Getting the Banking Balance Right

When we hear about the work that FinTech Scotland facilitates, it excites us at Verimatrix. It wasn’t long ago that our Scottish operation was a start-up called Metaforic, trying to find its way into the – then emerging – world of Fintech. The community that FinTech Scotland is building would have been valuable to us then – just as it is highly valuable now.

Of course, the Fintech community in Scotland isn’t just start-ups. We have a proud and established financial industry - the Global Financial Centres Index (GFCI) ranks Edinburgh 7th in Europe and the top 30 globally.

It’s this mix, coupled with building the right community, that gives Scotland the right balance to build a strong and sustainable Fintech industry. Start-ups can learn from the experience and industry-reach of more established players. The established players – now increasingly competing with the tech giants – can benefit from the agility and fresh ideas developed on their doorsteps.

For Fintechs, another area to get the banking balance right is security. There’s no getting away from the need to secure your products and solutions.


When Fintech emerged as a sector in its own right, it had the luxury of playing on the edge of the financial space.  That meant, in most cases, Fintechs were out of the scope of financial regulation. Over time, this has changed for two reasons:

  • Fintechs are increasingly seen as partners of established players;
  • Regulation has caught up with the evolving finance market.


So, what does working in partnership with banks and other established players mean for your security needs?

First, it means raised expectation levels. Services that are sold or resold by banks come with an implied trust associated with them. That trust has been hard won over centuries and is easily lost. As a partner of a bank, you gain some of that trust, but you are also expected to maintain it.


Second, it means being able to demonstrate that you’ve meet your new partners’ security “check boxes”. Through any procurement or partnership discussion with a bank or large financial institute, there will be security hoops to jump through. Being ready for these hoops not only makes the process easier, it also demonstrates to your new partner that you are a credible organisation.


What has changed with regulations and legislation?

The biggest changes are the new open banking regulations – requiring banks to open up their platforms to third parties. We see this in Europe through PSD2, and similar changes are happening around the globe. These changes can be seen as legitimising Fintech.

Of course, with legitimacy comes responsibility and Fintechs increasingly come under the scope of financial services’ regulation. Though this can be seen as adding short-term burdens to Fintechs, these regulations also offer mid and long-term opportunities. The regulations aren’t in place just for fun, they exist to protect consumers. For Fintechs to become long-term sustainable and credible companies, this is something they need to be doing anyway.

The open banking regulations have emerged in parallel to tougher consumer privacy legislation. In Europe, GDPR is certainly the buzzword; and just as with open banking, we see similar trends around the world.

Open banking regulations aren’t something to be feared, and neither is consumer privacy legislation. These changes in regulation are all about doing the right thing. We’d argue that rather than be a burden, the legislation actually gives Fintechs a framework to guide their security thinking.


Read more on Verimatrix’s thoughts on GDRP and PSD2


Where should you focus?

Balance is key. The security required by Fintechs shouldn’t become an overloading burden. It’s about taking sensible steps while allowing your organisation to focus on the fun stuff— building exciting products.

Our first recommendation is to build a “security as usual” culture from day one. It’s hard to make the change later, so make it everyone’s responsibility from the start to consider security as you build your products and services. This makes it a low level, non-disruptive activity rather than something forced upon the organisation down the road.

The second recommendation is to choose the right security. Take the time to understand what your valuable assets are and then choose Friendly Security solutions to protect them. Friendly Security means security that is trustworthy, mature and proven; but is also low impact to implement.

This is where Verimatrix can help. Our Software Shielding products are designed to protect the code, data and services in any mobile app you develop, all the while being easy and straightforward for your development teams to apply. We take this to extremes with our recently launched ProtectMyApp service.

These are exciting times for the Scottish Fintech industry; and it is critical that the community Fintech Scotland is building up establishes the right balance for long-term success.