The Connector Podcast - DFS Digital Finance Summit - Designing Secure Identity For Banks And Fintechs

Show Notes

We dig into how AI changes the risk surface for banks and fintechs and why identity must be designed from the start. Sutton Maxwell of Curity shares how to set API guardrails, balance friction with trust, and choose hybrid architectures that meet regulation without killing speed.

• What Curity does for API security and identity
• Why AI pilots fail without early security design
• Common mistakes when teams bolt on controls late
• How to balance UX with risk‑based friction
• US speed vs EU regulation on AI adoption
• Hybrid, multi‑cloud, and cloud exit strategies
• Practical advice for fintech founders on KYC, OAuth, OIDC
• Turning compliance into a growth advantage

To connect and keep up to date with all the latest, head over to www.jointheconnector.com or hit subscribe via your podcast streaming platform

Thank you for tuning into our podcast about global trends in the FinTech industry.
Check out our podcast channel.
Learn more about The Connector.
Follow us on LinkedIn.

Cheers
Koen Vanderhoydonk
koen.vanderhoydonk@jointheconnector.com

#FinTech #RegTech #Scaleup #WealthTech

Chapters

• 0:00: Setting The Stage At DFS Brussels
• 0:21: Curity’s Mission And API Guardrails
• 1:27: AI Adoption, Risks, And POC Pitfalls
• 2:33: Common Security Mistakes In Fintech
• 3:20: Strategy, Education, And Thought Leadership
• 4:13: Markets And Where Demand Is Growing
• 4:56: Regulation: Burden Or Enabler
• 7:20: Balancing Security With Customer Experience
• 8:31: Tech Trends: AI, Hybrid, And Cloud Exit
• 10:47: Why Curity Came To DFS
• 11:40: Advice To Fintech Founders On Identity
• 12:40: How To Connect With Curity And Wrap

Transcript

SPEAKER_00: 0:00

Welcome to the Connector Podcast. An ongoing conversation connecting fintechs, banks, and regulators worldwide. Join CEO and founder Cohen van der Hoydong as you learn more about the latest available trends and solutions in the market.

SPEAKER_01: 0:21

Welcome to a live podcast recording here at DFS in Brussels, Belgium FinTech, and I have with me Sutton from Curity. Sutton, who are you and what do you do?

SPEAKER_02: 0:32

Yeah, thanks. Good to be here. Uh Sutton Maxwell. I've uh been in the identity and security space for well over 15 years. Wow. Building propositions, uh product uh go-to-markets, teams, companies, um, and I'm leading uh the commercial organizations at Curity.

SPEAKER_01: 0:50

Nice one. And you say 15 years. So what is it actually that you guys bring on the table which is different than all the others?

SPEAKER_02: 0:58

Yeah, I think you know, if you take a look at uh our offering, um, it's a software offering for large enterprise. Uh, and we uh we have kind of a unique quality in how you know we we make the guardrails for APIs and all the traffic that goes through them safe and secure and consumable. So our customers deploy these kind of services so their customers can safely access their data, safely access their products and information and do business.

SPEAKER_01: 1:27

Yeah, and I guess over those 15 years it probably went from personal identification to APIs, but how what's the case with AI?

SPEAKER_02: 1:36

Yeah, well, I mean, AI is a new threat surface, right? For a lot of businesses. Uh I think if you kind of look at that, there's a there's a rapid acceptance and adoption of of AI for for low threshold use cases, like ask questions, do some simple stuff, uh, but true kind of enterprise use cases, you know, 95% of them stay in POC pilot or fail ultimately because of the multiple. Famous McKinsey report. Ah, well, okay, there's a McKinsey report on it. Fine. I think we probably have our own view on it as well. I mean, we see you know our customers that that adopt uh AI protocols and and look to do agentic um use cases. You know, security is a really important component of how they uh how they look to build these services out to the market. Of course, if you do it wrong, um an AI starts accessing customer data or or or information that it shouldn't be accessing, this is a problem. You can have the front page of the news. So it's uh And that's a big deal to avoid.

SPEAKER_01: 2:29

Yeah, exactly. Absolutely. So maybe you take it on the wrong. What are in your scenario the most frequent mistakes that a financial institution or a fintech is making?

SPEAKER_02: 2:40

I I think you know, security is always an afterthought, right? We're racing towards uh delivering these new services, we're racing towards, you know, reducing cost and reducing complexity by you know augmenting that with AI and getting things fast to market. But we're forgetting that you know security is not a bolt-on conversation. It's not something you can do afterwards. And if you do it wrong, again, you're gonna get into child and you're gonna get into problems, right? So um, if you take this seriously, you need to really invest in uh a good strategy around this, how to make again uh a secure kind of uh um approach to delivering AI and agentic use cases to the market.

SPEAKER_01: 3:20

And how would you typically handhold a company in that sort of strategic process?

SPEAKER_02: 3:25

Uh, right. Well, I mean, uh I guess there's a lot of different ways to look at that, but uh I think it's a little bit about education, it's a little bit about thought leadership. Um, and it's also kind of showing some of the kind of true digital leaders in this space and kind of presenting and and trying to kind of talk about what it is they do. Because of course, we learn from our customers and partners as well, who are on the bleeding edge of of delivering these services to the market. Um, and of course, through that kind of iterate iterative process, we we understand, you know, how this business is is evolving and what the kind of where the rubber meets the road in terms of what's real, what's not real, what's possible, not possible. Um and so that's that's I think a really interesting conversation for us to be a part of. And then of course, taking that information back uh and disseminating it out to our market, to, you know, to our customers and partners that we work with today.

SPEAKER_01: 4:13

If I got it right, you guys are active in Europe and and also in the US, also in Canada. What are the other markets that you're active in as well?

SPEAKER_02: 4:21

Uh a little bit of activity outside of of Europe and North America, but frankly, I think if you look at the global market for cybersecurity and identity services, you know, 60, 70% of it is in North America alone. Um, and then, you know, a big proportion uh outside of that in Europe, and then it's the rest of the rest of the world. So that kind of resembles our business to a certain extent. We do have some activity in the Middle East, uh, a little bit of activity in in Asia Pacific, but uh our main focus um is is on Northern Europe, Europe, and North America.

SPEAKER_01: 4:53

And where do you see the most growth?

SPEAKER_02: 4:56

Uh well, the largest kind of push in terms of AI adoption is coming from the US. Uh, I think, you know, Europe is sort of behind on this wave, um, sort of struggling with uh more of a regulatory view on how to drive some of these services, whereas the US is kind of full steam ahead and testing and iterating and trying to learn and develop. So I would say the biggest uh the biggest pull uh from from that side of the market, this new agentic kind of uh world is coming from the US.

SPEAKER_01: 5:31

Well, I think you're right. Um that's what a lot of people say. Europe is regulated, maybe over-regulated. That I guess that's an auto discussion. But uh, do you see regulation as being a burden in what you do or is it an enabler?

SPEAKER_02: 5:44

Uh I think it's a double-edged sword.

SPEAKER_01: 5:46

Tricky question.

SPEAKER_02: 5:47

Yeah, it's a double-edged sword, right? I think you know, there's there's certain things our customers just need to deal with from a compliance perspective. And, you know, a lot of our customers are banks, financial services companies, um, and they deal with financial data, they deal with financial information, transactions, payments. Uh, and of course, you know, we expect a certain degree of of security and safety when we interact with those institutions as consumers, right? So um, in that sense, uh a degree of regulation and a degree of friction, right, in a financial process is important. Uh, I expect that from my bank. I expect that from my insurance provider.

SPEAKER_01: 6:24

Can can you elaborate? Can you elaborate a little bit more on that?

SPEAKER_02: 6:28

Well, right. I mean, they're dealing with sensitive information. They're dealing with my bank account or you know, maybe my address, my personal information. Uh, I expect them to keep that safe. Uh absolutely. Right. And if they need to use it for alternative purposes, they should, you know, maybe ask politely, right? And that could be fine. Uh in in particular for, you know, purposes of onboarding me as a customer, going through KYC checks or AML um, you know, regulatory checks on on my profile. Uh and I'll I'll agree to that, right? If it's an easy process. But you know, too much friction, it gets in the way of doing business. So you you gotta find a way to strike the balance between kind of the customer journey that you need to enable and the security and friction that the customer expects for the business you're in.

SPEAKER_01: 7:14

It is indeed, I think, a silver lining between what is needed and what is wanted. And the want is security, but it's also customer experience. So how do you make that balance between security and customer experience? How does that really work in reality?

SPEAKER_02: 7:31

Well, I think yeah, there's two things. One is is is orchestrating and designing the services that that and understanding your customers and what they're buying from you, right? So that's a kind of market-driven effect. Um as a technology provider in the space, we see our technology as one of those kind of balancing acts that enables companies to dial this in, right? So the kind of services that curity deliver um can help you dial up the friction, dial up the security, you know, or if you're in a less kind of uh sensitive, let's say, use case, a less sensitive market, maybe roll that back and dial up customer experience, customer engagement. Um, so you know, that the checks and balances, the validation processes, the security processes uh that we enable our customers to build can be, you know, all over the place and very, very uh strictly enforced, or they can be a little bit more about progressive profiling and enablement.

SPEAKER_01: 8:28

It's kind of interesting that you bring up like technologies. And I think if you bring up technologies, there's a lot of new kids in the block, multi-tenant, multi-region, hybrid crowd, clouds. There's a lot of things happening nowadays in terms of technology. So how how do you handle this and and how do you see the the future maybe in five years in terms of technology versus identity management?

SPEAKER_02: 8:52

Uh yeah, it's a good question. I think uh we two two trends, I think that we see uh as a business, and that I see kind of personally as well. I mean, of course, one is the AI trend, and I'd I'd liken that probably to the dot-com race, right?

SPEAKER_01: 9:06

Where you have Are we talking about bubbles here?

SPEAKER_02: 9:09

Little bits, right? Of course. Um, but uh, you know, I think you know, we we could realize or could see the shapes and and and mold of a bubble. Um, but of course, uh out of that came e-commerce, a multi-trillion dollar market. I think it's gonna be very similar, you know, uh in the next two, two, three, five years. Um, based on the position we're at now with the GenTic, we're gonna see, you know, some uh interesting kind of things emerge, some real markets emerge that weren't there before, different ways of doing business digitally that weren't there before. Uh and those things are.

SPEAKER_01: 9:43

And now my next question would be what would be that business? And then I'll write it down, and you'll never see me again.

SPEAKER_02: 9:48

Just totally exactly if we had a crystal ball, right?

SPEAKER_01: 9:52

If only we had. Yeah, yeah.

SPEAKER_02: 9:54

And then the other thing, I mean, when it comes specifically to security and identity management, uh, well, and this is still a critical foundational pillar for driving digital business. It's how you bring your customers into your world, how you onboard them, how you do KYC, how you attach that to the regulatory processes you have to go through, how you make that interaction secure and safe. Um and a lot of businesses are looking at, well, you know, this is very sensitive. Uh, it's sensitive data. Uh, and we need to control that journey as best as we possibly can. We need to use best and breed technology where it makes sense, but the data, it's ours, right? It's our customer data, it's our partner data. It's sensitive information that we need to make sure we have a grip on. Um cloud exit's a real thing in this market. So, you know, having a hybrid strategy around what services you launch as SaaS and buy as SaaS, and what services you might kind of build in-house or put on any cloud or bring your own cloud for? Um, I think you'll see a lot of those kind of motions as well emerge out of this uh this AI era because you'll see, you know, a an accelerated pace for adoption of SaaS in certain places and um you know the exact opposite in others.

SPEAKER_01: 11:07

Well, we're here today at uh the Digital Finance Summit. What brought you here today? What's what's on on the agenda today?

SPEAKER_02: 11:15

Right. I think uh, you know, we're we're looking to get into conversations, learn, talk to the market, uh, meet potential partners and customers. Um we have a talk later, uh, which will be uh nice um you know on stage four. But uh but of course for us it's it's interesting to to engage the market and to meet the market and to uh to see where the uh the direction of travel is for the market.

SPEAKER_01: 11:36

Well it's obviously great to have a lot of banks here today, but there's also a lot of fintechs. So if if I would be a fintech founder and I would like to start with something now, what would be your number one advice in terms of identity management?

SPEAKER_02: 11:49

Uh I I think you know you don't have to do uh do a kind of monolithic approach to this from day one, but you do have to think about it from day one. It's fundamental for how you do KYC. I mean, if you're a fintech provider, you have to do this process, you're regulated to do it. Um so you're gonna have to build your technology on top of first principles, identity management capabilities that allow you to onboard customers safely and securely. Um, but you can start small. You don't have to kind of have a monolithic approach. Um, but make sure you do it right. Don't bolt on security afterwards, you know, think about it from day one, build it into the service and the design of your solution. And guess what? It's not just a cost center, it can be an enabler for you. If you have a good, smooth experience here that's also safe, you're gonna adopt customers faster than your competitors.

SPEAKER_01: 12:36

I think that's a very nice one to sort of come to the end of our podcast here. So in case any financial institution or fintech actually wants to have that conversation with you and Curity, how do they how do they find you?

SPEAKER_02: 12:50

Yeah, okay. I mean, of course, get me on LinkedIn. Uh, I'm active there. Uh Curity itself, you know, you can go to our web. We're here at the event. You you can I think we've got some contact details probably somewhere posted in this podcast. Absolutely. You can email us directly. Um, but we're we're we're keen to get into these conversations. So yeah, happy to be here. Thanks. Well, thank you very much.

SPEAKER_01: 13:10

Thank you also to the audience, and please still stay tuned because more news will come from DFS this year in Brussels. Thank you very much.

SPEAKER_00: 13:17

Thanks for listening to another episode of the Connector Podcast. To connect and keep up to date with all the latest, head over to www.jointheconnector.com or hit subscribe via your podcast streaming platform.