Category: Regulations

Welcome to our Regulations category, a comprehensive resource meticulously designed to assist you in navigating the intricately woven tapestry of regulatory norms governing the fintech industry. With regulatory frameworks being in a state of constant evolution, staying abreast of the latest changes is crucial for businesses and professionals operating within the financial sector.

The articles housed within this category delve deeply into an expansive range of regulatory topics. We explore everything from the shifts in KYC/AML guidelines to the influence of data privacy legislations on financial institutions. Our aim is to provide a multi-faceted understanding of these regulatory transitions and the implications they carry for businesses.

At Signzy, we recognize the significant role regulatory compliance plays in the financial industry. Our innovative solutions are crafted with a keen eye on the most recent regulatory requisites. Our aim is to help businesses remain compliant without having to sacrifice efficiency or compromise on delivering exceptional customer experiences.

Whether you’re a compliance officer diligently ensuring that operations align with regulations, a fintech entrepreneur navigating the challenging waters of the industry, or a professional immersed in the financial sector, our Regulations category offers invaluable insights into the ever-changing regulatory landscape.

We cordially invite you to join us as we embark on an exploration of the world of fintech regulations. Through our articles, we aim to provoke thought, spark discussion, and provide guidance on how to navigate the complex regulatory environment effectively. Join us on this enlightening journey as we untangle the intricate web of regulatory norms shaping the world of fintech.

Ease Customer Onboarding with the New Offline KYC Rules

Posted on | by Signzian

RBI has unveiled the guidelines for ‘offline KYC’- a significant move towards reducing the woes for fintech companies and easing the customer onboarding process. These regulations have opened up new avenues for fintech companies to innovate their leverage of the Aadhaar database.

Fintech startups have been desperate for modifications to the KYC to make it easier to onboard customers remotely. In a statement from RBI, “Banks have been allowed to carry out online verification using Aadhaar identification of an individual who voluntarily uses their Aadhaar number for identification purposes.

For offline KYC, companies can capture customer details using a QR code or an XML-based process laid out by the Unique Identification Authority of India which manages Aadhaar- the biometric database of residents.

After this move, RBI has added ‘proof of possession of Aadhaar number’ to the list of OVDs (Officially Valid Documents).

Let’s explore in depth what this move means for the consumers and the financial institutions.

Why Use Aadhaar Offline Paperless e-KYC?

Through Aadhaar offline KYC, UIDAI provides a mechanism to verify the identity of an Aadhaar card holder through an online electronic service. This e-KYC method facilitates an authenticated instant verification of identity and substantially lowers the cost of paper-based manual KYC.

This method is usable by all agencies who have the following:

  • Reliable internet connectivity.
  • The right technical infrastructure to call online e-KYC service and deploy services at their end (as and when necessary).
  • A method to capture the biometrics of a resident.

UIDAI maintains each KYC request in a record to carry out audits.

The Merits of Aadhaar Paperless Offline e-KYC

Here are a few reasons why offline e-KYC is the right move toward a digital future:

Privacy of information

  • KYC data can be shared by the cardholders without the knowledge of UIDAI.
  • The Aadhaar number of the resident is not revealed. Only a reference ID is shared with the agency.
  • This offline verification method does not need any of the core biometrics, such as fingerprints or iris detection.
  • The Aadhaar cardholders get a choice of the data (within the demographics data and their photo) they want to share.

Security

  • When the Aadhar number holders download their Aadhaar KYC data, it is digitally signed by the UIDAI to detect fraud and tampering to authorize the use of that data.
  • Any agency can validate the data with their own OTP or face authentication methods.
  • The Aadhaar number holders provide a phrase which is then used to encrypt their KYC data- allowing consumers more control over their data.

Inclusion

  • Aadhaar paperless offline e-KYC is a voluntary, number holder driven method.
  • Any agency can use this method for identification and verification with the approval of cardholders allowing wide usage of the technology.

Any agency with the right infrastructure to support face identification using facial recognition, AI, and ML will be able to leverage this opportunity for its full potential to improve customer onboarding for remote customers.

How does Aadhaar Paperless e-KYC Work?

  • Aadhaar paperless e-KYC eliminates the need for cardholders to make a copy of their Aadhar letter. Instead, they can download the KYC XML and provide that to the agency wanting to do their identity verification.
  • The agency will have to go step-by-step with a detailed procedure to verify the KYC details given by a resident.
  • The KYC details are captured and shared in a machine-readable XML format which is digitally signed by UIDAI to verify its authenticity.
  • The agency can choose to verify the customer through their own facial verification software.

The following fields are included in the KYC data when customers download it:

  • Resident name
  • Reference number for download
  • Address
  • Photo
  • Gender
  • Dob
  • Mobile number in a hashed format
  • Email in a hashed format

Aadhaar offline KYC data is encrypted using a ‘Share Phrase’ given by the customer at the time of downloading data which they need to share with an agency for them to read and access that data.

Read on here to learn the simple steps of downloading and accessing Aadhaar e-KYC data.

Adoption of e-KYC

The incorporation of offline KYC is a welcome step for fintech companies. However, some digital payment companies think the process is a bit complex compared with the biometrics or OTP based KYC that has been the present norm for authentication and validation.

Thus, companies believe the method could be difficult to scale.the guidelines, however, show a way to encourage mass adoption of offline KYC, in three steps:

  • Paperless XML
  • eAadhaar PDF
  • Secure QR code scan

Now, the payments industry is waiting for the incorporation of e-KYC norms for non-banks, concerning an order by the Department of Revenue on May 9. As of the current regulations, RBI prohibits e-KYC for any non-DBT (Direct Benefit Transfer or subsidy-linked) accounts.

For carrying out the customer identification of non-DBT beneficiaries, the REs should obtain a certified copy of any OVD containing the details of his identity and address along with one recent photograph.

Following the Supreme Court judgement on Aadhaar in 2018 and in order to address privacy concerns and limit data sharing,The use of offline KYC can surely be an innovative solution for identity verification wherein verification can be done without sharing biometrics or even Aadhaar number.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Moni Gupta

 

Impact of RBI’s NSFI report on Different Indian Business Sectors

Posted on | by Signzian

Need For Financial Inclusion

The Reserve Bank of India (RBI) has intricately planned out an ambitious strategy for financial inclusion till 2024. The National Strategy for Financial Inclusion report aims to fortify the ecosystem for various modes of digital financial services in order to create the necessary infrastructure to move towards a less-cash society by March 2022. While charting out the report for the period 2019–2024, RBI said, “Financial inclusion is increasingly being recognized as a key driver of economic growth and poverty alleviation the world over.”

Similar to the conventional banks, other institutions like payments banks, small finance banks, co-operative banks and other entities such as fertilizer shops, fair price shops, should encourage the use of digital transactions to uphold efficiency and transparency. The NSFI report outlines the need for increasing the reach of banking outlets of scheduled commercial banks, payment banks, etc to provide banking access to every village within a 5 km radius and at least 500 households in hilly areas by March 2020.

The increased global recognition and United Nations Sustainable Development Goals (SDGs) empower financial inclusion as a pivot for achieving sustainable development across the globe, countries are developing strategic policies to increase access and usage of formal financial services.

One of the key objectives of the World Bank is to achieve Universal Financial Access by 2020 (UFA 2020). The intent behind this is to provide adults who currently aren’t part of the formal financial system, with access to a transaction account to store money, send and receive payments to manage their financial lives. (Universal Financial Access 2020, 2018)

To achieve this ambitious goal, the World Bank Group has committed to enable one billion people to gain access to a transaction account through targeted interventions.It also works with countries to fortify the following primary building blocks:

  • public and private sector commitment
  • initiation of legal and regulatory framework
  • strengthening financial infrastructure
  • interaction with regulatory bodies on a global scale to provide guidelines that will enable access to transaction accounts.

Objectives of Financial Inclusion:

  • To provide awareness and enlighten customers on financial services, procuring various types of products and their highlights.
  • An objective has been defined where every eligible & consenting adult enrolled under the Prime Minister Jan Dhan Yojana, will be provided with an insurance scheme and a pension scheme by March 2020.
  • Change attitudes to translate knowledge into behavior.
  • Help consumers get a clear understanding of their rights and responsibilities as consumers of financial services.
  • Enhance the reach of banking outlets to provide banking access to every village within a 5-km radius or a hamlet of 500 households in hilly areas by March 2020.
  • By March 2024, every adult should have access to a financial service provider through a mobile device.

Application of Financial Inclusion Across Various Business Sectors

The RBI has drafted the NSFI 2019–24 under the supervision of the Financial Inclusion Advisory Committee (FIAC). The report has been created on the basis of inputs and suggestions from the Government of India as well as other Financial Sector Regulators. The report has also been approved by the Financial Stability Development Council (FSDC).

The NSFI 2019–24 outlines the vision and primary objectives for financial inclusion policies in India to help expand and sustain the process on a national scale. This can be done through a broad convergence of action which includes all the major constituents of the financial sector. As such, certain focus areas have been identified across various business sectors which we will discuss below.

Micro, Small and Medium Enterprises (MSMEs):

  • MSMEs are the primary catalysts that drive the growth of the Indian economy. They contribute nearly 31% to India’s GDP, 45% to exports and provide employment opportunities to more than 11.1 crore skilled and semi-skilled people.
  • An estimated presence of 6.33 crore MSMEs can be located in the country. Several initiatives have been undertaken to enable credit off take in this industrial sector.
  • A special capacity building programme named ‘National Mission for Capacity Building of Bankers for financing MSME Sector’ (NAMCABS) has been devised to familiarise bankers with the entire gamut of credit related issues of the MSME sector.
  • Web portals like the ‘Udyami Mitra’ and ‘psb loan in 59minutes’ have also been launched to provide easy access to credit. Trade Receivables Discounting System (TReDS) platforms have been set up to address the problem of delayed payments to MSMEs. In April 2015, the Pradhan Mantri Mudra Yojana (PMMY), an initiative to finance small business enterprises, was introduced. This was to ensure lending institutions would finance micro entrepreneurs up to ₹10 lakh. The interest subvention initiative has been launched for MSMEs to alleviate the cost of borrowings..

Agriculture:

  • In India, agriculture serves as the source of around 15 percent of GDP, 11 percent of exports and livelihood for about half of the Indian population. The importance of the sector from a macroeconomic perspective is also reflected in the form of bank credit to finance agricultural and allied activities relative to other sectors of the economy.
  • Banks have been mandated specific targets under priority sector schemes to give a thrust to agriculture financing from the formal sector, Currently the target for agriculture lending under priority sector for all domestic scheduled commercial banks and foreign banks having more than 20 branches is 18% of Adjusted Net Bank Credit (ANBC) or Credit Equivalent Amount of Off-Balance Sheet Exposure (CEAOBE), whichever is higher.
  • Within the 18 per cent target for agriculture, a sub-target of 8 percent of ANBC or Credit Equivalent Amount of Off-Balance Sheet Exposure, whichever is higher is prescribed for Small and Marginal Farmers. The banks have been advised to extend collateral free loans to small and marginal farmers upto ₹1.6 lakh. To provide adequate and timely credit support from the banking system under a single window to the farmers for their cultivation & other needs, an innovative product called the Kisan Credit Card Scheme (KCC) was launched in August 1998 as a flexible source of cash credit for easy access and delivery.

Banking:

  • RBI has adopted a bank oriented system to strengthen financial inclusion. The banks were mandated to open branches nationwide especially in under-banked pockets which led to a considerable increase in bank branches and later Automated Teller Machines (ATMs) in the 1990s to early 2000.
  • The banks were instructed to draw up a road map for having banking outlets in villages with population more than 2000 (in 2009) and less than 2000 (in 2012). Consequently, the banks were advised to open brick and mortar branches in villages with populations of more than 5000. The banks were also advised to prepare Financial Inclusion Plans for a period of three years comprising key parameters viz., modes of delivery of financial services, access to Basic Savings Bank Deposit Accounts (BSBDAs) as well as transactions via the BC Channel.
  • To fortify financial inclusion, RBI has relaxed the branch authorization guidelines in 2017 wherein fixed-point Business Correspondent(BC) outlets serving for more than 4 hours a day and five days a week are treated in a similar fashion to branches with physical infrastructure. An exclusive fund viz., Financial Inclusion Fund (FIF) has been created to support adoption of technology and capacity building with an initial corpus of ₹2000 crore.
  • As a measure to improve financial inclusion, RBI has issued differentiated banking license viz., Small Finance Banks (SFBs) and Payments Banks in 2015. The objective of setting up of SFBs was to further financial inclusion by provision of a savings vehicle and supply of credit to small business units, small and marginal farmers, micro and small industries as well as other unorganized sector constituents. This can be done with high technology-low cost operations. Payments Banks have been set up to provide small savings accounts and payments/remittance services to migrant labor workforce, low income households, small businesses and other unorganized sector entities / other users.
  • In order to strengthen the business correspondents(BC) model of delivery and help prospective users to identify BCs having good service track record, the BC Registry has been launched under the aegis of Indian Banks’ Association (IBA). For capacity building and to ensure certain minimum standards of service rendered by the BCs, a BC Certification course through Indian Institute of Banking and Finance (IIBF) has also been introduced.

Insurance:

  • The key initiatives undertaken in the insurance sector include increasing awareness among citizens on the benefits and appropriateness of insurance and enabling greater availability of insurance products (including micro-insurance). This can be done by increasing the number of delivery channels which consist of corporate agents as well as Common Service Centers.
  • Further, with the use of technology, Web Aggregators and Insurance Repositories have been erected to provide ease of access and storage of insurance policy details to enable issuance of insurance policies in an electronic form.
  • Towards the interests of policyholders and also in building their confidence in the system, the institution of Insurance Ombudsman has been created. The objective is to quickly dispose of grievances of the insured customers and also mitigate their problems involved in redressal of their grievances. To protect the interests of policyholders and customers catered to by the insurance companies / intermediaries under the Health insurance segment, separate guidelines have been issued.

Pension:

To monitor and control the National Pension System (NPS) and other pension schemes which are not subject to any other enactment, the Pension Fund Regulatory and Development Authority (PFRDA) was set up under the PFRDA Act, 2013. Some of the key initiatives undertaken in the pension sector include expansion of NPS via increased channels of distribution, developing efficiency of the officials of its intermediaries and increasing the awareness on old age income security and retirement planning. The regulatory authority has also leveraged technology in an effort to drive efficiencies & improve ease of access to NPS for the subscribers and service providers.

Future Scope of Fintechs in NSFI

The policies on financial inclusion would be incomplete if digital financial inclusion and the role of fintechs is not meaningfully integrated. While the Jan Dhan-Aadhaar — Mobile trinity has been a benefactor to Indian economy over the last few years, adequate measures are needed to strengthen the ecosystem for digital financial services, including increased awareness on usage of digital modes of transactions, increased access points/ acceptance infrastructure and a safe environment incorporating the principles of consent and privacy.

Based on the report, it is expected that over the next few years, the fintech space may evolve from its present structure, calling for adequate understanding among regulators, financial service providers and most importantly the customers availing financial services through the digital mode. It is important to primarily address the newly-included digital customers through sufficient awareness and literacy.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Data privacy: the debacle & the debate (GDPR vs PDP)

Posted on | by Signzian

In an increasingly data driven digital economy, Big Tech companies have an eye, ear, and finger on the pulse of billions.

Depending on how deep you’ve let Amazon, Facebook, and Google sync into your life (pun intended), the data these companies have access to has reached an increasing level of detail. The digital era has molded us into great liars when it comes to signing up to online sites. While complaining about how ridiculous it seems to identify traffic lights to prove we’re not robots, we mechanically lie about reading all the Terms and Conditions. By agreeing to the T&C we may have inadvertently let the company use and sell our data for reasons we weren’t aware of.

Contextualizing the need for personal data protection

In the past few years, the headlines have been replete with worrying instances from the digital world. From large scale data breaches to controversial targeted political ad policies and inconclusive investigative hearings on privacy. The Facebook–Cambridge Analytica data scandal of 2018 exposed how unethically sourced personal data could be used for thought manipulation. Data of about 87 million Facebook users was inappropriately harvested by the political consulting firm, Cambridge Analytica, and was used for electoral advertising.

The mammoth scale and global repercussions of this scandal altered the history of the privacy debate. It revealed the imperative need to have wide-scale legal mechanisms. A system needed to be enforced to regulate what data will be collected, what it will be used for, and how permission should be sought from its owners. Organizations would have to be held accountable to such provisions through a transparent legal process. These regulations were to be designed to protect the privacy and personal data of netizens and perhaps rein in the power and influence of giant tech companies.

Introducing EU’s GDPR and India’s PDP

The European Union set precedence with the European General Data Protection Regulation (GDPR). The GDPR was adopted in 2016 and enforced on 25 May 2018. It is not a mere directive, but a regulation. This implies that it is directly binding and applicable although it does allow for some flexibility to individual member nations to adjust the provisions. The GDPR is also not an Act, which means that its members have passed their own legislations based on the regulation.

In India, a regulation governing data privacy and data protection is set to be passed this year. The need stemmed from the 2017 Supreme Court judgement on the Right to Privacy. (Read our article on how the judgment impacted the digital world and the financial sector here.) A draft data protection bill was then composed by a committee headed by Justice B. N. Srikrishna. After about 2 years of contentious debate on the bill, during which it was floated for public feedback from stakeholders, it was tabled in the Indian Parliament on 11 December 2019. Currently, a joint parliamentary committee is scrutinizing the revised draft of the bill, codified as the Personal Data Protection Bill (PDP Bill). Post this, it will be debated in the Indian Parliament and finally passed.

It is yet to be determined whether the Indian PDP Bill is closer to the EU’s progressive GDPR or to China’s policy of control. Either way, it has managed to irk both Big Tech companies and privacy advocates alike. Companies with data banks aren’t happy with the cost and hassle of compliance. They deem the bill as isolationist due to its restrictive certification requirements to operate in India. Privacy advocates highlight how the exceptions in the bill can lead to State excesses of control over our data. They warn of government mission creep. Mission creep is the gradual expansion of an intervention, here, it implies the dangerous possibility of the State having access to all our data in the absence of a Privacy Law.

This blog is an exploration of how the GDPR and PDP Bill are similar, yet different in various ways.

Coming to terms with the terminology

Before delving into specifics, it’s important to be acquainted with the terminology used in the legal mechanisms for data privacy. The two regulations also use different terms for the same entity:

 

  • Data processor: Any person or legal entity including the State who processes the data. This may consist of the data controller or data fiduciary itself or a third party.
  • Interestingly, the PDP Bill’s definition of personal data differs from the international definition in the GDPR.

Thematic classification of differences

The underlying principles and intent of the PDP Bill resemble the provisions enshrined in the GDPR. Aspects such as the need to have a clear purpose of processing personal data, consent requirements, personal rights, and the appointment of Data Protection Officers in organizations are closely adapted from the GDPR.

However, there are a range of differences between these two instruments of privacy. Here, the language and enforcement provisions aren’t compared, but the stance both mechanisms take on different issues.

These have been classified into the following themes:

1. Classification of data

 

Critical data has not yet been defined by the Indian government. Although the category resembles the list of “special categories” in the GDPR, the EU’s regulation has defined what the category entails while in India the government has the power to declare any data as critical data. The GDPR does not have separate localization rules for this type of data, unlike India. This is explained ahead.

2. Data localization and cross border data flows

Data localisation requires the collection, processing, or storage of certain types of data within the borders of the nation where the data was generated, before being internationally transferred.

GDPR stance

The aim of data protection frameworks is to protect the data while safeguarding its free flow. The GDPR has no hard data localization conditions. It allows for cross-border transfer of all types of data if the country of data transfer has an adequate framework of data protection.

PDP Bill stance

On the other hand, the Indian regulation’s requirements seem to restrict data’s free flow.

  • Sensitive personal data: This category of data when collected, shared or disclosed to the data fiduciary in India has to be stored only within the borders of the State. It may be transferred beyond the territory of India for processing, subject to explicit consent and conditions.
  • Critical personal data: Strict data localization norms exist for this category of data. It can only be processed within the borders of India. The problem arises since this type of data has not even been defined yet.

Due to firm opposition, the 2018 draft was amended to dilute data localisation requirements (such as storing a mirror copy of all personal data in India). Yet, the GDPR’s approach to handling data is considered more pragmatic since it ensures data gets similar protection once it moves out of the jurisdiction of the regulation.

3. Right to restrict processing

The GDPR grants the data subject the right to limit the processing of their data. This means that the processing of personal data can be stalled at an intermittent stage. This can be requested on the grounds of unlawful processing, data inaccuracy etc. The PDP Bill doesn’t enshrine any such right to the data subject.

4. Right to not be subjected to automated decisions

The GDPR grants the right to not be subjected to automated decision-making, such as profiling. Profiling is the automated processing of personal data to assess certain things about an individual. This right gives the data subject the recourse of obtaining human intervention. This is when such data is solely automatically processed to make an important decision, has legal consequences or significantly affects the individual.

For example, automated processing can be used to profile potential behaviour of an individual in a faster way. It is possible that the individual will not behave in the manner the results project. In that case, if such profiling affects the legal rights of the individual, the person can legally request human intervention.

The PDP Bill does not ascertain this right. While it encourages individuals to seek remedy through courts in case of such discrimination, it does not empower an individual to decide how their data should be processed.

5. Storage limitation

The GDPR lays down specific exceptions for increasing the storage period of collected data. These exceptions include public interest, historical, scientific, and statistical reasons.

On the other hand, the PDP Bill mandates the explicit consent of the data principal to store data for a longer duration of time than is needed to satisfy the purpose for which it is collected. The GDPR does not necessitate this consent.

What does this mean for your organization?

The most contentious question is whether GDPR compliance implies PDP compliance. It is briefly addressed in this section to understand how these bills affect an organization’s compliance needs.

  • Areas such as the anonymization standards differ between the PDP Bill and the GDPR.
  • With no parallel of ‘critical personal data’ in the GDPR, companies will have to be careful with their processing of this classification for India.
  • Unlike the GDPR, the PDP Bill also mandates the explicit consent of the data principal to store data for a longer duration of time.

Such differences and more, warrant that companies pay close attention to the compliance needs of the PDP Bill, even if they meet the requirements of the GDPR.

Other interesting follow-up questions will be explored in our next blog in the PDP Bill series.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Crypto attacks

How to Safeguard Against Crypto Attacks?

Posted on | by Signzian

Crypto attacks have surged in tandem with the rising popularity of digital currencies, emphasizing the need for robust security measures. To safeguard against these threats, users must employ multi-factor authentication, maintain updated software and wallets, and be cautious of phishing attempts. Educating oneself on the latest types of attacks and remaining vigilant while conducting transactions is crucial.

We’re just two months into 2018 and $2,653,302,364+ of real money has already been spent to buy virtual money. Cryptocurrencies — whether regulated or not — have buyers all over the world, even in countries where their status lies in the limbo.

However, just like real money, virtual money is also being stolen. And just like real money investment scams, the virtual currency space, too, has its share of investment scams with cheats floating schemes promising lucrative returns and running away with all the money.

Let’s look at some of the most common crypto attacks and how regulation can bring them down.

ICOs and the Disappearing Act

ICOs (or Initial Coin Offerings) is a means of crowdfunding that allows new ventures/startups to raise capital without following the regulated processes and compliance needed by venture capitalists, stock exchanges, and banks.

While cryptocurrency ICOs intend to raise money for building the proposed ground-breaking blockchain solutions, scamsters only use them to loot. Their modus operandi is the same: Announce an ICO. Lure investors. Collect the cash and disappear.

The Benebit scam is one such recent ICO scam. In its whitepaper, Benebit had proposed a revolutionary customer loyalty blockchain solution. But it did a runner with about 4M USD when someone reported that Benebit’s website’s photos were stolen from some school’s website.

Phishing and Crypto Attacks & Thefts

When dealing with virtual currencies, customers face the same risks as they face when doing net banking. Cryptocurrency users are prone to all kinds of cyber attacks like phishing, password hacking, trojan software and others.

IBM’s X-Force research group states how cyber criminals have modified TrickBot, a banking trojan, to target cryptocurrency trading platforms by redirecting the virtual currency to their wallets during transactions.

Coincheck, a cryptocurrency exchange from Japan, was a victim of a cyber stealing attack and lost $530 million of its users money. Another Japan-based bitcoin exchange company, Mt. Gox, had in 2014 lost $400 million of its users’ funds. Although it promised to return the lost money, it ended up filing for bankruptcy.

Unlike traditional banks or card processing companies, cryptocurrency exchanges can’t do much to recover virtual currency.

Crypto Attack: ‘Cashing’ in on the Hype

When a technology is so new and disruptive as blockchain, it creates hype. A stream of scamsters use nothing but this hype and lure unsuspecting victims into investing their money.

The Suppoman scam is one such scam. A youtuber scammed hundreds of his viewers by promising information on a “secret ICO” if they bought one of his Udemy’s paid courses and joined his Facebook mastermind group. To join this group and get access to the password, the viewers were required to pay 10$.

Suppoman succeeded in creating such hype around the “secret ICO” that people started buying even his old Udemy courses so they could get the password. To the disappointment of the buyers, the secret ICO turned out to be: Seele, which is a very popular ICO everyone knows of.

There are also instances where scamsters rebranded old cryptocurrencies and raised funds all over again, only to run away with the money.

Countries that accept (or the ones that haven’t banned) cryptocurrencies are working on creating regulations to protect the investors against such attacks.

Regulatory Red Tape on Cryptocurrencies

Treating cryptocurrency companies like any other financial institutions and forming regulations for the same will clamp down — if not eliminate — most of the different crypto attacks.

Regulating to avoid tax evasion and ensure the money isn’t used for sponsoring shady activities: Subjecting cryptocurrency trading companies to stringent KYC, AML, user data privacy and other financial norms will help monitor the flow of fiat currency to crypto and vice-versa. This will also impose checks on issues like tax evasion.

In US (where cryptocurrencies are undergoing rapid regulation), virtual currency trading companies are required to register as money services businesses with the Financial Crimes Enforcement Network, a part of the U.S. Treasury Department.

Regulating to avoid fraud ICOs from raising funds: Regulating how ICOs are released and what happens to the money in the case of a non-delivery will protect investors from ponzi virtual currency schemes.

Gibraltar is working on a law that will regulate Initial Coin Offerings (ICOs) in the British overseas territory. This law aims to regulate how ICO tokens are promoted, sold, and distributed. Sian Jones, a senior GFSC advisor, says the regulation will introduce the concept of “authorized sponsors,” who’d be “responsible for assuring compliance with disclosure and financial crime rules.”

Regulating to strengthen the security norms of cryptocurrency makers and trading companies: Regulating the security standards for companies that deal with cryptocurrencies will help prevent thefts.

When it comes to securing users’ money in banks, RBI has given as many as 24 best practices on user, software, asset, environment, and security management. It would be interesting to see if RBI could introduce comparable standards for the cryptocurrency companies as well.

Regulation can pave the way for a safer and more secure cryptocurrency trading environment. Regulation will also handle the government’s key concerns such as financing illegitimate activities, money laundering, and terrorist financing related to crypto trading.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Cryptocurrency

Due Diligence Best Practices for Cryptocurrency Firms

Posted on | by Signzian

Although the cryptocurrency market is largely unregulated in India, cryptocurrency remains an investment option of interest for young Indians. Just recently, the Indian Income Tax Department issued tax notices to thousands of cryptocurrency investors. BR Balakrishnan, Director General of Investigation (Karnataka and Goa), Income Tax Department, said that they couldn’t turn a blind eye to the whole cryptocurrency investment space and that “It would have been disastrous to wait until the final verdict was out on its legality.

So legal or regulated or not, cryptocurrencies are selling in India.

But the lack of government regulations on cryptocurrencies like bitcoins makes them prone to frauds. Recently, India has witnessed several cases of cryptocurrency frauds right from the 84-crore Goregaon cryptocurrency investment scam to the 2,200-crore Mumbai fraud incident.

Although RBI has never supported the usage or trading of cryptocurrencies in India, it hasn’t imposed any bans either. But the rising fraud instances show that there’s an urgent need to regulate the market.

Recently while presenting the Union Budget 2018, finance minister Arun Jaitley said “The government does not consider cryptocurrencies as legal tender or coin and will take all measures to eliminate use of these cryptoassets in financing illegitimate activities, or as part of the payment system.” The Finance Minister’s speech has triggered lots of responses from the Indian Cryptocurrency exchanges.

Shivam Thakral, co-founder and CEO Delhi-based BuyUcoin, said “Nothing new was quoted by our Finance Minister in the budget announcement today. It was a repetition of the same old cohort whilst the industry was expecting clarity over taxation and it’s regulation from the Government.”

Another bitcoin exchange Unocoin also maintains that no new Legislature has been introduced and the legal status of Cryptocurrency remains unchanged. That it’s the same unregulated virtual currency now as it was earlier. The Chief executive and co-founder of Unocoin Sathvik Vishwanath said “There is no change in the government stance with respect to trading cryptocurrencies. Cryptocurrency holders need not panic and the business is as usual.”

But even with the ‘impending’ official regulations, cryptocurrency companies can (and some are) proactively following norms such as KYC and AML, which they could certainly be subject to if the regulation happens. These measures will also address the key concerns the Finance Ministry has with cryptocurrencies.

Regulatory processes some Indian Cryptocurrency Companies are already implementing

While Indian cryptocurrency companies wait for the official regulation to happen, some of them are going ahead and borrowing the guidelines that apply to other financial institutions. This is the way to go as the international law firm, Norton Rose Fulbright, notes: “As a general rule, where no specific steps have been taken to regulate cryptocurrencies in the relevant jurisdiction, it would be necessary to refer to the existing legal and regulatory frameworks to understand how they might apply to the new circumstances that the technology enables.

Which brings us to norms such as KYC, AML, and Data Privacy among others.

Atulya Bhatt, Founder of India’s leading cryptocurrency marketplace, BuyUcoin, stresses on how with self-regulation cryptocurrency companies can counter the anonymity of transactions and tackle money laundering in cryptocurrency trade. He says:

Indian exchanges counter the anonymity of transactions and money laundering issues via self-regulation.”

Bhatt also recommends using advanced technological solutions for digital identity verification processes.

Hemanth Kumar, CIO at Unocoin (India’s most popular bitcoin wallet company), also underlines the importance of following KYC and AML provisions for cryptocurrency companies to remain accountable. He says:

Regulation of entry points through strict KYC norms and deploying AML policies for monitoring the flow of the funds is key for any crypto exchange to bring in accountability of its customers.

As you can see, KYC and AML are recurring themes even as cryptocurrency companies are practicing proactive self-regulations.

South Korea, which has just recently legalised cryptocurrencies, has already released a regulatory framework focusing on AML measures and KYC. The official document states that these measure will “reduce room for cryptocurrency transactions to be exploited for illegal activities, such as crimes, money laundering, and tax evasion.”

Key points from South Korea’s KYC and AML measures in its cryptocurrency regulation policies:

  • Cryptocurrency companies need to share (with the banks) information about the purpose of the transactions, the sources of funds, details about services the exchanges provide, and whether the exchanges are using verified real-name accounts
  • Cryptocurrency companies need to monitor (and report any) suspicious transactions
  • Cryptocurrency companies can only get bank accounts for functioning IF the exchanges provide their users’ ID information

If India, too, issues a similar framework, AML measures and KYC will clearly be the central themes.

In addition to these, cryptocurrency companies will also have to look into user data protection. Because cryptocurrencies use blockchains, and because blockchains are decentralized, distributed, and public, protecting the information on a blockchain can be challenging.

Wrapping it up…

Given the current state of regulation on cryptocurrency trading in India, cryptocurrency companies already have a lot at stake. But if India does end up following the likes of Japan, US, and South Korea and make virtual currencies legal, then all these companies will be expected to face regulations similar to most financial institutions.

Starting to work on deploying stronger KYC, user data privacy, and AML policies look like a great way to prepare for a time for when the regulation does happen. These measures also reinforce the government’s key concerns such as financing illegitimate activities, money laundering, and terrorist financing.

Signzy disclosure: The above content is an opinion and is for informational purposes only. Please don’t consider this as legal advice. It’s best to seek a legal consultant’s opinion before framing your policies.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

1 7 8 9 10