The Connector Podcast - DFS Digital Finance Summit - From Dora To SOC 2: How Copla Simplifies Compliance For Fintechs

Show Notes

We explore how fintechs can move fast without breaking compliance, turning frameworks like DORA, NIS2, ISO 27001, SOC 2, and PCI DSS into a shared foundation for resilience. Copla’s blend of automation and expert guidance shows why continuous audit readiness beats fire drills and how vendor risk can be managed at scale.

• origin story and why compliance pain inspired Coppla
• mapping across frameworks, including DORA, NIS2, ISO 27001, SOC 2, PCI DSS, MiCA
• automation plus expert support for clarity and speed
• vendor risk management and the DORA third‑party register
• continuous audit readiness and always‑on evidence
• cybersecurity link to compliance via resilience and exercises
• cautious, guardrail AI for evidence verification
• global applicability and rapid framework onboarding
• roadmap: deeper vendor risk, risk management, awareness training
• who should contact Coppla and where to find them

If you have any compliance issues, I'm sure many companies do. If Dora, Mika, PCI DSS, or ISO 2701 are on your radar, contact us. If you have already sold those things, or to some extent, you can still contact us because we can help you recertify and so on. We can still automate some stuff you probably do manually in Excel or similar tools. If that's on your radar, then let us know. Well, the best thing would be to go to our website, www.copla.com, and they can reach out to us there. To connect and keep up to date with all the latest, head over to www.jointheconnector.com or hit subscribe via your podcast streaming platform.

Thank you for tuning into our podcast about global trends in the FinTech industry.
Check out our podcast channel.
Learn more about The Connector.
Follow us on LinkedIn.

Cheers
Koen Vanderhoydonk
koen.vanderhoydonk@jointheconnector.com

#FinTech #RegTech #Scaleup #WealthTech

Chapters

• 0:00: Setting The Stage: Fintech Compliance
• 0:30: Coppla’s Origin And Mission
• 1:20: Decoding Frameworks: DORA, NIS2, ISO
• 2:40: Automation Plus Experts: The Coppla Approach
• 3:45: Vendor Risk And The DORA Registry
• 5:10: Agile Growth Versus Compliance Demands
• 6:30: Continuous Audit Readiness Explained
• 8:00: Cybersecurity’s Link To Compliance
• 9:00: A Cautious, Guardrailed Take On AI
• 10:20: Global Fit And Customizable Frameworks
• 11:15: Roadmap: Vendor And Risk Management
• 12:20: Awareness Training Within One Platform
• 13:00: Event Takeaways From DFS
• 13:25: Who Should Reach Out And Where

Transcript

SPEAKER_00: 0:00

Welcome to the Connector Podcast, an ongoing conversation connecting fintech to banks and regulators worldwide. Join CEO and founder Owen van der Hoydong as you learn more about the latest available trends and solutions in the market.

SPEAKER_02: 0:20

And here we are again for another podcast from DFS. And today I'm meeting my friends of Coppla. I see them everywhere I go. So the expectations are high. Marco, can you please explain what is Coppla and what do you do at Coppla?

SPEAKER_01: 0:35

Of course. First of all, thank you for having me here. So, uh, what do we do? Let me just kind of step back into past a little bit, what happened before Coppla. Founders had a very uh successful company before Coppla that was called uh Paysolute. And that company was acquired by Sumap. So it was a pretty good success story. And during this period, they noticed a big, big challenge uh in the world, and that's compliance, especially in fintech companies or finance companies. Because they have to struggle with they are struggling with compliance a lot. So that's how they decided to start a company called Copla. And what we do, we are a compliance risk management platform. We basically, in a nutshell, help companies get compliant with different compliance frameworks.

SPEAKER_02: 1:20

And when you talk about different compliance frameworks, what do you mean exactly? Can you give you some examples?

SPEAKER_01: 1:26

So it's uh, for example, now Dora is very current, Digital Operational Resilience Act. We have NIS2, we have ISO 2701 or SOC2 for our US friends. And those are some examples. Plus, we have PCI DSS, Mika, and so on. And more and more compliance frameworks are popping up. So you have the Cyber Resilience Act, the Act that is in the making in the EU, there is the AI Act, so a lot of things happening. But the good thing is not to kind of frighten everybody, that they all have the same foundation. So if you satisfy one compliance framework, you're pretty good, like 60-70% uh when it comes to other frameworks.

SPEAKER_02: 2:06

And and how do you guys then help? Is it pure technical or is there also um like legal understanding or compliance understanding?

SPEAKER_01: 2:14

We combine uh automation and uh human support. So, but we have experts, CISOs, chief information security officers, compliance experts, that guide customers through compliance journey. So automation is one thing, and you have to have automation, of course. It speeds things up and it helps and so on. But at some point, you you will reach uh a point where you don't understand something, you need some additional clarification, or you need somebody to do something for you. And this is the point where our experts jump in, and this is something that differentiates us from other companies such as Vantas, Dratas, Printos, or Scratch of the world.

SPEAKER_02: 2:51

Well, on thinking about those frameworks, one thing that's that sort of pops in mind is Dora, and there's uh vendor risk, there's third party risk. Um, these are often uh challenges for companies growing. So, how do you manage those risks particularly?

SPEAKER_01: 3:08

Vendor risk, yeah, as you said, it's very, very relevant and very, very, very important. And it's gonna be more and more important because supply chains need to be secure. Uh, one company has perhaps dozens or hundreds of vendors, and they need to be secure in order to protect our infrastructure. And this is what Dora also uh transcribes, and this is what we are helping to solve with one part of our solution called Copla Registry that handles Dora ICT third-party register. So usually it's an Excel with like 15 tabs, and it's quite complex to fill out. There are some codes that you need to do, you need to repeat entries, and it's easy to make a mistake. But we um implemented that into a SAS solution that helps you and speeds up things about five times. So you don't need to repeat the entries, it does data validation for you and it really makes your job easier. That's just one thing that we offer on top of our platform because we really want to help companies be like a one-stop shop for compliance. And if we can solve more of compliance uh issues for them, it means we're more helpful, means it's much better for us, also.

SPEAKER_02: 4:17

What I really liked and and and probably won't like to have a bit of clarification about this. When I was reading one of your Dora uh blogs, uh you you speak about tension between lean agile fintech teams and heavy compliance demands. What what what what what was the driver behind this statement?

SPEAKER_01: 4:34

Well, when you look at it, every company, of course, wants to wants business success. Uh we're all here uh because of that. And uh fin tank companies or startup companies, they want success fast. Somebody perhaps wants an exit, somebody wants some personal satisfaction, and so on, and they are very much focused on that growth. Very, very, very much focused, as they should be. And then you get a compliance, which is complex, which is not so easy if you're not familiar with it, and that stops their growth. Basically, what we hear from a lot of customers that work with us is they said we want to focus on growth. We don't want to focus on compliance, we're not compliance experts. That's why they need help, that's why they need a platform and an expert, let's say, in a certain sense, holding their hand. So, this is something that we see a lot, and this is something that is, I would even say crucial for a success of a startup or a fintech company, especially fintech companies, to make sure that compliance is handled in a proper way. Sometimes it's internal, of course. Sometimes you have founders that are compliance experts, and that's great, but even them need support from somebody externally to perhaps operationally uh help in some matters.

SPEAKER_02: 5:48

I think I hear between the lines that uh compliance is not a one-off, it's a continuous process, and and you guys I think call it continuous audit readiness, and it relies heavily on automation. And I understand, but automation means also that you're receiving data from the outside world. So, how does that link work?

SPEAKER_01: 6:07

Well, it's kind of a combination of automation and manual entries, plus our experts. So, through automation, you get to some certain degree of success when it comes to compliance, but then again, you have to do something on your own. You cannot a machine cannot do everything, or there is no external expert that can offload 100% of compliance tax for you, but we can offload 70 to 80 percent, which is if you can imagine, you know, if somebody takes away 70-80% of your work, that's a pretty good good time saving. And this is where we can help to kind of optimize this process, and this is this is how we uh operate. You also mentioned that this continues audit readiness. I think that's the probably the crucial part here, like always on compliance. Where if you look at compliance as a one-off exercise, or you get to a point where you have a fire drill, so you have like two, three months, and you it's uh all hands on deck, let's uh satisfy the checkbox. It shouldn't be like that. Primarily because that's not the point. Compliance is not here to make our jobs uh or any company's job harder, it's to make those companies more secure. It's about business continuity. Exactly, exactly. And those compliance frameworks are improving uh year after year, as we see. We have like PSD2, we have uh SOC2 and those kinds of iterations. They're not perfect, but they are improving. And by having this one compliance framework, or having like foundational compliance, I would rather say, then you can really build on top of that. Some start with the ISO 2701, for example. If you have that framework implemented, you're 60-70% there with Dora, with NIS2, and so on. Then you just have to build on top of that, and you will reach the stage where you're compliant at a click of a click of a button.

SPEAKER_02: 7:57

Well, earlier you mentioned the role of a CISO, and a CISO goes hand in hand with cybersecurity. So, what's the offering on cybersecurity? In what sense? Yeah, so when I was actually going and diving into what you guys offer, I came across like uh near zero disruption scenario-based simulations, all to do with cybersecurity. So, how does that match up with uh what's happening in the compliance world?

SPEAKER_01: 8:23

Well, compliance is here to make companies more secure, to increase their cybersecurity. And compliance instates some rules that can really help companies um increase their cybersecurity, increase their operational resilience, and help with their business continuity. And this is the link that we see between cybersecurity and compliance.

SPEAKER_02: 8:45

Makes sense. Um, well, you're here at an obviously a fintech event, and uh one of the themes is regulation, so I'm sure you find that very comfortable. Another one is AI. So, how does that actually apply to Coppla?

SPEAKER_01: 9:00

When it comes to AI, we took a little bit cautious approach because we want to make sure that we implement AI in the right way. You see a lot of companies today that have AI, or at least have AI on their uh websites or promotional materials, if not all of them. Yes, but when it comes to compliance, uh there is no the nothing should be left to chance or some speculation. So we really need to make sure that AI can help us. AI currently, as we use it, it helps us verify compliance evidence to some extent, but we still have a human validating that to make sure that everything is as it should be. At some point, our platform will use AI in a various use cases, including this one. But for now, we really want to make sure that that everything is as it should be. So we decided not to rush with AI.

SPEAKER_02: 9:55

Fair point. Um, I guess there was way like guardrails and everything, but that's probably what you're talking about, I guess.

SPEAKER_01: 10:01

Exactly. That's one of the guardrails, let's say we took now from this aspect, and then once we implement AI in a more uh in more use cases, we'll have more guardrails, of course.

SPEAKER_02: 10:11

Yeah, so you're AI ready, ready to go when it's valid.

SPEAKER_01: 10:14

Yes, we have a good use case for AI, which we use now to some extent, and we'll build on top of that.

SPEAKER_02: 10:20

Makes a lot of sense. Well, you guys are a European company, and European company comes with European legislation, although you mentioned uh a couple of uh legislations coming from abroad. How would you see yourself as a global player?

SPEAKER_01: 10:34

Compliance is not so different, um, regardless of the region uh or a country. A foundational part of compliance would be risk management, and risk management for different compliance frameworks is very, very similar. You have some certain uh default settings that you need to satisfy, and on top of that, some things will be adapted depending on the geography or an industry or so on. So when we look at our solution, it's really industry and region agnostic, and we have the capability to upload any compliance framework to our solution with a very short period of time. So our platform is highly customizable when it comes to any region or industry, and that's something that we see as a really uh strong point of it.

SPEAKER_02: 11:19

And what do you see as your roadmap going forward as a company? You're a young company, rebranded recently, everywhere and present in the world. But how does uh future look like uh two to three years ahead?

SPEAKER_01: 11:31

We want to be a one-stop shop for all your compliance needs. Currently, we satisfy a lot of uh aspects of ICT compliance with our uh compliance automation, but we have two big focuses, focus points for next year. One is vendor risk and one is risk management. So this is something we want to automate more, but we never want to forget this human aspect, and we will uh we will always have some sort of human validation. Of course, that will reduce in time as you will have more automation, more AI, more integrations. But this is the area where we want to go. So to combine this compliance automation, vendor management, and risk management into one single solution. And also important to point out, we also within our platform, we have awareness training. And awareness training is a very important part of compliance. And you have a lot of companies out there, very successful companies, doing only awareness training. But again, that's only awareness training. If we can do awareness training plus the other things that we mentioned, I think for any company that would be very good to have all of that in one solution. Yeah, it's really the one-stop shop.

SPEAKER_02: 12:39

Now, you're here in Belgium, I believe, for the first time at the Digital Finance Summit. What are your findings so far?

SPEAKER_01: 12:45

Well, it looks very good. Uh, a lot of discussions, a lot of conversations, uh, a lot of similar challenges when it comes to compliance. So we see that uh in any country in EU, but it's very interesting, and I like the fact that we have here we have the regulators, we have the companies, we have the vendors, everybody's at the same place. The event is great, it's not a huge event, which is I think a very good thing. So you can basically talk more or less with everybody here.

SPEAKER_02: 13:11

Yeah, it's it's pretty much a boutique event, as you could call it. Um, Marco, one last question uh before we stop this or close this uh podcast. Um, where can people find you and who typically you would you would like so one more question before we close the podcast? Um, where can people find you and who do you want to contact you?

SPEAKER_01: 13:34

If you have any issues with compliance, I'm sure that uh a lot of companies do. If uh if Dora, Mika, PCI DSS, ISO 2701, uh if those things are on your radar, contact us. If you already sold those things, or or to some extent, you can still contact us. Exactly. Because we can help you need to re-certificate and so on. We can still automate some things that you probably did manually using Excel or so on. So in both those scenarios, we can help. If that's on your radar, then let us know. And uh who and where can they contact you? Well, the best thing would be to go to our website, www.copla.com, and they can reach out to us there.

SPEAKER_02: 14:19

Makes a lot of sense. Marco, thank you very much for joining me in this podcast. Thank you also to the audience, and please stay tuned. Thank you very much for having me. More updates to come from DFS. Thank you very much for having me.

SPEAKER_00: 14:32

Thanks for listening to another episode of the Connector Podcast. To connect and keep up to date with all the latest, head over to www.jointheconnector.com or hit subscribe via your podcast streaming platform.