Medici and EY recently released a new analysis of the RegTech market. They identified the top 21 companies offering innovative Regtech solutions across different regions (EMEA, APAC, Americas) and segments. The report provides a detailed overview of the ecosystem and the industry.
Seven RegTech verticals are outlined in the report, including AML/CF, Digital Identity Customer Onboarding and KYC, Compliance Management, Regulatory Change Management, Market and Trade Surveillance, Regulatory Reporting, and Risk Management. Each vertical features a matrix mapping the positioning of various regtech companies according to four quadrants — contenders, aspirants, big disruptors, and incumbents.
Blinking was selected as one of the top 21 RegTech companies and as an aspirant within the Digital Identity, Customer Onboarding, and KYC vertical. Aspirants are defined in the report as:
“Companies in this quadrant have started their growth journey in the market. The solutions of these companies use commonplace technologies and are being adopted by a limited number of companies and markets.”
You can see the Digital Identity quadrant featuring Blinking below.
Digital Identity, Customer Onboarding and KYC vertical in which Blinking is placed is defined as through collection and processing of necessary information for customer onboarding, also for the purposes of KYC and Anti-Money Laundering (AML). Alongside this, we would ourselves also outline — the creation of verified or verifiable credentials for various purposes and digitization of customer experience in various segments and industries.
Joint conclusion by Medici and EY is that the need for innovative solutions capable to tackle regulatory complexity is clear and drive by the increasingly complex regulatory environment, especially in financial services organizations, which in turn has created the need to find more efficient ways to comply. Both costs and penalties are increasing while RegTech solutions offer a clear reduction in manual efforts and an increase in annual savings. RegTech is a constantly growing (and global) market with an estimated value of 55.28B by 2025 as mentioned in the report.
The full report can be downloaded here.
If you are looking to digitize your customers’ onboarding experience or establish and provide secure identity verification and authentication services feel free to reach out to us.
How we protect our private data became one of the most important questions. One could argue that this was the case for quite some time. The issue of privacy, freedom, and the degree of state interference with our everyday lives remains the primary topic of discussions, science-fiction novels, and TV shows. The global crisis we are facing is an unprecedented challenge for governments around the world. Challenging times are used to justify and bring about extraordinary government measures like mass surveillance and other forms of infringement on hard-won freedoms and rights. Whatever scenario occurs in the end, it seems nonetheless that many elements of our lives are moving to the digital and online sphere.
During this global pandemic, we saw how many aspects of our lives could be easily moved online. We have already been shopping online for some time now. It seems yet, that education, medicine, work, and even some types of entertainment we could never think of going online actually all can. It will be hard to argue against homeschooling or at least providing a choice and infrastructure for online primary and secondary education very soon. Skyrocketing college tuitions could be drastically lower if there is no need for the campus, dorm rooms, or physical books, etc. It’s nearly a sure bet that many universities will enable entire curriculums to be completed remotely. Telemedicine has been side-lined for some time now, but out of necessity, we could see a rapid expansion of this field of medicine in the near future. Although there certainly are jobs that cannot be done remotely, many people felt the strong appeal of remote work. It seems meetings could have really been an email. Lastly, older generations might find it odd but for the youngest generation, it was normal and immersive enough to attend the first fully digital musical concert by Travis Scott in the game Fortnite, drawing 12 million individuals.
Travis Scott’s performance during the live ‘Fortnite’ event by Epic Games
An essential part of our everyday life, interactions, and transactions that make up all of our activities, in fact, the basis for most, is our identity. Yet, until something bad happens we don’t really pay much attention to the way we identify ourselves. This makes sense since until very recently, the entire world relied on physical presence and documents. However, if we are to move segments of our life to the digital environment two aspects of this process seem essential. Data breaches and identity thefts must become something we hear less and less about, or in other words security and privacy of those massive amounts of data should be indisputable. On the other hand, future digital identification solutions and systems have to be simple and easy to use. Customers don’t want anything other than frictionless solutions. Perhaps our expectations have grown with the science-fiction movies portraying situations in which people don’t need to do anything for doors to magically unlock, cars to identify their owners and payments to be processed using non-invasive DNA scan. It does make sense to develop systems in the direction of fully personalized, non-invasive, seamless, and instant identification.
We have witnessed how in times of crisis, people around the world are clearly a lot more open to solutions that usually raise concerns like biometric and location tracking solutions. Until we get to that high-tech Westworld-like future there are numerous hurdles along the way and questions that need to be addressed.
Caleb and Dolores in ‘Westworld’ season three, episode four: ‘The Mother of Exiles.’
What makes a good ID solution?
Key questions are about data privacy, data ownership, and control, scalability, transition from the current state of affairs, and perhaps most importantly development of the most intuitive solution for the user. Everyone developing any product whatsoever knows that burdensome or difficult to use solutions tramp the noblest motives and achieve nothing. Yet in a survey by Gemalto, in which 41% of users said they declined using 2FA, 71% also stated how they would definitely part ways with a company that experienced a data breach. Talk about a dealbreaker.
In their report “Digital Identification: A key to inclusive growth” from 2019, McKinsey identified four attributes as essential for a “good” digital identity scheme.
- Verified and authenticated to a high degree of assurance: designed to meet the needs of both the public and private sectors.
- Unique: “an individual has only one identity within a system, and every system identity corresponds to only one individual”
- Established with individual consent: customers and users knowingly opt-in to use the digital ID and always have the knowledge of which private data is used and for what purpose.
- Protects user privacy and ensures control over personal data: security of private user data is of the utmost importance, but the other important aspect also is giving the ownership and control over who can access their data to users.
In their “Rediscovering Your Identity” report Deloitte also identifies attributes that would define successful digital identity schemes:
- Safe — guarantees security, privacy, and compliance
- Flexible — works across multiple platforms (on-premise and cloud), systems, and devices
- Agile — can quickly adapt to changing end-user needs, new applications, and IT requirements
- Scalable — can conform to different business needs and the possible surge of users during for example acquisitions
- Open — built to accommodate different types of users and not only consumers but employees, contractors, etc.
- Private — gives users control over their private information and knowledge of how it is used
- Frictionless — provides a seamless and simple experience for both users and administrators
- Resilient — built to overcome potential tech disruptions or cyber threats both on-premise and in the cloud.
Boston Consulting Group suggests five “pillars” of a robust identity solution. Their primary take is that any such solution should be built around actual customer behavior. This is what is meant when there’s an emphasis to develop a frictionless and seamless solution. As with every other digital solution, the essential element is its usability.
“Digital identity is a fast-moving space in which technologies, data, rules, and preferences are in constant flux. But one thing is certain: the most successful solutions will provide a user experience that’s tailored to how consumers are actually likely to behave. For providers, that means designing solutions with the consumer’s perspective — and preferences — always top of mind. It also means utilizing data, technological capabilities, and processes in a holistic way, investing in and applying the mix that simplifies yet enhances authentication. This kind of seamless, secure identity solution will be a boon for consumers and businesses — and a bane for fraud.”
What is IDaaS?
Cloud computing has been around for some time now. Today the technology is used for everything from email, storage to entertainment. Google Drive, Facebook, and Netflix are all cloud solutions. Gaming is also moving to the cloud. The approach offers many advantages, like a higher degree of security, flexibility, cost savings, and mobility, to name a few. Why not move Identity and Access Management (IAM) services to the cloud as well and how come that isn’t already the case? If we continue shifting large parts of our lives online, the necessary prerequisite to securely establish the way we identify ourselves should be there on the firm ground. There is now a growing number of companies working on this goal, as providing digital solutions as a cloud service offers various advantages over traditional approaches.
IDaaS is an acronym for Identity-as-a-Service, and it refers to identity and access management services that are offered through the cloud or SaaS (software-as-a-service) on a subscription basis. Service and infrastructure for it are built, hosted, and managed by a third-party service provider. Before cloud services, the focus was primarily on perimeter security and keeping the bad players with the help of passwords, firewalls, and VPNs. Moving to a subscription and service-based economy built on cloud technologies the essential difference in approach was in mobility and accessibility. From that moment all of our favorite music, videos, tv shows, ebooks, and games could be accessed from anywhere and from any device with the right credentials.
The Cloud era brought about two things. Data storage and processing infrastructure had to become decentralized raising new concerns regarding data security and in turn regulation of data privacy. IDaaS addresses these very concerns. Instead of dealing with data security and regulatory compliance, it relieves organizations of these concerns to focus and work on their key business competencies and products. IDaaS providers in turn deal primarily with these very issues, relying on expertise, skills, and experience developed in a niche area of security and identity.
IDaaS brings several key new functionalities to organizations that opt for third-party solutions:
- Multi-factor authentication (MFA): Username and password turned out to be inadequate in securing ever-increasing amounts of data with breaches happening every now and then. It also occurred that it’s becoming a daunting task for users to maintain hundreds of credentials. Instead, stronger protection which provides users with a choice of combination criteria is necessary to protect sensitive information while restoring users’ trust. In order to verify the identity of users MFA relies on different combinations of:
- Something that the user knows — a password or a pin
- Something that the user has — a smart device
- Something that the user is — a unique representation of a person’s identity such as a fingerprint, facial, or retina scan.
For securing data and providing users with more seamless access, biometrics are the necessary element. Alongside creating another layer of security, biometric authentication is definitely far more simple and intuitive to use for the end-user.
- Single-Sign-On (SSO): It allows users to sign only once to a number of products or services offered by an organization without repeating the login process. In addition, in the case of a network of businesses in some federated identity management scheme or a consortium, customers can rely on any of the offered services.
- Access management and control: Enables assigning access privileges to digital identities depending on attributes, roles, and responsibilities. It also provides users with a consent mechanism to decide on assigning or revoking access to their digital identity or particular information.
- Identity management: Keeping track of users and access privileges as well as private information associated with a particular user. It provides organizations with information on customers and collected private data.
- Monitoring, Auditing, and Reporting: Provides organizations with knowledge of how resources are being used, whether there were unauthorized attempts to access, report on patterns, and create intelligence reports about their user base.
IDaaS also provides organizations with business benefits:
- Responsibility outsourcing — businesses can rely on expert IDaaS providers to deal with private data storage and security in turn providing businesses with more time to focus on their products and services.
- Creation and deployment of new services — instead of dealing with numerous questions and issues regarding customer’s accounts and data upon the launch of some new service, the businesses can connect them as well to the IDaaS platform. This can drastically speed up time to market new services while reducing risk.
- Regulatory compliance — in the same way, they outsource responsibility for storage and security, they can leave their regulatory compliance worries to experts focusing on these matters as part of their product.
- Creating partnership services or loyalty programs — it’s not only easier but actually possible to bundle different services together or extend SSO capability to partner services which would be nearly impossible with legacy systems.
- Faster implementation — since IDaaS is a cloud-provided service, infrastructure, and software updating concerns are left to the provider. In the same manner, the service is available as soon as the initial setup is done and implementation requires creating a new instance and configuring particular business rules.
- Increase security — most of the IDaaS solutions rely on end-to-end encryption while also providing MFA or SSO functionalities. Data security is in turn improved on both the business and user interface.
- Lower costs with various subscription models — instead of a licensing deal, pay-per-user schemes can provide businesses with greater control over their costs. It can eliminate any upfront costs which can be very high in the case of legacy IAM software.
At Blinking, we’ve been focusing on developing identity and access management solutions by relying on the benefits of blockchain technology. This approach enabled us to create a platform that can facilitate the creation of various identity management schemes depending on the business needs ranging from internal, federated, private, and public ones. Our product architecture built on privacy-by-design and security-by-design principles address all of the attributes of the aforementioned expert consultancy companies. We go step further in enabling a new generation of IDaaS solutions that rely on a unique way that digital identity is handled, combining multi-factor authentication with a secured portfolio of certified personal documents issued by trusted parties (e.g. government, bank, insurance, hospital,…). The system fully protects the privacy of users. Implementation of biometric authentication is realized in a unique way since users control their biometric data while services or businesses do not have access to it, but raise a challenge to check and access the users’ identity. The primary benefit of the fact that the system relies on blockchain technology is that biometric algorithms are run on the blockchain network, using smart contracts and executed by multiple network members, which increases the degree of trust, transparency, and outcome of the authentication. Additionally, since each authentication represents a transaction on the network, it is permanently stored on the blockchain and immutable. Our MFA, SSO, KYC, and Digital onboarding solutions all utilize our unique approach to digital identity and the way sensitive, private information is handled.
Businesses can tailor their user experience according to specific needs. There is no more a single way of verifying user identity while organizations can open new services on the go, instantly with just a few clicks.
We were part of this year’s invite-only Regtech Festival organized by Accenture! Miloš and Miroslav used this opportunity to present our product and all the components to Accenture leadership, partners, and companies looking for innovative and commercial approaches for their business cases.
Our focus was to present most of the Blinking product capabilities. In line with the idea behind the event, we presented a demo of our mobile app for digital onboarding using OCR scan, biometric liveness check, and digital document verification after which digital identity is created. Our platform was connected with a service to showcase and perform an age check, with the user providing only certain private info. Demo also included a segment in which Miloš and Miroslav showcased how Blinking is connected with a bank. Providing an overview of how the KYC procedure is performed, they gave an example of a customer receiving a loan from a different bank using our KYC and multi-factor authentication (MFA) platform.
We want to thank Accenture for this opportunity to present Blinking at their digital hub.
RegTech100 is an annual list of 100 of the world’s most innovative RegTech companies selected by the RegTech100 organization. Their annual lists draw attention from banks and other financial institutions.
The list for 2020 has been updated to recognize the next-generation solution providers shaping the future of compliance, risk management, and cybersecurity industries.
We’re proud to be included in the 2020 list and to receive recognition in developing Blinking. You can find the 2020 list of the most innovative RegTech companies as well as some detail in the report at the link: https://fintech.global/regtech100/
We are very proud that Blinking was selected as the innovative startup venture for the year 2019 by the Computer science society of Serbia. On behalf of our company, colleagues Ivana Jovičić and Mladen Tušup accepted the IT award for outstanding contribution in developing computer science.
Computer society of Serbia annually awards plaques for outstanding contributions in the field of computer science. Each year there are three categories:
- Innovative startup achievement
- Developed and applied IT product or digital service
- Published scientific paper
Each category had several applicants and a jury of longstanding members of the Computer Society of Serbia and University professors decided on the award based on the quality of application, proprietary documentation, and presentation.
After the discussion and selection procedure, winners were awarded the plaques and recognition in the Chamber of Commerce and Industry of Serbia. We are honored to be represented by Ivana and Mladen on this occasion. The President of the Computer Society of Serbia handed them the award.
For the second year in a row, we attended the BankInfo conference organized by the Association of Serbian Banks. BankInfo is an annual gathering of all the key stakeholders from public institutions, banks and other financial institutions, IT companies, and academia with interest in the financial sector in Serbia. 26th BankInfo had the goal of providing the latest information about technology achievements and topics from the banking world with the participants. Likewise, the goal was to explore and consider improvements of the legal framework in which the banking sector operates. The conference was organized at the Grand Hotel Kopaonik between 9th and 11th October. Key topics were digital banking, payment systems, IT, information, and cybersecurity.
Miloš with the Secretary-General of Association of Serbian banks
We had the pleasure of having the opportunity to host two panels on two separate days. Our founders Miloš and Miroslav represented our technical solutions and held the panels in front of a large audience of participants.
Miloš hosted the first Blinking panel “Account transfer: New service on our market” during which he presented a technical solution we developed to tackle the requirements and obligations resulting from the changes and amendments to the Law on payment services in the Republic of Serbia. These changes stipulated that the subjects providing the payment services are obliged to provide citizens with an easy, simple, fast, and informative way of transferring their checking or savings account to any bank on the market. The sudden changes to the law that were added caught many off guard, while we saw an opportunity to create and develop a technical system providing and automating the required service and were actively doing so for some time now.
Miloš giving a talk about the account transfer service
Together with the Association of Serbian banks, we worked on developing the system for a little over a month, taking into consideration all the requirements resulting from both the Law on payment services and Law on the protection of private data. Association of Serbian banks would be the provider of the service of account transfer while our company would be the technical provider of service.
Focus on the PoC with ASB and Serbian banks
To reach the production phase, two phases need to be completed successfully: The proof of concept phase and subsequently the Pilot phase. We’ve had a big interest in the Proof of Concept phase with six banks from the Serbian market joining the PoC. Together with ASB we defined the test scenarios covering the possible situations, and are working on establishing network communications to start testing the system as soon as possible. The proof of concept phase is being conducted in a closed environment with secure connections and fake data. As agreed, banks were to delegate one employee in charge of project coordination. The focus of Miloš’s talk was on these issues while providing also an overview of the graphical interface for the system.
Miroslav providing an overview of problems surrounding the current approach to digital identity
On the 2nd day, Miroslav held the talk “Digitization of financial market: Digital identity” in which he approached and tackled many issues that led us to the development of Blinking. Namely, he touched upon the key problems surrounding digital identity up until now from the problems of identification by institutions, those surrounding privacy, and personally identifiable information, and especially focusing on security and our approach that until now resulted in always relying on the more simple identity checks rather than those which are more secure.
“If we are to move most of our activities from the physical to the digital world, establishing digital identity is necessary. However, since online tech enables us to create a lot more connections, the possible ramifications on our private data grow immensely. That is why we need to establish what we call Strong Customer Authentication, representing at the same time combination of something the user knows, has, and is. Each user should always have control of his own private data. Each user should give consent to private data access and sharing while retaining the right to be forgotten and the option to delete the data if deemed necessary. We consider private data to be very sensitive, that service providers should protect it with the highest possible degree of protection, and access to it should be highly secure. At the same time, we still use the most simple identity checks, smart cards are becoming obsolete, we keep and even write down passwords, keep our phones unlocked, not to mention the small population of people using 2FA. For a truly secure, reliable, and usable digital identity, we should explore adopting a solution that provides the balance of all the aforementioned factors.”
The second part of Miroslav’s talk was on the approach that we adopted in developing Blinking. Namely, creating trusted identity networks which should connect public and private institutions in a single, common, digital ecosystem for the exchange of data and documents which enables the end-users ie. citizen to create a digital identity to own and control their private data in a secure and safe manner.
We already touched upon the product we were developing in our previous blog posts and articles. In short, he talked about an overall solution for user identification (authentication) and access authorization that also provides a KYC utility for private data sharing with consent and secure storage of that private data. Our solution is SCA (Strong Customer Authentication) which means it is based on something the user KNOWS, HAS, and IS (biometrics) ie. user identity confirmation and authorization are based on creating a digital representation of a real person. After a brief talk on system functionalities and particular product features, Miroslav moved on to the approach we developed for digital onboarding in the financial system with the possible inclusion of any retail industry citizens rely on.
Lastly, he wrapped up his talk with the basic information as to why we relied on blockchain technology in creating our solution, the benefits and functionalities enabling us to create a true digital identity, and overall more secure way of accessing various services we need in our each and every day.
Last month Blinking had the pleasure of being the sponsoring partner of the “Digital Banking” conference in Serbia organized by Adria Media Group. The event was co-sponsored by The Ministry of Finance of the Republic of Serbia and the National Bank of Serbia.
The main purpose of the conference was to initiate the discussion about the digitization of services offered by the banking industry between all the key stakeholders in Serbia from state officials and representatives of institutions, organizations, companies, and the media.
Serbia’s Minister of Finance gave the opening remarks and talked about the current development and the state of economic affairs in Serbia. His emphasis was also on the importance of the innovation and digitization of banking services as one of the pillars of Serbia in the coming years. He also mentioned the need for further consolidation of the financial market.
Vice-governor of The National Bank of Serbia Dragana Stanić and advisor for the digitization of the Government of Serbia Nenad Paunović joined the opening remarks. Vice-governor emphasized the support and devotion of The National Bank of Serbia to innovation and digitization as one of its key priorities, while the Government’s advisor expressed his pleasure that there are more startups from Serbia developing fintech solutions.
The event was divided into two panels:
- Client onboarding in digital banking
- Leaders of digitization in banking discuss future trends and the new era
Blinking COO and co-founder Miloš Milovanović participated in the first-panel discussion alongside Vice-governor Stanić, Srđan Zec, IT and digital banking advisor of the Association of Serbian Banks, and Prof. Ismail Musabegović from the Belgrade Banking Acadamy.
Miloš talked about the basics and potential of blockchain technology as well as some of the illusions people have about it. However, his main emphasis was on the key issues we focused on during the development of Blinking. He also talked about how Blinking can provide an entirely new banking experience for people in Serbia in their everyday interactions with financial institutions. The key needs to be fewer and fewer interactions and administrative burdens for citizens, which is not that hard to achieve by employing the right technologies. He especially remarked how there is a clear need to start creating new trends instead of always following them.
Panelists on the second panel were representatives of banks that are currently leading the race in the digitization of banking services, offering better or entirely new user experiences to the end-users — the citizens. Representatives of Raiffeisen bank, Société Générale bank from Serbia, Telenor bank and Direktna bank all exclaimed their devotion and readiness to innovate and improve their services through further digitization.