New innovations in financial technology tend to be discussed as if the financial industry is only now being impacted by technological innovation. The fact is that banks and technology have always complemented each other.
Technology making financial innovation possible can perhaps best be seen by looking at the 1950s when Diner’s Club introduced the first credit cards. By the 1960s, Chemical Bank of the United States installed ATMs aimed at replacing branches and tellers which dispensed cash when users inserted a specially coded card. The 1970s brought electronic stocks and by the 1980s, banks started using sophisticated computers to monitor financial data. The nineties and naughts brought internet and ecommerce to the fore and the Wall Street replaced telephone stock brokering with online stock brokerage websites.
Cut to the present and fintech, a new abbreviation simply meaning financial technology, found its way into the Oxford Dictionary as a term originated in the early 21st century. Fintech aims to leverage modern technology to craft innovative financial services that bring consumers and businesses closer.
The fintech industry is one of the fastest growing segments to emerge out of cyber space – the global investment in Fintech sector skyrocketed from $928 million in 2008 to $12.7 billion by 2016.
Fintech innovations like mobile wallets, payment apps, roboadvisors, etc all are largely enhancements to existing banking services, but with the direction the industry is going, the future could see fintech replacing banking services or even competing with banks outright. This is the disruptive nature of startup technologies at work.
Haskell Garfinkel and Dean Nicolacakis, PwC’s US Fintech Practice co-leads, have this to say about the emerging industry: “We think about all the players in a larger fintech ecosystem, which we refer to as the As, Bs, Cs, and Ds. As are large, well-established financial institutions; Bs are big tech companies; Cs are companies that provide infrastructure or technology that facilitates financial service transactions; Ds are disruptors, fast-moving companies, often startups, focused on a particular innovative technology or process.”
The evangelists of fintech have been predicting the demise of banks in the face of fintech’s explosive penetration. However, a bankless reality may be further away than some think, according to Garkinkel: “Fintech isn’t static. When we talk about the As, Bs, Cs, and Ds, we think of them as sectors in motion, all moving toward each other over time. For example, financial institutions are becoming more technology focused. At the same time, big tech companies are offering peer-to-peer payment solutions over social networks and email. Meanwhile, disruptors are providing financial services that, until recently, you could get only from banks or financial advisors,” adds Haskell Garfinkel.
However, given the complexity of financial technology, one of the inevitable challenges is with regard to cybersecurity. It is highly likely that there will be vulnerabilities, and those will be exploited.
The first step towards securing any industry must begin with a fundamental acknowledgment of the importance of security. Instead of thinking of how to aggressively get to the market quickly (a scenario prevalent among startups), companies must first focus of securing their product. However, securing architecture cannot be a one-step process. There should be continuous testing and dedicated quality assurance teams to create less breakable and secure codes.
Blockchain is often seen as an added advantage and a natural fit for fintech. However, there has not been a mass exodus of the general population migrating from physical to digital currency. But, if such an exodus does occur, blockchain and cryptocurrency could lead to the demise of banks and other middlemen that fail to adapt to the new reality. Of course, even blockchain is not hack proof. For example, digital currencies like bitcoin are vulnerable to hackers stealing end-users’ wallets and bitcoin exchange private keys, mining DDoS bitcoins, or even exploiting code flaws. Added to this, bitcoin is famous among the hacker community and is the currency of ransomware. It is often impossible to trace or recover data and financial losses from attacks that have been triggered from blockchain-based systems.
Another key challenge is protecting the identity of end users, which often is the most complex part of the equation. Once a hacker reaches a user’s bitcoin wallet, the outcome can be as catastrophic as bankruptcy.
Compliance and Regulations
The security risks of fintech are now being recognized by organizations with special attention toward application vulnerabilities. Several standardization and regulatory measures have also been mandated while several others are in the pipeline. The existing measures include Basel II, Federal Financial Institutions Examination Council (FFIEC) Uniform Rating System for Information Technology (URSIT), Gramm-Leach-Bliley Act, Fair Credit Reporting Act (FCRA), Federal Trade Commission Act (FTC Act), among several others.
Basel II focused on, “The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.”
Basel II helps organizations evaluate and mitigate operational risk losses. FFIEC established URSIT as a rating system. “The primary purpose of this rating system is to evaluate the examined institution’s overall risk exposure and risk management performance and determine the degree of supervisory attention necessary to ensure that weaknesses are addressed and risks are properly managed,” states FFIECon its website.
FS-ISAC in its 2015 report pointed out the implementation of open source management policy to boost Fintech cybersecurity. It also recommended creation of open source Bill of Materials (BOM) to identify open source components.
The existing regulations also include open source vulnerability scanning and review, incorporating risk assessments into supply chains, audits on internal controls, cyber risk governance, cyber risk management, internal and external dependency management, examination of IT assets, among several other measures standard to other technology in the industry.
Upcoming regulations like the European Union (EU) General Data Protection Regulation (GDPR) mandates all companies must protect personal data (including financial information) of citizens. The governing bodies will verify the protection measures adopted.
At present, fintech is one of the most regulated industries in the world. But the key challenge is the presence of too many governing bodies but no universal standards – a singular regulatory policy or framework for the industry is lacking.
Fortunately, fintech is on the right track, with enough attention on ensuring secured architecture. Cybersecurity is being incorporated into new layers in mergers and acquisition processes even in the fintech industry. Standardizations are also playing a crucial role. The National Economic Council in a statement of principals have provided “a framework for stakeholders in the Fintech ecosystem to assess their role in contributing to the policy objectives. These principles represent practical and actionable propositions to help the fintech ecosystem contribute to a well-functioning and inclusive financial system and to the economy as a whole.”
Fintech is revolutionizing the financial services industry and is contributing to its growth. All it needs is optimum utilization with enough attention to security.