FinTechs belonging to this area offer traditional banking services in a modern way, usually through online services or mobile applications as well as ancillary services – e.g. enabling customers to manage their giro- or custody-accounts online and in real time or offering e-wallet services. Keywords in this context are also API-Banking or Banking as a Service (BaaS)/ Bank as a Platform (BaaP).
API stands for application programming interface and is offered to access data banks and to extract and insert information. API-Banking consequently means the access to data banks of banks to offer new and innovative banking applications.
Through these services FinTechs offer services with new functions, e.g. enabling customers to manage their accounts online and in real time.
BaaS – Bank as a Service/BaaP – Bank as a Platform:
The API-based Bank as a Service platform has a full banking licence, but merely serves as the back end for standalone independent FinTechs, which “use” the licence and the back end of the bank to offer new financial services, launch additional financial products or expand into additional markets.
Attitude of the country towards online-banking services
The social and political climate towards online-banking services is positive in North Macedonia. The banks offer online-banking services that cover functions such as daily transactions, foreign currency payments, the ability to check the balance of the accounts, credit cards, deposits, and loans, change of credit and debit card limits for payment at POS terminals, ATMs, and E-commerce. Overall, it is expected for the banks in North Macedonia to follow and adapt to the latest trends and developments of online-banking services.
Obligations and requirements to provide online-banking services described above
The banks can provide online-banking services by obtaining an approval by the governor of the National Bank. The online banking services are further regulated with the Decision for the Banking Information Security Methodology (Methodology). The Methodology requires from the banks to (i) conduct a risk assessment of potential digital space attacks; (ii) to implement security controls; (iii) to test the reliability of the system’s resistance to attacks; (iv) constant monitoring; and (v) upgrade of the system and diversion of competencies of the bank’s bodies from the aspect of management with the security of the information system.
The bank is also required to adopt a framework for planning and developing an appropriate information technology management strategy in accordance with the Methodology. The information technology management strategy needs to be harmonised with the business policy of the bank. The Methodology also obliges the bank to develop and implement a plan for continuity of the bank operations which needs to be based on several scenarios which will enable operability and minimise losses in the event of a severe outage of business processes. For the systems of modern channels that include remote access to the bank with the possibility of execution of payment transactions through means of remote communication, information system security should provide user authentication and monitoring payment transactions. Also, in modern channels, monitoring mechanisms should be implemented to the client's activities and the received payment transactions that are intended for preventing, detecting, and further investigating potential fraud. These mechanisms should be activated prior to any acceptance and approval of payments. The banks are required to inform the National Bank in cases when it will identify that the highest level of security incident has occurred in information system and significant payment security incident, in accordance with defined levels of security incidents.
Recently, a Strategy for Financial Education and Financial Inclusion of the Republic of North Macedonia, 2021-2025 was adopted, whereas it is envisaged that measures in relation to a legal framework for protection of consumers in the area of finance are required.
Additional comments regarding the legal situation for online-banking services or what FinTech’s must be aware of in this business area
Market size for online-banking services and biggest companies in this business area
The banking sector in North Macedonia has been consolidating. Eurostandard banka has been stripped of their approval for operations, while in 2021 Ohridska Banka AD Skopje merged with Sparkasse Banka. The biggest banks by assets, as of 30 September 2021, are Komercijalna Banka, Stopanska Banka and NLB Banka, whereas all three (3) banks exceed the amount of MKD 100 billion of assets. Percentage wise, Komercijalna Banka has 23,7%, Stopanska Banka has 17,6%, NLB Banka has 16,9%, followed by Sparkasse banka with 11,7% and Halk Banka with 11,4%. Banks that have less than 10% of market participation are Prokredit Banka, Univerzalna Investiciona Banka, Stopanska Banka AD Bitola, Razvojna Banka na Severna Makedonija, Centralna Kooperativna Banka, TTK Banka, Silk Roud Banka and Kapital Banka.
Additional comments regarding the economic situation for online-banking services or what FinTech’s must be aware of in this business area
The use of online-banking services is on the rise in North Macedonia. In 2020, only 15,2% of the population used online-banking services, while during 2021, the number of people using online-banking services reached 31,1%. Overall, it is expected for this trend to continue to rise.