Financial technology might be well seen as one of the most thriving industries worldwide. Fintech companies offer solutions through technological advancements to long-standing problems in the financial sector, while making the customer’s experience easier and engaging. This last part, leveraging the user experience and, thus, bringing back trust to financial companies, is probably one of the major challenges that players in the financial sector – both small entrepreneurs and big banks alike – face.
But this trust isn’t only brought by brand new AI-embedded code within online banking apps, nor is it delivered by relying on an attractive and approachable UI/UX alone. Users demand these companies to walk the extra mile, meaning hacker-proof security in such new products, along with strong – and believable – back-up methods. That can only be served by setting up the latest, most reliable cyber-security tools in the market.
How to tackle security in Fintech
Fintech companies rely mostly on their rapid adaptability to emergent changes. That is to said that these companies – the likes of Revolut, Monzo, TransferWise, Acorns, Addepar etc, just to name a few – owe their very existence to their ability to overcome their user’s needs rapidly and practically on-the-go.
This rapid pace in adoption and in delivering these types of new services in mobile banking, lending schemes or financial advice, can also mean less time for developers to build their products, hence the bigger risks that vulnerabilities will exist within them. “Simply put, given the growth, dynamism, and complexity of the digital financial ecosystem, it is inevitable that some solutions will be insufficiently secure against cyberattacks. And, it’s highly likely that those vulnerabilities will be found and exploited,” said cybersecurity expert John Villasenor to Forbes.
The risks attached to a security breach in financial services are even more damaging than in any other industry, as it is the user’s money that it is at stake. “In addition to causing immediate financial losses,” continued Mr Villasenor, “breaches can undermine longer term confidence in new solutions, leading to lower adoption rates—particularly among users with less experience engaging with digital services.”
Some studies conducted around the world confirm the growing concerns about cybersecurity and risks attached to it for the industry as a whole. International law firm Simmons & Simmons, in fact, carried out a study on this topic and the findings were worrying, to say the least. In it, they found that up to 71% of the world’s largest banks and asset management firms have said cyber security is the biggest risk associated with working with FinTech firms. By regions, in Germany 64% felt this way, while 70% did in Hong Kong, another 70% in Singapore, and an overwhelming 78% in New York, one of the main hubs of the Fintech industry.
“The study shows how many large financial institutions are struggling to innovate fast enough, and the figures prove that data security is a hurdle that needs to be overcome in order for banks to feel confident about partnering with FinTech firms,” said Nick Ismail to Information Age magazine.
Regulation and Fintech
Regulatory frameworks are the ultimate cybersecurity risks that these Fintech companies – and particularly their users – are exposed to.
Innovation at such non-stop velocity in financial services brings more trouble than apparent solutions do. Big banks and long-established institutions can’t keep up with new innovative new ideas. These include payments systems that can go across borders, jurisdictions and currencies without paying fees; mobile banking apps built upon blockchain technology; small endeavours offering low-fees lending schemes through cryptocurrency. These are just a few of the numerous advancements that banks just can’t catch up with: both due to the risks attached to them and the cybersecurity exposure for their customers. And we haven’t even started to talk about regulations…
Because, actually, regulatory frameworks are the ultimate cybersecurity risks that these Fintech companies – and their users – are exposed to. Traditional banks are under National Banks and other regulatory bodies supervision, which are tight and strict. They keep an eye out for their customers if these banks misuse their money or act abusively. On the contrary, most Fintech platforms and companies aren’t, which in the end means less protection for their customers.
That doesn’t mean that Fintech platforms are completely outside the law, nonetheless. They still need to be compliant with the country’s regulation from where they are operating, even though if their reach is global. The problem is regulatory bodies are far slower at passing new laws than the pace at which Fintech solutions reach the market. So most of them follow self-regulatory frameworks. Mr Ismael put up a really good example of how self-frameworks actually are critical for Fintech companies in keeping customer’s trust within their products. He said, “In collecting and storing personal information, client-facing fintech companies have to protect their customers first and foremost. The challenge then, is the way they protect this data. Though they’re disrupting traditional financial channels, many of them have adopted bank-level security measures and fine-tuned them for their digital platforms.”
A security breach in their databases, their products being hacked, or them suffering any one of these owasp threats orchestrated by a single or team of digital attackers would mean a company gone broke and that is something few entrepreneurs are willing to let happen in the industry. Fortunately, some regions and countries, including the European Union, the UK, and the US, have started to lay out some guidelines on how to comply with current regulations, and set out new frameworks from which these Fintech platforms can work. These have been based on banking laws and technological disruption and can be summarised in the Know Your Customer (KYC) scheme and, within it, Anti-Money Laundering (AML), which cover two of the most troublesome matters in Fintech cybersecurity.
KYC is as well a regulatory requirement for financial institutions. After the financial crisis of 2008, many laws require companies to verify the identities of their clients. Many new Fintech platforms have started to use KYC guidelines as a business opportunity as well as cybersecurity measure. The goal is to prevent fraud and constrain the service access of users, who don’t fulfill certain standards of credibility.
On the other hand, AML is the regulatory field of which KYC is part. Its purpose is to stop the generation of financial income through illegal means. In this role, AML has been a factor in international banking law since about 1989. After the crisis of 2008 and with the recent boom of cryptocurrencies, payment systems and open banking, among others, the G20 report from July 2018, promised to pass on new AML standards.
Cybersecurity plays out a big role in Fintech companies. Along with the usual hacker menace hanging over these products, there are some very real challenges they face in the shape of regulations and laws. In the financial sector, being compliant with the law is as critical as keeping the user’s trust in your product. Because what’s at stake is not only a bunch of private data, but the future of the finance industry.
Aghiath Chbib – Established executive with close to 2 decades of proven successes driving business development and Sales across Europe, Middle East, and North Africa. Expert knowledge of cybersecurity, lawful inceptions, digital forensics, blockchain, data protection, data, and voice encryptions, and data center. Detail-oriented, diplomatic, highly-ethical thought leader and change agent equipped with the ability to close multi-million-dollar projects allowing for rapid market expansion. Business-minded professional adept at cultivating and maintaining strategic relationships with senior government officials, business leaders, and stakeholders. Passionate entrepreneur with an extensive professional network comprised of hundreds of customers with access to major security system integrators and resellers.