News

The operational teams of fintech firms bear the brunt of this risk. This is a challenge because in some cases, the firm's established procedures and operational norms outpace the speed of operations, fluctuations in market conditions, and the speed of unforeseen changes.

While conventional financial firms have the "advantage" of time in their favor, fintech requires everything to happen at breakneck speed. Moreover, fintech teams are most vulnerable to real-time transaction management, where ninety-nine percent (99%) of the most significant errors occur.

Below are the six key risks faced by fintech operations teams today:

 
According to the Financial Stability Board, "the financial system can overreact to news." FTX bankruptcy, for example, was not the first or last unexpected event to cause ripples in global financial and regulatory policy.

Unanticipated market events pose significant operational risk simply because they are unexpected. An extreme reaction to a rapid market emergence can cause solvency and liquidity problems for financial institutions and fintechs alike.

The market may experience excessive volatility, procyclicality, contagiosity, and other risks that disrupt fintech services. In such situations, customer support teams and operations teams must think fast and develop responsive, situational responses - contingency planning almost always fails to provide the necessary response. Since this is the way it is in fintech, timely and correct contact with customers is crucial.
 
Risk is the main focus of fintech business in terms of regulation and compliance. Regulators must ensure that fintech companies properly analyze risks and implement risk mitigation procedures.

Unfortunately, the breadth of regulation in many countries has not kept pace with the pace of technological advances. This means that regulatory standards are changing rapidly for several fintech groups, making standardizing compliance practices extremely challenging.

While some fintech sectors are not as strictly regulated as traditional financial institutions, regulations such as PSD2 and GDPR define specific data protection criteria and system security protocols that affect European fintech sectors as a whole. National authorities often impose an additional regulatory layer that affects fintech - such as the CFTC and SEC in the United States, the FCA and PRA in the United Kingdom, BaFin in Germany, ACPR and AMF in France.

For example, both the PRA and FCA are exploring artificial intelligence, machine learning and initiatives such as Open Finance to better understand how to protect financial stability and ensure fair outcomes for consumers. One area of interest for regulators is the culture at FinTech companies, particularly signs that companies may be focused on growth instead of profitability, or that their strategic risk work is not robust enough to manage new untested models or technologies.

FinTech companies can evolve very quickly, so it's important that their risk management and compliance programs keep pace. They need to ensure they have robust processes in place to proactively manage existing regulatory and compliance risks, as well as regularly scan the horizon for new risks in these areas at every stage of the development process. Moreover, these companies must always ensure that they can quickly and easily provide evidence of their regulatory change processes as well as overall compliance to stakeholders, such as the board and regulators.

If standards of regulators are not strictly enforced, companies risk being found in non-compliance, receiving significant fines, and ruining their impeccable reputation in the marketplace.
 
Ultimately, most fintech companies either provide or facilitate financial services. This in itself exposes the organization to the risks of negligence, service failures, fraud allegations, and other common dangers associated with financial services. Fintech companies that provide new financial products using new creative service models are heavily exposed to professional liability claims.

In general, the problem lies in mismanagement: Fintech companies often exceed their operational capabilities and fail to standardize new operational procedures, leading to additional errors.

On the other hand, consumers tend to use fintech applications carelessly and do not take preventive measures to protect themselves, their data and finances. In 99 percent of all cases, the fintech vendor will be held responsible in any situation.

Among other things, the traditional financial services industry has realized the importance of data governance and is in the process of implementing data governance frameworks and standards in their businesses. While FinTechs may have a business advantage - most were founded with a "data first" strategy - many don't realize that data governance should also apply to their risk management and compliance programs.

Regulators are increasingly asking questions about who owns risk and compliance data, how far it has come, how timely it is, how well it represents what it should represent, and other data management issues.

FinTechs should be able to answer these questions with as much confidence as they could for their business data.
 
As FinTechs gain more attention in the media and from their customers, so too their profile increases among cyber criminals.

One significant disadvantage of fintech is its ability to actively increase risk to existing financial institutions: the more systems associated with fintech, the greater the opportunities for cyberattacks. 2022 was a challenging year for fintech cybersecurity.

There is no one-size-fits-all cybersecurity framework in fintech because of the diversity of businesses and operating structures. FinTechs are spending vast sums ensuring their technology and their customers’ data is protected, but how well are they protecting their risk management and compliance data? Spreadsheets, email, and documents on shared drives can all be vulnerable to the wide range of cyberattacks that are out there. The firm’s risk and compliance data may be compromised or corrupted, data privacy may be breached, and sensitive information such as the FinTech’s risk management weak spots exposed. Working with risk and compliance data within a GRC solution can add an extra layer of cybersecurity.

Among other things, hiring competent cyber risk management and IT security teams is critical to identifying and mitigating vulnerable cyber attack vectors.

However, having the necessary defenses in place does not relieve fintech company COOs from the daily worry of cyber incidents. Any cyber threat, like market events, will require a rapid, planned response from operations departments, and any mistakes made in the process could be costly.
 
Existing financial institutions have so far been protected by the national conditions of their specific markets. Each national jurisdiction has its own set of financial conditions and rules, subject to which financial firms provide services adapted to local requirements.

Recently, however, these geographic constraints have been quickly eroded by the rapid emergence of fintech companies offering financial solutions around the world. In response, institutional finance was faced with the choice of competing with nimble fintech companies or learning to collaborate and build relationships with them. This nimble-traditional dynamic has created a global competitive environment, and companies that want to win the fintech race must choose their strategic relationships carefully.
 
Regulators in the U.S., the U.K., and the EU have been voicing their concerns about third-party risk for some time. Some FinTechs are financial services providers and have relationships with third parties. Other FinTechs provide software solutions to traditional financial companies, which means they are third parties and will also have their own third parties.

It also happens that for some fintech firms it is impossible to partner with third parties - with traditional financing or otherwise. Their business is completely dependent on them. The added stress of competition and the need to bring in third-party services and alliances to stay ahead are elements of operational risk for operations teams that can put them at a disadvantage. ‍

Many jurisdictions are in the process of improving their rules regarding third and fourth party interactions. A good example is regulators' concern about the risk of concentration around cloud service providers. The EU has created a robust regulatory framework to manage these risks, and the financial industry has responded with the Gaia-X project, which "seeks to implement a common set of rules that can be applied to any existing cloud technology to achieve transparency, sovereignty and interoperability of data and services."

FinTech can expect other jurisdictions to strengthen third-party regulation over the next few years. This will mean managing significant complexity and, at the same time, maneuverability to provide proof of compliance to customers and potential customers.
 
In summary, the risk and compliance challenges facing FinTech firms this year are very demanding. It’s clear that using manual methods to try and meet them could wind up creating even more risks, such as the inability to adapt to regulatory change, poor data governance, and increased cyber risk. To meet these challenges successfully, FinTech firms should consider taking a more strategic approach by investing in a GRC solution.

In addition, do not forget about the quality of personnel. Hire staff which is competent in cyber risk management and IT security, and improve the level of existing employees. Together we can overcome all difficulties:)

See you soon,
Your OctoStrategy.