As financial technology (better known as FinTech) companies become more popular, it is important to shed light on potential threats to financial stability and how we can start to overcome those. After all, it is financial, and at times, personal data is at stake, much of which is connected to banks and other financial institutions, making it more sensitive and therefore more at risk of theft.
In the advent of the Open Banking era, data protection between FinTech companies and financial institutions should be a priority. And yet, with many FinTech companies still classified as start-ups, we must also understand the fact that cybersecurity is not an easy thing to manage.
The Financial Stability Board has had the same thoughts and considerations that they published into a 2017 report about FinTech implications on economic financial stability. This document and many other reports led to the creation of new regulatory frameworks that are aimed at keeping the market open and competitive (in line with all the positive things FinTech companies bring to our economy), while decreasing the risks associated with FinTech's.
We have spoken a lot about the regulations and the positive aspects of FinTech and Open Banking, but we have not spoken about the challenges and risks. In this post, we outline them and make some suggestions to improve the landscape.
What is a FinTech Company?
Before we get started, it is important to outline what we mean by FinTech company here. We have spoken a lot about FinTech's without ever clearly defining them. The Financial Stability Board defines them as:
“technology-enabled innovation in the financial services that could result in new business models, applications, processes or products with an associated material effect on the provision of financial services.”
FinTech is clearly a broad term that can be used to describe a wide range of innovative technologies, so it is sometimes useful to further define them by the economic functions they provide. And so RegTech, InsurTech and SupTech was born. We’ll leave explanations of these for another day.
FinTech services can be classified into major industry sectors and covers a wide range of activities including, but not limited to:
- payment and infrastructure;
- operations and risk management;
- data security and monetization and
- customer interface.
Economic Drivers of FinTech
FinTech companies are a cause of the current economic climate, changing regulation, shifting consumer perspectives and evolving technology. There are three areas that we can break these down into.
Advances in computing power have allowed innovation in areas such as file sharing, cloud computing, data storage and more. Online connectivity in this way has reduced some transaction costs and disrupted some traditional models which have led to credit innovations.
Look at the FinTech peer-to-peer (P2P) loan provider Zopa, which uses internet technology to cut out banks entirely. And because it automates a lot more than traditional credit institutions, Zopa can provide a far more competitive pricing and offer a more convenient and quicker service to customers.
Platform-based business models are also more able to scale because they use digital identification and digital contracts to standardize online workflows. And because they don’t manage a large number of physical branches with costly IT networks and staffing, they are able to avoid the higher capital and liquidity requirements of traditional institutions.
Finally, because of decisions made in the aftermath of the last financial crisis, services such as micro-lending have been minimised in financial institutions but can be made available to the public by FinTech companies.
The technological innovations around real-time transacting are placing a higher demand on financial services to follow suit. People want what they want, conveniently, fast and with a good user-friendly experience. As expectations change, younger generations such as “millennials” and “digital natives” have optimal buy-in to FinTech services.
In addition to this, consumers are less trustworthy of banks since the last financial crisis despite the FSCS protecting up to £85,000 of any savings held in any official UK financial institution. There may be more of a general perception that FinTech companies are more trustworthy and socially responsible, especially in areas such as P2P services. This growing faith, alongside a growing demand for ease of application and optimal user experience, may be why investors are keen to use FinTech companies to diversify their portfolios.
In the case of FinTech P2P lending, the higher demand for investors lending on FinTech platforms results in borrowers who are more attracted to use the technology.
We should also bear in mind that FinTech’s service the economy on a greater scale than just those individuals that are digitally advanced and require ease of applications and transactions. These technologies are empowering the "under-banked" and socially vulnerable groups by giving them equal access to various benefits and opportunities, across the globe. Through digital means, residents in far flung areas can receive financial services that were once unattainable to them, such as getting remittances and small loans.
Micro-financial risks are defined as risks that have more effect on the financial institution or firm itself. Some of these risks could include credit, liquidity, market and pricing, operational, compliance and legal and strategic risks.
These are the micro-financial risks that relate to financial dealings.
- Maturity mismatch: when a loan is extended for a longer period than the financing is contracted for, rollover risk is created. Systemic impacts could arise if the sector provides critical functions or services.
- Liquidity mismatch: when assets and liabilities have different liquidity characteristics, resulting in “run risk” and the need to liquidate quickly, thereby disrupting markets.
- Leverage: higher leverage implies less equity to absorb losses – an example would be market and credit risks. This could expose counter-parties to losses.
These are the micro-financial risks that relate to operational dealings.
Governance / Process Control
Poor process control can lead to increased risk of direct disruption in providing financial services or critical infrastructure.
FinTech companies have the potential to increase the attack vendors of the entire economy because the more systems that are connected, the more vulnerabilities there will be for a cyber-criminal to exploit.
A good example of this is the big story of the $81 million bank heist in Bangladesh that used a vulnerability in a third-party technology provider (SWIFT).
As every info security expert knows, the more systems are connected together, the more vectors there are for cyber-attack. However, FinTech’s cannot be grouped into any one particular category and therefore, it should really be individual to each FinTech’s environment although some also follow a self-regulatory framework.
Hiring a good risk manager and IT Security team will be vital in ensuring that the complex and growing list of attack vectors are mitigated.
An increased reliance on third-party services can create systemic risks too and not just for cyber-risk reasons. FinTech services could be provided to a financial institution and in the event that the cloud computing company (for example) is being used, and later has operational downturn or unexpectedly closes down, the financial institution is affected.
It could be the case that these third-party services are not even heavily involved in the financial industry, such as a telecommunications company. But this does not downplay the risk.
Why am I putting regulation down as a risk? The rapid rise of FinTech companies has also meant that the industry is largely unregulated. The reason for this is that rapid developments in technology and innovation are not covered in existing banking regulation. Regulatory frameworks are catching up but, in the meantime, the landscape is uncertain.
Regulations such as GDPR and PSD2 set out requirements for protecting data and securing infrastructures. If these regulations are not followed, there isn’t just a risk of cyber-attack but a risk of being caught, fined and losing brand reputation all in one sweep. This helps to encourage FinTech’s to hold themselves to higher standards and will help the industry to grow.
Some regulations to look out for are:
Financial Market Infrastructures
Financial market structures are also a business risk because they are vulnerable to their own external factors and big changes can impact a business and its profits. If the impact is large enough, it could mean closure and therefore a much wider impact to critical infrastructure.
If micro-financial risks are the internal risks that can affect the wider financial system, then the macro-financial risks are those system-wide vulnerabilities that can create a real shock to the wider financial system and therefore increase the likelihood of financial instability.
These risks are related to the interaction between firms, investors and clients. Risks to FinTech companies include the following.
Contagion is distress experienced by a single financial institution or sector that can be transmitted to others because of the exposure or relationship between them. Commonalities in the type of business can also lead to mistrust in those institutions and that can also lead to contagion.
If a single, well-known and very well used FinTech platform has a large unexpected loss, it is possible that these losses will be interpreted as happening across the sector.
In the well-known activity of excess provisioning of credit by banks during economic upswings, followed by an extreme degree of deleveraging that tends to take place during a downswing. This low pricing during good times and high pricing during bad times is exactly the kind of activity that propagates financial instability.
Interactions between FinTech lending platforms and FinTech borrowing platforms could exhibit larger swings than traditional intermediation of funds which can be further exacerbated by retail investors. FinTech credit companies may have limited incentives to accurately assess credit quality or maintain lending standards and therefore could risk increased pro-cyclicality.
The Financial Stability Board put it right when they said: “the financial system can overreact to news”. This overreaction can lead to solvency or liquidity problems that can spiral to the financial system impairing the functioning of credit markets, especially when there is congruity.
The use of FinTech AI and apps to trade in the market can increase market volatility because they make computer-based decisions. In a period of low volatility, a FinTech trader can be more active but as soon as there is some volatility, they can rapidly withdraw from the market. When the market is already stressed, this can exacerbate potential for volatility.
If an entity is critical, it may amplify risks. Companies who see themselves as critically important have less competition in the market and are therefore more inclined to take risks where the downside may be limited by the guarantee of public support of a critical service. Predatory pricing could also stifle competition reducing the likelihood of other services stepping in when the entity suffers distress.
This, of course, is still an issue with the traditional financial model but you can predict a scenario whereby a FinTech company earns a monopoly or oligopoly for their convenient and efficient service. This needs to be avoided.
Oh What, Oh What Can a FinTech Do?
This article focuses on the risks of FinTech without weighing against the potential benefits but FinTech companies can also bring several benefits to the economy as a whole. In brief.
- Diversification and decentralisation. In areas such as lending, big data processing and automation of loans have reduced barriers to entry. Distributed ledger technology like blockchain can also reduce concentration in the settlement process.
- Efficiency. Innovations in financial services can lead to greater productivity. Regulation technology or AI chat bots can streamline back-office functions and strengthen business models for institutions as well as facilitate and automate the decision making process.
- Transparency. Increased use of data may have the potential to reduce asymmetries in information. Better data is paving the way for smart contracts that can more accurately target specific risks users wish to manage.
- Access and convenience. The ability to improve access to a range of financial services in regions where there is a large population of people who don’t have access to banks and where the financial market is only in early development. In these areas, likelihood of owning a smartphone is higher than having a bank account and so app-based financial services are a huge benefit.
So let’s not give up just yet, FinTech companies have a lot to bring to this economy, it is simply important for us to recognize what the risks are and try to mitigate these. Regulations can help to do this but the truth is, each FinTech is responsible for their own effect on the economy and their relationships with other companies around them. Each financial institution is also responsible for auditing the FinTechs they get into relationships with.
Open Banking aims to set a precedence for this kind of thinking. For example, they set a framework for APIs being built between FinTech companies and financial institutions so as to educate the sector and reduce the likelihood of an attack when sharing data between services.
The very nature of FinTech’s convenient, online platforms make it easy for a customer to leave and not forgetting that these companies service a plugged-in population who, within a few minutes of their time, can leave an online review.
Therefore, large financial institutions and smaller FinTech companies each require elements the other can provide in order to successfully meet growing consumer demands for greater access to and management of their finances. As a result, the lack of consistent FinTech cybersecurity will be a hindrance for both. As these two sides of the financial services space increasingly partner up, then, cybersecurity – especially application security, cloud security, and automation will have to become top concerns to maintain data protection and meet compliance requirements while responding to the shifting demands of the marketplace.