Case Study

GrandhoodGetting FSA-licensed in record speed

Grandhood and Implement Consulting Group

Authors

Grandhood managed to get a licence from the Danish Financial Supervisory Authority (FSA) in record speed

Grandhood is a newly established fintech start-up company in the Danish marketplace. The idea of the company is built on a vision of “delivering simple pension products to small and medium-sized Danish companies”. Grandhood will challenge the big and well-established players in the Danish pension market, resembling David’s fight with Goliath, with an app that would be “the MobilePay of pension”. Grandhood’s most important ammunition in this “battle” is simplicity, ease of use, a maximum flexible solution for business owners and a set of solid products which include low cost and sustainable investment portfolios.

A race to obtain a licence to operate

The idea of Grandhood came to life in 2017 when three young fintech entrepreneurs managed to get funding from a group of investors to develop the “Pension App”. The prototype was finalised in spring 2018 after a year of hard work. The app was newly developed, so the last remaining issue was to obtain an official approval from the Danish Financial Supervisory Authority (FSA), i.e. a “licence to operate”. The management of Grandhood promised potential customers, shareholders and others to be ready to operate by the end of December 2018. This was close to “mission impossible” considering the normal time recommended by the Danish FSA to prepare an application for a licence to operate. However, the team at Grandhood managed to gather all the required information for the application and conduct the necessary changes to the processes and the organisation in due time.

Fact

Grandhood

Grandhood was founded in 2017 by three young fintech entrepreneurs Jon Lieberkind, Mathias Bredkjær and Jens Kam with the purpose of disrupting the European pension market.

You can read more about Grandhood here (in Danish).

Implementing a “fast-track” IT security improvement methodology

In July 2018, the final outstanding point was to prove that Grandhood had a functioning IT security setup from both a technical and governance point of view.

In order to overcome this challenge, Grandhood asked Implement Consulting Group for assistance, and in close collaboration between Grandhood and Implement, a “fast-track” IT and information security improvement methodology was implemented based on the ISO 27001 Information Security standard. The complexity of the challenge was high, and the time schedule was extremely tight. To make sure that everything would be ready for the deadline of the application, the project was divided into five separate parts, thereby maintaining control and ensuring the required speed.

The project included
  1. Documenting governance and control
  2. Business impact assessment
  3. Technical risk assessment
  4. Continuity and disaster recovery plan
  5. Operational security procedures and documentation

CPO, Jens Kam, says; “We managed to meet the deadline in due time without compromising the quality of our work (and the security and safety of future customers) by applying Implement’s IT security principles. Grandhood is therefore the first fintech start-up in Denmark to get an FSA licence to operate in the pension market. We knew that we were in a vital period – an approval from the FSA was necessary for us to continue operating our business, and a solid IT security setup turned out to be fundamental to getting approval from the FSA. Implement quickly understood our situation and established fast information security results both on a practical and governance level.”