may be considered limited by regulations pertaining to the offshoring of data. It is arguable that the current legislative structure offers a compromise between encouraging innovation and ensuring the retention of control by UAE financial institutions.
The SCA’s adoption of fintech regulatory sandbox guidelines pursuant to the Board of Directors’ resolution no. 28/R.M of 2018 set out a platform upon which fintech companies can test and launch modern technological initiatives in the securities sector. This structure includes the obtaining of an experimental license from the Ministry of Economy for a period between six to twelve months, under terms and conditions to be determined by the government commission upon evaluation of their business model and other factors.
Financial Free Zones
The Financial Free Zones have taken an early-on approach to invite emerging companies, existing companies and individual projects to be able to apply for their own set of experimental licenses under their accelerator programs, Fintech Hive and RegLab (please refer to our answer under question 6 for more details).
The development of the fintech market in Taiwan made progress rapidly in 2019, although the actual consumer application and implementation are not as popular as those in the other economies in Asia. The major obstacle to the development of the fintech market in Taiwan is still the strict regulations on the financial industry. Another practical obstacle would be the user habit. Consumers in Taiwan have been used to make payment by credit cards and collect the items that they ordered on-line at “convenience stores”.
Generally, we do not foresee any risks to the growth of the fintech market in Denmark and the fintech market has been growing year-over-year. Further, we see an increasing trend towards collaborations where financial institutions are seeking out partnerships with start-ups proving a more agile approach to new fintech solutions.
The fintech environment is strong and able to attract investments and capital. This is underpinned by Copenhagen FinTech Lab’s continuous ability to attract partners and sponsors both domestically and internationally, including international banks, IT-giants and payment service providers such as Nordea, SAP, Visa and Mastercard.
In 2017, Switzerland was the second-biggest ICO location (after the US). Recent statistics show that the number of new ICOs in Switzerland has reduced significantly. This may be due to the fact that most ICOs are done offshore, today, that Switzerland was one of the first jurisdictions to have introduced a regulatory framework for ICOS but possibly also to the fact that there were high-profile disputes, such as in the Tezos or the Envion cased. On the other hand, the crypto-infrastructure was expanded significantly with a number of crypto-brokers and crypto-exchanges. There continues to be a high number of fintech start-ups and inhouse fintech projects due to the strong Swiss financial market and the continuing political support for such projects.
Swiss banks participate in the R3 initiative building the Corda platform, the corresponding initiative in the insurance industry, the B3i, which aims to explore the potential of using distributed ledger technology in the insurance industry, is based in Zurich, Switzerland. The Swiss National Bank (SNB) and the Bank for International Settlements (BIS) have signed an Operational Agreement on the BIS Innovation Hub Centre in Switzerland in October 2019.
Hence, the Swiss fintech market is bound to continue to grow, in spite of the fact that the ICO hype of 2017 may be history.
The main risk to the growth of the fintech market in Spain is somehow connected to the current political situation which in turn deviated into a legislative paralysis during the past years.
For instance, one of the reasons for not having an operational Regulatory Sandbox in Spain is precisely due to fact that Congress is not passing laws. The problem does not seem to be a lack of political appetite for this kind of regulatory tools but rather the mere incapacity to do so. Therefore, the Draft Law for the Digital Transformation of the Financial System still waits for its ride to Congress since February 2019 when it was endorsed by the Council of Ministers.
This situation might push some Spanish Fintech players to search for other countries where they could test their business models and establish their businesses.
On the other hand, although some of the measures recently taken by the Spanish authorities are worthy of applause, like the publication of Q&A on some of the more complex Fintech issues and the very much needed new guidelines proposed on authorisation procedures, bold and meaningful action is needed to place Spain in the pole position together with other countries.
The German regulatory environment entails rather detailed and strict requirements. Consumer protection is an important issue. While certain fintech business models suffer from the persistent low interest rate environment, other areas, such as crowdfunding, have been subject to frequent changes in the regulatory framework (with more changes anticipated to arrive with the proposed European Crowdfunding Service Providers (ECSP) regulation). DLT applications are in Germany still confronted with a relatively high level of legal uncertainty, also regarding data protection aspects. Nevertheless, the fintech market is growing very dynamically.
The Korean government has been promoting strong industry-enhancement policy, due to its concern that the development level of the Fintech industry in Korea is behind that of other countries. Therefore, there is a small risk that the regulation or government actions may hamper the development of Fintech market.
However, despite the efforts by the government, as there still are areas where legislative support and improvement are still lacking, there is concern that stringent legal restrictions may be applied if damage to customers occurs in such areas. For instance, if a large scale leakage of personal information occurs in the Fintech industry, such accident may trigger the strengthening of restrictions and hamper the development of the Fintech market. Therefore, for a company intending to enter the Fintech market in Korea, it would be necessary to take caution not only to rely on the Korean government’s strong policy to promote the Fintech industry but also to structure its business to comply with the existing legal regulations.
Currently there are no foreseeable risks to the growth of fintech as innovations have been largely well accepted by both consumers and existing financial institutions. The implementation of PSD II into Icelandic law is only likely to enhance the already favourable conditions.
The most evident risk we foresee as to the growth of the fintech ecosystem in Portugal pertains to the regulatory and supervisory authorities’ treatment and understanding of the different subjects. The actual interpretation of some of the provisions included in the PSD2 and the transposed PSELF (notably in what concerns the exemptions provided thereunder) may prove controversial and hinder some business models which would otherwise assume that the PSD2 transposed framework would not apply to it.
More troublesome seems to be the matters related to cryptocurrencies and blockchain technology initiatives, due to the apparent inertia of both the Bank of Portugal and the CMVM (as well as the legislator’s) will to regulate and give context to such potential disruptive technologies.
(a) There are two key regulatory focus areas for Fintech in India today: (i) the new laws governing data privacy and protection expected to be effective by the end of this year and (ii) KYC compliance requirements and customer on-boarding costs.
(b) KYC: A key regulatory development that has had a significant impact on the FinTech ecosystem in India is the Indian Supreme Court’s judgment in Justice (Retd.) K. Puttaswamy & Ors. v. Union of India (Aadhaar Judgment) and consequent legislative changes. The Supreme Court’s decision in the Aadhaar Judgment restricted private bodies from undertaking Aadhaar e-KYC authentication (e-KYC) to verify the identity of their customers. Aadhaar-based e-KYC authentication facilities offered by the Unique Identification Authority of India (UIDAI) provided a convenient and easily accessible tool for FinTech players to verify the identity of new customers. However, owing to reports of privacy breaches by some entities, the Supreme Court of India in the Aadhaar judgement had prohibited private entities from utilising the e-KYC authentication facilities relying on a private contract with the customer and had permitted only banks and other entities (as may be authorised under applicable laws) to undertake e-KYC authentication. Post the Aadhaar judgement, the recently revised KYC guidelines prescribe that banks and such other entities as may be notified by the Government of India, after considering such entities’ ability to ensure compliance with reasonable adequate data protection standards, may utilise the Aadhaar based e-KYC authentication facility offered by the UIDAI for undertaking KYC verification of their customers. The e-KYC authentication facility offered by the UIDAI is a relatively easier method of completing KYC by regulated entities, but, involves access by such entities to sensitive personal data of their customers.. The Indian government is also contemplating permitting NBFCs to undertake e-KYC authentication to complete identity verification of their customers, thereby, reiterating the principal that ability to ensure compliance with adequate data protection standards is the key criteria for the growth of FinTech players in India. Recent changes introduced in the KYC guidelines applicable to entities regulated by the RBI, suggest that entities which can demonstrate a commitment and ability to adopt control measures to ensure data protection and privacy, including compliance with the PDP Bill, would be permitted to undertake additional modes of KYC verification of their customers.
We do not see any imminent risks to the growth of the FinTech market in Peru.
However, we believe it is important to take into account for the drafting of the upcoming laws requirements and conditions that are neither obstructive nor limiting to adequately safeguard the risks involved in the FinTech market and not to limit the free development of innovation and fair competition in financial services. Accordingly, it is expected that the authorities in Peru will work together to approve laws and regulations consistent with the Guiding Principles for FinTech Regulation approved by the Council of Ministers of Economy and Finance of the Pacific Alliance (Alianza del Pacífico), as well as with the policies and guidelines that have been proposed in the National Plan for Competitiveness and Productivity and the PNIF.
We foresee three main imminent risks or impediments to the growth of fintech market in Israel:
- AML/ Interconnection with the banking and financial system.
The AML regulation in Israel is a major obstacle in the adoption of new technologies and in the entrance of new fintech based players. Although the AML/ CFT principles implemented in Israel are similar to those employed in many other OECS countries and are based on the FATF recommendations, there is no pre-ruling mechanism or other measure which allow banks and other financial institutions to mitigate their AML risks. This situation has led to a state, in which many fintech find it hard or even impossible to interconnect and interface with the banking system (e.g. open a bank account). The fact that the AML order applicable to non-banking payment services providers are still draft and were not approved makes things even more complicated - the problem continues during on-going operation, since banks cannot rely on the internal compliance procedures of the fintech service providers.
Banking corporations in Israel, although having an obligation not to prevent services from clients, act with extra caution with regard to companies involved in the holding or transfer of funds or financial assets due to their risk based policies.
In view of the aforesaid, the Bank of Israel recently announced that every fintech Company experiencing difficulties with opening a bank account may report and seek assistance from the Bank of Israel. It is yet to learn wheter this action will solve the problem
- Regulatory changes and uncertainty
The State of Israel has undergone many regulatory changes in the past few years with regard to fintech and financial services. Those changes include, among other things, new license requirements to certain providers or financial services, several reforms in the banking world (starting from the Bechar reform more than a decade ago and ending with the Shtrum reform several months ago) and the regulation of financial services (e.g. the Payment Services Law). Although many of these changes should be helpful and should contribute to the developments of fintech, in the long run, their immediate effect may be the opposite. There is a lack of guidelines as to the implementation of these laws; there is some ambiguity as to their interpretation; and there is a material setback in the response time of the regulators, including a very troubling delay in the license process of new players.
- Small internal market size:
The fact that Israel’s economy is relatively small and concise makes it hard to commercially base fintech activity on the Israeli market. Moreover, the fact that Israel employs a different language and even alphabet (Hebrew) and is based on RTL user interface means that IT systems have to be uniquely adjusted for use in Israel. Similarly, the fact that Israel has its own regulatory system, which is significantly based on EU and US regulation but nonetheless sometimes differs therefrom, means that IT fintech systems have to be localized not only in their interface and language but also in their content and flow.
Since the market in Israel is not large, it is often unprofitable to start a fintech project in Israel.
Due to these problems, despite the fact that Israel is often described as the “Start-up Nation” and has indeed unproportionally large number of fintech endeavours, many of these projects are not implemented in Israel but are rather directed to EU or US area.
Notwithstanding the aforesaid, it should be noted that some perceive the small market size as a advantage and not as a risk, and believe that the concise market structure assists in the testing of new services and technology.
Although the Dutch competition authority, the Netherlands Authority for Consumers and Markets (ACM), expressed concerns about the exclusion of fintech companies from the financial markets, especially in the payment industry in 2017 (www.acm.nl/en/publications/acm-study-Fintechs-payment-system-risk-foreclosure), the Fintech landscape has matured in the Netherlands since then. We expect no imminent risks to the growth of the fintech market in the Netherlands. Rather, we expect PSD2 to transform the payments sector across Europe, including in the Netherlands.
However, as described under paragraph 4 as well, Dutch banks enjoy a very strong position in the Netherlands. Although customers are not necessarily perfectly satisfied with the manner in which their banks provide their services, they are very loyal. Developments such as access to the account may make the provision of services faster, more consumer friendly and less costly. However, Dutch account holders place a high level of trust in their respective banks and do not as yet have the same level of confidence in the fintech companies that are offering new PSD2 services.
Also the regulatory framework will remain a challenge for many fintech companies. The Dutch regulators have the reputation of being good solid regulators, but for that reason not the most flexible or quickest regulators in the European Union. This could result in foreign fintech companies to choose another home Member State than the Netherlands. The Dutch minister of finance recently announced that quantitative and qualitative research on the Dutch fintech sector will be conducted by a third party, which will serve as the basis for more concrete measures to facilitate and promote fintech in the Netherlands (www.rijksoverheid.nl/documenten/kamerstukken/2019/04/09/kamerbrief-innovatie-in-de-financiele-sector).
Japan was the first country to establish a regulatory framework for virtual currencies, and the Japanese government has signalled its intention to support and encourage the continued growth of the virtual currency market. However, recent events have prompted the enhancement of virtual currency regulations in Japan.
In January 2018, Coincheck, Inc., one of the largest virtual currency exchanges in Japan, announced its loss of approximately US$530 million worth of virtual currencies as a result of a hacking attack on its network. Additionally, it was observed that virtual currencies are increasingly being used for speculative rather than settlement purposes.
In light of these developments, the JFSA in March 2018 established a “Study Group on Virtual Currency Exchange Business, etc.” (“Study Group”) to assess the adequacy of regulatory measures in addressing issues relating to Virtual Currency Exchange Services. This was followed by the publication of the Study Group’s report (“Report”) on December 21, 2018. Besides summarising the results of the Study Group’s deliberations, the Report also proposes a new legal framework to govern virtual currencies. This led to the introduction of a bill for the revision of certain legislation governing virtual currencies (“Bill”). Tabled before the Diet on March 15, 2019, the Bill contains proposed revisions to the PSA (“PSA Revisions”), based mainly on the proposals contained in the Report. At the same time, the Bill proposes revisions to the Financial Instruments and Exchange Acts (“FIEA Revisions”), primarily for the purposes of strengthening the regulatory framework surrounding virtual currencies.
The following is a summary of the key revisions proposed under the Bill.
(i) PSA Revisions
- Revision of the term “Virtual Currency” to “Crypto Asset”.
- Enhancement of regulation of crypto asset custody services (“Crypto Asset Custody Services”).
- Tightening of regulations governing Virtual Currency Exchange Services.
(ii) FIEA Revisions
- Establishment of “Electronically Recorded Transferable Rights” (“ERTRs”) and regulations applicable thereto.
- Introduction of regulations governing crypto asset derivative transactions.
- Introduction of regulations governing unfair acts in crypto asset or crypto asset derivative transactions.
The Bill was passed by both chambers of the Diet on May 31, 2019, and is set to come into force within a year of its introduction. The Bill will significantly reshape the regulatory landscape surrounding virtual currencies in Japan.
No, rather we see a growth in the fintech market and increased interest in fintech and credible fintech projects in Jersey. To date, Jersey has not needed to introduce blockchain-specific legislation because the prevalent fintech matters have not necessitated it. This means that Jersey has retained a degree of flexibility, which in turn will allow Jersey to adopt a pragmatic approach as the industry develops.
Other than the usual risks for 'new' markets and fields of technology, we envisage no imminent risk to the growth in the fintech market aside from those inherent to any new start up.
Liechtenstein actively welcomes and supports the innovation that fintech brings about and has established itself as a leading jurisdiction for the industry. Further, Liechtenstein has attempted to mitigate part of the risks connected with fintech by creating a unique legal/regulatory framework with the enactment of the 'Law about Token and Trustworthy Technology Service Providers', also known as the Liechtenstein Blockchain Act. The Liechtenstein Blockchain Act will enter into force on 1 January 2020.
However, due to the speed at which the market is innovating, developing and evolving, it is difficult to make a clear forecast for future growth and the associated risks.
Yes. Imminent risk factors that have not yet been addressed by the Fintech Law and secondary provisions thereunder (the likelihood of the use of FTIs in money laundering, for instance, has already been addressed) and which may hinder the development of FTIs have to do, chiefly, with (i) significant entry barriers, (ii) the rapid evolution of technology vis-à-vis law, (iii) the shortcomings of a far from all-comprehensive and specific legislation; (iv) the potential abuse of customers by FTIs, etc.
For the time being, we do not foresee any imminent risks that would affect the growth of the fintech market in Luxembourg. Local actors are rather optimistic and even consider that Brexit could attract FinTechs currently regulated in the UK that want to maintain their EU passport to provide services on a cross-border basis throughout the EU.
The fintech market in Malta is growing at an accelerated and unprecedented rate, mostly because Malta has positioned itself as a Blockchain-friendly island. Cybersecurity is one of the risks which if not tackled can drive investors to revert back to traditional financial services, thereby reducing the growth prospects of the fintech market. Access to finance might also be a deterrent. Some fintech businesses may not fall within the risk appetite of certain banks in Malta, making it difficult for them to gain access to loan financing. This is a consequence of the fact that the banking sector might not be adapting well to the fast-based growth of fintech, creating funding problems. When it comes to employment, better retention mechanisms need to be enforced to avoid the brain drain of valid employees moving from the regulator to industry.
We do believe that there are no imminent risks to the local fintech market at present. However, based on the recent study done, it was revealed that fintech find talent shortages an acute issue, with over half saying that there was a lack of startup or fintech talent in the markets they operate in. Based on the survey, all the Malaysian fintech firms say that they have trouble hiring talent to meet the needs and growth of the industry. The sophisticated new technology requires people with the expertise to use it properly, something frequently seen as lacking in the Malaysian financial services sector. The top three areas of talent shortage for Malaysian fintech are in technology, software, sales and compliance.
A recent study by Frost & Sullivan indicated that the potential economic loss in Malaysia due to cyber-security incidents can reach up to 4% of Malaysia’s Gross Domestic Product (“GDP”). This situation is made worse by the fact that due to shortage of cyber-security professionals in Malaysia, banks may soon find that it will become increasingly difficult and expensive to fully manage cybersecurity in-house. Hence, through the facilitation of Malaysia Digital Economy Corporation Sdn Bhd (“MDEC”) PRIDE programme, MDEC will increase the industry-readiness of our graduates with ‘ELITE’, the Educational Outreach initiative from cyber security industry provider, TecForte which will feature a live learning Security Information Event Management (“SIEM”) platform. The students will be introduced to hands-on cybersecurity operations and exposed to real-time event analytics, global threat intelligence, and incidents handling framework within the campus environment.
There are a number of potential risks to the growth of the FinTech market in Singapore, including Cybersecurity risks and anti-money laundering and countering the financing of terrorism (“AML / CFT”) risks. FinTech startups in Singapore also tend to be risk averse due to banking regulations, which would slow the growth of such startups.
There is also a risk of fragmentation in the FinTech market, as the barriers to entry for the FinTech market are low. This could ostensibly prevent FinTech businesses from capturing a market share that would allow them to operate profitably, which could hamper the growth of the FinTech market in Singapore.
With the growth of the fintech market, risks are constantly emerging, such as the possibility that fintech platforms may be used for fraud, money laundering or terrorist financing. There are also issues surrounding cybersecurity, data privacy and credit risk. Fintech businesses face not only these inherent risks but also risks of consequent tightening regulation, as illustrated for example by the below:
- Fraud risk in the credit market has caused Chinese authorities to impose stricter regulations and establish a national credit reporting system.
- Recent fraud-related scandals of peer-to-peer online lending platforms (P2P Platforms) have served as a reminder of the risks of using fintech when appropriate regulation and compliance processes are not in place.
- Fintech is also facing cybersecurity challenges, with the rise of cyber financial crimes in which hackers backed by criminal organizations establish offshore servers to hack into systems to steal money or to destroy the reliability and credibility of such systems. Although it has added another layer of complexity, it is important for fintech firms to take a preventive approach towards cybersecurity. For example, new generation ATMs have a much higher level of connectivity with mobile integration and face recognition, which makes them more vulnerable to software-based attacks and theft of customer card data.
As such, the growing cybersecurity framework (intended to combat such issues) can be viewed as a potential curb on the growth of fintech businesses, via compliance requirements, or as an aid in their safe, stable and ultimately greater growth. For example, on 1 June 2017, the PRC Cybersecurity Law came into effect and became the first national-level law to address cybersecurity and data privacy protection. However, there remains considerable uncertainty as to how the PRC Cybersecurity Law will be applied and what practical steps need to be taken to achieve compliance while the regulatory environment continues to evolve rapidly.