Compliance in the Fintech World

Our panellists were:

Ramy AlDamati, Co-Founder and Chief Strategy Officer, AlBrza, Abu Dhabi, UAE
Mona Zoet, Founder and CEO, RegPac Revolution, Singapore

Introductory Remarks

Mateo Jarrin Cuvi: Welcome everyone to the International Governance and Compliance Association’s latest webinar. Today we are discussing a very fascinating and I guess trending topic. We are talking about compliance in the fintech world. Before introducing our two panellists, let me actually get some admin issues out of the way. We are recording this session so we will have a video recording of the webinar and also a full transcript that will be available within a few weeks. Also, if you have any questions for our panellists as you listen to them enlighten us with all of their knowledge on this topic, make sure to enter the questions using the chat below and I will try to work the questions into the discussion. I will be moderating on behalf of AGRC. So that is all for now from my end, so without further ado, I would like first Mona to introduce herself, tell us a little bit about her career, her profession and what fascinates her about compliance in fintech.

Mona Zoet: Great, thank you Mateo, and thanks for having me today. I started my career actually in compliance more than 20 years ago in the Netherlands. I worked for one of the largest banks at that time and, at that time, compliance had of course a totally different meaning, this was before 911 as well. So especially in the Netherlands, it did not really mean that much and for me also not. But moving on, I moved to Asia and worked for quite a few years within different banks within the risk management and compliance areas as well, so you could say I have seen quite a bit what’s happening in Asia, what the pain points are, what the different infrastructure is in different countries, and to make the ball roll, actually also went to the US and I worked for a couple of years in risk management compliance in New York and Boston. And then I thought, okay, I have seen it all, I have seen two financial crisis, I really want to do something else, I would like to become an entrepreneur and make a difference in that way. So in 2014, I started my own company, which was in the first place more risk management, compliance advisory services, and training. But that changed quite quickly because the Singapore government, where we are based, was pretty much busy with trying to digitalize already quite a bit, they had quite a few years plan to do that, 2020 needed to be a totally digitalized society in a certain way. And I found it very interesting especially from a technology perspective because when I was working in compliance and when I was in the banking world, we had those pain points with client onboarding, with transaction monitoring, risk management advisory as a whole, reporting, but there were not that many great tools in the market and, if they were, they were also quite expensive. And sometimes you needed to have a lot of workaround, which makes it actually more cumbersome than interesting. But fast forward to around 2014, Singapore became pretty much a little bit of a fintech hype in a sense with the Fintech Festival and building the ecosystem. And that is what we tried to do then as well with the RegPac Revolution, that is the company that I set up four years ago and we built the ecosystem, we helped companies to expand into southeast Asia and Asia Pac who are already a little bit more mature and we have a training program and building a digital platform for matchmaking and advisory services as well.

Ramy AlDamati: Thank you so much. It is my pleasure to be with you and with Mona. My name is Ramy AlDamati, I am from Jordan originally and based in Dubai. Actually, I started my career in cybersecurity, I have more than 20 years of experience in this field. And when emerging technologies started in the 2000s, let us say, 10 and 11, I started to get interested in these technologies, especially in the cryptocurrency and this domain. But I found that this domain, it needs a lot of attention because of my experience in cyber security, so I started merging my experience with this, let us say, innovation technology or trendy technologies like blockchain, fintech, AI and see how we can formalize these relations between these technologies and cybersecurity because definitely any emerging technology needs more attention and part of the cyber security. There is a lot of compliance in cyber security, was working on it and we do it for many companies, for regulations, for building operation centres, and all of this stuff. And there are some similarities when we talk about the financial sector and there are many regulations that also need to be cared about especially when we talk today about some topics, we will find that there is a conjunction between the regulation technology, fintech and the cyber security, and the threats that is facing this domain. I have been working with multiple multinational companies in the cyber security and now working with many companies in the blockchain exchanges systems team, building the education system for them or compliance and AML, let us say, vision for them. I am also working with multiple institutions in order to comply and help them build harmony between the domain, the innovation domain with the secure domain, secure the clients and fit with the regulations. I built my start-up in December 2019, it is called AlBrza platform. It is a platform that links all people with the skills and emerging technology, blockchain, cybersecurity, AI, fintech and all of these, making them one network, organise educational programmes, do networking events, conferences and so on with collaboration with multiple teams and partners within the regions to help or make a centric location for knowledge for this and supporting local languages like Arabic and English within our region, Middle East and Africa.

Mateo Jarrin Cuvi: What fascinates me about this discussion that we are going to have is that, as you know, we are covering very large areas of the world. Mona has expertise in Europe and southeast Asia, Ramy can handle the Middle East, so we have a very good kind of perspective of what things are happening in these areas of the world. At the same time, we have the focus on financial services and cybersecurity, so it is going to be a well-rounded discussion, I believe. I have about six questions here, we are going to work our way through these, we will be answering them within the next 50 minutes to an hour but, to kick things off, part of what AGRC does is we like to look at the past, present, and future of things, so let us start from the past and work our way towards the present and the future. So a question to actually get us started is: How has compliance for fintech companies evolved during the past decade?

How has compliance for fintech companies evolved during the past decade?

Mona Zoet: I think to be fair, from my point of view, 10 years ago, compliance or fintech did not exist that much, at least not in the buzzword way that we know it these days. I mean, of course, there were already products back then, just after the financial crisis, that people tried to come up with something, which made it more I guess sustainable than it used to be before because the whole risk management part was not really working anymore. However, I think we need to differentiate quite a bit that regtech and fintech are not the same. So if I talk about regtech, I really mean software solutions for the regulatory environment and that is actually more an enabler for the financial institutions or whoever needs regtech solutions. Whereas if we talk about fintech companies, then we talk about the payments and you know the products that can be actually outside of the banking world by itself but of course it can also be integrated in that. So I think there is a bit of a difference in the definitions there from different professionals, let us put it that way. But if I just go after my own hunch, then I would say regtech of course did not exist at all 10 years ago, not again in the buzzword sense. Of course, there were already companies that were trying to automate processes, manual processes, repetitive processes from a back office or a compliance perspective, especially for large banks, etc., but the products were still really in their infancy. I mean those products are now actually products that are going to extend into Asia, for instance, from Ireland or from Switzerland, etc. So for me, I think if you talk about past fintech 10 years ago, for me it was almost non-existent.

Ramy AlDamati: As Mona said, this terminology is already old but it is evolving with the time because of the evolving of the technology itself. We keep seeing new innovative ways to avoid interacting with banking or to solve the problem that happened during that financial crisis itself, but this increased the problem itself in terms of the regulation technology. So they started doing or focusing on integration with multiple technology together, let’s say, using AI, using maybe blockchain, or something like this, and moving from the approach of Know Your Customer (KYC) to Know Your Data (KYD) in order to do more analysis for the customer themselves, creating maybe a generic or let’s say country-based sandboxing for regulations, seeing many interactions between or working in harmony between the start-ups themselves because the start-ups started increasing with time in the last maybe 10 years with these new technologies. Previously, it was the companies, the banks, they generated the product, the engagement, but now the start-ups are the market and the industry, and this type of engagement between both parties with specific regulations or with the start-ups, let us say, which creates its own compliance and tries to embed it with the existing system, with the companies or with the local countries. I believe it is evolving together, step by step, we can see that there are many engagements happening at the current time, more centric or together than previously.

Mateo Jarrin Cuvi: That kind of sets the ground for the rest of our discussion and provides a panorama as to where fintech is right now or has actually moved to. So now let us look at the present of fintech and compliance, and I have here about four questions to focus on. The first one is: What are some of the best practices for fintech companies when it comes to compliance? Just to make it easy on you, how about you give us each three best practices that you think every single fintech company out there should actually follow when it comes to compliance.

What are some of the best practices for fintech companies when it comes to compliance?

Ramy AlDamati: I believe one of them is to focus on the customer and to focus on the data itself for this customer. Keep the consumers in mind. Another is focusing on the AML compliance itself, because there is a lot of compliance with AML and the FinCEN regulations in the fintech world. So companies need to be more engaged with this one and plan ahead for the future, what is required in the future, and comply with local regulations together or build a local regulation together, as well. Maybe there are some use cases that can be shown.

Mona Zoet: I think one of the things that we have seen quite a bit with fintech companies is that they, especially in Asia, try to come up with a product that is really cool based upon a technology without really knowing whether that is really market fit for the company that actually wants to partner up with it. So I would say sometimes there is a mismatch in the products that are out there in the world or in Asia, and whether that is really market fit with the financial institution or a bank because it, for instance, does not gel well with the systems that are already there, it might be that there is no data, they have not used any data, so there might be a lot of issues around it. So there are some examples there as well, but the challenges are in a way of implementation and stuff like that. I think that is the other one that fintech companies sometimes forget because if you build a product, you want to, of course, sell. And you try to sell, nine out of ten times, you try to oversell it, or you oversell it and you cannot deliver, or you oversell it and it takes a while before it actually can be implemented, or you have not asked the right questions, or you did not have the right people at the right table. So there are, from an implementation perspective, I think there are some areas that are sometimes a mismatch. And then the third I would say, I think that Ramy already mentioned that as well, but I think if you really want to be successful, you need to make sure that your technology and the whole ecosystem, or not the ecosystem, but the right professionals are in the right place and, although the technology is super important, the people are super important too. Very often you see tech companies that actually only have very great talent in technology but you really do not know what from the business side or from the other side or from the other persons that are also super important to provide the right kind of information to make that product really market fit as well.

Mateo Jarrin Cuvi: As you know, every single company in the world has to deal with regulatory authorities, whether you are in Dubai, Singapore, The Netherlands, I mean regulatory authorities are going to be there and there are certain things you have to comply with. Now, if we talk in the case of fintech companies, I mean this is of course going to be a lot broader because it applies to all companies, but: How important is it to establish solid relationships with regulatory authorities in your pertinent jurisdictions?

How important is it to establish solid relationships with regulatory authorities in your pertinent jurisdictions?

Mona Zoet: For me, my experience has been that it is super important to have a good relationship with the regulators in your region or in your country and not only with them but also connecting the dots regionally and globally. That is what we started to do as well when we started the platform, we really interacted with the FinTech Festival, which in the first place was not that big. And not only in the FinTech Festival but whenever we had a smaller event, thought leadership, whether it was a roundtable or whether it was a bigger event specifically for a certain industry problem, we actually always connected with the regulator and we built quite a good relationship with them. The good thing is that gives also for the fintech a bit of a credibility because if you have a panel and the regulator is also at the table and can answer questions as well from the one side of the world to the other side of the world, which makes of course a huge difference. And afterwards, they are more open to talk to you as well as a solution provider, that also helps of course. Especially with our acceleration program, whenever a solution comes our way, they will not ever say to the company, okay, the financial institutions need to buy your product, that’s not the regulator’s tasks in a certain way, but they would say: what do you need, what is difficult for you to do at the moment because you are maybe a start-up. To be fair in Singapore, they are quite open to it with the fintech department, and I do know that there are other parts of the world where it is a little bit more difficult sometimes, but I think it is super important to have a good relationship with the regulator.

Ramy AlDamati: I believe the first thing I can see mainly in Dubai because the government is supporting these kind of initiatives and their engagement and because they are regulating this, which is the country strategy or the formula to formalize the strategy itself and the country to be more logical, transparent, well-coordinated through practices, processes, toolkits, all of these things, and this really will help the relations between them to be known. If I want to engage with them, I know what I need to do, what I have as a regulatory body. Also, it is good to manage the frequent meetings, not only meetings with the regulator, but in a multiple area, maybe doing like multiple engagements, multiple conferences, or sessions to help with brainstorming, and this part will help this type of ice breaking between the regulatory agency and the start-up, maybe with the banks or the others. Also, it is good to centralise the documents that can be shared between them, so if one entity shares or creates research or authored an article or something, they need to be on a platform that is available, everyone has access to it, so everyone can understand each party, how it is working, what is the idea in the market, how things can be done correctly. These I think are maybe three main areas that can be done additional to what Mona has mentioned as well.

How willing are regulators to engage with the development of new software?

Mona Zoet: I think that is a little bit too much of a utopia, that the regulator is in front of the technology. That is very difficult to say anywhere because it is also a relatively traditional body. I know in Singapore, like I said, you have the traditional regulator and you have the fintech department, and the fintech department is of course much younger than the traditional regulator, so it is a little bit divided, although there is one central bank. So from that perspective if you talk about technology, I must say Singapore has always been very forthcoming always. Also, for instance, the Travel Rule that was a culmination of BCAS, which is the local blockchain association together with the regulator and with a few other industry specialists, to come up with the regulation around it. So there is quite some engagement within the MAS (Monetary Authority of Singapore) to actually support initiatives. I would not say that they are going to sit in a panel and say upfront, okay, we think you need to do x, y, or z in the tech space or this is what we need. What they do for themselves is like supervisory technology, they do look at technology, again in the world, what is interesting for us to actually be able to be a common project as well, and they engage then of course external vendors to transform themselves as well.

To be fair, even the UK as far as I know and from communications, I would always have believed that they are much further in that whole process, but to be fair it is nine out of ten times much more bureaucratic than Singapore. But that is also because in Singapore you have the division, I mean they are very open to talk to you, it does not mean that you immediately get what you want but at least you get a conversation. In the Netherlands and in the UK even, it is very difficult as a fintech company to actually go through that process already. I am not saying it is not happening but it is less.

Mateo Jarrin Cuvi: The person who actually asked the question added a comment. The comment basically says that the UK regulator will provide active advice to the development team to help them ensure that all the bases are covered and also the FCA provides a sandbox I guess where discussions can be had.

Ramy AlDamati: As I mentioned in the previous question, when you have the strategy, you formalize it and you have all the toolkits, all the processes, the procedures that everyone needs to follow, read about, and see it. So this is the first base line of engagement. Then the program of maybe incubators and encapsulators, all of these programs that are built within the country itself, it follows all of these type of things, and even the advisory from this regulator, they are part of the mentorship programs. So they are making sure that any fintech or, let us say, any start-up going out from these programs, already know about compliance, these regulations, the local sandbox itself, and how to utilize whatever is part of it. They are trying to make the start-up a success before they are going to the market because they care about the success rate itself. We do not need everyone to play in a different area and when they come to the market, they face regulations, they face fines, they close in the end. So they need to make sure that they are part of these steps, regulations, then they go to the market very easily and go together most of the times, which is very important factor between the development stage and the regulatory stage itself.

Mona Zoet: I want to say something about that because that is definitely not what is happening in Singapore. So in Asia, they do not help with, I mean whatever is meant with helping the development team is that the development team for the products for regulators themselves, because that, for instance, in Singapore, that just happens behind closed doors. There is always an announcement with the Fintech Festival about the projects that have been done for open banking and all that kind of stuff, but that help happens all behind closed doors. But then if you are talking about helping fintechs, the regulator helps fintech with the development teams? Well, that is definitely not happening in Singapore as far as I know, because the regulator would say that it is not our task, I mean, we just want to see whatever vendor comes along, is it an interesting one, and we will also be happy to support that the new technology is coming along, and that they might be interested in some banks in our region but that is it more or less. So there are some differences in, I guess, the regions, what we mean with the engagement or the development teams. I am not saying that it is less good in Singapore, I am just saying the approach is different.

Mateo Jarrin Cuvi: I know Mona you already discussed the differences between regtech and fintech and kind of set apart the two areas and defined them and this question brings both of them together, and the question is: What role is currently being played by regtech in helping fintech companies remain compliant? I mean regtech has made a huge splash in the financial services sector in terms of helping companies report and monitor transactions and whatnot. How has it been adapted by fintech companies?

What role is currently being played by regtech in helping fintech companies remain compliant?

Ramy AlDamati: I think if we talk about regtech and how it should be applied within maybe the software, maybe the start-up itself, they need to come with their own prospect to the market, and the regulator will see how they can help or they can maybe customize this one. So there are many things that help them to be compliant, like stay transparent with the data management itself, the risk assessment part, adaptability itself. I think this is an area that needs to be covered or focused by these companies before they interact with their regtech because the regtech will definitely intercept them and they will start to discuss many areas, how you do this, how you comply with this, how you apply this, so they need to be examined and ready before they start, they need to understand the regtech definitely, and build their model, and then return back and see how it can be worked with that.

Mona Zoet: Yeah, I think of course regtech is a huge addition for fintech because fintech are already also tech companies with emerging market technology in principle. What regtech companies would do is just also automate the regulatory side a little bit and that can be like the KYC part, which can be the licensing part if you need to add all the regulations around that, but also with what Rami already said, risk assessment, regulatory reporting, all those things. So what you normally as a traditional company would do, you know, hire like ten compliance officers because you need quite some people to do those manual processes. Now if you can just have like three compliance officers and then a tech tool that actually can help you and that can also be easily implemented because it is a similar kind of technology and you’re already a technology company, so you understand it probably better and also your reporting lines are a little bit less long, let’s put it that way, or the sales cycle, so that makes a huge difference. And, at the end of the day, it should be cheaper as well. I am not saying that we are already there because I know that there are quite a few regtech solutions that for a fintech or for whatever smaller company will still be very expensive. So that is something that is evolving with the number of solutions that come on the platform as well. But, at the end of the day, I think if there is already a big adoption, it is in a bigger fintech in the first place because for them it is much more familiar than the bigger traditional banks. Although I am not saying they are not adopting either, especially not the given COVID and the ongoing regulatory environment that we are in, but I think the quickness of adoption is more in the fintechs.

Mateo Jarrin Cuvi: Now we are going to kick it up a notch and we are going to talk about some case studies. I asked each one of you to pick one or two interesting case studies of compliance working in the fintech or not working in the fintech area and to present that to our audience because there is no better way of actually putting theory into practice and realizing what you have to do to remain compliant and what not.

Presentation of Case Studies

Mona Zoet: So one of the companies that I find super interesting and they have done it very well in I think less than 10 years is ComplyAdvantage. It is a UK headquartered company, it does KYC as a whole more or less, monitoring, onboarding, reduction of false positives. So it is pretty much in the AML space, which a lot of companies are still in, but they already exist for a few years. But what they did very well is, I mean, I know when they were just very small, there were like ten people in London and, within quite a few years’ time, they are now Series C, they grew like to three hundred people in London, and they have offices all over the world, and they have great partnerships, the most recent one was with Goldman Sachs. So I think, yes, from that perspective, that is one of the cases that I think is hugely successful.

The other one is the partnership with the Silent Eight in Singapore. They actually were awarded an award four years ago by MAS with the Fintech Festival but they were back then very small. They are in the same area using artificial intelligence to actually come up with the reduction of false positives, which is a huge problem within the financial institutions. And they also worked their way up in a sense of the partnership with a huge company or financial institution and they are still gaining more traction and so they are sort of super success story.

Ramy AlDamati: Because I’m working in the consulting phase and not in the implementation part itself, but I engaged with one of the projects with one of the small government entities in Dubai, they were asking to do like a payment system itself, how it can be a transition to, let’s say, between b2b directly and how they can monitor their transactions without having in the middle, let’s say, transactions or go to the banks or something and utilizing maybe AI, IOT, blockchain technologies somehow, and how they can write a specific engagement or a workflow between this type of engagement between the customer to customer or business to business and avoid whatever is not regulated like AML or any other regulations within the KYC or to engage them with these things. I saw that when we started it was a little bit complicated because you need to engage multiple technologies, multiple areas, and definitely this is the future I believe in the coming years. If you want to really make an effective program or authentic application, that you need really to use analytics by AI, maybe with integration with the IOT, storing the database in a blockchain with a smart contract automation of the process, all of these. So we tried to bring all the main functionality that can be held from each technology, I don’t need to take everything, it’s only the specific, with consideration for the compliance of integrating people, transactions, and how it can be checked with the policy, even do more analytics, brief the customer itself or the user before they do the process itself, so it needs to be a deeper integration with the AI analytics itself and go to big data, summarize all the data to understand the profile, or make a profile for the users before they engage with any transactions. We provided like high-level information about how it can be done, how you can utilize these features, how you can integrate these parts of each area. Then we saw that when we go to the R&D team or development team, they start going with integrating the AI, blockchain, let us say, together, see how they can develop, workflow here, they go to the financial part, try to segregate some area that they do not need to keep using it, just do the analytics, get the data from the users, and go directly using it. So I believe this is something on a higher level, not a specific, but I think it will show us where the future is focusing on or predicting the futures of this type of technologies when it is working altogether.

Mona Zoet: I think I already mentioned it a little bit, but I can elaborate on that. I think really the silo kind of solutions are the ones that are less sellable because at the end of the day nobody wants to have like five different products and pay for them as well and try to integrate that as well. So it is more about the platform place, it is more about the end-to-end kind of solutions, and of course nobody has them perfectly at the moment already. But there are some platforms that actually can very easily be integrated compared to other ones, so I will definitely go for the customizable kind of technology, as well as, especially in the regtech space, that when you go into a new market, you can change it and tweak it around, so that it actually fits that market as well instead of just trying to come up with an aesthetic solution and it fits one purpose but probably not all of the problems you had. So that is something that I think is super important.

Ramy AlDamati: I do not need to create maybe and from my point of view and do not need to create something innovative, but I need to fix the existing problem itself in order to comply and continue with it but caring about compliance is a major part for that. We are seeing a lot of products coming to market that are not fit with compliance because they do not take care about this part. They thought that when I create my own regulations or compliance part and I will go to market and discuss it, I will find a lot of acceptance because I solved this problem but taking care of the other parties and old regulations is very important, and it is not easy to be changed in legal systems or countries, especially maybe in our region as well.

Mateo Jarrin Cuvi: So before hitting our concluding remarks and wrapping up the webinar, let us look into the future and basically the question is: What do you foresee for compliance in the fintech world as we move into the second half of the 21st century? What is the future like for fintech and compliance moving forward?

What do you foresee for compliance in the fintech world as we move into the second half of the 21st century?

Ramy AlDamati: I mentioned it in the use case that I believe they need to rely a lot on the data itself like moving from KYC to KYD analytics of the user itself. Like Alibaba payment or in China, they are doing full analytics on user behaviour and whatever areas and they give them the loan within few minutes or something like this. The data is the important part to focus on, how to analyse it, and how to save it. Cybersecurity is the major part in this area because if you comply, if you have good software, but you have weak database or weak platform infrastructures, you definitely will be under hack, meaning compliance fines and all these things. The start-ups these days, they do not need to build infrastructure, they can go to the infrastructure as a service or anything as a service, but they need to select it correctly in order to comply and move fast into the market and solve the most important issues with their idea.

Mona Zoet: I think we are more or less midway, I answered this question as well a few weeks ago with a regtech black book that we wrote an article about. So for me there are two things. One is within the financial services industry, where do we see us more or less ending up and how far are we there? I would say, in the first place now, we are already getting there with certain areas like that, we already mentioned KYC, AML, there are certain areas that everybody is jumping on like, okay, we need to have a different kind of solution, less manual processes, etc., and there are solutions out there that are already quite good. What we of course even more would like to see is that there is much more forward thinking into it, so that you can actually not only meet the requirements, but in principle also make predictions on certain data that is out there, so that you actually can prevent risks from happening instead of just only mitigating those risks, whether it is enterprise or department or whatever. That is of course I guess from that perspective a utopia where we are not totally there yet.

But I also see another line and that is pretty much regtech or fintech beyond the financial services industry and I mean from my perspective the digitalization and digital transformation within the regulatory space is relatively early stage, maybe in the financial services world it has been talked about quite a bit and we have some use cases already and it is getting the right direction. But, if you look at, for instance, other regulated areas and even unregulated areas as healthcare, pharmaceutical industry, they have a lot of admin manual processes as well that if you really would have some use cases there from a tech perspective as well, it will help tremendously with the customer experience too. I think that is important to acknowledge, that it is not only the financial services world that needs to transform but that can add to supervisory policies, it is a public-private kind of transformation that needs to happen within the regulatory space as well, and that is more the focus that we try to handle as well going forward. But, of course, the use case need to be there as well, I mean companies need to also see that that could be an added value and there is a lot of education that still needs to happen from that perspective.

Mateo Jarrin Cuvi: We have a couple of late questions that just rolled in. I am going to throw those out there and then we will wrap up the discussion, the first one which maybe Ramy can discuss is: I am really intrigued as to how blockchain technology can facilitate compliance given that it is a distributed ledger. How can blockchain be applied to compliance?

I am really intrigued as to how blockchain technology can facilitate compliance given that it is a distributed ledger. How can blockchain be applied to compliance?

Ramy AlDamati: There are three main areas blockchain is important when you implement the DLT itself, which is the governance, the regulations, and the operational structure itself. So the governance, when you implement the private network, trusted multiple parties, all of these things, it will work with operation structures itself to avoid all the errors, so any false positives and see the correct assets, and when they apply the rules and the smart contracts, they will do the data transparency rules. Then the regulations will come in order to facilitate that the assets, the records, avoid any cyber-attacks, make the records more transparent, the settlement of the digital tokens, or the KYC risk or anything that is part of it. So these are the three main areas I believe the blockchain when we implement the DLT and part of the, let us say, compliance part itself.

Mona Zoet: I am not a technology person and, although I am very interested in blockchain technology, to be fair, I think we are still very much in early stages for that as well, although it is very much evolving. But it is an infrastructure and to get real great use cases within compliance for that or in the regulatory space, I think as an asset in itself, it is difficult. If you combine it probably with artificial intelligence, there are a few cases that are being experiments now and they are coming up, smart contracts that Ramy was already talking about. But it is not like it is already a dish that you can serve, and it is cheap, and it is easy to do, and you do not need more money and whatever, etc. So government bodies, regulators,  actually the whole world need to be on the same kind of level of platform to really make that successful, and we are not there yet. But it does not mean that it will not come, so I think that is that is my stance on compliance and blockchain.

Can the panel comment on smartphone apps that extract user data without explicit consent and how this can be controlled?

Mona Zoet: Why don’t you just ask Facebook and Mark Zuckerberg that kind of question? That has actually all to do with the security part, so actually Ramy could probably answer that better as well. But I think there is a huge issue, but again one thing is privacy and security issues are dealt with differently in Asia as a whole but also in certain countries in Asia as a whole. So, from that perspective, if you have very strict privacy rules in, for instance, Europe and certain countries in Asia, and then at different shades, whether it is privacy in the sense of personal information or client data, so there is also differentiation. But the way people think about it as well. In, for instance, Singapore, you know everybody gets everybody’s data and although everybody knows there’s kind of a GDPR in place in Singapore already since 2012 onwards, they really do not care about it that much, unless there is a huge breach and something needs to happen. On the other hand, it is about client data, so the client bank line data, there is a huge emphasis on. So I just want to say that I think from an Asian perspective, people are just not so worried about whether their data is being taken because, to be fair, the Singapore government has everything that is in place, from an infrastructure, almost all the data anyway. But I mean is it an issue from a privacy perspective? Yes, I think so, and they should have consent and whatever, but you know I cannot say that it is not happening.

Ramy AlDamati: As Mona said, the baseline is the regulations, the policies that need to be applied. As you can see, some companies or most of the companies, they do not care until they are having the problem, so I can see that the most important part is related to the people. They need to take care of their data because the data is the oil of the century itself or the currency itself for the data. If I have the data, I know what you do, what you want, what is on your mind. Even Facebook today can predict what you are thinking about from some previous analytics and they show you some advertisement based on it. Now, how to control this one? I believe it depends on the person itself, don’t just install any application, go to the features, read about the features for each application, regulations are posted by a lot of companies to or even Apple itself or Android, they ask you to click if to allow to track you or not, you need to take care of this point, see the functions under each application, under each application there are many functions, if you don’t know it, Google it, read about it, turn it off if you don’t use it. All of this area is very important in order to reduce, I do not mention to cut, but reduce, because at the end even Google listens to your talk in your home and gives you advertisements. So it is a fact, we cannot ignore it but we can reduce it to the minimum from action from our side, not from the application side, the application creator side of the company itself or the regulations itself, because this area is already done, but we need to take care of the human factor itself.

Concluding Remarks

Mona Zoet: One thought is do not be afraid of change and to step up and see what is out there in the space from a regtech solution perspective. If you are working in compliance, your work is already complicated enough, especially these years, and it is only getting probably more complicated with this whole digital transformation. So I would definitely recommend attending these kind of things, but also really look yourself, what is out there, what is interesting for me and for my job, how can I know more about the different technologies that are out there, the skill set that I need to have to stay relevant, all that kind of stuff.

Ramy AlDamati: I will take one part of Mona, which is the skillset. That we need to focus on it because this is the future. Every day we hear about the new things, new technology comes to take human roles like AI but it is not 100% correct. It opens another door actually, so we need to search other doors and our kids and our graduated people and even older people like us we need to stay creative to know what is in the market, what technology is coming, and how we can inject ourselves into this. When I was only a cybersecurity expert, I started seeing that these technologies need or have a lot of gaps in cybersecurity like fintech, AI, blockchain, all of these. So I start focusing on them, so I start trying to transfer my career from only pure cybersecurity to cybersecurity expert in the emerging technology itself. So this is something I think everyone needs to focus on, and I keep stressing this point.