Blog

Who Regulates the NBFCs?- Supreme Court Settles The States’ Money Lending Laws Disparity With RBI

 

Last week, the Supreme Court held that Non­-Banking Financial Companies (NBFCs) regulated by the Reserve Bank of India could not be regulated by individual state enactments.

A bench of Justices Ramasubramanian V and Hemant Gupta said NBFCs play a vital role in contributing to the country’s financial health, whose operations are controlled by RBI. Therefore, it said that the Reserve Bank of India has no say in such a relevant matter of vital interest. It would strike at the fundamentals of the statutory control vested in the Reserve Bank of India.

“It may be true that many times RBI may not be controlling the rate of interest charged by NBFCs on the loans advanced by them. It does not mean that they have no power to step in,” the bench said.

The Supreme Court examined whether Non-Banking Financial Companies regulated by the Reserve Bank of India could also be regulated by specific State enactments such as the Kerala Money Lenders Act, 1958 and the Gujarat Money Lenders Act, 2011.

The fact that the Chapter III­B of the RBI Act assigns a supervisory role for the Reserve Bank of India to oversee and regulate the NBFCs’ functioning, including all their activities, automatically comes under the scanner of the RBI. This applies to the NBFCs from their inception (registration) till the time of their commercial denouement (winding up/cancellation).

“As a consequence, the single aspect of taking care of the interest of the borrowers which is sought to be achieved by the State enactments gets subsumed in the provisions of Chapter III­B,” the bench said.

The Supreme court also said it believed that the Kerala Act and the Gujarat Act would not apply to all NBFCs registered under the RBI Act, which the RBI regulates.

Therefore, the bench stated that all the appeals the NBFCs filed against the Kerala High Court’s judgment are standing and allowed. Similarly, the appeals the State of Gujarat filed against the judgment of the Gujarat High Court are wholly dismissed.

What It Means

The statement by the Supreme Court comes as a massive breath of fresh air for NBFC in particular and the fintech industry as a whole. None of the RBI-regulated financial companies need to get tangled in multiple jurisdictions and unnecessary compliance complications. Contradictions between jurisprudence are also apparent and transparent.

Even then, financial companies still need to follow many regulatory compliances. For this, they need reliable fintech service providers to ensure good service. Signzy can get you the apt products and services you seek. With our customizable AI-driven API resources for KYC, Onboarding, etc., which are absolutely regulations compliant, you can make all your financial technology processes optimized to the best degree.

 

Key Takeaways

  • The Reserve Bank of India(RBI) will unequivocally regulate Non-banking financial companies (NBFCs), and state money-lending laws will have no applicability to them.
  • The verdict was that the Kerala Act and the Gujarat Act would have no application to the NBFCs registered under the RBI Act and regulated by the RBI.
  • No NBFC can begin or carry on business without obtaining a registration certificate under the RBI Act; their continuation in business would depend upon compliance with the RBI Act and circulars/directions issued by the RBI.
  • This is impactful news for NBFCs as this will help maneuver unnecessary bureaucratic hurdles.
  • It creates a strict differentiation between local money lenders and Non-Banking Financial Companies.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

Mahesh is a Creative Writer intent on learning and sharing knowledge. He believes Finance is the matrix of functionality, and Technology is evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. He explores this sphere with keen eyes on the terraforming ecosystem. He tries to balance his professional enthusiasm with his passion-driven love for history, mythology, and stories of all forms.

RRA Refocus On Circulars- What The RRA’s recommendation To RBI Was And What It Means For The Fintech Industry

The Reserve Bank of India(RBI) stated the Regulations Review Authority(RRA 2.0) had recommended withdrawing an additional 225 redundant circulars on the RBI website. The Reserve Bank had set up the RRA 2.0(Regulations Review Authority) to reduce the burden of compliance on REs(regulated entities).

“RRA 2.0(Regulations Review Authority 2.0) has recommended withdrawal of an additional 225 circulars in the third tranche of recommendations,” the Reserve Bank Of India said in a statement last week.

The RBI is separately issuing the notifications, including the list of specific instructions recommended for withdrawal.

Once the Reserve Bank Of India does remove these redundant circulars, it will be a welcoming step for optimizing the regulatory compliance associated with the sector. Moreover, it will significantly help the banking and fintech industries as financial technology is constantly impeded by regulatory bureaucracy.

In the second tranche, the Regulations Review Authority 2.0 had also recommended merger/ discontinuation/ conversion to online submission of 65 returns. In addition, they also emphasized creating a new ‘Regulatory Reporting’ link on the central bank’s official website to consolidate all the information relating to any regulatory reporting.

History of RRA 2.0

The Reserve Bank of India established the Regulations Review Authority 2.0 to review all the regulatory instructions, reduce the burden of compliance on Regulated Entities (REs), and remove redundant and duplicate instructions.

Regulations Review Authority 2.0 focuses on properly streamlining regulatory instructions, reducing requirements for reporting wherever possible, and reducing the burden of compliance of the regulated entities(REs) by simplifying procedures and processes.

The Reserve Bank of India had established an RRA initially for only a year from April 1, 1999, for mostly reviewing the regulations, reporting systems, and circulars based on the genuine feedback from the banks, the public, and other financial institutions(FIs).

The recommendations of the Regulations Review Authority enabled streamlining and incrementing the effectiveness of various procedures and simplified regulatory prescriptions. It paved the way for issuing master circulars and reduced reporting burden on regulated entities; the RBI had said in April last year while announcing the setting up of RRA 2.0.

What this means for financial technology

The talk needs to be walked from the RBI website to the financial companies and regulated entities in the form of new rules. Once the redundant circulars are effectively withdrawn, it will be a comforting move for regulatory compliance in all sectors. This is particularly true in fintech. As the fintech industry is closely knit with advancing technology, outdated regulations constantly impede the excellent implementation of solutions.

Although RBI and other regulating entities are striving to walk the fine line of easing the processes for regulated entities while affirming the safety and security of the customers, it remains difficult to follow the proper regulatory compliance. This is especially true in cases of compliance involving digitization and automation. 

If you are concerned about how to handle this, you need not seek further. Signzy provides the-state-of-the-art API resources that are No-Code AI-driven and offer customizable options for all your needs. Check out our products here.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

Mahesh is a Creative Writer intent on learning and sharing knowledge. He believes Finance is the matrix of functionality, and Technology is evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. He explores this sphere with keen eyes on the terraforming ecosystem. He tries to balance his professional enthusiasm with his passion-driven love for history, mythology, and stories of all forms.

Know Everything About The RBI’s New Rules Revamp For Credit And Debit Cards

With over 5,90,000 ATM transactions and close to 211 million POS(point-of-sale) credit card transactions, December 2021 was an intriguing month for the financial industry. These numbers keep on increasing, and the government is taking measures to ensure that card issuers do right by the customers.

The Reserve Bank of India(RBI) provided new rules for the Issue of credit and debit cards and apt directions to issuing agencies. The new rules will be implemented from July 1, 2022. 

These directions encompass the conduct regulations relating to credit, debit, and co-branded cards and their payments. They apply to every bank in India.

The official RBI website prescribes the new rules as master directions. These are meant to provide just treatment for debit and credit services customers. The RBI website also hints at further reforms in the coming months.

General guidelines for card issuance

  • If a card is blocked at the customer’s request, a replacement card can only be issued with the customer’s explicit consent. Further, the card issuer must obtain the explicit consent of the cardholder before the renewal of an existing card.
  • The T&C for issuing and usage of a card will be mentioned in simple language with clarity. This will preferably be in Hindi, English, and regional languages.
  • If any convenience fee is charged on specific transactions, it shall be transparently indicated to the cardholder before the transaction.
  • The terms shall specify the time for a reversal of failed transactions and the compensation payable for failure to meet the specified timeline.
  • The card issuer may alter terms, but they must provide a 30 days notice of the change to the cardholder to enable the customer to withdraw if they choose. 

Guidelines for debit cards

  • Debit cards shall only be issued to savings bank or current accounts customers.
  • Banks will not force a customer to avail of a debit card facility and shall not link issuance of a card to opt for any additional facility from the bank.

Guidelines for credit cards

  • Unsolicited upgrading or the Issue of unsolicited cards is strictly prohibited. Suppose an unsolicited card is issued, or an existing card is upgraded and activated without the customer’s explicit consent (a bill is generated). In that case, the card-issuer shall reverse charges and pay the penalty amounting twice the value of reversed charges.
  • The card-issuer is wholly held responsible if there is a misuse of such unsolicited cards (before reaching those whose names it was issued).
  • Consent must be explicit for the Issue of cards- i.e., written consent is required before a credit card issuance. If written permission is difficult to obtain, digital means can be used but must be communicated to the RBI.
  • Card issuers and third-party agents have been told not to resort to intimidation or harassment during the recovery of dues.

Guidelines for loss of cards

  • Card-issuer will block a lost card immediately after being informed.
  • Card issuers shall provide detailed information on reporting loss, theft, or unauthorized use of a card or even the PIN. This must include channels such as a dedicated number for SMS, a dedicated helpline, a dedicated e-mail-id, a visible hyperlink on the website, internet banking and mobile app, etc.
  • Card issuers shall immediately send a confirmation after blocking the card.

Grievances and Complaints

  • Card issuers shall implement mechanisms and provide publicity. They should mention the name, email-id, contact number, and the designated officer’s postal address on the account statements and credit card bills.
  • The designated officer ensures that the grievances of cardholders are redressed promptly without delay.
  • Card issuers must ensure call center staff is trained to manage and escalate complaints. There should be an effective system of acknowledging customers’ complaints about apt follow-ups, including complaint numbers, even if complaints are received over the phone.
  • Card issuers will be liable to compensate the complainant for loss of time, expenses, financial loss, and the harassment suffered for the mistakes of the card issuer if they did not redress the grievance in time. If a complainant receives no satisfactory response from the card issuer within a span of one month from the date of the lodged complaint, they can approach the RBI to redress grievances.

Confidential customer information

  • Card issuers will not reveal information regarding the customers without obtaining their consent. They must tell customers the purpose of the information and the organizations they will share the information with.
  • Information sought from customers cannot violate law provisions relating to maintaining secrecy in transactions. The card issuers will be responsible for the accuracy or otherwise of the data provided.

Conclusion

This master direction for credit and debit cards is an excellent effort from the government’s side to provide customer convenience and ensure just treatment. This will boost credit and debit card usage in the coming years. Notwithstanding this, it is a burden on many financial institutions. The entire onboarding structure will need scrutiny and revamp. They require reliable, safe, and user-friendly fintech services. With a no-code AI-driven platform and multiple customizable API resources, Signzy can undoubtedly provide you with the solutions you seek.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

Mahesh is a Creative Writer intent on learning and sharing knowledge. He believes Finance is the matrix of functionality, and Technology is evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. He explores this sphere with keen eyes on the terraforming ecosystem. He tries to balance his professional enthusiasm with his passion-driven love for history, mythology, and stories of all forms.

Leveraging No-code Approach For Rapid And Flexible Onboarding Solution By Signzy

The financial industry is witnessing a paradigm shift with an uptick in the emphasis on digital client onboarding. As a top-level CTO of a banking enterprise or a neo-banking venture, you are always looking for technology that eliminates the deadwood involved in manual paperwork in onboarding new clientele. Finally, you can now heave a sigh of relief as we present the perfect fintech companion for fulfilling all your digital onboarding needs. 

Signzy is your one-stop, neatly-packaged, no-code AI-based digital onboarding solution that empowers leading financial organizations to deploy automated data management and customized client onboarding without any prior coding!

Yes! You read that right! Not a single line of code is required to deploy customizable solutions for your bespoke business needs. So hold your breath, ladies and gentlemen, as we are about to unveil path-breaking innovation in the field of fintech that holds promise and potential.

Why is Digital Onboarding The Talk of The BizTown?

The ultimate goal of any captain of the banking streamer is to reduce TAT (Turn Around Time) and offer an enhanced customer experience. Gone are the days when physical meetings needed to be fixed for the most straightforward banking procedures. Instead, optimized and customized secure digitized banking solutions have heralded the winds of change and set the tone for the future. 

By embracing the benefits of customized digital onboarding solutions such as Signzy, you get to open the gates to a world of benefits that suit the technologically challenged with seamless ease. When you leverage an automated customized platform such as Signzy, you make data management, solution deployment and machine learning a child’s play even for those who know zilch about coding!

Building complete AI solutions without investing in expensive developer work results in optimized cost-efficiency and greater user flexibility. A single team member can deploy multiple modules to deliver customized onboarding, drag and drop solutions without consulting the IT team! Now, that’s progress.

Plus, not to mention that AI eliminates chances of human error, which ultimately translates into cementing customer trust and loyalty. Seems like a pretty win-win situation, we say!

Top 3 Reasons Why Deploying Signzy’s No-Code AI-Based Approach is a Smart Move

Let’s get down to some hard facts and number crunching to help you benefit from one of the best digital onboarding solutions and empower your financial enterprise like never before!

  1.  Optimized Deployment Time Enabled By Its No-Code Approach: 

Financial institutions are understandably short of time, and in a world where time and money directly correlate, you cannot afford to continue deploying age-old inefficient solutions. 

This is where Signzy comes into the picture with an extended hand. Being an inherently AI-based platform powered by a no-code approach, you don’t need a developer to build and crunch code. Its intuitive drag and drop approach results in a 90% reduction in TAT. Lesser time required for deployment results in a more significant, error-free onboarding process. 

Are you wondering what no-code tech brings to the table? Well, let’s break it down for easier assimilation. Imagine creating apps, AI tools, onboarding platforms, websites with just a laptop at your disposal and no pre-existing coding knowledge! 

Sounds too good to be true? Well, not really, as no-code technology enables even the not-so tech-friendly people to move the proverbial mountains effortlessly. 

No-code-based innovations have impacted a diverse range of industries, and the financial sector is no different. When done conventionally, the process of client onboarding in the financial sector still takes about a week to complete. When banks or neo banks deploy no-code solutions like Signzy, they optimize the clientele onboarding procedure quickly and smoothly through an AI-based online portal. 

All your KYC prerequisites such as forms, terms & conditions, secure biometrics enabled digital contracts are all packaged in one place. 

  1.  Secure, Flexible, and Customized Digital Onboarding: 

If you are worried about the security aspect of deploying this no-code-enabled platform, allow us to put your worries to rest. Whereas custom-built code built by a developer is open to errors and security risks, no-code platforms run on pre-tested systems that afford unparalleled biometrics enabled security to businesses and their database.

The flexibility that comes with this unique platform allows you to create customized flows and business tools with a drag and drop or click and point approach. Also, there is no learning curve to it, so no more research and number crunching. Instead, it’s as simple as waving your wand and getting the work done!

  1. Cost-efficient Customized Onboarding Solution that Helps Fintech Firms Breathe Easy!

Signzy offers customizable digital KYC solutions to a plethora of renowned financial institutions across geographies. As a result, companies have reported a 75% reduction in operational expenditure, 66% dip in customer churn rate, and 3% increase in sales productivity! These fantastic figures speak for themselves. 

Let’s try to understand what makes this achievable. First, these APIs offer a plug-and-play approach that allows you to create business tools on the fly. Also, they can be easily integrated with existing solutions ruling out overhead expenditures and developer costs. 

They carry out advanced microservices equipped to offer advanced features like forgery detection, AI-based risk detection, background verification against established government databases at a fraction of the cost.

Thus the deployment of such proprietary APIs guarantees cost-optimization and an enhanced user experience.

Key Takeaway

Customized, scalable backend operations and faster digital transformation are unequivocally the need of the hour, and Signzy delivers just that and a lot more! So you can now curate business tools with absolutely no coding at the time of deployment, ensure faster delivery, expedite creation time and automate a significant chunk of the tedious work. Consequently, you can now focus on things that genuinely require your expertise and attention with the rest of the things being taken care of. 

Optimize client onboarding with a few clicks in a simple manner and close deals faster than ever! Not to mention the reduced costs of not having to hire developers. Simply the best! 

 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Optimal Regulations- How Good Fintech Regulations Form The Financial Gateway To Digitizing The Economy

 

How welcoming are the Indian districts to financial inclusion and progress? A decade ago, it wasn’t much. 2013 saw the CRISIL (formerly Credit Rating Information Services of India Limited) introduce Inclusix into the foray. Inclusix was the country’s first financial inclusion index- a method to measure the level of financial inclusion and progress in the nation. The project spanned over 660 districts in the country.

In 2022, over 330 of the 666 districts in the country have a rating of ‘Above Average’ on the Inclusix. This is an encouraging result for the economy. But while growth is evident, so will the trouble that comes with it. With increasing individuals accessing financial opportunities, the government must take advanced and more efficient regulatory measures.

How It Has Been For Fintechs

A brief history of Fintech exhibits its inception in the banking industry. Notwithstanding, the past half a decade has seen tremendous advancements in the entire financial company ecosystem. FinTech has expanded to asset management and insurance companies too.

Digital adoption is not easy in a massive yet less digital economy like India. Innovation and change have never been the cash-centered mindset, and lack of reliability on technology in the past has made it difficult. Nonetheless, the entire country is shifting towards adopting Financial technology services. This includes both the businesses and the consumers.

Thus, the environment is nourishing and is shifting to a higher gear. New business propositions, better maneuvering, and solutions lead to a faster-paced economy.

Regulations In Position

Even with the current strict regulations, many sectors in the Fintech Industry are not adequately regulated. The problem is not a lack of regulation but the unequal and inefficient distribution of regulatory guidelines across the whole industry. Some are excessive, while others are insufficient.

P2P lending and digital payment modes are good examples of irregular regulatory implementations. They require monitoring and oversight regulation as they manage money at large, derived from the public. Two of the relevant regulatory actions in place include:

  • P2P is popular amongst enthusiastic investors and financial companies as they are efficient, high on returns, and has relatively lower interest rates than other financial companies, institutions and banks. The RBI’s decision to treat such P2P entities as NBFCs with newer regulatory guidelines will only cement their relevance in the economy and legality. Such a move by the RBI will ensure better credibility and decision-making capacity for P2P platforms. It will help make the initiatives more robust and, more importantly, sustainable in the future.
  • The RBI is also regulating Fintechs focused on payment gateways and e-wallets. Under the Payment and Settlements Act 2007, these entities must be registered with the RBI. The Act describes stringent rules and regulations for the same. 

Barring the above mentioned, there are not many stringent regulations in any Fintech industry sector. This is an excellent opportunity for regulators and businesses to think of creative approaches towards it. Historically, the regulators have not perceived Financial technology companies in a different limelight. They categorize them in the same elements as traditional businesses. This is a mistake.

What To Change

Considering Fintechs as traditional businesses needs to change. And it did.

In 2017, one of RBI’s Working Groups recommended setting up an optimized sandbox in the country. This sandbox would allow Fintech Startups to examine and test new services while assessing risks before their introduction into the market. But even this needs modifications and improved efficiency. There are still a lot of bureaucratic muddles.

Many entities are involved in governing the Indian Fintech industry. This includes RBI, TRAI, SEBI, and even the IRDA. Hence, there is no single authoritative body to oversee the industry as a whole. There are no specific generalized guidelines for the Fintech sphere. An overseer regulator will help make matters easier.

Moreover, each state government is taking different modes to approach the industry. They have their own opinions and startup ecosystems. As a result, regulations overlap and cause confusion and gray areas for the Fintech community. Therefore, an understanding between governments must be strung.

On top of all this, the FIntech sphere is a dynamic juggernaut. It has new technology and outright disruptive approaches with innovative products. These call for the constant renovation of regulatory guidelines to ensure a smooth and easy transition. The regulators have myriads of ideas and areas to consider each time they decide. Apt solutions for this must be brought. Consider the input prominent fintech players can provide and keep clear communication between the entities and the regulators to ensure no misunderstandings.

Where All Of This Leads You

Considering consumers as the primary benefactors of better regulatory practices, the government is taking measures. Data localization norms and the flexibility and interpretation of regulation will help enforce the aspiring optimization. The RBI also currently has regulatory guidelines to make payments more transparent and secure in draft form.

While the government and competitors are transforming their approach to fintech solutions, you also have to opt for the best services available to ensure your enterprise thrives. We at Signzy can help you. Our state-of-the-art, customizable, AI-enabled resources can help you boost your onboarding and KYC processes. Let us know how you plan on innovating your enterprise.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

I am a Creative Writer intent on learning and sharing knowledge. I believe Finance is the agar matrix of functionality, and technology is evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. I explore this sphere with keen eyes on the terraforming ecosystem. I try to balance my professional enthusiasm with my passion-driven love for history, mythology, and stories of all forms.

 

The Road Ahead For KYC- 7 Ways Compliance Is Set To Change In This Decade

$45 per employee is what companies pay on average for compliance training. The total average time is 5 hours for this training. When we do the math, if the company has more than 1000 employees, the total cost will amount to a minimum of $225,000 a year. Will this change?

Absolutely, yes!

A wave of increased regulation guidelines worldwide has made KYC(Know Your Customer) compliance more difficult, ergo, more expensive than before. Companies that previously snuck past by treating compliance as simply a checkmark operation now face a future filled with questions.

But, with newer technology and emerging trends, this is changing. This will change the associated expenses and the entire process of KYC compliance. We need to keep an eye out for these. Let’s have a look at the 7 major trends that will

 

  1. The Inevitable ‘Perpetual KYC’

Financial institutions(FIs) were content just reviewing customers periodically according to risk ratings. On average, it used to take up to 20 days for a single file to refresh a customer’s details. But now, future KYC compliance is more focused on Perpetual KYC. While regulators were not adamant about reliable, independent source data/documents or information until very recently, expectations will increase as government regulations strengthen with time. Companies should grasp this opportunity to begin working with structured data providers. They can provide event-based, real-time monitoring of alterations in customer details.

  1. Digital Adoption With Better, Increased Automation

Banks have started to use better AI(artificial intelligence) and ML(machine learning) to assess AML CFT risks. AML in finance is very important, and automation will help fortify it. In cases where they don’t use these outright, they will start to use large, open datasets, with dependence on smaller teams with extremely specialized skills. Moreover, total automation will trigger the quicker adoption of digitization. This will help CFT in banking improve, providing a safer approach to ecosystems even outside of finance.

  1. Dependence On Centralized Repositories

Decentralized data is a headache for regulatory entities and respective companies. Instead of forcing clients, providers, and regulators to obtain KYC information from multiple sources, centralized repositories will help streamline the data. In addition, it will remove the requirement for institutions to approach clients.

This has a significant impact on the mechanics and dynamics within the industry. Data sourcing is a considerable concern for the involved parties, but centralizing that information and data brings forth other problems to accompany increased capabilities. FIs should select structured data partners scrupulously as this change develops. This will also improve processes for AML in finance.

  1. Importance Of Operational Resilience Will Increase

Flexible companies can bear better through storms than rigid ones. Conversely, businesses not optimizing processes find themselves outmatched and outgunned by more elastic and agile organizations that acknowledge the need to adapt.

Organizations should focus on enhancing and stabilizing sustainability within KYC processes in order to survive high scrutiny and external pressures. This is particularly true in a post-COVID era, where regulators bring newer priorities and associated concerns to businesses with individual compliance requirements.

  1. Fading Opaque Ownerships

Increased transparency does not work well for companies obfuscating operations on purpose. As a result, regulators plan to storm down on OCS(ownership concealment strategies). Now that companies and regulators both have improved tools to detect suspicious situations. These institutions that have become accustomed to hiding their UBOs(ultimate beneficial owners) will have a troublesome awakening.

  1. More Stringent Global And Government Regulations 

What do regulatory bodies do when newer processes and tools permit them to detect more rulebreakers? Rarely are they happy with the results. Instead, they double down and increase regulations and lean harder on better technology to eliminate problems that could have been bigger than they initially expected.

After the initial wave of regulatory actions, businesses that remain compliant will not become complacent. Alterations will continue, either in cryptic and coded law or in the practice and execution of existing rules.

  1. More Data Sharing By FIs

As organizations understand more about compliance concerns, they look to their ecosystem partners to eliminate other issues they might have overlooked. In addition, they will share information through newer content and better practices, improving compliance strategies. Institutions in this regard should be accustomed to sharing more info and advice while working closely with other companies’ compliance teams.

 

What The Future Of KYC Compliance Holds

As newer regulatory guidelines enter the KYC ecosystem, companies must be vigilant. As technology evolves, best practices and the corresponding expectations of governments, regulators, and entities in the system also develop.

These trends are reshaping the world of KYC compliance. As newer insights and better tools come to light, more recent trends will augment or replace them. Although companies cannot precisely predict the future, they can craft flexible processes and the mindset necessary to traverse the unknown.

But for this, they will need the best resources they can find. That’s where Signzy can help you. Signzy’s state-of-the-art tools for KYC compliance and smooth processing will help and fasten your processes. They are AI-driven and completely customizable.

 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

Mahesh is a Creative Writer intent on learning and sharing knowledge. He believes Finance is the matrix of functionality, and Technology is evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. He explores this sphere with keen eyes on the terraforming ecosystem. He tries to balance his professional enthusiasm with his passion-driven love for history, mythology, and stories of all forms.

Algorithmic Risk Intelligence: The Future of Risk Management

Introduction

The world is becoming more and more data-driven. As a result, data has become the lifeblood of many industries. Organizations are starting to realize the value of collecting and analyzing data to make intelligent decisions. However, this can be challenging if your organization does not have a proven framework for quantitative analysis. Algorithmic risk intelligence is a new way of systematically thinking about data risks with a few key considerations: how significant the potential impact is, the probability of occurrence, and how feasible it would be to prevent or mitigate the risk. Understanding these three factors will allow you to identify your most critical risks and give you an idea of where to focus your efforts when it comes time to prioritize which risks you need to address.

 

Utilization of historical data to build predictive models

The utilization of historical data to build predictive models is a common practice. It can be done by using the ARIMA approach.

ARIMA (Autoregressive Integrated Moving Average) is a technique that uses historical data to predict future values, which can be used to make better decisions. It uses past information to forecast the future. These methods are powerful, but they are also quite complex, and they require more advanced statistical knowledge to make them work properly. Using historical data to build predictive models is essential to algorithmic risk intelligence. 

Utilizing historical data to build predictive models will help you identify risk areas, but it does not mean you should stop there. It would be best to look at other factors that are not captured in the model. For example, you should be looking at data that will help you identify new or emerging risks.

Measurement, quantification, and anticipation roles of ARI

Algorithmic risk intelligence is about understanding, quantifying, and anticipating the risks that matter to your organization. It is a new way of systematically thinking about data risks with a few key considerations: how significant the potential impact is, the probability of occurrence, and how feasible it would be to prevent or mitigate the risk. Understanding these three factors will allow you to identify your most critical risks and give you an idea of where to focus your efforts when it comes time to prioritize which risks you need to address.

Some other vital roles that ARI can play in an organization are measurement, quantification, and anticipation. Measurement is about understanding the scope and magnitude of potential risk. Quantification is about estimating the probability of a risk occurring. Finally, anticipation is about developing a plan to prevent or mitigate risk from occurring.

There are many types of data in the digital world that could be used as a subset of ARI. The three most prominent types are customer, company, and industry data. Customer data includes customer preferences, personal data, customer service records, and customer behavior patterns. Company data has an organizational structure, size, history, and personnel records. Finally, industry data includes information like market trends. 

 

ARI to reduce business loss due to unforeseen circumstances

ARI is a systematic way of understanding your data risks. It can help you identify the most critical risks you need to address and help you prioritize the ones you need to address.

ARI is a framework that includes three key considerations: the risk’s potential, probability, and feasibility. With these three factors in mind, you can create a plan for mitigating your data risks.

ARI is ideal because it can be applied to any data, and it can start with a minor concern and grow into a full-blown disaster recovery plan.

Role of ARI to uncover organization’s most critical surfaces

As we rely on digital technologies to grow and expand, the risk of data breaches and other cyber risks continues to grow. Therefore, it’s critical to understand each risk’s potential impact and probability of occurrence and decide what you need to do to mitigate the risk.

It is where algorithmic risk intelligence (ARI) comes in. ARI is a new way of thinking about data risks systematically. It has three considerations:

(1) How significant the potential impact is

(2) what is the probability of occurrence is 

(3) how feasible it would be to prevent or mitigate the risk.

Understanding these three factors will allow you to identify your most critical risks and give you an idea of where to focus your efforts when it comes time to prioritize which risks you need to address.

How can Signzy help?

Fintech companies must safeguard sensitive customer data to reduce data risks. But how can this be accomplished?

You can depend on us to help you in that regard. We at Signzy have a variety of AI-based solutions to digitally identify, verify, and authenticate customers, moreover helping in ensuring complete security. Our solution for onboarding security has been deployed by more than 45 significant and valued clients. These include leading banks, NBFCs, mutual fund managers, P2P lending banks, digital payment solutions, etc. Thus, making it promising and easier to trust us.

Writtern By:

Vaishali Bharadwaj
Vaishali is a machine learning enthusiast. Besides machine learning and data storytelling, she likes contemporary art, traveling, and Ice Skating. Since Vaishali was young, she has always enjoyed solving puzzles. So that’s how she looks at big data sets: to Vaishali, it is one big puzzle she wants to solve. Finding patterns nobody else sees is a challenge to her.

Enriching eNACH -Impact on NBFCs, Banks, And Even Millennial Financing

India’s lending industry stands at a staggering 156.9 lakh crores, a steep increase of 100% from 2017. But what many miss out on is that of these, only 2% involve microfinance contributions. Instead, commercial and Retail lending dominates 98% of this, with each at 49%.

Although almost every citizen will try to avail of a loan at a point in their life is true. It is an integral part of the economy and even a commoner’s aspirations. But the above data identifies two significant factors. One, customers prefer commercial and retail lending. Two, These areas are potentially untapped and improvable.

Once considered stormy waters, even personal loans are now being navigated at a growth rate 3.8 times higher. This is primarily due to easier access and availing procedures of loans in the country. As a result, even banks and NBFCs are modifying their gameplan to incorporate the novel surge in commercial and retail loans through digital banking.

But then, why is the government stressing on eNACH Mandates? Why are banks and NBFCs preferring the involvement of eNACH?

 

What’s The Real Concern?

As the tide rises, so does the seaweed. Financial Institutions reported an abnormal increase in loan repayment defaulters. Although COVID-19 played a significant role in this, the impact is also attributed to a sense of gullibility. Even genuine customers who accidentally default face the risk of lowered credit ratings.

Entities have increased their safety and security measures to stop defaulting, but that alone won’t cut it. We need an impeccable system of retrieval and processing. Electronic clearing service was a primitive form of this. Even though insufficiently effective, it paved the way to a better solution- eNACH Mandates.

 

The What, Why, And How Of eNACH Mandates.

eNACH mandate is an improved version of the existing NACH mandate. The NACH mandate helps the customer give the collecting agency the right to debit the respective amount from the account for a fixed period at a specific frequency. The agency is required to collect the mandate form from their customers to facilitate the process of auto-debit for personal loan EMIs.

eNACH mandates are the digital versions of paper-based NACH mandates. They allow customers to approve recurring payment charges in a go, digitally. This will enable merchants to collect recurring insurance premiums, loan repayments, investment SIPs, utility bills, etc.

This makes things far easier for customers, NBFCs, and banks. This is why financial institutions now focus more on creating eNACH mandates for loan EMI collection from the borrowers. In addition, innovative companies and pioneer entities in the industry aim to craft solutions engineered to help NBFCs streamline their loan repayment collections while ensuring the benefit for the customer.

 

What Are Its Advantages?

  • Decreased Time- The digitized nature coupled with the automated deduction and reduced human involvement fastens the process. Signing up for loans is also swift with eNACH.
  • Increased Success Rate- loan disbursement and retrieval are more successful as most of the process is automated and the entire process is digitized.
  • Higher Successful Processing Rate- Almost all technical and human errors are negated with a proper digital system in place. This implies that the processing is better and more efficient.
  • Reduced Number of Defaulters- Defaulters find it hard to abscond and not pay. As everything is automated, the agreed-upon amount will be deducted accordingly from their accounts.

 

How Does It Impact And What’s The Bottom Line for eNACH?

It’s pretty much evident that eNACH is the new phase of recurring collections. Banks, NBFCs, and other financial institutions are incorporating it. Even genuine customers prefer eNACH as it is swifter and easier for processing. Millennials form the lion’s share of this as they mostly prefer digitized payments. This is evident because they overwhelmingly choose digital bank accounts over traditional options. The next generations will only soar higher from this point onwards to the digital canopy. Millennial financing is definitely digital.

But all this will be possible only with the proper implementation of eNACH and its methods. For this, you require the best resource provider you can get. We at Signzy can help you with this. With premium resources and products for your digitization and automation, you can better your processes.

 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

Mahesh is a Creative Writer intent on learning and sharing knowledge. He believes Finance is the matrix of functionality, and Technology is evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. He explores this sphere with keen eyes on the terraforming ecosystem. He tries to balance his professional enthusiasm with his passion-driven love for history, mythology, and stories of all forms.

Banking And Fintech In The Metaverse Of Finance

Dolce and Gabbana had a peculiar sale last year. Their customers paid $5.7 million to the fashion conglomerate for basically… Nothing. Or that’s what people who do not understand virtual reality would say. In fact, the company sold primarily virtual products for customers to use in the Metaverse. This is why the Metaverse economy experienced retail sales of more than $20 billion with an annual growth rate of around 40%.

This is the mere beginning of using digital assets as a repository of value. It is the beginning of a digital renaissance, encompassing AR, VR, and other digital immersive technologies, which will lead to wide-scale adoption and regulations. Cryptocurrencies will also play a crucial role in this.

Financial institutions must secure their position in this enormous and novel part of the economy by incorporating Metaverse and crypto into their services and business models. This will lead them to a cryptocurrency-fueled metaverse economy.

As the metaverse users increase, financial transactions in the new realm will increase. The government will issue new regulatory guidelines in the coming future. But it is unwise not to adopt early. Banks and institutions should not wait for this. Instead, they should embrace the metaverse economy. Here are some of the ways in which this is possible.

Build And Leverage Trust

Customers usually trust banks more than even the government. This should be utilized in a positive fashion. Tap into the customers’ interests in crypto and digital assets. Despite the standard expectations, 45% of Boomers used cryptocurrencies to make a purchase, compared to the 30% of Zoomers, in 2021.

Mastercard is processing crypto payments and paving the way for other institutions to follow suit. Offering custody services and processing crypto payments help banks prepare for the digital future. Even mortgages, loans, etc., will have digital asset involvement. Banks and banking technology may also leverage their brand identity in user verification and risk management as more peer-to-peer crypto transactors want to trust authentic payment sources.

Metaverse Payment Platforms: Adopt The Boon

Metaverse virtual reality is all set to take over the shopping experience for customers. The fundamental fintech future will be altered to adopt the new paradigm. Financial institutions must process transactions on metaverse payment platforms to accommodate the customers and their needs. A trial pilot by Facebook, the Whatsapp digital wallet is the beginning of this transformation. It offers benefits like zero fees for international transfers, etc. 

These methods have so much potential and versatile applications. For example, such platforms will help fasten transactions and secure the customer’s safety and privacy. Moreover, the institutions can either provide such platforms or integrate the accounts into existing payment apps by utilizing their APIs. But it is noteworthy that most of these apps adapt to phones and screens and ARVR technology.

The metaverse economy is in the infant stage. But once it starts flying, the entire system will soar. This is the ripe time for banks and financial institutions to secure the fintech future. This is where banking technology ups its game a notch with payment platforms.

Integrate With AR And VR Platforms

Providing payment platforms in the new paradigm is essential. But banks need to do more than that. They need to integrate with the metaverse virtual reality. Banking technology must evolve to increase its presence in the Metaverse while ensuring that customers spend more time in it. 

This may be done in multiple ways:

  • Communications with customers- Include AR and VR where it is appropriate.
  • Increase Visual Presence- Transactional experiences should be encapsulating and immersive.
  • Explore the New Age Ads- Advertising is evolving along with technology. Digital billboards, avatars of celebrities, etc.

Banks In The Metaverse

The future of fintech is mainly altering. But it is not unpredictable. We may not be able to say how the Metaverse will affect us or how it will look, but we sure can understand how it can be leveraged. Financial institutions should not wait for regulatory guidelines to adapt to evolving technology. They must learn how to leverage their unique attributes.

Utilizing their attributes to meet the wants and needs of the customers helps and navigate the digital transition successfully. This includes the desire to be a participant in the metaverse and crypto economies. But all these financial institutions and banks need a reliable and trustworthy service source. A resource marketplace where you get all that you require. Signzy can help you with the best customizable APIs and resources with our efficient AI-based rule engine and technology.

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Mahesh Mohan

I am a Creative Writer intent on learning and sharing knowledge. I believe Finance is the matrix of functionality, and technology, its evolution. Amalgamate the two, and you get the most dynamic beast in modern civilization- Fintech. I explore this sphere with keen eyes on the terraforming ecosystem. I try to balance my professional enthusiasm with my passion-driven love for history, mythology, and stories of all forms.

Exploiting SSTI To Execute Arbitrary Code On Server

Server-side templates create an accessible method for the dynamic generation of HTML code management. But they could also be susceptible to SSTI(server-side template injection). To fully comprehend these mechanics, we must understand what template engines and SSTI attacks are. This can also help execute arbitrary code on the server.

What are Template Engines and SSTI Attacks?

Template engines are created by including multiple specific templates with variable data to create web pages. Server-side template injection attacks can occur when user input is concatenated directly into a template without being sanitized against evil characters. As a result, attackers can inject arbitrary template directives into the template engine, allowing them to manipulate the template engine and, in some cases, gain complete control of the server.

Some of the Template engines are listed below : 

PHP – Smarty, Twigs                                                   

Java – Velocity, Freemaker                                                   

Python – JINJA, Mako, Tornado                                                   

JavaScript – Jade, Rage                                                   

Ruby – Liquid                                                    

 

Jinja: A Python Based Template Engine

Jinja is a Python template engine written as a self-contained open source project to create HTML, XML, or other markup formats returned to the user via an HTTP response. It is also referred to as “Jinja2”.

So why Jinja? 

Today Jinja is the most widely used Python-based template engine and is opted by configuration management tools Ansible and SaltStack and the static site generator Pelican to generate output files. Given its vast adaptation, we will have Jinja as a reference to understand how the SSTI attack works. 

The Vulnerable Code Snippet

 

 

Here, a part of the Template is dynamically generated using the form. Because template syntax is directly processed at the server-side without any filtration, an attacker possibly can inject a malicious payload inside the ‘name’ argument where user input is being placed within the template expression. 

Identifying The Vulnerability

As shown in the code snippet, the input we’ll provide will be rendered precisely by the template engine. 

So, if we put a mathematical expression to identify the vulnerability, if it is being rendered by template engine or not. 

 

 

 

Input value- {{7*7}} returned ‘Hello 49!’. So it is confirmed that the backend is using jinja2.

Python depends on specific modules like ‘sys,’ which includes other dependencies such as the ‘OS’ module; we will target the ‘OS’ module here for exploitation. However, the exploitation and getting shell would not be that easy here as Jinja does not support the import statement. 

Our very first goal here is to identify the template engine used by the target application, for which the TPLMAP tool can be leveraged. With numerous sandbox escape strategies, the TPLMAP tool aids the exploitation of Code Injection and Server-Side Template Injection vulnerabilities to get access to the underlying operating system.

Exploiting The Vulnerability

So as explained above, the import statement does not work in the case of Jinja; hence we will use some parts of code that are accessible to us, often called Gadgets, to achieve remote code execution.

 

The below payload will execute the malicious code which is inside the ‘popen’ function:

 

The above payload is explained in the below fig:

 

The RCE is achieved as shown below:

 

Workaround and Remediation

  • Templates should not be created using user-controlled input. To pass user input to the Template, use template parameters. Sanitize the data before processing it by removing any unwanted or potentially hazardous characters before putting it into the templates. This decreases the likelihood of your templates being maliciously explored.
  • Malicious code execution is inescapable if permitting certain dangerous characters to render specific elements of a template is a business requirement. Then encapsulating the template environment in a docker container is almost certainly the safer option. With this option, you may leverage Docker security to establish a safe environment that prevents dangerous actions.

 

About Signzy

Signzy is a market-leading platform that is redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering totally customizable workflows. It gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru, and it has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By- Ankit Pandey

Ankit is a cyber geek currently working in the information security team at Signzy. Ankit holds eWPTX, eCPPTv2 & CEH certifications. Ankit is also an active member of Synack Red Team actively hacking and securing companies globally.

 

1 2 3 4 5 16