Around the world, fintech companies are challenging the very fundamentals of the banking and financial services industry through a combination of innovative business models and disruptive technology. Today, they are one of the fastest growing markets, notching a record $111.8 billion in global investments in 2018, up 120% from 2017, according to KPMG.
Supporting the surge in growth are a number of fintech-friendly government policies and initiatives like the UK’s Open Banking reforms and the EU’s PSD2, as well as the US OCC’s1 proposed special purpose national bank charter and India’s Aadhaar Stack. Many countries have also set up regulatory sandboxes that allow fintech firms to test their products at a lower cost before obtaining full regulatory approval.
Another factor driving the rapid adoption of fintech is the changing customer mindscape. Today’s customers are demanding faster and better financial services, better digital banking experiences, personalized interactions, intuitive interfaces, and empowered decision-making—all of which fintech companies have the agility and innovative capabilities to meet.
Fintech firms are also rapidly finding powerful allies in the financial might and infrastructural prowess of technology industry bigwigs like Apple, Amazon, Facebook, Google, and Microsoft who are increasingly looking to expand and diversify their business interests.
Even established banks are beginning to recognize the potential of acquiring or collaborating with fintech companies to thrive in a digital banking era. In the US last year, Goldman Sachs acquired Clarity Money, a personal finance startup, to bolster the finance giant’s Marcus online lending business, while in Asia, Standard Chartered has teamed up with Ant Financial to launch one of the first blockchain-based cross-digital wallet remittance services.
The changes ushered in by the fintech revolution—including paradigm shifts in banking models, as well as customer interactions and operational technologies—warrant a serious rethink of the underlying risks and possible points of failure.
Fintech companies derive much of their competitive edge from their ability to anticipate and respond swiftly to latent trends and customer demands—particularly those around simplicity, personalization, transparency, and continuous innovation. Their secret sauce? Data. In an increasingly digital landscape, fintechs have increasing volumes of information available to them for predictive analysis and response. Adding to their advantage are open banking reforms which require larger banks to permit customers to share their own transaction data with authorized third parties, including fintechs.
However, the more one’s access to data, the greater one’s liability—not just for fintech companies, but also for the banks sharing that data with them. A single data breach, as we saw at Equifax, can have an exponential impact on company financials and regulatory compliance, as well as reputation, trust, and credibility.
Consequently, some of the largest financial services institutions globally are investing in GRC tools that enable them to structure their data landscape, and then align it to global information security regulations like GDPR2, as well as key business risks. The idea is to build an integrated risk model that maps IT risks, controls, and compliance requirements to the larger operational risk framework. Through this tightly mapped structure, stakeholders can proactively understand how a data security risk can impact the business, and what kind of mitigation measures need to be implemented.
Ultimately, fintech companies and banks have a responsibility as data custodians i.e. keepers of information who ensure that the data in their hands is used appropriately and in accordance with privacy standards and accessibility permissions. Cambridge Analytica’s unauthorized harvesting and use of personal data was a harsh reminder of just how harmful ineffective data governance can be, and why it’s so important for organizations to take their role as data custodians seriously.
Many leading financial services companies are now leveraging GRC technology to build and maintain a robust data governance program across their operational infrastructure. Their aim is to ensure that while access to data is regulated, business lines can still leverage this data to drive competitive advantages.
Banks are also adopting IT vendor governance solutions to manage the risks of collaborating with fintech companies. By streamlining and standardizing vendor due diligence, risk assessments, and continuous monitoring processes, banks gain better visibility into the data security risks associated with fintech partners which, in turn, enables them to make better-informed decisions.
One of the advantages of fintech companies is their ability to pivot around changing market and customer needs very quickly. This agility, however, increases the velocity of emerging risks i.e. the speed at which a risk materializes. Smaller fintech firms may find it easier to deal with these dynamic risks, but for larger and more traditional banks, the velocity of an emerging risk is compounded by its impact and influence on the organization’s existing risk universe, including risk appetites and risk measures.
To deal with these challenges, some global banks are integrating their complex, multi-faceted risk universe in a centralized framework. They are also aligning their risk events and losses to risk assessments and control evaluations. This data model helps them ensure that as a risk profile evolves, the changes are quickly captured. Meanwhile the underlying analytical capabilities enable stakeholders to identify both the direct and indirect impact of the risk.
Regulatory change is another critical source of risk triggered by an increasingly dynamic financial services market. Striving to keep up with emerging fintech innovations and the resulting risks, regulators are rapidly issuing new policy guidelines, or making changes to existing compliance requirements. China, for instance, is considering a ban on cryptocurrency mining, while the US recently warned cryptocurrency exchange operators about the repercussions of not complying with regulations around the prevention of money laundering and terrorism financing. Meanwhile, the FATF3 is in the process of finalizing new international standards to regulate cryptocurrency firms across jurisdictions.
All these developments require both fintechs and banks to stay vigilant and to implement robust regulatory compliance management systems that can automatically track regulatory changes, measure their impact on the business, and then initiate responsive action. One of the largest global banks, for instance, is using a compliance management solution to identify and respond to regulatory changes in over 67 markets.
Interestingly, regulators too are depending on compliance and risk data to drive regulatory changes in their jurisdictions. As an example, the banking regulator for one of the leading economies in South East Asia, is leveraging a risk reporting and analytics capability to aggregate risk event information from over 200 of their regulated entities, based on which the organization can determine its regulatory direction.
The fintech revolution will continue to reshape the global banking and financial services landscape in the years to come. Everyone—especially the end customer and even traditional banks—stand to benefit from the resulting innovation and continuous improvement, as long as risk awareness and compliance remain key priorities.
1PSD2 - Second Payment Services Directive; OCC – Office of the Comptroller of the Currency, 2GDPR - General Data Protection Regulation, 3FATF - Financial Action Task Force