Financial Crime World

Fintechs Face Tough Cybersecurity Requirements in EU

A new wave of cybersecurity regulations is sweeping through the European Union, and fintech companies are among those affected. The European Union’s Network and Information Security Directive (NIS2) and Digital Operational Resilience Act (DORA) impose strict obligations on financial institutions and their third-party service providers to ensure the security of their systems and data.

NIS2 Requirements

Under NIS2, fintechs that constitute a financial undertaking will be subject to various requirements, including:

  • Implementing sufficient internal security protection and procedures
  • Conducting regular security testing and audits
  • Providing transparency and documentation on their cybersecurity measures
  • Notifying authorities in case of cyber incidents

EBA Guidelines for Fintechs

The European Banking Authority (EBA) has also issued guidelines for fintechs, outlining the need for robust risk management and governance processes. The EBA’s guidelines provide a framework for financial institutions to assess and mitigate cybersecurity risks, including procedures for incident response and patch management.

Impact on Fintech Companies

Fintech companies that sell financial services to financial institutions will be particularly affected by these regulations. They must ensure that their systems and data are secure and compliant with the required standards.

  • For example, fintechs must provide transparency on their business and cybersecurity procedures, as well as documentation of their compliance with agreed security requirements.
  • Regular security testing, including penetration tests, is also mandatory to identify vulnerabilities in ICT systems and services.
  • Fintechs that use sub-contractors must ensure that these sub-contractors comply with agreed security policies and allow for audits and inspections.

Consequences of Non-Compliance

The consequences of non-compliance are severe. Failure to meet the obligations set out in NIS2 and/or DORA can result in substantial fines.

Copenhagen Fintech: A Hub for Fintech Innovation

Despite these challenges, Copenhagen Fintech has made significant progress as a hub for fintech innovation and growth. The organization has partnered with the Danish Industry Foundation to create partnerships between Danish fintech companies and foreign partners, and its initiative Nordic Fintech Week has become the premiere fintech conference in Scandinavia.

Staying Informed

As fintechs navigate these complex regulations, it is essential to stay informed about the latest developments and requirements.