Skip to content
(Tintra submission)
Risk Framework
Risk management and control framework
The group and the Authorised Firm recognises the importance of a robust risk management function which ensures that all material risks are identified, measured and properly reported. Tintra’s approach to risk management will comprise:
Risk Management Framework
Business Risks managed and monitored in Tintra’s Risk Management Framework
Risk Groups Risk Factors Explanatory Notes
Financial Soundness
Capital Adequacy The risks arising from the nature of the Authorised Firm’s capital position. These include the firm’s capital planning
framework, the composition and quality of capital, the adequacy of capital to support the level of current and anticipated business activities, the adequacy of reserves and access to further capital.
Revenue / Profitability
The risks arising from the nature of earnings of the Authorised Firm. These include the adequacy of profitability, volatility of
revenues and profitability and track record of performance against budget.
Business Strategy Quality of Business Strategy and Plan
The risks arising from the overall strategy of the Authorised Firm. These include the quality of the strategic planning process, the achievability of the strategy, the implications of the strategy, particularly for risk appetite, and the track record of implementation.
Regulated Activities Offered
The risks arising from the characteristics of the business that the Authorised Firm is conducting including the extent and
complexity of those activities.
Types of Clients
The risks arising from the characteristics of the Authorised Firm’s client base including the types of clients (Market Counterparties, Business Customers, Commercial Customers and Retail Customers).
Types of Products
The risks arising from the characteristics of the current products or services provided by the Authorised Firm. These include complexity, tenor and performance of the products.
Markets Targeted
The risks arising from the markets targeted including the location of clients and the nature and jurisdiction of overseas
investments offered.
Sources of Business and Distribution Channels
The risks arising from the nature of the current sources of business and distribution mechanisms used by the Authorised
Firm. These include introductions by existing clients and the use of intermediaries and sourcing of overseas customers.
Market and Operational Market Risk
The risks arising from the type and nature of market risk undertaken by the Authorised Firm. These include the risk
appetite of the Authorised Firm, the nature of market risk exposures involved in the Authorised Firm’s products and services.
Risk Groups Risk Factors Explanatory Notes
Credit Risk The risks arising from the type and nature of credit risk
undertaken by the Authorised Firm. These include the risk
appetite of the Authorised Firm, the nature of counterparty
exposures involved in the Authorised Firm products and
services, portfolio characteristics and the nature and extent of
credit risk mitigation.
Operational Risk The risks arising from the type and nature of operational risk
involved in the Authorised Firm’s activities. These include
direct or indirect loss resulting from inadequate or failed
internal processes, people and systems or from external
events.
Liquidity Risk The risks arising from the type and nature of the Authorised
Firm’s liquidity or asset and liability mix. These include the
liquidity management framework and the composition of
liquidity to allow funding of the operational and financial
obligations of the business both day to day and in crisis
situations.
Insurance
Underwriting
The risks arising from the type and nature of insurance
underwriting risk undertaken by the Authorised Firm. These
include the risk appetite of the firm, the nature of insurance
underwriting exposures involved in the firm’s products and
services and the nature and extent of reinsurance cover.
Legal Risk The risks arising from the type and nature of the Authorised
Firm’s contractual agreements. These include the risk that
contracts may not be enforceable under applicable law.
Organisation and
Regulation
Clarity of Legal
Ownership and
Structure
The risks arising from the structure of the Authorised Firm or
group. These include the nature of the legal and ownership
structure and openness of Tintra structure to regulators.
Controllers and
Group Entities
The risks arising from the characteristics of the controllers of
the Authorised Firm. These include the jurisdiction and
characteristics of shareholder controllers, directors, and
nature of other group entities. The risks arising from the
relationship between the Authorised Firm and the rest of
Tintra. These include management arrangements, reliance on
centralised functions, financial health and activities of the
wider group and financial and other dependencies on other
group entities.
Nature and extent
of Home State
Laws, Regulation
and Supervision
The risks arising from the content of applicable laws (such as
State statutory priority to local creditors), the level of
regulation undertaken by another financial services regulator
and the reliance that can be placed on the supervision of the
firm by that regulator.
Political and
Economic
Environment in
Home Jurisdiction
The risks arising from any instability in political or
environmental factors in the Authorised Firm’s home
jurisdiction. This may include terrorism, political sanctions or
likelihood of natural disasters.
Relationship with
Regulators
The risks arising from the nature of the Authorised Firm’s
relationship with other regulators, including recent regulatory
history.
Risk Groups Risk Factors Explanatory Notes
Clients Communication
with Clients and
Financial
Promotions
The risks arising from the nature of financial promotion and
advertising practices employed by the Authorised Firm.
Client Assets The risks arising from the firm holding or controlling of
client’s or user’s monies and assets.
Client
Categorisation
The risks arising from customer classification and the
documentation procedures.
Advice,
Management and
Dealing
The risks arising from dealing and managing customer assets
and the quality of advice (e.g. suitability, customer
understanding of risk and charges).
Disclosure and
Reporting
The risks arising from the nature of product literature issued
by the Authorised Firm and the terms of business, periodic
statements and other documentation provided to clients.
Conflicts
Management
Identification and
Management
The risks arising from the identification of potential and
actual conflicts of interest and the way that they are
managed by the Authorised Firm.
Staff Remuneration The risks arising from the recruitment quality and training
procedures for the sales force. The risks arising from the
nature of the remuneration scheme for employees.
Personal Account
Dealing
The risks arising from potential insider dealing and the
process for identifying and approving directors and
employees trading for their personal accounts.
Management and
Control
Allocation of
Responsibilities
The risks arising from the nature of the allocation and
definition of directors’ and management responsibilities and
the mechanism for ensuring that responsibilities are
effectively delegated and carried out.
Quality of
Management and
Corporate
Governance
The risks arising from the quality of Authorised Firm’s
management, the nature of the corporate governance of the
firm and overall compliance culture. These include
management’s experience and integrity, fit with the
business and operation of the executive body, non-executive directors and board committees.
Reporting Lines and
Segregation
The risks arising from reporting lines between management
and Tintra’s Board or other senior staff and the appropriate
segregation of duties between functions of a risk taking
nature and risk management nature.
Compliance
Function and
Arrangements
The risks arising from the nature and effectiveness of the
compliance function. These include its mandate, structure,
staffing, methodology, reporting lines and effectiveness.
Risk Management
Systems
The risks arising from the nature and effectiveness of the
systems and procedures in place to identify, measure,
monitor and control the risk of the business in an
appropriate and timely manner. These include credit risk,
insurance underwriting risk, market risk, operational risk,
legal risk and new product risk.
Complaints
Arrangements
The risks arising from the procedures the Authorised Firm
has in place to deal with the receipt of complaints and to
consider the subject matters of complaints in order to
rectify systemic issues.
Business Continuity The risks arising from the nature and effectiveness of
business continuity arrangements. These include the
adequacy of the planning process, the quality of the
business continuity plan and the testing process.
Risk Groups Risk Factors Explanatory Notes
Outsourcing The risks arising from the use of outsourcing to third party
providers. These include the reliance on, and the controls
over, the third party or outsourcer.
Monitoring and
Audit
The risks arising from the nature and effectiveness of the
internal audit function. These include its mandate, structure,
staffing, methodology and effectiveness.
Employees and
Training
The risks arising from human resources issues. These include
recruitment, training, remuneration, disciplinary procedures
and resources.
Provision of
Information to
Management
The risks arising from the nature of management
information. These include its adequacy, accuracy, relevance
and timeliness as well as the effectiveness and efficiency of
its distribution.
Confidentiality and
Data Protection
The risks arising from the use of personal information by
Authorised Firm.
Financial Crime Anti Money
Laundering
Procedures
The risks arising from the nature and effectiveness of the
money laundering controls. These include effectiveness of
the MLRO, training, identification of clients, know your
business, internal and external reporting arrangements and
record keeping arrangements.
Prevention of
Market Abuse and
Financial Crime
The risks arising from the Authorised Firm’s susceptibility to
having market abuse conducted through it. These include
measures to prevent abusive, fraudulent or dishonest
trading practices and co-operation in market enforcement
matters.
Human and
Technical
Resources
Approved
Individuals
The risks arising from the assessment of Approved
Individuals fitness and propriety and those individuals’
ability to comply with the Principles of Conduct.
IT Systems and
Technical
Resources
The risks arising from the controls over the IT infrastructure.
These include adequacy of resources, procedures for
implementation and procurement, effectiveness of security
framework, etc. and consideration as to whether the IT
infrastructure is an adequate platform on which to run the
business.
Management of Risk Appetite
Tintra’s Risk Appetite Statement (“RAS”) forms a comprehensive summary (this can be found in the attachments list, and a practical risk guide for management, of the risks that Tintra is prepared to take in its key activities. It meets best practice, enhances the quality of internal decision-making, and helps build Tintra-wide risk awareness culture. It assists Tintra in communication with stakeholders, including investors, clients, regulatory agencies, and colleagues and supports continued growth of the business and ability to pursue
Tintra’s objectives.
The RAS sets out how various types of risk are governed and articulates the main principles of risk appetite and the overarching risk governance structure. These include for a number of:
To ensure that Tintra’s risk profile does not facilitate undesirable outcomes, based on Management’s recommendation the Board adopts a set of Risk Appetite parameters articulated in the RAS and other policy documents as appropriate. These parameters guide both strategic planning and day-to-day decisions, thereby avoiding excessive risk taking and encouraging the development of robust controls to protect the key resources of Tintra and its key stakeholders.
Risk Management Procedures including:
Internal Control Mechanisms and Controls relating to Money Laundering Regulations, Due Diligence and Financial Crime Prevention
Safeguarding of Client Funds
Business Continuity / Disaster Recovery plan
Employee Training and Awareness
Treating Customers Fairly Framework and Processes.
Remuneration Policies
Remuneration Principles
Tintra’s remuneration principles look to promote long-term value creation through transparent alignment with the agreed corporate strategy, while aligning with the right customer treatments and service outcomes. The principles seek to support should support individual and corporate performance, encourage the sustainable long-term financial health of the business and promote sound risk management for the success of the company and to the benefit of all its stakeholders.
Oversight
Tintra has a Remuneration Committee in place, which seeks to exercise independent judgement in its oversight of executive remuneration and in the remuneration setting process, particularly those serving on the Remuneration Committee, provide independent oversight while the entire Board is also appropriately engaged in the remuneration setting process.
Remuneration Structure
This aims to be appropriate for the business needs, efficient and cost-effective in delivering its longer-term strategy, and non-complex. Alternative structures may be considered if aligned to Tintra’s strategy while maintaining principles of stakeholder interests and good customer outcomes. Pay and conditions in the wider employment field are monitored to consider the aggregate impact of employee remuneration (including executive director remuneration) on the finances of Tintra, its investment and capital needs, and dividends to shareholders.
Remuneration is designed to reward sustainable long-term business performance while aligning with any divergent interests that the company’s shareholders, stakeholders and executive directors may have, whether they are time-horizon related or consequences of failure or corporate underperformance. The structure includes provisions to allow, in certain circumstances, forfeit or withholding of any long-term incentive award on a performance-adjusted basis or for ‘malus’ reasons, including clawback of any sums already paid.
Executive directors at group encouraged to build up a significant level of personal shareholding, through personal investment and vesting of share incentives to ensure alignment of interests with shareholders. These shareholdings are required to be maintained for two years or more after the Director has left the company.
The dilution effect on shareholders of issuing shares to employees is respected to avoid significant transfers of value. Likewise, undeserved and excessive remuneration are also avoided to prevent long term or reputational damage to the business and its stakeholders.
Remuneration components may, by role and seniority, include:
Base Pay
Benefits
Pensions
Variable Remuneration, such as:
Performance based incentives typically in the form of annual bonuses, linked to corporate and personal objectives, aligning to stakeholder and customer best interests and based on corporate outcomes clearly linked to business targets, through the financial and strategic KPIs reported in the Strategic Report. These also consider the impact of the Environmental, Social and Governance risks on the long-term value of the business, and demonstration of acting in accordance with Tintra’s values and culture.
Long-Term Incentive Plans, matching schemes and options schemes to reward the successful implementation of strategy and the creation of shareholder value over a period appropriate to the strategic objectives of the company. Equity based schemes are an effective way to align the interests of participants and shareholders.
Operational Resilience
The main goal of Tintra’s Disaster Recovery plan is to reduce the overall risk of systems or access failure to Tintra and its stakeholders. An important part of planning for Disaster Recovery is setting objectives for recovering. These objectives will have a major impact on the cost and effort of the recovery, as well as help Tintra choose among recovery alternatives.
The Recovery Time Objective (RTO) specifies how soon you will be up and running following a disaster; essentially, it is the time in which Tintra will need to recover. Applications and systems may have different RTOs depending on the data involved and systems role in the IT systems landscape. For example, one RTO may specify how long before the major functions of the enterprise are back online, whilst a second (longer) RTO will determine how long until everything is fully recovered.
The Recovery Point Objective (RPO) determines how old the recovered data will be. This can be anywhere from a few seconds in the case of a sophisticated (and expensive) remote mirroring system to several hours, or even days, for less critical data. Like the RTO, the RPO is often assigned by functions, with critical functions - such as transaction processing – having short RPOs and less immediate functions recovering to a point further back in time.
The Network Recovery Objective (NRO) is, effectively, how long before you appear recovered to your customers. More technically, it is the time needed to recover or fail over network operations.
Recovery teams:
Please See Appendix A for details on the roles and responsibilities of each team.
The conformance of actual procedures and practices to the documentation provided will be periodically checked by key senior management within Tintra. Any changes to these procedures will go through the process described above.
IT systems and Infrastructure
Tintra and by extension the Authorised Firm has based its systems architecture on Microsoft Azure and Microsoft Office 365. All employees, directors and Board operate from Tintra.com domain emails, through Office 365 and are required to comply with Tintra plc’s Information Security Policy.
Core Banking Systems Application and Operations Platform
Tintra are implementing a state-of-the-art, industry leading core bank system platform, with the following core components:
It comprises world-leading, cloud-native, API-first digital banking, core banking, payments services software and is a key technology component allowing Tintra to deliver consistent, frictionless customer journeys and achieve market-leading cost/income performance.
The system has rich end-to-end banking functionality with model bank capabilities for over 150 countries. It gives us the reassurance of being used by 41 of top 50 banks worldwide, yet the inherent system flexibility and openness to integrate fully with Tintra’s front-end proprietary AI-driven KYC, AML and CFT management suite.
Proposed Outsourcing Arrangements
AI will be deployed by Tintra in a number of the core banking system modules, indicated below:
The Group is deploying best in class operations and systems, underpinned by a very important principle which is the need to have a Single Source of Truth. For Tintra, that is the banking platform leader, Temenos.
Temenos Transact is the most successful and widely used digital core banking solution in the world. It provides the most extensive and richest set of banking functionality across retail, corporate, treasury, wealth and payments with over 1000 clients in 150+ countries relying on it to provide market leading and innovative products and services to their customers. Through its cloud-native and cloud agnostic technology and architecture, it enables clients to take advantage of agile scalability, security and lower operational costs delivered as SaaS, on the cloud or on premise.
G. Compliance and AML arrangements
Tintra Is Committed to Global Regulatory Standards and will have a Qatar resident compliance officer and money laundering reporting officer to oversee these functions.
Addressing AML, CFT and KYC needs more accurately through use of AI
Using advanced behavioural insights, with actionable intelligence, Tintra aims to create a safe and secure service from a KYC and AML perspective, while providing a frictionless customer journey, distinguishing between legitimate applicants and fraudsters or cybercriminals. Detecting human vs non-human, and attack mechanisms such as bots, malware and account takeover using subtle behavioural anomaly detection methods.
One of the main reasons emerging and frontier markets are underserved is because current anti-money laundering (AML) and counter-threat finance (CTF) – which includes counter-financing of terrorism (CFT) – are both inefficient and onerous in these jurisdictions. They are inefficient in that the processes still result in over 90% false positive Suspicious Activity Reports (SARs), despite enormous cost. They are onerous in that systemic failures or incapacity result in grey listing by the Financial Action Task Force (FATF), which raises the cost of sovereign debt, which is disproportionately high in emergent and frontier market countries, and it complicates legitimate transactions and trade finance for honest actors, stymying the very development these markets need and seek.
To increase accuracy in preventing illicit financial flows (IFFs), while facilitating licit and desirable financial flows transparently and smoothly, the financial sector needs better regulatory technology, an information technology that enhances regulatory and compliance processes. Tintra will do this by building a better regulatory technology (RegTech) framework from the ground up, with cutting edge and patentable artificial intelligence (AI) that is custom built not only to improve frictionless compliance today, but also to remain at
the forefront of evolving financial technology, well into the future, including for Web 3.0.
Like Tintra, Deloitte takes the view that properly constructed and deployed AI will strengthen compliance protocols.
Banks can create efficiencies—and save money—by leveraging AI to automate labor-intensive compliance processes and automatically detect regulatory changes to ensure they remain in compliance. Initial regulatory reporting configurations can take years of effort and still require continual manual supervision to stay current with evolving regulations. The time frame and effort level can be reduced if banks use AI as part of the setup process. Deep learning and natural language processing can help shorten implementation time frames by reading compliance requirements from regulatory websites, notifying banks about updates, and incorporating
changes automatically in the systems that generate reports.17 Tintra is putting the FATF’s AML/CTF framework in place, adapting it as necessary to recognise market differences in the availability of official and personal documentation. Furthermore, Tintra’s technology is custom-built not only to continually input regulatory changes, but also changes in customer behaviours that virtually eliminate customer compliance risk.
Tintra’s approach of building an AI-driven compliance system from the ground up obviates the problems of biased AI datasets, which fail to catch illicit financial flows, while producing 90% rate of false positives. “On average algorithms presented an error of 34.7% when identifying darker-skinned females, meanwhile the error for identifying lighter-skinned males was just 0.8% (Buolamwini and Gebru, 2018).”19 Tintra’s AI system is designed to start with the underserved emerging markets, basing its datasets on the actual people it seeks to serve. According to Feenberg’s Critical Theory of Technology, this should greatly increase AML and KYC accuracy, thereby radically mitigating risk over current protocols. It also increases social justice, economic inclusion, and prosperity, in line with the objectives set out by the G20, UN SDGs, and the FSB.
The United Kingdom and the United States
Tintra’s approach to innovation is to build the AI bank of the future that exceeds the Financial Action Task Force (FATF) San José Principles for AML and CTF by engaging all relevant regulators, in all its jurisdictions, early and often. In the United Kingdom, CEO Richard Shearer has been productively engaging the Bank of England regarding Tintra’s innovative operational framework and risk management protocols. Likewise, Tintra is working with US authorities to exceed their requirements for the Puerto Rico license that is already in process. Puerto Rico is a globally-recognized hub for FinTech and is controlled by the US Federal Reserve system. As such, it is a welcoming environment for Tintra’s operations and the economic prosperity they imply for this critical US territory and the broader region of which it is an integral part.
The Financial Action Task Force (FATF) Standards
The Financial Action Task Force (FATF) is the global money laundering and terrorist financing watchdog. The inter-governmental body sets international standards that aim to prevent these illegal activities and the harm they cause to society. As a policy-making body, the FATF works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. It is one of FATF’s stated objectives to “pursue positive and responsible innovation” in the financial and regulatory (FinTech and RegTech) industries.20
Members of Tintra’s board of directors have extensive experience working with FATF, who explicitly support RegTech that improves know-your-customer (KYC), anti-money laundering (AML) and counter-financing of terrorism (CFT) protocols. “The FATF strongly supports responsible financial innovation that is in line with the AML/CFT requirements found in the FATF Standards, and will continue to explore the opportunities that new financial and regulatory technologies may present for improving the effective implementation of AML/CFT measures.
How Tintra meets the FSB, G20 and FATF Standards
Why does Tintra believe it should be a key driver of address the challenges in financial services in the least developed countries?
In the developing world, SMEs make up 90% of the private sector and, in Africa specifically, more than 80% of jobs across the continent, representing an important driver of economic growth. Sub-Saharan Africa alone has 44 million micro, small, and medium enterprises, many of which are micro. For these businesses to grow, create more jobs, and generate economic growth, they need access to capital – and, Tintra would argue, access to fairly priced and efficient payment services. Micro and small SMEs do not have sufficient leverage, on a standalone basis, to create that market dynamic for themselves and will continue to be susceptible to exploitation by stuck-in-their-ways, multinational payment service providers who only see the world through their developed country lens, with developing countries being seen as risky on a ‘not like us’ prejudice. Tintra’s mission is to change that.
Tintra believes that while numerous barriers to liberalising trade may persist, removing ‘behind the border’ differences in regulatory standards, trading conditions and access to fairer financial services is hugely relevant and helpful. Tintra seeks to build financial transaction openness, deploying game-changing technology in a way that gives national authorities and businesses the confidence to rely on each other.
In Tintra’s view, providing access to fairly priced payment processing services, delivered in a fair timeline also, is the most compelling strategic rationale. CSIS states that approximately US$152 billion in private capital has been mobilised, without reliance on grants or concessional terms. As the connections between SMEs and potential investors continues to grow, as does the strategic deployment of blended finance, the facilitation of safe and frictionless payment systems for both investor groups and SMEs is becoming ever more important.
Tintra wishes to address that need while also improving the cost:value ratio of payment transactions, meaning that more of each investment is deployed for the purpose that was intended.
KYC and AML in practice at Tintra
Aligned with the goals of the World Bank, Tintra is building its KYC systems to:
As people are at the centre of Tintra’s KYC systems, whether that is the data subjects of those systems or the end-users who rely on that identification to access and use Tintra’s banking services, they have the right to know and have some control over how their data are collected, used, stored, retained, shared and otherwise processed by Tintra. Protecting people’s personal data and privacy, throughout Tintra’s process of innovation and development, is paramount to us.
The Principles of Tintra’s KYC outcomes are:
To be free from discrimination in policy and, in practice, by design by being agnostic of gender, culture, race, language, ability or disability, literacy level, residential status or statelessness in the case of country displacement.
To help meet each person’s right to prove their legal identity, with accuracy, and within the core principles of data protection and the rights of data subjects
To remove barriers to access and use, including cost to supply such identity credentials, information required, knowledge barriers, and technology gap
To recognise the concept of ‘uniqueness’ of each person having just one identity and to have adequate and effective safeguards in place to prevent misuse of data, tampering, theft, cybercrime and to ensure the identification process is sufficiently robust to be effective through the life cycle
To be responsive to people’s need and concernsFor our systems to be flexible, scalable and based on an open-standard protocol to prevent technology lock-in
To protect individuals’ privacy through system design, including data protection, data minimisation and proportionality, purpose specification, lawful processing, strict limits on data retention, data accuracy, security, accountability, and transparency
To have robust legal and regulatory/self-regulatory frameworks in place to underpin strong policies and promote trust in Tintra’s systems
To have clear institutional mandates and accountabilities
To monitor compliance with those frameworks and legal mechanisms through independent oversight and monitoring.
G.6 Dual lane approach
Dual lane approach to KYC and AML in emerging markets
With a team of highly skilled and experienced PhDs, Tintra has launched a specialised artificial intelligence (“AI”) investment and research programme focused on applied AI in banking for emerging markets. As with all new technology, risk is a fact. How that risk is managed, though, is the art:
Tintra is making the significant investment to operate its KYC, AML and CFT processes in a Dual Lane Approach. Our AML, KYC and CFT processes will take every step that is carried out today in conventional processes, with respected international data sources and suppliers. Think of that, for this purpose, as a notional 10-step process.
In addition, to feed into Tintra’s Data Lake and to develop and ultimately prove the effectiveness of the AI lead processes, we will also be carrying out additional steps.
The data that this will generate will be vital in the build and testing of highly predictive models driven by AI
The Tintra development strategy includes deep analysis of Tintra’s target Customers, and their Businesses. It will consider Regulators needs and requirements, macro-economy and geo-political issues, and other suppliers currently serving the needs of those customers and businesses to an extent in those markets.
Why dual run? Because data is key. We need access to as much good and bad data as possible. Doing business the current way is absolutely the right thing to do, not only because it meets current standards but it will also provide us with a broad array of data points across the good:bad dimension. And that allows us to start building new predictive models, examining the hierarchy between that data as variables and co-variables, determining target outcome variables and modelling to identify the triggers for that best predict those
outcome targets.
When that is combined with Tintra’s ground-up market research that is taking place in target countries, we then build a clear vision of what is needed to address each market properly and fairly.
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.