SME lending faces numerous challenges in today's fast-evolving digital landscape. Data compliance is one of them – often intricate and complex, requiring SME lenders to navigate through a web of legal requirements. So, how do SME lenders stay data compliant? To shed light on this, we reached out to Marnix de Lange, Head of SaaS at Five Degrees, who shared the crucial efforts taken to enable compliance for SME lenders when utilizing their core banking solution, °neo.
What's the first thing that comes to mind when considering data compliance for banks and lenders?
Obviously, the General Data Protection Regulation (GDPR) which safeguards personal information in the European Union. All EU countries have adopted this regulation. Next to GDPR, these countries also establish other requirements that lenders and SaaS providers like us have to meet.
As a SaaS core banking provider, we help facilitate compliance for our banking and lending customers by providing systems that ensure data confidentiality and availability. Here, it's important to note that all bank data stays with the lender— by law, we're not allowed to see it. Any deviations from this rule must be clearly defined and documented in advance in data processing and service level agreements (SLAs).
Can you expand more on how °neo ensures the confidentiality and availability of data?
We strictly adhere to the Confidentiality, Integrity, and Availability (CIA) information security model. This model ensures information is solely accessible to authorized individuals, that data is accurate and consistent, and can't be altered by anyone without authorization. It also provides available information when and where needed so that services can run smoothly.
Moreover, we adhere to the ISAE 3402 control framework, which is externally audited to validate we are following through on our commitments. This means our control processes are up to date, and our data is safe. Further, we also count with an extensive auditing database where we store all the audit data. This way, we can trace what's happening within our system and which user or service authenticated a request. Thus, if a customer wants to investigate an event, we can export the data sets, or we can investigate them. We have data exit plans to give our clients even more assurance. The regulator requires these for SaaS providers when we are no longer in business. Our customers will always be able to get their data out of our systems.
Within °neo, clients can also ensure that their data is secured, as we encrypt it and create a key for clients— no one can access it even if there is a breach. This high-security standard is a given for us, offering clients peace of mind.
Besides security frameworks and audits, how can °neo enable user data compliance?
We continuously track and report data within our platform, promptly notifying customers of abnormalities. Our system generates reports detailing what's going on within our system and with client transactions. This gives clients the overview and insight needed to take the necessary preventative measures in case of irregularities.We alsotest all changes in °neoto ensure input and output match. This process helps make our system robust. The importance of this cannot be overstated, as the customer is ultimately responsible for data compliance. Additionally, we carry out weekly updates to our system. We test every change we make along with basic functionalities so we can safely introduce additional functionality further down the line.
How do all these due diligence processes affect time-to-market when SME lenders start using °neo?
Establishing the necessary SLAs and data processing agreements for onboarding °neo requires considerable time. However, once a customer expresses their desire to begin testing or development, the process becomes relatively straightforward. Our team verifies the contracted services, configures the selected options within our system, initiates the process with a simple button press, and swiftly creates a sandbox environment.So, in the end, all the due diligence pays off: °neo clients can get started knowing full well that data compliance has been secured."
We are the cloud-native core banking provider for banks and lenders that want seamless SaaS loan management and accounts technology. Our platform, °neo offers different functionalities that can benefit your business. It provides banking-grade technology with outstanding usability and data management. Fill out the form to reach out to one of our rep sales and explore how °neo can bring your financial services to the next level while being compliant.
Watch the full interview with Marnix de Lange here!