Holland FinTech MeetUp Amsterdam

13 March 2015

Regulations & Compliance Opportunities for FinTech

Arno Voerman

FinTech Lawyer

voerman@vandoorne.com

Van Doorne | 2 Holland FinTech MeetUp Amsterdam

Topics

•  Customer Due Diligence •  Customer Authentication •  DNB Background: •  AMLD4 •  PSD 2 •  ECB Recommendations and EBA Guidelines security internet

payments •  eIDAS •  General Data Protection Regulation

Van Doorne | 3 Holland FinTech MeetUp Amsterdam

Customer Due Diligence

Basic-principles: •  Identification •  Verification of the customer’s identity

Van Doorne | 4 Holland FinTech MeetUp Amsterdam

Identification

•  Who is the customer?

•  Wwft: identification = the statement of the customer’s identity

Van Doorne | 5 Holland FinTech MeetUp Amsterdam

Verification

•  Are you really who you say you are?

•  How can you prove it?

Van Doorne | 6 Holland FinTech MeetUp Amsterdam

Ways to verify

documents, data or information obtained from reliable and independent source

Van Doorne | 7 Holland FinTech MeetUp Amsterdam

Traditional

Van Doorne | 8 Holland FinTech MeetUp Amsterdam

Enhanced measures

Van Doorne | 9 Holland FinTech MeetUp Amsterdam

How?

a.  verifying the customer’s identity on the basis of supplementary documents, data or information;

b.  verifying the authenticity of the documents submitted;

c.  ensuring that the first payment made in connection with the business relationship or transaction is transferred to or from an account the customer has with a credit institution …

Van Doorne | 10 Holland FinTech MeetUp Amsterdam

Online - Mobile Verification Opportunities for FinTech Solutions

Van Doorne | 11 Holland FinTech MeetUp Amsterdam

Online - Mobile Verification Opportunities for FinTech Solutions

Be the reliable and independent source!

Van Doorne | 12 Holland FinTech MeetUp Amsterdam

Strong Customer Authentication

Regulatory Requirement PSPs shall apply (or for cards: support) SCA

Van Doorne | 13 Holland FinTech MeetUp Amsterdam

also Liability Shift •  No SCA means no proof that transaction was authorized •  Issuer liable towards payer •  PSP that did not apply SCA liable to Issuer

Van Doorne | 14 Holland FinTech MeetUp Amsterdam

Two factor 2 out of 3: i.  Something you know ii.  Something you have iii.  Something you are

Van Doorne | 15 Holland FinTech MeetUp Amsterdam

At least one of the elements should be non-reusable and non-replicable (except for inherence), and not capable of being surreptitiously stolen via the internet. The SCA procedure should be designed in such a way as to protect the confidentiality of the authentication data.

Van Doorne | 16 Holland FinTech MeetUp Amsterdam

Strong Customer Authentication

Another FinTech opportunity!

Van Doorne | 17 Holland FinTech MeetUp Amsterdam

Strong Customer Authentication

Another FinTech opportunity!

Traditional PSPs have to rely on FinTech!

Van Doorne | 18 Holland FinTech MeetUp Amsterdam

Supervisory themes 2015 •  Complex IT •  Technological Innovation

Van Doorne | 19 Holland FinTech MeetUp Amsterdam

Contact Arno Voerman FinTech Lawyer t +31 (0)20 6789 250 voerman@vandoorne.com Van Doorne N.V. Amsterdam