Dataquest, a leading technology media publication, and Scrut Automation, a prominent provider of compliance solutions, joined forces to host an event focused on simplifying compliance for the Indian fintech ecosystem: Simplifying Compliance for the Indian Fintech Ecosystem. The event aimed to bring together industry experts, thought leaders, and fintech professionals to discuss the challenges and opportunities in achieving regulatory compliance in the rapidly evolving fintech landscape of India.
A series of panel discussions followed, featuring prominent speakers from regulatory bodies, fintech companies, and legal experts.
The conference commenced with a welcome note by Sunil Rajguru, Editor of Dataquest PC Quest and CIOl, a distinguished professional with extensive experience in technology news and features. Rajguru provided an overview of how India’s demographic dividends are propelling the country to become a FinTech superpower. He highlighted the significance of India’s stack, including its vast identification and authentication systems, as well as the groundbreaking success of the Unified Payments Interface (UPI) in transforming digital payments in the country.
Following the welcome note, on Regulatory Enablement: Empowering Fintech Companies to Succeed with a Security-First Mindset, Navaneethan M, CISO, Tata Play, Ex-SVP & CISO, PayU , a cybersecurity expert with a deep understanding of business continuity, data privacy, cloud security, and more,led a discussion on empowering FinTech companies to succeed with a security-first mindset.
His session shed light on the crucial role of cybersecurity in the FinTech industry and explore strategies to ensure robust security measures for sustained growth and consumer trust. The speaker strated by acknowledging the presence of friends and seeking their guidance and input on a particular topic related to POS machines.
He emphasized the need for combining compliance with a hacker mindset in order to be effective. He mentions various departments and leaders involved in this process, highlighting the importance of blending approaches to get things done. He then added that even large organizations can overlook minor details that may have a significant impact on their systems, and discusses a picture related to application security and ask for thoughts from the audience, mentioning SQL injection as one possible issue. He mentioned the challenges of protecting against threats and ransomware attacks. He questioned whether the show can be run without compliance or operational security (OpSec), refering to a village without doors as an example of self-discipline and protection, highlighted the need for digital controls and mechanisms in the digital world.
In his keynote speech, Ganesan Ramani, the Vice President and Head of Digital GRC at Mashreq Bank, discussed the importance of combining compliance with a hacker mindset in the financial industry. He highlights the need for continuous vigilance and proactive measures to protect against cybersecurity threats.
Ramani mentioned the challenges faced by organizations in keeping up with the constant stream of regulations and guidelines. He compares it to the regular release of movies every Friday, emphasizing the need to stay alert and adapt to changing compliance requirements. He stresses the importance of a combination of operational security (OpSec) and compliance, with OpSec being responsible for taking a practical approach to implement security measures. He provides examples of cybersecurity incidents, such as the expiration of a domain name leading to the disruption of services, emphasizing that even large organizations can overlook minor issues that can have significant consequences. Ramani mentions the importance of application security (AppSec) and the need to address vulnerabilities before deploying applications.
Ramani discussed the evolving landscape of Know Your Customer (KYC) processes due to digitalization and the increased security risks associated with it. He acknowledges the efforts of regulators in keeping up with the advancements in technology and emphasizes the importance of maintaining compliance with AML (Anti-Money Laundering) laws.
He then moved on to discuss the basic framework for technology compliance, particularly focusing on the differences between banks and fintech companies. While banks have more resources to invest in security measures, fintech companies need to identify the minimum requirements and comply with the legal and regulatory obligations specific to their business processes.
Ramani delved into various aspects of security, including perimeter and endpoint security, malware and web security, data loss prevention, application security, operational security, and business continuity planning. He emphasizes the need for a comprehensive governance, regulatory compliance, and risk management strategy, with an understanding that achieving 100% compliance is not always feasible. He encourages a risk-based approach and highlights the importance of audits as opportunities for improvement rather than punishment.
Lastly, Ramani emphasized fundamental security practices such as data classification, asset protection, encryption, identity and access management, and third-party risk management. He mentions the importance of having response plans for various cyber threats, including ransomware attacks and denial-of-service incidents.
Overall, Ramani’s keynote speech emphasizes the need for a holistic and proactive approach to cybersecurity, combining compliance with a hacker mindset to effectively mitigate risks in the financial industry.
At a panel discussion, moderated by Minu Sirsalewala, Executive Editor, CyberMedia industry experts delved into the importance of achieving compliance in the fintech industry and the need to strike a balance between business objectives and regulatory requirements. The discussion highlighted that compliance is not merely a checkbox exercise but a comprehensive approach that requires a deep understanding of risks and the implementation of appropriate controls.
Ritu Verma, Compliance Officer at Pine Labs, emphasized that compliance professionals play a crucial role in supporting businesses to operate responsibly while ensuring adherence to regulatory guidelines. Compliance should not be seen as a standalone activity but as an integral part of an organization’s strategy. Verma stressed the significance of board members understanding the importance of compliance to ensure effective implementation throughout the organization.
Naseem Halder, CISO & CTO at Acko, added a security perspective to the discussion. Drawing a parallel to the automotive industry, Halder highlighted the importance of trust and safety when it comes to customer expectations. Compliance serves as the benchmark for establishing minimum requirements that uphold customer trust. The integration of compliance and security should be seamless, acting as partners in maintaining a secure environment.
Umamaheswara Rao M, CISO & VP at SwinkPay Fintech, emphasized that compliance should be a starting point, but it should not end there. Businesses should continuously add and mature their compliance frameworks by incorporating risk assessments. Finding a balance between business objectives, finance, and technology is crucial for sustainable compliance practices.
Madhuri Gothoskar, Director of BFSI Compliance at PhonePe, highlighted the evolving fintech industry and the need for regulators to keep pace with the changing landscape. Regulatory frameworks act as the fifth line of defense when other risk management measures fail. A strong regulatory environment is essential for safeguarding customer bank accounts and combating cyber threats.
Kush Kaushik, Co-Founder & Head of Customer Success at Scrut Automation, shed light on the alarming number of data breaches in India’s fintech sector. To establish India as a global fintech leader, the focus should go beyond mere checkboxes. Kaushik emphasized the need for robust compliance practices and mentioned the stricter auditing directives from Mr. Sanjay Ban, which categorize audit firms based on their diligence. Compliance is an ongoing process that requires continuous improvement.
The panel discussion highlighted the critical role of compliance in the fintech industry, emphasizing the need for a comprehensive approach that goes beyond ticking boxes. Achieving a balance between business goals and regulatory requirements is paramount for sustained growth, customer trust, and mitigating reputational risks.
“Simplifying Compliance for the Indian Fintech Ecosystem” event organized by Dataquest and Scrut Automation proved to be an informative and engaging platform for fintech professionals to gain valuable insights into compliance challenges and strategies. The event highlighted the importance of collaboration between regulators, fintech companies, and technology providers in creating a compliant and inclusive ecosystem that fosters innovation and protects consumer interests in the Indian fintech space.