Extensive regulatory requirements for financial service providers and FinTechs in field of data protection, money laundering regulation (AML), risk management and supervisory architecture. From a regulatory point of view, 2018 is marked by a wealth of innovations and changes that have rarely been the case so far. However, the outlook for 2019 is expected to ease only slightly. The much-cited "regulatory wave" is not coming to an end; on the contrary, it sees its peak so far in 2018. Although the regulatory agenda of European and national supervisory authorities proves that the important framework parameters have now been withdrawn, the finishing touches have yet to be applied.
Meanwhile, with increasing automation and data automation of business processes, the proportion of necessary technological transformations is also increasing exponentially.
Solution approaches for ensuring the transparency of machine decisions in order to be able to provide accountability in a comprehensible and traceable manner
Use of deep learning on higher dimensional data and their combination in order to satisfy the complexity of the real world
In the following article we provide an overview in sense of first guidance on these topics.
The security of identity data increasingly exposed by leaving traces while using applications or internet-based services. Even though this is part of the business relationship between users and providers in theory, the storage of sensitive identity data is surrounded by high uncertainty. The provided customer data builds the digital identity, which is being used by service providers to collect and analyse information and thus, create customized offerings and advertising. As a matter of fact, service providers are not inclined to guarantee the highest data security level, because data collection and usage is the key determent in its business models itself. In order to maintain data security, the overarching technology-architecture paradigm becomes a crucial part, including evaluation of Perimeter Networks and Zero Trusted Networks. Hence, the pros and cons of the perimeter security approach and Zero Trusted Network Architecture are being evaluated. Having the paradigmatic requirements changes on one side, regulatory authorities are needed to strengthen customer data by introducing legislative initiatives such as the IT Security Act, the European Payment Services Directive II (PSD) and the General Data Protection Regulation (GDPR). As the sovereignty of the individual digital identity is becoming crucial to its users, stakeholders must find new guidelines to adapt their security architectures.
On September 14th 2019, the PSD2 will become applicable national law. The obligations of strong customer authentication under Article 97 of the PSD2, which are specified in the "Regulatory Technical Standards (RTS) on strong customer authentication and secure communication in cashless payment transactions" drawn up by the EBA, will thus also take effect.