The global wave of increased privacy regulations hits California on January 1, 2020 when the California Consumer Privacy Act (CCPA) takes effect. The CCPA provides broad-reaching data privacy rights to California residents, and any for-profit business serving them must comply if it meets certain thresholds. Many fintech companies are already large enough to qualify (they have $25M in annual gross revenue or 50K California customers) or have plans to grow to that size. Big Tech companies like Facebook and Amazon that are eyeing the financial services sector also fall into this category. For the hundreds of fintech companies doing business in the Golden State, this may be their first encounter with privacy compliance. If their customer base is confined to the U.S., they aren’t subject to the EU’s General Data Protection Regulations (GDPR), which European and global corporations have been grappling with since May 2018. They may also not be subject to national banking regulations like the Gramm-Leach-Bliley Act (GLBA). So the moment has arrived for fintech to come to terms with privacy compliance. Why does CCPA compliance matter to fintech? The CCPA has a number of implications that should make fintech companies sit up and pay attention. The consequences of noncompliance can be costlyThe CCPA includes provisions for fines of $2,500 per unintentional violation and $7,500 per intentional violation, per customer affected. Consumers affected by data breaches can also sue companies if the stolen data was not encrypted or redacted before the breach, with awards of $750 per customer. Fines under the GDPR have been relatively modest to date, but indications are that the CCPA will be rigorously enforced. The law firm Cooley speculated that there is a high risk of enforcement by an experienced attorney general and plaintiffs’ bar. Compliance increases customer trustFintech companies are playing catch-up to established financial institutions (FIs) when it comes to earning a trusted reputation with customers. Achieving compliance demonstrates to the public that a fintech takes privacy seriously. And conversely, noncompliance can cause reputational damage at a crucial time in a fintech’s growth. Data privacy issues related to tech companiesAnupam Sahai, VP of security intelligence firm Cavirin, stated that the CCPA “is looking to stop companies that have been leveraging consumer information (sometimes without the consumer’s knowledge) to obtain financial benefit, which may not be aligned with the consumer’s understanding of the information usage. These types of organizations are: internet providers delivering value added via over-the-top (OTT) services (AT&T DirecTV, Verizon Oath, etc.); social media firms; advertisers; online retailers; and non-banks (fintech firms).” As noted by John Stephens of the American Bar Association, “The legislation specifically cites the March 2018 disclosure of the misuse of personal data by Cambridge Analytica. The legislation also references recent congressional hearings that followed which highlighted the fact that any personal information shared on the internet can be subject to considerable misuse and theft.” Since fintech has been identified as an industry of concern for data privacy, it will likely attract even greater scrutiny around compliance. Fintech needs to plan now for robust scalable solutionsPrivacy compliance touches on many aspects of a company’s operations, including data collection, storage and use. In order to achieve and maintain compliance as a company grows, fintech should consider automated, digital solutions. These solutions provide “privacy by design” that can scale up without sacrificing performance, and they offer better security and a lower total cost. Those solutions could include electronic identity verification, customer identity and access management, and platforms for sales, marketing and support. How the CCPA applies to fintech We’ve pulled out a few highlights from the CCPA that are particularly relevant to fintech. The definition of personal information goes beyond that of current state regulationsThe CCPA defines “personal information” as any information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This definition includes info such as the following: IP address Browsing history Search history Geolocation data The Data Protection Report noted that “By removing the name requirement and instead including specific data elements such as IP address, browser history and geolocation data as PI, the CCPA requires companies to reexamine how data is tagged and risks related to data is analyzed and mitigated.” CCPA does not override KYC and AML requirementsAs a state law, the CCPA does not take precedence over national laws like the Bank Secrecy Act (BSA) or the Patriot Act. If a company has obligations around notice and access under KYC/AML regulations, it must continue to meet them, even if they contradict the CCPA requirements. CCPA and GLBA have some overlap and exemptionsBoth acts address the handling of personal information, and the CCPA exempts some personal information that is subject to the GLBA, so they need to be considered together. This is yet another area that demonstrates the necessity of good compliance officers and lawyers. Importance of identity and age verificationGiven the sensitivity of financial accounts and information, fintech companies should make sure that they are verifying the identity of individuals who, for example, request that an account and data be deleted. The CCPA requires that businesses make a good faith effort to verify subject access requests, similar to the GDPR. Companies may also need to verify ages of consumers under 16 in order to make sure they are collecting the appropriate consent from parents. Given that the CCPA is not as complex or far-reaching as the GDPR, it could be an easier point of entry for U.S. fintech companies that haven’t been subject to stringent privacy regulations previously. Easier doesn’t mean easy, though, and starting now will help make sure that fintech companies properly protect customer data so they can continue to scale with confidence. Last month, we spoke to Amber Scott, founder and Chief Anti-Money Laundering (AML) Ninja at Outlier. Our latest installment features Susana Ponce-Froment, a former banker-turned-fintech leader. With 17 years of banking experience behind her, Susana wanted a change. Specifically, she wanted to modernize credit and risk management processes to give entrepreneurs faster financing solutions. To do so, she decided to make the jump to fintech three years ago and became the VP of credit at FundThrough, where she led the Credit Adjudication & Risk Management function. She has recently created her own consulting company, The Fintech Lab, to advise Fintech Risk Executives on best practices to automate the End to End credit process and Machine Learning/Artificial Intelligence credit modelling. She’s currently working as Executive Risk Advisor with iCreditWorks, an American FinTech firm that leverages mobile technology to transform point-of-care lending for health care patient. Susana holds a Bachelor of Science in finance and marketing from Montana State University (where she was also a Fulbright Scholar), and a Master of Business Administration in international business from the University of Kansas and CIMBA in Italy (where she was an alumni scholar). Keen to learn more about Susana, we spoke to her about everything from her foray into fintech, to her current goals, to who she looks up to within her industry. Trulioo: You’re somewhat of an expert when it comes to the banking sector — how did you find yourself landing a career in banking, and what it is about working in the sector that excites you? Susana: I started my career as a financial analyst working for the superintendent of the financial system in El Salvador. In that role, I had exposure to the global financial supervision framework launched by the Bank for International Settlements in Switzerland. This spiked my interest in global commercial banking, which drove me to get a job as head of the credit administration department in Citibank El Salvador. After working there for three years, I wanted to shift my career path to focus on credit analysis, so I quit my job to get an MBA in Italy. This experience triggered a 11-year career at Scotiabank in El Salvador and Canada. During those years, I worked with international and Canadian teams to grow corporate, commercial and retail lending portfolios and launch new retail lending products. What excites me about the financial products industry is the opportunity that fintech lenders and banks have to change the lives of entrepreneurs and individuals by offering loans, investments and cash management services. For example, working capital lines provide funding to start-ups to launch innovative products and to more mature companies to expand operations. This in turn, supports the life of thousands of employees. On the personal lending side, financial institutions can change the lives of entire families through the approval of a mortgage or a car loan. Trulioo: Can you tell us more about your transition into the world of fintech? Susana: While I was developing lending products for Latin America and the Caribbean at Scotiabank, my team and I researched innovation trends in lending products around the world. We were interested in the fintech sector and the automation of the loans’ adjudication to remove unnecessary delays in the funding process. That experience made me crave a firsthand experience in the fintech industry to enable me to shape the future of credit adjudication, risk management and lending modeling. To achieve that, I applied to a job as director of credit at FundThrough. In this position, I had the opportunity to revamp the credit team, design expert-based models to auto-adjudicate small and medium-sized business loans and launch, in collaboration with data scientists and data engineers, a machine learning model to auto-score the revolving facilities’ clients and assign credit limits. Trulioo: What are your current goals and initiatives? Susana: To collaborate with global banks to modernize lending through the automation of the credit processes, the implementation of data-driven decisioning engines and the streamlining of onboarding processes. Also, I’d like to enable innovators from different backgrounds to have a voice through the participation in a global lending innovation forum and in the future, create a digital bank for commercial clients to speed up the account opening processes and access to funding. Trulioo: What is the biggest challenge that women are currently facing within the tech industry? Susana: In my view, the biggest challenge is to become an authentic leader within a male-dominated field. As it happens in many other industries, women in tech have to learn how to be assertive without being perceived as aggressive; drive their careers without being perceived as selfish, lead teams without being perceived as pushy, among other behaviours. We invest valuable time strategizing to manage perceptions, which makes our career advancement more challenging. This is amplified when women are new in a society or industry and have a different cultural background. I am sure men also have their own challenges in the Tech industry, this is why I believe that women and men should collaborate to contribute to the success of their careers and the companies. Trulioo: If you gave a TED Talk about fintech (or banking), what would the title be? Susana: AI revolution led by TechFin companies and global banks in the financial industry. To learn more about Susana and keep up to date with what’s she doing, follow her on LinkedIn. If there’s a female trailblazer that you’d like to see featured in our Women in Tech blog series, please send your suggestions to [email protected]. Posts navigation Previous 1 … 5 6 7 … 79 Next
The global wave of increased privacy regulations hits California on January 1, 2020 when the California Consumer Privacy Act (CCPA) takes effect. The CCPA provides broad-reaching data privacy rights to California residents, and any for-profit business serving them must comply if it meets certain thresholds. Many fintech companies are already large enough to qualify (they have $25M in annual gross revenue or 50K California customers) or have plans to grow to that size. Big Tech companies like Facebook and Amazon that are eyeing the financial services sector also fall into this category. For the hundreds of fintech companies doing business in the Golden State, this may be their first encounter with privacy compliance. If their customer base is confined to the U.S., they aren’t subject to the EU’s General Data Protection Regulations (GDPR), which European and global corporations have been grappling with since May 2018. They may also not be subject to national banking regulations like the Gramm-Leach-Bliley Act (GLBA). So the moment has arrived for fintech to come to terms with privacy compliance. Why does CCPA compliance matter to fintech? The CCPA has a number of implications that should make fintech companies sit up and pay attention. The consequences of noncompliance can be costlyThe CCPA includes provisions for fines of $2,500 per unintentional violation and $7,500 per intentional violation, per customer affected. Consumers affected by data breaches can also sue companies if the stolen data was not encrypted or redacted before the breach, with awards of $750 per customer. Fines under the GDPR have been relatively modest to date, but indications are that the CCPA will be rigorously enforced. The law firm Cooley speculated that there is a high risk of enforcement by an experienced attorney general and plaintiffs’ bar. Compliance increases customer trustFintech companies are playing catch-up to established financial institutions (FIs) when it comes to earning a trusted reputation with customers. Achieving compliance demonstrates to the public that a fintech takes privacy seriously. And conversely, noncompliance can cause reputational damage at a crucial time in a fintech’s growth. Data privacy issues related to tech companiesAnupam Sahai, VP of security intelligence firm Cavirin, stated that the CCPA “is looking to stop companies that have been leveraging consumer information (sometimes without the consumer’s knowledge) to obtain financial benefit, which may not be aligned with the consumer’s understanding of the information usage. These types of organizations are: internet providers delivering value added via over-the-top (OTT) services (AT&T DirecTV, Verizon Oath, etc.); social media firms; advertisers; online retailers; and non-banks (fintech firms).” As noted by John Stephens of the American Bar Association, “The legislation specifically cites the March 2018 disclosure of the misuse of personal data by Cambridge Analytica. The legislation also references recent congressional hearings that followed which highlighted the fact that any personal information shared on the internet can be subject to considerable misuse and theft.” Since fintech has been identified as an industry of concern for data privacy, it will likely attract even greater scrutiny around compliance. Fintech needs to plan now for robust scalable solutionsPrivacy compliance touches on many aspects of a company’s operations, including data collection, storage and use. In order to achieve and maintain compliance as a company grows, fintech should consider automated, digital solutions. These solutions provide “privacy by design” that can scale up without sacrificing performance, and they offer better security and a lower total cost. Those solutions could include electronic identity verification, customer identity and access management, and platforms for sales, marketing and support. How the CCPA applies to fintech We’ve pulled out a few highlights from the CCPA that are particularly relevant to fintech. The definition of personal information goes beyond that of current state regulationsThe CCPA defines “personal information” as any information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This definition includes info such as the following: IP address Browsing history Search history Geolocation data The Data Protection Report noted that “By removing the name requirement and instead including specific data elements such as IP address, browser history and geolocation data as PI, the CCPA requires companies to reexamine how data is tagged and risks related to data is analyzed and mitigated.” CCPA does not override KYC and AML requirementsAs a state law, the CCPA does not take precedence over national laws like the Bank Secrecy Act (BSA) or the Patriot Act. If a company has obligations around notice and access under KYC/AML regulations, it must continue to meet them, even if they contradict the CCPA requirements. CCPA and GLBA have some overlap and exemptionsBoth acts address the handling of personal information, and the CCPA exempts some personal information that is subject to the GLBA, so they need to be considered together. This is yet another area that demonstrates the necessity of good compliance officers and lawyers. Importance of identity and age verificationGiven the sensitivity of financial accounts and information, fintech companies should make sure that they are verifying the identity of individuals who, for example, request that an account and data be deleted. The CCPA requires that businesses make a good faith effort to verify subject access requests, similar to the GDPR. Companies may also need to verify ages of consumers under 16 in order to make sure they are collecting the appropriate consent from parents. Given that the CCPA is not as complex or far-reaching as the GDPR, it could be an easier point of entry for U.S. fintech companies that haven’t been subject to stringent privacy regulations previously. Easier doesn’t mean easy, though, and starting now will help make sure that fintech companies properly protect customer data so they can continue to scale with confidence.
Last month, we spoke to Amber Scott, founder and Chief Anti-Money Laundering (AML) Ninja at Outlier. Our latest installment features Susana Ponce-Froment, a former banker-turned-fintech leader. With 17 years of banking experience behind her, Susana wanted a change. Specifically, she wanted to modernize credit and risk management processes to give entrepreneurs faster financing solutions. To do so, she decided to make the jump to fintech three years ago and became the VP of credit at FundThrough, where she led the Credit Adjudication & Risk Management function. She has recently created her own consulting company, The Fintech Lab, to advise Fintech Risk Executives on best practices to automate the End to End credit process and Machine Learning/Artificial Intelligence credit modelling. She’s currently working as Executive Risk Advisor with iCreditWorks, an American FinTech firm that leverages mobile technology to transform point-of-care lending for health care patient. Susana holds a Bachelor of Science in finance and marketing from Montana State University (where she was also a Fulbright Scholar), and a Master of Business Administration in international business from the University of Kansas and CIMBA in Italy (where she was an alumni scholar). Keen to learn more about Susana, we spoke to her about everything from her foray into fintech, to her current goals, to who she looks up to within her industry. Trulioo: You’re somewhat of an expert when it comes to the banking sector — how did you find yourself landing a career in banking, and what it is about working in the sector that excites you? Susana: I started my career as a financial analyst working for the superintendent of the financial system in El Salvador. In that role, I had exposure to the global financial supervision framework launched by the Bank for International Settlements in Switzerland. This spiked my interest in global commercial banking, which drove me to get a job as head of the credit administration department in Citibank El Salvador. After working there for three years, I wanted to shift my career path to focus on credit analysis, so I quit my job to get an MBA in Italy. This experience triggered a 11-year career at Scotiabank in El Salvador and Canada. During those years, I worked with international and Canadian teams to grow corporate, commercial and retail lending portfolios and launch new retail lending products. What excites me about the financial products industry is the opportunity that fintech lenders and banks have to change the lives of entrepreneurs and individuals by offering loans, investments and cash management services. For example, working capital lines provide funding to start-ups to launch innovative products and to more mature companies to expand operations. This in turn, supports the life of thousands of employees. On the personal lending side, financial institutions can change the lives of entire families through the approval of a mortgage or a car loan. Trulioo: Can you tell us more about your transition into the world of fintech? Susana: While I was developing lending products for Latin America and the Caribbean at Scotiabank, my team and I researched innovation trends in lending products around the world. We were interested in the fintech sector and the automation of the loans’ adjudication to remove unnecessary delays in the funding process. That experience made me crave a firsthand experience in the fintech industry to enable me to shape the future of credit adjudication, risk management and lending modeling. To achieve that, I applied to a job as director of credit at FundThrough. In this position, I had the opportunity to revamp the credit team, design expert-based models to auto-adjudicate small and medium-sized business loans and launch, in collaboration with data scientists and data engineers, a machine learning model to auto-score the revolving facilities’ clients and assign credit limits. Trulioo: What are your current goals and initiatives? Susana: To collaborate with global banks to modernize lending through the automation of the credit processes, the implementation of data-driven decisioning engines and the streamlining of onboarding processes. Also, I’d like to enable innovators from different backgrounds to have a voice through the participation in a global lending innovation forum and in the future, create a digital bank for commercial clients to speed up the account opening processes and access to funding. Trulioo: What is the biggest challenge that women are currently facing within the tech industry? Susana: In my view, the biggest challenge is to become an authentic leader within a male-dominated field. As it happens in many other industries, women in tech have to learn how to be assertive without being perceived as aggressive; drive their careers without being perceived as selfish, lead teams without being perceived as pushy, among other behaviours. We invest valuable time strategizing to manage perceptions, which makes our career advancement more challenging. This is amplified when women are new in a society or industry and have a different cultural background. I am sure men also have their own challenges in the Tech industry, this is why I believe that women and men should collaborate to contribute to the success of their careers and the companies. Trulioo: If you gave a TED Talk about fintech (or banking), what would the title be? Susana: AI revolution led by TechFin companies and global banks in the financial industry. To learn more about Susana and keep up to date with what’s she doing, follow her on LinkedIn. If there’s a female trailblazer that you’d like to see featured in our Women in Tech blog series, please send your suggestions to [email protected].