or is it all just a „storm in a glass of water” – what happened?
N26 uses a photo identity process in Portugal, which is, according to Bafin and the Portuguese regulators, not compliant. But the Bafin didn’t notice – the Portuguese is not responsible.
Two WiWo editors disguised themselves as Portuguese and tried it out – tricking was easy. Fake IDs were not recognized.
Now comes the Bafin and “has to look at everything – the fate of the regulator”.
Here are the sources:
- https://www.wiwo.de/unternehmen/banken/sicherheitsmaengel-bei-n26-bafin-leitet-wegen-gefaelschter-ausweise-pruefung-ein/23175098.html
- https://www.tagesspiegel.de/wirtschaft/smartphone-bank-in-der-identitaetskrise-finanzaufsicht-bafin-untersucht-n26/23182074.html
- https://www.heise.de/newsticker/meldung/Foto-Ident-bei-N26-BaFin-prueft-wegen-Kontoeroeffnungen-mit-falschen-Ausweisen-4190027.html
How bad is it actually – serious misconduct or unicorn Bashing? – isn´t there a bit of envy and gloating here (they can´t do it)? Or are these not normal “frictional losses” with rapid international expansion? – how is such a “misdemeanour” to be seen in the context of the ongoing bank trade (most recently Danske Bank – as a money laundering helper – the DeuBa with the “Penalties Subscription” etc.)? Or does the topic bounce off at an N26 anyway? Like the security “scandal” back then?
Interesting is the statement of N26:
“In the meantime, N26 told Heise online that security enjoys the highest priority. So far, Foto-Ident has not been found to have higher fraud rates adverse to Post- and Video-Ident. After the identity check, further security measures such as continuous transaction monitoring took place.”
Transaction monitoring as a gap filler for a non-functioning identification?
“Apart from that, photo verification by N26 is legally permissible, emphasizes the bank´s spokeswoman.
Legally permissible and compliant are two pairs of shoes, aren´t they?
The Tagesspiegel writes the following:
“N26 is working for photo identification together with Safened, a UK service provider that has been cleared by the UK Financial Services Authority. Through the so-called “passporting” system, British institutions can offer their services in other EU countries – without separate permission from national supervisors.”
Passporting in the context of a service? Isn´t there a confusion of terms?
How we see it:
Kilian Thalhammer
N26 has placed itself “Regardless of losses§ on the presenter´s plate – and now it strikes back. #nobullshit
One or the other can be happy in his “little world”. Compared to the topics that appear in other places, it´s a “fly shit”. Nut if you provoke confrontation, you have to endure it – but I don´t worry so much about that.
In external communication I would have liked more depth of content. A lot of empty phrases and a mixture of topics. But this probably only would recognize a “nerd”.
From a purely factual point of view, it shows from my point of view, that unfortunately we are still far away from an EU-wide uniform regulation or at least from a clarity as to who is responsible for what (and whether he can then implement it operationally). Here such a case can help that more communication takes place and the urgently needed unification in our common economic area.
André M. Bajorat
It is clear that N26 is under the microscope. Enough players in the market have an interest in putting border crossings in the light of inadmissibility. In this case it also seems so. It gives the impression that N26 is acting wrong by default. But in countries where no really good solution for identification has yet been found, a conscious decision has been made in favour of a customer-friendly approach. It now becomes clear that this seems to be a border crossing. It is true that BaFin is now examining the processes. This is their task and young companies in particular have to prove that they fulfil the requirements of supervision. This can certainly be done in a more modern and different way than with already established companies, but in the end should not lead to worst results. It is also clear here that the European regulations in connection with passporting, national regulations, outsourcing and responsibilities continue ti have clear potential for improvement. A truly uniform European solution, for example, the KYC, would do us so much good. I fear, however, that I will no longer experience this in my working life.
Jochen Siegert
How many cases of KYC/money laundering problems do we know of classic banks? Hundreds of them! Just think of the x-fold fines of large, well-known national and international banks, which are so dramatically high that simple calculators can hardly represent the sum of comparisons with authorities. A new announcement that Bank A has reached agreement with authorities on penalty payment B is np longer even worth a retweet o the news value. Is the N26 KYC issue now simply being inflated? Is there a simple sloppiness in unchecked growth here? Are the very divergent Pan-European KYC regulations simply interpreted differently, after all it´s about costumers from Portugal? Does N26 even have a serious KYC problem? I don´t dare to judge it, especially without further information. Interesting, however, is the German Schadenfreude about N26. Of all people, it comes from those who have always blasphemed about N26. At first it was about the fact that as a simple FinTech idea one is by no means a bank. When the Berliners first conjured up a customer traction and then a German BaFin banking licence out of their hat, the alleged lack of profitability was further blasphemed. With the fact that N26 is now the one bank in Germany with the strongest customer growth and the prospect of profitability (however defined) for 2019, the spotters fell silent a little. Now there is finally a reason to blaspheme again! Profane KYC mistakes like those of the colleagues from the established towers. Has the N26 Bank now become a “normal” Bank as everyone else with the same misdemeanours? We will see. I think in 6 months no one will talk about the KYC problems anymore, but about new impressive round brands of won customers, which are all fully legitimated.
Maik Klotz
A few weeks ago the colleagues published an article in their own blog “Security: the DNA of N26” about cybercrime and how seriously N26 takes the topic. Exactly my humour.
And as so often: Crisis management is not the strength of N26. No reasonable statement or press release. Nothing. And I know this arrogance from the established banks and this arrogance also shoes that N26 has it in their DNA that they are a bank. One that allows itself to be more courageous than others, one that provides a better frontend but is a bank that does not live an open culture of error. The whole thing is a storm in a water glass. Dealing with it however is not. I grant one or the other his Schadenfreude, because N26 enjoys no more puppy protection.
Finally, the most readable and party completely unsuitable tweets, which crossed our path….
Balanced:
Neben der Wirtschaftswoche nun auch der Spiegel und damit noch weitere nicht enden wollende Hate-Tweets. Aktuelle (zumindest bekannte) Datenlage offenbar sehr dünn. Überprüfung macht def. Sinn. Das harsche Aufspringen vieler hier ist allerdings fraglich. https://t.co/3PvdIu5NM3
— Sascha Dewald (@sascha_dewald) October 12, 2018
gloating joy:
Deshalb hat N26 diese Steigerungsraten ? https://t.co/UwFyoOuJwl
— Ulle1979 (@soon_is_now4all) October 12, 2018
Free rider:
An investor with quite flat advertising about his StartUp, which couldn´t have helped in this case either… but so many details don´t fit into 140/280 characters…
Digitalbank N26: Bankenaufsicht Bafin leitet Prüfung ein. Mit @AUTHADA_GmbH Technologie und KYC Verfahren hätte man eine sichere KYC und AML konforme Lösung. https://t.co/u8L4FGSKrT
— Stefan Schuetze (@stefan_schuetze) October 12, 2018