DQ: What is Tally's outlook for the fintech industry in 2021?
Nabendu Das: Access to formal credit for MSMEs has been a long-standing problem in India. Cost of acquisition, underwriting and loan processing makes it uneconomic for the primary lenders when they look at smaller loan sizes. The geographical expanse of the country is the other bottleneck for primary lenders to reach out across all regions.
Added to this, most MSMEs have limited or no data trail, which makes it difficult to assess creditworthiness. As a result, most such businesses currently end up using the informal routes of credit at a much higher interest rate. Several things have come together in the recent past to create a huge opportunity to finally solve this problem.
Multiple standards that are already adopted make it possible for the entire process to be digital, like-Aadhaar for establishing identity, Account aggregator (AA) services for gathering consent-based financial data and credit scored, and UPI for automating collection.
The explosive increase in digital payments for small businesses, and the availability of GST data; has increased the digital data trail of SMEs. There is now the chance to look at transactions and cashflows to make loan approval decisions, instead of looking at only annual financials of the business.
Usage of AI- and ML-based decisions on top of these data points, allow to reduce credit application processing time drastically. Availability of mobile-based UX provide easy reach and simple experiences for the user.
This is the big opportunity for fintech in India in the upcoming future. Availability and implementation of common protocols like Open Credit Enablement Network (OCEN), for connectivity between fintech players and lenders, will allow fintech companies to create digital credit marketplaces, providing a basket of loan options to the borrower. We will likely see a new set of fintech players coming up in the space of digital lending to SMBs, in addition to the incumbent fintech players.
DQ: How are you ensuring data privacy by design? With GDPR, how is Tally looking to enhance their product?
Nabendu Das: Many governments across the world are putting regulations in place to protect privacy of data like GDPR which has been established in European Union. Similarly, in India, the personal data protection bill (PDPB) has been tabled.
As a provider of software products for businesses, Tally practices certain design principles towards building in data privacy as part of its product design. A key aspect is that here we are dealing with the privacy of data of a business, and not necessarily an individual.
One common method of complying with data privacy laws is to “get consent” to access or store customer data. However, the notion of ‘getting consent’ is not applicable in the same manner since our customers are businesses. This is something we focus on clearly during our product design.
The most important principle of the design for privacy is that the customer has complete control over the data. Much of the architecture of Tally’s current product is premise-based. Therefore, the control of customer data is fully with the customer. As data rests in premise and on customer’s devices, customers can fully control who can see and operate it. There is also an option to encrypt the data on the device, so that only authorized people can see it.
As we look to the future Tally products, there will be connected scenarios coming alive, including access anytime anywhere, online data exchange with other businesses and integration with third-party services.
When data moves between customer’s devices to Tally backend systems, the data in transit is encrypted via security protocols to protect against man-in-the-middle attacks.
Any data that passes through Tally’s backend systems to other third parties, is additionally encrypted so that it can be deciphered only at recipient endpoint, and not at any of the backend systems it may need to pass through for routing purposes. Any such data that can potentially be decrypted and/or deciphered in the backend will not be put on disk. This ensures that neither the software developer nor the cloud provider can open the data in the backend.
Anonymization techniques are designed into the product, so that at any point-identity of the source of data cannot be reverse engineered in the backend, thus completely protecting customer’s privacy.
DQ: What is your roadmap for connected solutions?
Nabendu Das: We constantly attempt to visualize the future of business operations, how it will change in the next 5-10 years and then conceptualize how we can help entrepreneurs through it. We have seen some fundamental shifts in the ecosystem over the last few years, like connectivity and mobility can now be taken for granted. Integrate-ability with the onset of the API first approach has become more and more popular. All this makes it possible to reimagine how business systems will work. Our new product design is focused around letting businesses take the full advantage of staying ‘always connected’.
To harness these capabilities and simplify the lives of entrepreneurs, our product will be built to run on a set of devices that lets users connect from anywhere and access the data. The next level of connected solutions will enable business systems to simply talk to each other, let work simply flow between organisations without the need to record data, and insights on top of these flows to be utilized by organisations.
This means that our software will be connected to banks, e-commerce businesses, government systems, customer and supplier systems all without needing any technical expertise at anyone’s end and simply allowing work to happen.
DQ: With connected solutions, how will you ensure connectivity across different platforms, and technologies?
Nabendu Das: Businesses will be able to access Tally from anywhere using a multitude of devices, running on standard desktop and mobile platforms while experiencing our well-known simplicity of usage. The Tally client on these devices will talk to other Tally programs across businesses. It will access web services hosted by third party providers in the diverse platforms. All this will happen using data security and privacy principles at its core. We are working on realizing this future and will be ready to share this with the world soon.