As an up-and-coming FinTech, MK Decision (MK) entered the industry ready to strengthen local economies with the help of our technology. When studying the obstacles community financial institutions face with online financial services, it was abundantly clear that cybersecurity was one of the biggest barriers preventing these financial institutions (FI) from going digital. Community FIs are hesitant about switching their processes from paper due to the risk of a data breach. According to Varonis, “the average cost of a financial services data breach is $5.85 million” (2021 Data Risk Report Financial Services, 2021). While keeping processes on paper might seem like a good idea, FIs still pose a major security risk for improper file storage and employee access permissions. In a 2019 report, Varonis found that, “17% of all sensitive files are accessible to all employees” (2019 Varonis Global Data Risk Report, 2019). Paper-based FIs could fall short of compliance standards while continuing to lose their clientele to competing FIs with online financial services.

To solve this problem, MK built our digital account opening and loan origination platform to ensure security for our customers and end-users. By incorporating regular audits as a business practice, MK is helping FIs secure their data, guarantee compliance, and compete in the marketplace against megabanks. Recently, MK successfully completed a SOC 2 Type 1 audit with the help of IS Partners.

In 2005, IS Partners launched their business committed to security and compliance. They are a specialized CPA firm that prides itself with hands-on experience working closely with clients to keep their systems secure and improve any issues or concerns they may have with digital and physical security. To IS Partners, security means protecting all confidential data without sacrificing performance given to a client. IS Partners’ Senior Auditor John Zuk and SOC Manager Joe Ciancimino sat down with MK's Marketing team to teach us about the importance of security and compliance.

Who are IS Partners’ clients?

IS Partners supports a variety of clients in different industries, including healthcare, financial services, insurance, software development, FinTech, technology services, banking, and utility services among others.

What has been your experience working with FinTechs?

Working with clients within the FinTech industry has allowed us to tackle the challenge of helping our clients identify and mitigate risks related to new emerging financial technologies.

Why is cybersecurity important to FinTech?

With the emergence of new technologies in the financial sector, regulatory risk and risk to consumer data is at an all-time high. Ensuring adequate cybersecurity controls are in place to mitigate these risks will allow community financial institutions to benefit from the technology.

Why is compliance important to FinTech?

With regulators continuing to increase their focus on vendor and third-party risk management, compliance and third-party attestation reports help ensure that controls are in place to mitigate the risks to consumer data.

What benefits do vendors have working with third-party auditors?

Working with third-party auditors allows a company to improve its security posture. The process of performing the audit will help identify security controls that may not currently be in place and incorporate their implementation on the company's security roadmap. Auditors give the company a different perspective of how a control occurs and how to strengthen it internally. Additionally, working with a third party will help deter any issues with internal fraud or collusion that might occur.

What is a SOC 2 Type 1 Certification?

A SOC 2 Type I audit examines the controls used by service organizations to address any one or all five Trust Service Principles. The audit provides assurance that controls are designed effectively to meet the relevant Trust Services Criteria at a point in time.

How do you see compliance and auditing services evolving as financial services technology changes?

SOC auditing will become more important in the future since an enormous amount of financial data is calculated through algorithms, and financial information will need to be audited. We continue to see an increase in demand of third-party attestation and assurance reports, with more companies requiring defined security controls and third-party assurance reports in their contractual requirements.

Through compliance with the SOC 2 Type 1 attestation standards, MK reinforces to our customers and industry at large the seriousness of cybersecurity and compliance. With the help of IS Partners, MK is strengthening our internal processes and ensuring that our customers’ data is always protected. As the FinTech landscape continues to change, MK’s commitment to security stands unwavering. Through the introduction of new security measures, testing, and company policies, the MK team’s focus is on the reputation of our security posture and our customers’ continued success.