What our community has to say: Alexia
Compliance is key
To work professionally, BOTS must adhere to specific rules. This is called compliance. This concerns crucial matters such as laws and regulations regarding the prevention of money laundering, safe management of personal data and secure and accurate financial management.
How can a young fintech like BOTS comply with all these thousands of rules that the government imposes on the company? Privacy and personnel laws, anti-money laundering regulations, security and anti-hacking measures, the list seems endless.
Where banks and insurers have hundreds of people working in the compliance departments, the challenge for BOTS was to design the same process, but with higher quality and less than 1% of the budget that the banks have. Which, if we may say so ourselves, we kicked ass at.
First, we chose a solid quality management structure. After lots of research, ISO 27001 turned out to be the most suitable. ISO 27001 is an ISO standard for information security and therefore suits BOTS best. Subsequently, specialists were appointed, such as lawyers, compliance officers, privacy officers and a quality manager. Finally, we worked on a design for IT and organization based on ‘compliance by design’.
The intended result was a proactive organization that has compliance and data security in its DNA. And we managed. Hats off to all those that made this possible! Although we were in a bit of luck, as the organization is young, we could build the security structure from scratch — a considerable advantage over existing companies.
Today we let Alexia speak. Alexia has been given the task of achieving ISO certification in the field of information security within BOTS.
BOTS & ISO
“A well-functioning management system is a must for every organization,” says Alexia. “The same goes for BOTS. That’s why we chose ISO.”
Alexia has been working on the upcoming ISO certification since last April. “And there’s a lot more to it than you might think at first.” Last week, we updated the entire BOTS team on the current state of affairs, and we discussed the established procedures and processes. All BOTS team members are responsible for adhering to these procedures and processes. “That’s why we have everyone sign for it.”
BOTS works with personal data on different levels. “From the BOTS app, we deal with the users’ data; of course, we have the data of all BOTS team members, and we have the data of our other stakeholders. And we have to handle that carefully and according to the rules.” Explains Alexia.
There are procedures for working from home, a code of conduct and an incident procedure. “But that’s not all.”
Various control measures are required to be certified, such as policy, processes, work instructions, and technical design. “You have to check and control your data (and all other quality) well,” says Alexia, “this creates structure and makes that everyone knows what’s expected and how we at BOTS deal with data.”
BOTS hopes to obtain ISO certification in early 2021. This certification would be valid for three years. “After these three years, there’s another audit to check whether we still meet all the requirements. But within that period, we also carry out our own internal audits.”
Therefore, there will be a control cycle within BOTS, in which we take the ISO control measures as a starting point. By doing so, we will ensure that compliance and information security is widely supported throughout our entire organization. This makes BOTS future-proof and ready to take the next step in making algorithmic investing available to everyone worldwide.
There is no such thing as risk-free trading. It is possible to lose (part of) your stake.