Tetyana Golovata, Head of Regulatory Compliance at IFX Payments

Regulation plays a critical role in shaping the fintech landscape. From Consumer Duty and FCA annual risk reporting to APP fraud, the tectonic plates of the sector are shifting and whether you consider these regulations as benefiting or hindering the industry, businesses are struggling to keep up. 

According to research by fraud prevention fintech Alloy, 93% of respondents said they found it challenging to meet compliance requirements, while in a new study by Davies a third of financial leaders (36%) said their firms had been penalised for compliance breaches in the year to June. With the FCA bringing in its operational resilience rules next March, it is more important than ever to ensure your company makes the grade on compliance. 

Lessons from history

Traditionally, FX has struggled with the challenge of reporting in an ever-developing sector. As regulatory bodies catch up and raise the bar on compliance, responsible providers must help the industry navigate the changes and upcoming deadlines.

Fintechs and payments companies are entering uncharted waters – facing pressure to beat rivals by offering more innovative products. When regulators have struggled to keep up in the past, gaps in legislation haveallowed some opportunists to slip between the net, as seen in the collapse of FTX. Because of this, implementation and standardisation of the rules is necessary to ensure that innovation remains seen as a force for good, and to help identify and stamp out illegal activity.

Culture vs business

Culture has become a prominent factor in regulatory news, with cases of large fines and public censure relating to cultural issues. As the FCA’s COO Emily Shepperd, shrewdly observed in a speech to the finance industry, “Culture is what you do when no one is looking”.

Top-level commitment is crucial when it comes to organisational culture. Conduct and culture are closely intertwined, and culture is not merely a tick-box exercise. It is not defined by perks like snack bars or Friday pizzas; rather, it should be demonstrated in every aspect of the organisation, including processes, people, counterparties, and third parties.

In recent years, regulatory focus has shifted from ethics to culture, recognising its crucial role in building market reputation, ensuring compliance with rules and regulations, boosting client confidence, and retaining employees. The evolving regulatory landscape has significantly impacted e-money and payments firms, with regulations strengthening each year. Each regulation carries elements of culture, as seen in:

• Consumer duty: How do we treat our customers?
• Operational resilience: How can we recover and prevent disruptions to our customers?
• APP fraud: How do we protect our customers?

Key drivers of culture include implementing policies on remuneration, conflicts of interest, and whistleblowing, but for it to become embedded it must touch employees at every level.

This is showcased by senior stakeholders and heads of departments facilitating close relationships with colleagues across a company’s Sales, Operations, Tech and Product teams to build a collaborative environment. 

Finance firms must recognise the trust bestowed on them by their customers and ensure the protection of their investments and data is paramount. Consumer Duty may have been a wake-up call for some companies, but progressive regulation must always be embraced and their requirements seen as a baseline rather than a hurdle.

Similarly, the strengthening of operational resilience rules and the upcoming APP fraud regulation in October are to be welcomed, increasing transparency for customers. 

Compliance vs business 

Following regulatory laws is often viewed as a financial and resource drain, but without proper compliance, companies are vulnerable to situations where vast amounts of money can be lost quickly.

A case in point is the proposed reimbursal requirement for APP fraud, which will mean payment firms could face having to pay compensation of up to £415,000 per case.

Complying not only safeguards the client and their money, but also the business itself.

About nine in ten (88%) financial services firms have reported an increased compliance cost over the past five years, according to research from SteelEye.  Embedding compliance earlier in business cultures can be beneficial in the long run, cutting the time and money needed to adapt to new regulations and preventing the stress of having to make wholesale changes rapidly. 

Building a cross-business compliance culture 

Compliance is a key principle at IFX, and we strive to be a champion in this area. In response to these challenges, the business restructured, establishing dedicated risk and regulatory departments, along with an internal audit function. 

Regulatory compliance aims to support innovation by developing and using new tools, standards, and approaches to foster innovation and ensure product safety, efficacy, and quality. It has helped the firm to navigate the regulatory landscape while driving growth and maintaining high standards.

This organisational shift allowed each business line to own its own risk, with department partaking in tailored workshops designed to identify existing, new, and potential risk exposure. Shared responsibility for compliance is the only way to create a culture which values it. We see this as a great way for organisations to drive innovation while sticking to the rules. 

by Luke Shipley, CEO and Founder of Zinc

Recent years have seen a significant shift in the recruitment and hiring process, especially with the rise of remote and hybrid employment. We never imagined the term “ghosting,” which refers to stopping communication when dating someone without saying anything, would be used in the workplace. But now, the idea of ghosting has gained significant traction among HR managers who oversee a large volume of applicants.

Either the recruiter or the prospect may experience it. Hiring managers will sometimes ghost applicants in an attempt to hint to them that they are not being considered for the position and to steer clear of potentially awkward discussions. On the other hand, there are several reasons why an applicant could disappear from a hiring manager, including a drawn-out application process, a lacklustre communication exchange, or other personal issues outside the company’s control.

It’s no secret that HR departments throughout the nation are under pressure; according to new ONS statistics, more than half of companies have high recruiting goals for this year, with over 908,000 open positions. Consequently, hiring managers can become fixated on finding applicants to fill new openings, and risk overlooking the application process of those who are already undergoing interviews.

Managing what seems beyond your control

Ghosting a candidate may happen at any point during the hiring process, from the initial email to the acceptance of a job offer. According to a recent Indeed poll, 86% of job searchers in the UK have never showed up for an interview, while 20% of employees claim that companies have not called to schedule a phone interview. Candidates ghost hiring managers for a variety of private motives that are beyond the recruiting manager’s control. In order to guarantee a seamless applicant experience, nurture them throughout the process, and provide the best possible experience, it is ultimately up to the HR staff to take charge of as much of the situation as they can.

According to our Industry Insights Report, recruiting speed is the most important indicator for larger companies. Because of their lack of resources, their recruiting procedures are still excessively sluggish, even if this may result in the possibility of finding competent individuals more quickly. It all boils down to finding the ideal mix between expeditiously recruiting outstanding personnel and ensuring a flawless applicant experience. While getting new applicants in the door quickly is crucial, hiring managers also need to pay close attention to controlling the timeline of the candidate hiring process.

Timing is everything

Imagine yourself going on five interviews with prospective employers right now, putting in endless hours of preparation to wow each hiring manager. This has been interfering with your personal life for more than a month. As you conclude an interview that you feel genuinely confident in, everything is beginning to look positive, and they tell you that you should hear from them shortly. You’ve been waiting for a response from the recruiting manager for weeks. You not only feel let down, but you also begin to distrust the outcome of the interview, which brews doubt in both your head and the organisation.

Hiring managers want to make it clear that they are giving candidates their full attention, and replying quickly can help with ghosting. Nobody wants the candidate to stay for a lengthy period of time waiting for a response, since this produces tension for both sides. To remain competitive, the Indeed Career Guide recommends that job searchers submit 10-15 applications every week. If your prospect is also applying for ten other positions, the issue remains: how can the hiring manager make them feel as special as possible without prolonging the process?

Embrace technology

Most recruiting managers would agree that they are always chasing their tails due to a heavy workload. Background checks are required in all employment processes and are often conducted in the latter stages. It is sometimes time-consuming, taking up hours that might be spent researching fresh prospects or personalising rejection emails. Background checks can also be a significant impediment to a more lengthy, delayed employment procedure. No applicant likes to hear radio silence from their recruiter, as a study performed in the UK by recruiting agency Hays found that just 6% of those polled would be ready to wait more than a week for a response after a final interview.

To maintain a continuous flow of contact between the hiring manager and the applicant, candidate communications must be automated. Whether it’s through sophisticated candidate tracking systems, onboarding, or background checks. By automating the frequently administrative-heavy chores that technology might create, hiring managers free up more time to focus on the job’s human-centric requirements, such as engaging with prospects. This is based on human contact, which may be impossible to replicate with technology.

The length of interview sessions varies by industry, but the last thing a candidate should go through is a prolonged, drawn-out recruiting process, which presents an opportunity to walk away. This not only increases the likelihood of ghosting, but it also has a significant impact on the business’s brand. On the other side, if an application is not picked, they should be treated with the same caution via tailored rejection emails. Data from recruitment software provider, ICIMS, found that more than half of applicants who are not picked do not receive a rejection email or letter, highlighting a weakness in the hiring process.

This is a phase that is sometimes forgotten, but the value of word of mouth should never be underestimated. Taking the effort to design rejection emails is more likely to result in a favourable brand image, with a knock-on impact that attracts more great talent.

It is ultimately up to the employer to provide a great candidate experience from the time an application is sourced until they are either turned down or join the organisation. Reduce the time-consuming tasks that can be automated with modern technology like integrated application tracking systems and background screening software. The hiring manager and applicant must maintain a steady flow of open communication in a timely manner that keeps the candidate interested and prevents ghosting.

Source: Finance Derivative

Luke Dash, CEO of ISMS.online

Artificial Intelligence (AI) is having a huge impact on nearly every industry, and the insurance and insurtech sectors are no different.   

According to the McKinsey Global Institute, generative AI has the potential to add between $2.6 trillion and $4.4 trillion to global corporate profits annually. Meanwhile, an additional study shows that AI can improve employee productivity by as much as 66%. 

These statistics speak volumes, which is why global insurers – and insurtechs – are now allocating significant resources to implement AI technology. According to the KPMG CEO outlook and Global Tech Report, insurers are increasingly embracing emerging technologies, and AI is considered to be one of the most important emerging technologies.

The implementation of AI in insurance

As companies that use innovative technologies to revolutionise how insurance products and services are developed, delivered, and managed, many insurtechs are now using AI to enhance customer service, perform risk assessments, and make product recommendations.

AI-powered chatbots and virtual assistants are used to provide instant, 24/7 customer support, improving response times and customer satisfaction. Additionally, AI can be used to analyse customer data to offer personalised product recommendations and dynamic pricing models, ensuring customers receive tailored coverage options and fair premiums.

For insurance companies and larger enterprises, AI can improve risk assessment and underwriting by analysing large datasets to identify patterns and predict risks more accurately. It also enhances fraud detection by spotting anomalies and patterns that humans might miss. Automated claims processing and damage assessment using AI speed up these processes, reduce errors and ensure timely payments.

Furthermore, AI provides valuable customer insights, helping insurers develop better products and proactive engagement strategies, enhancing customer retention and loyalty.

Similarly, AI can support insurtechs and insurance companies by automating and streamlining onboarding and training. It can identify individual skill gaps and create customised learning paths, making training more effective.

Beyond onboarding and training, AI can be used to improve overall operational efficiency and HR management. AI systems can continuously monitor employee performance, provide real-time feedback, and suggest personalised development plans. In HR, AI can aid recruitment by screening resumes and conducting initial assessments while monitoring employee engagement to improve workplace satisfaction. Other AI applications include optimising internal processes, managing resources effectively, and assessing operational risks. If implemented effectively, these applications could collectively lead to a more efficient, productive, and compliant organisation.

AI: The risks and ethical considerations

Using AI in this way raises ethical considerations for customers and employees in this sector. According to KPMG’s 2023 CEO Outlook Survey, 57% of business leaders expressed concerns about the moral challenges posed by AI implementation.  And despite AI’s exponential opportunities, organisations face increasing risks that should not be ignored.

For example, insurance companies and insurtechs must guarantee that customer data is collected, stored, and used in compliance with privacy regulations and that AI models used for pricing, underwriting, and claims processing are regularly audited for bias. Customers should also be provided with clear explanations of how AI-driven decisions are made.

From an employee perspective, companies must safeguard employee data, ensure that AI models used for talent management and performance evaluation prevent bias and discrimination, and provide transparency and human oversight in critical decisions.

To mitigate risks and ensure ethical AI usage, insurtechs and insurance companies should develop ethical AI guidelines. They should also regularly audit AI models, provide clear information to customers and employees, ensure human oversight, foster a culture of responsible AI practices, collaborate with regulators and industry peers, and continuously monitor the impact of AI systems on customers and employees.

However, ethical considerations are not the only ones that need attention. The insurance industry also faces significant cybercrime and data storage risks, particularly concerning GDPR compliance. These companies store vast amounts of sensitive customer data, making them attractive targets for cybercriminals. Risks include data breaches, ransomware attacks, and adversarial manipulations of AI systems.

To mitigate these threats, insurtechs and insurance companies must implement robust cybersecurity measures such as advanced encryption, multi-factor authentication, regular security audits, and AI-driven threat detection systems. Ensuring compliance with data protection regulations is crucial to avoid hefty fines and legal actions, which require stringent data handling practices, clear customer consent protocols, and thorough audits of third-party providers.  In a recent Allianz survey on how GenAI will impact the insurance industry, nearly half (48%) of respondents believe strict regulation is necessary to mitigate GenAI risks.  

So how can companies ensure they follow this regulation and manage these risks?

Leveraging key guidance frameworks

Adopting ISO 42001 and ISO 27001 standards can help insurance companies and insurtechs effectively manage AI usage and associated risks.

ISO 42001 provides guidelines for the governance and management of AI systems, addressing risk management, transparency, accountability, and ethical considerations. By following this standard, companies can establish a structured approach to identifying and mitigating AI-specific risks, ensuring transparency in decision-making processes, preventing bias and discrimination, and fostering a culture of responsible AI usage.

Complementing ISO 42001, ISO 27001 focuses on information security management, helping insurtechs and insurance companies to protect sensitive data in AI systems. Aligning with ISO 27001 enables them to implement robust security controls, comply with data protection regulations, assess and treat information security risks, and establish incident response plans.

By leveraging both standards, companies can take a comprehensive approach to managing AI risks and demonstrate their commitment to responsible AI practices, building trust among customers and stakeholders. However, insurtechs and insurance companies should tailor these standards to their specific needs, assess unique risks and expectations, and continuously improve their AI governance and information security processes.

Looking ahead: Embracing new technology and compliance

Looking ahead, the sophistication of cyberattacks is expected to increase, and regulatory environments will likely become stricter.

Insurtechs and insurance companies must invest in advanced cybersecurity technologies and continuously update their compliance strategies to stay ahead. There will also be a greater focus on AI ethics and fairness, driven by public and regulatory scrutiny, requiring the adoption of ethical AI frameworks and regular audits for bias.

Furthermore, advancements in privacy-preserving technologies, such as homomorphic encryption and differential privacy, will become more prevalent, and organisations should integrate these into their data processing workflows to enhance privacy and security.

Additionally, as AI ethics and data protection regulations tighten, non-compliance may lead to higher legal penalties, fines, and erosion of customer trust. Prioritising compliance becomes essential to protect both an organisation’s operations – and its reputation.