3 minute read
“WHAT WE WANT TO GUARANTEE IS TRANSPARENCY FOR THE CONSUMER”
building an innovative new security and governance framework to serve its customers’ best interests while transforming the deferred payment market in the process.
Daniela starts by explaining how deferred payment providers are not regulated like credit products –but Tinka is looking to change that situation.
“What we're striving for is to get buy now pay later products regulated,” says Daniela. “So we've been liaising with the European Commission to have a more responsible way of lending money to people and to make sure that affordability is, of course, the main criteria.”
Elaborating on the notion of responsible lending, Daniela continues, “We make sure that the products we offer, although they are not regulated now, are presented as if they were regulated to have a sustainable way of offering credit and avoid making things difficult for people.
“With many players in the deferred payments sector, you only need an email address and telephone number, sometimes only a name and email, to secure buy now pay later credit without any background checks. They do not check if customers are actually able to repay, which in our view is very dangerous because it encourages people to get into debt.
“What we do instead is consider all the products that offer something similar to credit to as regulated – so for us that means making affordability checks mandatory. We also want to make sure that by regulating this part of the market all the costs associated with lending are transparent. There are sometimes hidden charges or hidden interest rates with deferred payments. They accumulate and then collection agencies get involved. What we want to guarantee is transparency for the consumer. If the consumer knows how much they can borrow, what they must pay in return and any costs that are associated with the offer, laid out transparently, they can make sensible and informed decisions.”
So how do security and governance factor into the transparent, sensible deferred payment products provided by Tinka?
Security
Daniela joined Tinka in 2022 to build the company’s security roadmap and posture as a standalone enterprise moving from a retail to a fintech mindset. By making this transition, Tinka needed to incorporate new regulations and requirements into its operations.
The security roadmap and governance policies at Tinka gravitate around being futureready and as robust as possible, while also keeping the company’s mission in mind.
Automation and native solutions free up the capacity to focus on the human element of cybersecurity at Tinka. Daniela reiterates that the company’s core mission has two layers: to be the most responsible and most recommended deferred payment provider. Striving towards these goals comes with responsibility, which demands high levels of security provision.
“So as a fintech provider, we always remain one step ahead in terms of requirements and what is right for the consumer but also for all the stakeholders,” says Daniela. “This means meeting or exceeding the regulatory frameworks of the Netherlands and the EU.”
Here, Tinka is always looking ahead and anticipating new legislation, including two major regulations that will take effect in 2024.
First is the NIS2 Directive –the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU. It modernises the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape. By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
The second important piece of legislation Tinka has in mind as a company is the Digital Operational Resilience Act (DORA) which will make sure the financial sector in Europe is able to stay resilient through severe operational disruptions.
After performing a gap analysis comparing regulatory and legal frameworks to the state of play at Tinka, Daniela explains how the company deploys the right framework providing a robust set of group controls from globally recognised institutions.
“I like using the NIST Cyber Security Framework which is from the US National Institute of Standards and Technology. It is very complete, very thorough and it is being used by many industry peers because it's a more proactive approach than, for example, following ISO 27002.”
Tinka is also innovating in terms of its cybersecurity by putting native solutions first and automating as many processes as possible. These measures are not only there to protect customers and stakeholders, but they are also time-saving mechanisms to focus on training colleagues and the human element of cybersecurity.
“I'm really proud to say that our employees, or our ‘Tinkans’ as we call them, are very much cyber aware,” says Daniela. “They have even spotted some really sophisticated, fraudulent attacks. Involving them has brought that maturity that unfortunately you do not see in the industry often. I'm delighted that we've built
