How Regtech Needs To Change for Paytech, With Monite, SimplyPayMe and HelpSystems

Like brakes to a bicycle, fintech must exist within the realms of regulation if it is to ditch its ‘wild west’ persona. Indeed, the adoption of various elements of the industry, like cryptocurrency, has ultimately suffered due to the lack of regulation that surrounds and supports them. Throughout the entire month of May, The Fintech Times will be dedicating its focus to highlighting the most current developments in this ever-perplexing and constantly-changing foundation of regtech.

Having taken this week to explore the areas where regtech is falling short, including where it’s not meeting the mark, and how it could be improved for wealth management, today The Fintech Times discusses how regtech needs to change for paytech with three industry experts active in the field.

Ivan Maryasin, CEO and co-founder of Monite, explores how the next generation of infrastructure as code will facilitate the most forward-thinking form of paytech in the industry today; embedded finance:

Ivan Maryasin, CEO and co-founder of MoniteIvan Maryasin, CEO and co-founder of Monite
Ivan Maryasin

“Embedded finance does not get built in a vacuum. There are complex international regulations that need to be observed. Especially in the context of global digital platforms (offering accountancy stack apps). Infrastructure as Code (IaC) creates a regtech highway to compliance for embedded finance users.

“IaC is currently conceived as a fast, low-cost, low-resource way to deploy tech. This is low-level IaC. But there also is a new, high-level approach to IaC that codes for compliance as well. Given that most fintechs will need to meet regulatory requirements somewhere in the world, this is the regtech highway to compliance.

“There is an arms race right now across fintech. The most successful digital-native fintechs, such as Revolut and Square, are already engaged in a headlong rush to become ‘super apps’, where differentiation is achieved by the broadest range of capabilities. Instead of offering a single or limited number of services, the aim is to provide a one-stop-shop where users can potentially conduct any transaction or service they are likely to need.

“Embedded finance is the secret weapon in this arms race.

“Embedded finance is a massive shortcut to offering new capabilities, e.g. an accountancy stack. However, most financial sector platforms will be compelled to comply with regulations at least somewhere in the world. Applying high-level financial IaC regtech massively reduces the costs of having the capability while increasing the quality through compliance.”

Gary Prince, Chief Strategy Officer at SimplyPayMeGary Prince, Chief Strategy Officer at SimplyPayMe
Gary Prince

According to Gary Prince, chief strategy officer at SimplyPayMe, “regtech needs to change for the paytech industry by enabling real-time decisioning and access to more online real-time information.”

He continues: “Open access, banking, and finance means the propensity for more fraud, as the bad actors will see this as a way to access money (customer funds) even easier. However, if loans can be processed within minutes, then consumer identity theft and account takeover become even more valuable to the criminal fraternity as they look to gain access to ‘quick fund’.

“Regtech needs to keep pace with (and try to get ahead) of fraudsters and scammers, as they will not go away from the sector, as it is too lucrative. So regtech needs to change for paytech to make payments safer for customers as well as businesses from those trying to access their information.”

Donnie MacColl, director of EMEA technical services at HelpSystemsDonnie MacColl, director of EMEA technical services at HelpSystems
Donnie MacColl

Donnie MacColl, director of EMEA technical services at HelpSystems, considers upcoming updates to the payment card industry (PCI) data security standard (DSS), and worries about the speed of their arrival:

“PCI DSS compliance is critical for organisations handling card payments, and forms a part of regtech services for fintech companies. However, the new PCI DSS V4.0 update that is expected to roll out in March 2024 sets too long a deadline which fails to create a sense of urgency and highlights some ‘casual updates’ that many businesses should already have in place.

“For instance, ‘8.3.6 Minimum level of complexity for passwords when used as an authentication factor’ or ‘5.4.1 Mechanisms are in place to detect and protect personnel against phishing attacks’ are listed as ‘non-urgent updates to implement in 36 months’. Considering today’s high-level cyberthreats, these recommendations won’t come fast enough to raise the level of cyber protection needed for financial institutions and retail businesses, posing a real threat to customer data and privacy.

“Instead, the update should require these changes to be implemented over multiple stages, setting out conditions that need to be met within a 12, 24 and 36-month timeframe. Businesses that fail to comply with PCI DSS should also be met with stricter fines and their abilities to offer credit card payment methods revoked, however we are not seeing those threats come to fruition.

“Without this enforcement, I fear businesses will postpone implementing these changes for the next 36 months. The PCI DSS update is good, but not good enough, and regtech businesses need to look beyond this advice and look to implement industry best practices as soon as possible.”

  • Tyler is a Fintech Junior Journalist with specific interests in Online Banking and emerging AI technologies. He began his career writing with a plethora of national and international publications.