Kazakhstan’s Agency for Regulation and Development of the Financial Market is exploring the potential of the domestic messaging platform Aitu as a means of facilitating remote communication between insurance companies, non-bank financial institutions, and their clientele.
Regulatory Recommendations and Market Reactions
As reported by Bloomberg, the regulator has suggested that market participants evaluate the Kazakh-developed messenger Aitu as a viable communication tool. Last month, insurance and brokerage firms received proposals regarding the platform’s potential use, which aims to enhance personal data protection.
However, market participants have raised several concerns. They point to Aitu’s relatively modest user base, its limited functionality, the potential costs associated with integration, and the lack of clear regulatory guidelines governing the handling of personal and financial data on such platforms.
In light of these concerns, the regulator clarified that the adoption of Aitu is not mandatory. Instead, it is being considered as an additional secure communication channel for financial institutions and their clients.
The agency emphasized, “This issue is being considered by the Agency in connection with the need to strengthen information security, including the protection of personal data amid rising fraud in financial services. The initiative is also aimed at standardizing communication channels between financial organizations and their clients.”
Data Protection and Security Features
According to the regulator, Aitu’s infrastructure is designed to ensure a high level of data protection, notably due to the physical localization of servers within Kazakhstan. This localization is believed to mitigate risks associated with cross-border data transfers and the potential interception of sensitive financial information.
Aitu also boasts additional security features, including end-to-end encryption, where access keys are stored solely on users’ devices. The platform incorporates the Aitu Passport system, which utilizes biometric identification and a cloud-based electronic digital signature. The agency asserts that these tools facilitate legally valid user verification and significantly reduce risks such as phishing and identity theft.
Integration and Broader Implications
The agency further noted that the implementation of open APIs and business dashboards would enable financial institutions to integrate their systems with Aitu at a relatively low cost, thereby leveraging the national digital infrastructure.
Previously, government agencies and quasi-state companies have been encouraged to utilize Aitu for official communications. The rollout of this national messenger has ignited a broader conversation regarding the delicate balance between cybersecurity and internet freedom within Kazakhstan, as highlighted by The Times of Central Asia.
