Sensitive Matters: Data & Legislation - Part 1

by Pablo Reyes on Nov 14, 2017

Proper management of personal information has been a topic of discussion since the 1970s, leading to comprehensive information safety laws in over 80 countries and to the creation of public institutions dedicated to safeguarding privacy rights. In recent years, however, the rise of alternative finance or “FinTech” companies has disrupted this tightly guarded space, raising an entirely new set of concerns due to their occupation of a regulatory “grey area”.

So what kind of regulatory environment is needed specifically for FinTech, and what could it look like? Understanding the current regulatory situation makes for clearer perspective, not only to encourage consumer trust in FinTech, but also when it comes to influencing the direction policymakers take and what can be expected from the rise of FinTech in the coming years.

Are we ready?

Are governments, banks, and users ready to embrace a sea of change in how we deal with financial information? In Europe, it wasn't until 2012 that a new legislation (General Data Protection Regulation), focused on new technologies, was created to replace the old one from 1995 (which wasn't as solid or complete and ended up being applied differently by every country). 

Finding a balanced tradeoff between the privacy we need and the benefits of less-trusted entities is not a simple task, and that’s why individuals and companies from a range of industries (finance, law, technology, etc) are working to create legislative and technological frameworks that are both secure enough for the end user, and accessible enough to facilitate innovation. 

The adaptation of payment cards (credit, debit, etc) took decades to consolidate as an even safer payment method than cash. Fortunately, things move faster nowadays and we won't need decades: startups and now consolidated companies have been far quicker in identifying new opportunities that arose with the boom of Big Data, open APIs, etc than governments and old financial institutions.  So, what are the differences on an international scale?


Europe is aware that they need to make changes, and is pushing for change in their data protection policies (Why do we need an EU data protection reform?) as we mentioned before, but it's basically the United Kingdom who is leading the race to both build and regulate FinTech. They plan to become the Global Center of Financial Innovation by approving measures to support the growth of the country's FinTech sector.

Legislation doesn't have to mean limitation.  Many regulations are in fact facilitators of innovation, as the UK has proved by implementing several groundbreaking measures.

Here are just a couple of examples:


The principal aim of this programme is to make sure that users have an easy way to obtain the data that companies (energy, personal current accounts, credit cards and mobile phones) store about them in a machine-readable and reusable format. This would allow users to download a CSV of all their bank transactions and then upload it to a third-party service that would recommend the best bank for his particular behaviour. 

"Midata for personal current accounts – To improve switching, the government announces a new commitment from the major providers of current accounts. This means that personal current account customers will be able to access transactional level data on their account, in a standardised and downloadable format, which can be used in comparison tools. The data will be available by the end of 2014"

HM Treasury at Budget 2014: 2.230


In 2014, the HM Treasury held a consultation which objective was "increasing access to credit data on small to medium sized enterprises (‘SMEs’) in order to stimulate competition in the SME lending market.". This reform tried to improve the quantity and quality of credit data that was shared by CRAs, what would result in better information that would be accesible by young companies offering credits, for example.

"The intention of these guidelines is to ensure that all companies that use and/or subscribe to shared data do so on a reciprocal basis so that ‘“subscribers receive the same credit performance level data that they contribute, and should contribute all such data available”.

- HM Treasury in Competition in banking: improving access to SME credit data

And in the USA?

Things move more quickly in the USA as a general rule, but not because their regulatory structure is simpler. Several agencies supervise financial institution at the federal level:

  • Comptroller of the Currency (OCC)
  • Federal Deposit Insurance Corporation (FDIC)
  • Federal Reserve Board (FRB)
  • Consumer Financial Protection Bureau (CFPB)
  • National Credit Union Administration (NCUA)

And then each state has their own regulations. The State of California was the first state to legally approve the use of Bitcoin and other types of currencies.

"Existing law prohibits a corporation, flexible purpose corporation, association, or individual from issuing or putting in circulation, as money, anything but the lawful money of the United States.
This bill would repeal that provision."

the case of CANADA

Noteworthy for having opened the world's first publicly available bitcoin ATM (Robocoin at Waves coffee shop in downtown Vancouver), Canada is following in close step to the UK and US approach to "light-touch regulation" when it comes to FinTech innovation. Although Bitcoin ATMs are not yet regulated in Canada, regulations have been officially proposed for exchangers of bitcoin as of mid-2014. More recently (June 2015), the Canadian Senate Banking, Trade and Commerce Committee issued a report encouraging a "hands-off" approach to regulating digital currencies, calling for the Minister of Finance to work with banks in order to "find solutions for the lack of access to banking services for digital currency-related businesses." 

More information here

What's coming next?

Once technology is good enough to provide secure access to information and legislation is flexible and solid enough to set the limits, financial institutions will need to adapt their internal rules and processes to prevent any possible breaches, or at least be ready to act quickly. Right now, 1 in 3 banks don’t require Third-Parties to alert them of breaches

Access to sensitive data has its risks, but technology and legislation are both evolving (though at different paces) to deal with it in a secure way. The benefits that can be obtained from FinTech are huge, and if the regulations and technologies behind this emerging field are able to ensure the necessary levels of security and trust, we may be on the cusp of a true revolution in the financial industry, which may set a precedent for change in other traditional sectors. 


It's time for regulators to review the laws that were created in a very different time and adapt them to the digital world we live in today, so the financial sector is not left behind in the race that many other industries started years ago.



If you are interested in finding out how Strands can help your bank, or if you would like to get a Free Demo of our AI-powered Financial Management solutions, please fill out this form and one of our Sales Reps will get back to you as soon as possible.


Request A Demo

Pablo Reyes
Pablo Reyes

Super-motivated developer who doesn't have the time to learn all the things he wants. Experience ranges from C to Javascript to C++, C#, Java, Python & PHP.

Get Our Newsletter

Subscribe to our exclusive weekly newsletter to stay up to date on
FinTech trends, insights, and analysis