Tests have shown that 56% of the mobile app back ends have serious misconfigurations or privacy issues related to SSL/TLS.
62% of Fintech's main website failed the Payment Card Industry Data Security Standard (PCI DSS) compliance test.
64% of Fintech’s main website failed GDPR Compliance assessment.
Fintech companies are becoming subject to regulatory requirements like any other technology-led subjects that create regulatory issues.
They are subject to the same rules as traditional institutions that provide financial services. Fintech companies should be compliant with all anti-money laundering, data protection, and know-your-customer rules according to their activities.
In the European Union, payment services are regulated by the Payment Services Directive 2 (PSD2), and alternative finance firms engaged in the trade of transferable securities are subject to the Markets in Financial Instruments Directive (MiFID).
There are also laws and regulations not specific to financial services but which Fintechs are subject to, such as the EU General Data Protection Regulation.