Why Internal Controls Made a Comeback in Bank Accounts

A Look at User Permissions, 2FA, and Regulator Scrutiny

TL;DR: 2023 saw a renewed focus on internal controls for bank accounts and payment services. The obsession over User Experience has led to many controls being removed over the past few years by banks and Fintech alike.Since 2023, we have been seeing more focus on user permissions and 2FA. At Narvi, we are implementing new user roles for our banking app to allow for more checks and balances for large teams.We also see many regulators for example the Estonian FIU requiring their licensed entities to have more internal controls such as splitting the roles of payment creators and payment approvers. Narvi is ready to support Estonia-regulated entities with the up-to-date platform and compliance requirements.

Overview of the changes

Internal controls are important for any financial institution, as they ensure the accuracy, reliability, and integrity of financial transactions. In the past few years, there has been a focus on improving the user experience for banking and payment services, which has sometimes resulted in the removal of certain controls. However, now there is a renewed focus on internal controls, particularly in regards to user permissions and two-factor authentication (2FA).Why did the balance between UX and safety measures shift?One reason for this renewed focus is the increasing prevalence of large teams in the financial industry. These teams often have complex hierarchies and different levels of authority, which can make it difficult to keep track of financial transactions and ensure that they are being carried out correctly. By implementing new user roles and permissions within their banking apps, financial institutions can better manage these complex organizational structures and ensure that there are sufficient checks and balances in place.Another factor driving the increased focus on internal controls is the growing scrutiny from regulators. For example, the Estonian Financial Intelligence Unit (FIU) has recently required its licensed entities to implement additional controls, such as splitting the roles of payment creators and payment approvers. This helps to ensure that there is a separation of duties, reducing the risk of fraud or errors occurring.Finally, to understand the shift, we need to look at what caused the brief era of UX over proper security controls. Deloitte's Digital Banking Maturity 2024 report that Narvi obtained connects the Coronavirus pandemic with fintechs' emerging desire to please the users:"In the years following the COVID-19 pandemic, the banking industry underwent a rapid digital transformation, rushing to add features that catered to customers’ changing needs. Online banking platforms became more sophisticated, mobile apps were enriched with new functionalities, and financial institutions raced to stay ahead of the curve," Deloitte's Wieslaw Kotecki, Global Leader of Digital Banking Maturity, states."However, as the digital banking landscape matured, a new trend has emerged. Instead of continuously adding new features and overwhelming users with options, digital champions are now shifting their focus toward optimizing core processes and enhancing customer experience. Rather than packing their apps with an ever-growing list of features, banks are now prioritizing the quality of the experience over quantity, honing in on the seamlessness, personalization, and efficiency of core functionalities," Kotecki says.In other words, we have witnessed the realization that security measures, however not sexy of a topic they may be, boost the competitiveness of banking services, not hamper it.How can banking providers enhance internal controls?One of the key ways that financial institutions can improve their internal controls is through the use of 2FA. This involves requiring users to provide two forms of authentication before they can access certain features or make financial transactions. This can include something they know (such as a password or PIN), something they have (such as a security token or smartphone), or something they are (such as a fingerprint or facial recognition). By requiring multiple forms of authentication, financial institutions can significantly reduce the risk of unauthorized access or fraudulent activity.At Narvi, we have implemented new user roles and permissions within our banking app. We believe that this will help us to better manage large teams and ensure that there are sufficient checks and balances in place to protect the integrity of our financial transactions. Narvi is one of the first financial institutions in Europe to support hardware keys such as Yubikey, Ledger, and other tools that operate under the FIDO2 and U2F protocols,We also encourage other financial institutions to consider similar measures, as we believe that this will help to improve the overall security and reliability of the financial system.

In conclusion, since 2023, we have seen a renewed focus on internal controls for bank accounts and payment services.
This change is driven by the need to better manage large teams and the increasing scrutiny from regulators.
By implementing measures such as new user roles, permissions, and 2FA, financial institutions can improve the integrity and reliability of their financial transactions, as well as enhance the overall security of the financial system.

Published December 28, 2022, updated November 12, 2024Author:

Neil Ambikar, Co-Founder and CFO of Narvi Payments.Read next:

A deep dive into alternative investment funds' (AIF) and their banking needs in 2025 (whitepaper).
What is electronic money, EMI license, and why does that matter for your business banking? Read this piece by Neil Ambikar.
Finland is constantly ranked as one of the top places to do business — but what does it mean in practice in 2024? Don't miss this guide.

Transfers Across 100+ Countries, One Euro IBANSet up your bank account completely online and access SEPA and SWIFT payments immediately. Click to get to know more and book a demo:

What We Offer

Dedicated IBAN SEPA Instant White-label Banking Banking as a Service API for Developers Become an Affiliate

Start here

Help Center FAQ Pricing Contact us Legal Documents Legal and Licensing

Narvi Knowledge Center

Alternative Investment Funds [whitepaper]Opening a Business Account in Finland How Many Accounts Companies Need Payments Blog

Narvi Payments Oy Ab is an Authorized Electronic Money Institution (EMI). Narvi’s EMI license is granted by the Finnish Financial Supervisory Authority (FIN FSA) with the registration number 3190214-6. Narvi’s license is Passportised to all European Union countries.

Built and regulated in Finland

v1.121.0