NewBanking is a RegTech platform for secure data sharing, specialised in anti-money laundering (AML) regulation. NewBanking helps law firms and companies in the financial sector under AML regulation with safe, smooth and compliant data handling when performing know-your-customer (KYC) procedures and ongoing customer due diligence. NewBanking is built from the ground up based on the privacy by design principle with an approach to data ownership that relies on consent and transparency.
>>We have spoken with NewBanking’s CTO, Morten Helles. He is co-founder of NewBanking and the architect behind the secure by design proof system, based on blockchain technology to make data immutable.<<
Combating Money Laundering and Protecting KYC Data
To comply with AML laws, the authorities require companies to collect and verify the personal information of new clients – KYC data. All collected data must be stored and handled in a highly secure fashion, respecting data ownership, following GDPR requirements and being protected from data breaches and aggressive cyber attacks.
“The regulatory burden grows, and the penalties for non-compliance grow with it. Companies get penalised for not collecting data – and penalised if they handle collected data carelessly,” says Morten Helles, CTO and co-founder of NewBanking.
“In NewBanking, we help companies combat money laundering and terrorist financing – and an essential part of this is also to safeguard the sensitive personal data that the companies are entrusted by their clients.”
On the other side of the table, the clients sharing their personal KYC data are also experiencing extra service from the companies using NewBanking’s platform.
“Once the company sends a KYC data request, the client must give consent to share data. Hereafter, the client gets a personal data vault showing who has been given access to the data and when. This is a way of giving back control to the data owners, which aligns the anti-money-laundering regulation with increasing GDPR requirements. This makes data sharing much simpler, and efficient and smooth for the companies and their clients. It’s simply a win-win way of doing it.” Morten explains, and he tells that NewBanking is in the process of getting a patent for this way of doing things.
We Let Customers Hire White Hackers to Do Penetration Tests
“Working with complex regulations and handling an incredible amount of sensitive personal information, it is of utmost importance that NewBanking’s systems are top secure at every level. To ensure that all security issues are placed under scrutiny, NewBanking holds an ISO27001 certification”, Morten says, and adds that he has assisted clients in doing penetration tests from white hackers to check if the system could withstand hacker attacks.
“This gives our customers confirmation that their data is safe with us, and also it’s a fine way for us to make sure that the security of our system is constantly updated and improved,” Morten tells, and continues:
“We are challenged in a good way by our customers. Many of our customers are top law firms, and they want more than just security specifications and internal security plans. They need proof that their data is in the best hands. Therefore, we have let them do their penetration tests on our systems, and therefore, we need to have acknowledged certifications like the ISO27001. And we like that we have demanding customers that make us do better.” Morten says and smiles.
Security Like an Onion
NewBanking is a secure by design platform. “It’s built to protect our most important asset: the user data, which is encrypted and locked behind several layers of security”, says Morten Helles and describes the security architecture of the platform as an onion:
“If you peel off one layer, you will just meet the next layer of security. For example, if a hacker somehow manages to get past our cloud firewall, he will meet a new firewall on each server. Also, importantly, all user data is encrypted with keys that are not stored online. So even if a hacker should all the way through to the server and somehow get access to our data stores, then he can only see encrypted data there.”
The NewBanking system is also protected from corrupt employees or human errors, which can sometimes be the weakest link in the most secure systems. Not even employees have access to the encrypted data. And here the blockchain technology plays a vital role in ensuring that no unauthorised person can modify the data without leaving a trace.
“So rather than writing the activity in our database, we put that information on the blockchain so it becomes immutable and can’t be changed afterwards,” Morten explains.
The Next Security Challenge Is Also About Sustainable Decisions
“Just a few years ago, big data was the big thing, and most companies were developing their in-house it-systems to be in control, and there was this idea that it would always be the best, most lucrative and secure business choice to keep all data in-house. But things are changing, and few companies can keep their security at a sufficient level by endless system patching while being constantly challenged by ever more sophisticated cyber-attacks and changing regulations when handling, for example, sensitive customer data,” Morten says and continues:
“The nice thing about our approach and system is that it was built from the beginning according to the “privacy by design” and “secure by design” principles. As a result of the NewBanking approach to data ownership, where access is dependent on consent, we are ahead of the GDPR regulations. But even so, we are constantly improving the system to adhere to regulations relevant to the companies using the system as well as to current security threats.”
“This is not just a good business approach for us; it is also a sustainable way to work with a secure solution that is professional and reliable, also in the future. It is our experience that this awareness or mindset about sustainable decisions and solutions is becoming more critical to the companies we collaborate with,” Morten says.
Ready for the Future: Secure Data-Sharing and a Scalable Approach
When asking Morten Helles where NewBanking will be in the future, his immediate response is: “To succeed even more”, he says determinately and smiles.
“I have worked with building secure platforms in other sectors before starting up NewBanking. For example, I have been in the gambling industry, where the biggest challenge was to support the speed of secure transactions – but in the NewBanking context, the trick is to build up a platform that really scales well with a huge amount of data – also in terms of back-ups. And our KYC system does that well. We have developed an architecture that scales very well, and from the beginning, we have had an international approach to everything we do. For example, by partnering up with big, internationally recognised service providers that enable our customers to do people and company screenings and verify all types of ID documents.” Morten tells, and continues:
“In the future, I think we will see more companies interested in joining our partner program to resell our products in order to earn money by adding their own specialist know-how and consultancy services around the management of customer data. For example, we already have a law firm customer that uses the platform to manage and collect criminal records of their client’s employees. And why not? It is kind of cool because they save their client a lot of hassle, and they make good business on delivering extra services around our platform that automates a great deal of otherwise time-consuming manual processes. So everyone is happy all the way around. We are too.” Morten says, and thanks for the pleasant talk.