As an up-and-coming FinTech, MK Decision (MK) entered the industry ready to strengthen local economies with the help of our technology. When studying the obstacles community financial institutions face with online financial services, it was abundantly clear that cybersecurity was one of the biggest barriers preventing these financial institutions (FI) from going digital. Community FIs are hesitant about switching their processes from paper due to the risk of a data breach. According to Varonis, “the average cost of a financial services data breach is $5.85 million” (2021 Data Risk Report Financial Services, 2021). While keeping processes on paper might seem like a good idea, FIs still pose a major security risk for improper file storage and employee access permissions. In a 2019 report, Varonis found that, “17% of all sensitive files are accessible to all employees” (2019 Varonis Global Data Risk Report, 2019). Paper-based FIs could fall short of compliance standards while continuing to lose their clientele to competing FIs with online financial services.
To solve this problem, MK built our digital account opening and loan origination platform to ensure security for our customers and end-users. By incorporating regular audits as a business practice, MK is helping FIs secure their data, guarantee compliance, and compete in the marketplace against megabanks. Recently, MK successfully completed a SOC 2 Type 1 audit with the help of I.S. Partners.
In 2005, I.S. Partners launched their business committed to security and compliance. They are a specialized CPA firm that prides itself with hands-on experience working closely with clients to keep their systems secure and improve any issues or concerns they may have with digital and physical security. To I.S. Partners, security means protecting all confidential data without sacrificing performance given to a client. I.S. Partners’ Senior Auditor John Zuk and SOC Manager Joe Ciancimino sat down with MK’s Marketing team to teach us about the importance of security and compliance.
Who are I.S. Partners’ clients?
I.S. Partners supports a variety of clients in different industries, including healthcare, financial services, insurance, software development, FinTech, technology services, banking, and utility services among others.
What has been your experience working with FinTechs?
Working with clients within the FinTech industry has allowed us to tackle the challenge of helping our clients identify and mitigate risks related to new emerging financial technologies.
Why is cybersecurity important to FinTech?
With the emergence of new technologies in the financial sector, regulatory risk and risk to consumer data is at an all-time high. Ensuring adequate cybersecurity controls are in place to mitigate these risks will allow community financial institutions to benefit from the technology.
Why is compliance important to FinTech?
With regulators continuing to increase their focus on vendor and third-party risk management, compliance and third-party attestation reports help ensure that controls are in place to mitigate the risks to consumer data.
What benefits do vendors have working with third-party auditors?
Collaborating with external auditors enhances a company’s security stance. The auditing process aids in pinpointing unimplemented security controls, thereby guiding their inclusion in the company’s security blueprint. Auditors offer novel viewpoints on the execution and reinforcement of controls. Furthermore, the engagement with an independent party serves to prevent any potential internal fraudulent activities or collusion.
What is a SOC 2 Type 1 Certification?
A SOC 2 Type I audit examines the controls used by service organizations to address any one or all five Trust Service Principles. The audit provides assurance that controls are designed effectively to meet the relevant Trust Services Criteria at a point in time.
How do you see compliance and auditing services evolving as financial services technology changes?
In the future, SOC audits will be very important. A lot of financial data is now calculated using algorithms, and that data will need checking and auditing. We’ve seen more and more companies asking for outside checks (third-party attestation) and reports because they want to be sure their security controls are working well.
MK is serious about online safety and following rules (cybersecurity and compliance). By following SOC 2 Type 1 standards, we’re showing everyone just how serious we are. And with the help from our partners at I.S. Partners, we’re making our processes better and making sure our customers’ data is always kept safe.
The world of FinTech is always changing, but one thing that doesn’t change is MK’s commitment to security. We’re always trying out new safety measures, testing them, and working on our company policies to assure we keep a good reputation when it comes to security. We also want to make sure our customers keep doing well.
SOC 1®, SOC 2® and SOC 3® are registered trademarks of the AICPA (American Institute of Certified Public Accountants). The AICPA® Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy is copyrighted by the Association of International Certified Professional Accountants. All rights reserved.
