PayNet FPX Operational Audit: AKATI Sekurity Assesses Fintech Regulatory Adherence
Case Study Highlight
A financial technology company (TPA) engaged AKATI Sekurity for an independent operational audit to ensure its adherence to PayNet's stringent FPX Operational Procedures.
The comprehensive audit by AKATI Sekurity found no instances of non-compliance but identified nine areas of partial compliance, offering specific opportunities for operational enhancement.
AKATI Sekurity's actionable recommendations provided a clear roadmap for the client to strengthen seller onboarding, due diligence, service level management, and dispute communications, thereby reinforcing operational resilience and regulatory trust.
Client ‘s Challenge
A prominent financial technology (fintech) company, operating as a Third-Party Acquirer (TPA) within Malaysia's Financial Process Exchange (FPX) ecosystem. In the rapidly evolving and increasingly digitized financial environment, maintaining operational integrity and robust regulatory compliance is critical for participants in national payment infrastructures. The client, a key TPA within the FPX system, faced the imperative to ensure its operational frameworks were in full alignment with the stringent requirements mandated by Payment Network Malaysia (PayNet). The primary challenge was to secure an independent, thorough evaluation of its operational controls, risk management practices, and overall compliance measures against PayNet's Operational Procedures for FPX (Version 2.3). This assessment was vital for the organization to reinforce its operational resilience, guarantee unwavering regulatory adherence, and safeguard the integrity of transactions processed via the FPX network.
AKATI Sekurity's Solution: Comprehensive PayNet FPX Operational Audit
The fintech company engaged AKATI Sekurity to conduct an independent and comprehensive operational audit. AKATI Sekurity's mandate was to meticulously examine the TPA's adherence to nine key clauses and appendices within the extensive FPX Operational Procedures document (Document Reference: 500-30/1/0002686, Version 2.3). These areas encompassed critical functions, including:
Participation criteria for Non-Financial Institutions (TPA)
Participation of Sellers
Participation of Payment Service Agents (PSA)
Duties and Responsibilities of FPX Participants
Settlement processes
Customer query and complaint mechanisms
Business Continuity Management
FPX brand usage
TPA monitoring and reporting requirements
The audit methodology involved detailed interviews with key personnel across the client's management, technology support, operations, and risk management teams. This was complemented by an exhaustive review of internal documentation and an evaluation of electronic records. The audit's conclusions were primarily derived from this evidence, employing standard sampling techniques.
Results and Impact
The operational audit conducted by AKATI Sekurity scrutinized 203 distinct requirements stipulated by PayNet. The assessment revealed a strong overall adherence, with 65% requirements found to be 'Compliant'. A significant portion, 31% requirements were determined as 'Not Applicable' based on the organization's specific operational role within the FPX ecosystem. Importantly, no instances of 'Not Compliant' requirements were identified during the audit. However, the audit did highlight 4% requirements as 'Partially Compliant', indicating specific areas where further enhancements would be beneficial.
Following these findings, AKATI Sekurity provided key recommendations focused on these areas of partial compliance. These recommendations centered on:
Enhancing Seller Onboarding and Agreement Frameworks
Strengthening Seller Due Diligence Processes
Formalizing Service Level Management
Refining Dispute Management Communications
The operational audit delivered significant strategic value to the fintech TPA. The detailed findings and actionable recommendations provided a clear roadmap for the company to elevate its operational standards and solidify its compliance posture within the PayNet FPX ecosystem. By addressing the areas of partial compliance, the organization is better positioned to enhance its operational resilience, ensure unwavering regulatory adherence, and ultimately, fortify the trust placed in it by merchants and consumers alike.
Case Study Conclusion
In the dynamic and heavily regulated world of financial technology, independent audits such as the one performed by AKATI Sekurity are indispensable. They not only satisfy regulatory obligations but also serve as a proactive measure to identify and mitigate operational risks. This ensures that participants in critical payment infrastructures like FPX operate with the highest levels of integrity and security. The responsibility for sustained compliance and vigilant risk monitoring, as noted in the audit report, remains an ongoing commitment for the organization.
