Innovations in fintech seem to be constantly in the headlines as new and more creative ways of moving money are developed. It’s an exciting time, with centuries old institutions and processes at a very real risk of being disrupted by companies that can still measure their age in single figures. The potential inherent in such innovations is already being felt as millions of previously unbanked people now have access to financial services.
However, the fast pace of this development does not come without its own risks and concerns. The technology is moving so fast that legislation and security systems can find themselves struggling to keep up, leaving customers and institutions vulnerable to errors and attacks. And that’s just for starters.
The Rise of Risk
The number of connected devices in the world has been skyrocketing in recent years as the technology required becomes cheaper. In 2017, 30 percent of people in the UK reported owning five or more connected devices, including smartphones, smart watches, laptops, tablets and more. The percentage of households owning at least one computer of some sort rose from 70 per cent in 2008 to 83 percent in 2017, and the trend is continuing up. However, it is important to note that the greater the number of connections and devices, the greater the number of access points and vulnerabilities there are in your digital life, including your personal and financial life.
The greatest cybersecurity risk is created by inexperienced users. Take a look at the most common types of online scam and their typical victims and you will inevitably find that it is generally those who are not especially internet-savvy. Given that the World Bank estimated the number of unbanked adults had decreased by 20 per cent between 2011 and 2014 - from 2.5 billion people worldwide to 2 billion - that’s a lot of potentially inexperienced new users. Effectively, it’s 500 million new potential victims.
Cybersecurity threats rarely come in the form of sophisticated hacking operations like you see in Hollywood movies. Why invest that much time and effort when you can just trick spout some meaningless technobabble at someone who doesn’t really understand computers and scare them into giving you their login details?
Phishing emails and pop-ups often act as the opening gambit, tricking users into downloading malicious software or sharing sensitive information through fraudulent websites. That being the case, it is essential for fintech firms to watch out for websites that are pretending to be their own, perhaps using a subtly different URL with an almost identical site design in the hopes of catching those who made a simple typo when entering the address. They should also be aware of people and groups sending out emails and other communications pretending to be members of their organisation.
Too Fast for Their Own Good
While simple scams certainly make up a significant proportion of the cybersecurity threats created by rapid innovation within fintech, they are certainly not the only one. Another threat has its roots in the sheer speed at which innovations are coming. It creates a system where newer systems are required to integrate with older ones, even if they are not completely compatible. The interfaces between such systems create a weakness that hackers are able to exploit.
For this reason, it is important for fintech developers to test their systems extremely well, even to the extent of employing outside security firms to actively seek out weak points within their systems so that they can be protected as required. With cybersecurity being a major concern, especially for customers, many fintech companies are employing the same level of security measures as banks have always done, including secure socket layer (SSL) encryption and Verified Site Certificates to limit the effectiveness of the aforementioned fake sites.
For the most part, cybersecurity threats created by innovations in fintech impact the customer more directly than anyone else. Certainly, a breach in security will result in the company’s insurance costs skyrocketing, their reputation will be irreparably tainted and they may be liable for significant payouts for victims, but it is still the customer who loses their life savings to some devious scam artists. However, that is certainly not the only potential hazard to emerge as a result of the fast-moving nature of fintech.
Some of the innovations introduced can support radical changes to the very nature of the finance and banking industry. Such innovations may be introduced before they are fully tested and understood - in some cases, before they have even been through a full financial cycle. This can create both extraordinary opportunities as well as extraordinary risks, especially as precedents set in the early stages of a new technology’s release may have lasting implications as it spreads and develops.
As we said at the beginning of this article, legislation is at risk of being left behind by the pace of fintech innovation, especially as it can be slow to be updated and enacted. This means that policymakers must remain ever-vigilant for developments that may undermine regulatory frameworks, leaving them ineffective or redundant, with the intention of minimising risks. To this end, the German G20 Presidency has suggested that the Financial Stability Board (FSB) improve their current monitoring of fintech to spot supervisory or regulatory issues arising from a financial stability perspective.
Even with improved supervision, innovations run the risk of creating financial instability simply by doing things that have never previously been done. It is extremely challenging to assess a risk without adequate data, precedents and past examples - a situation that can arise when new business models are deployed, changing the market structure.
Again, the FSB is rising to this challenge. They have developed a framework to define the scope of new innovations, identifying potential risks and benefits to financial stability. This will inevitably be an imperfect system as risks in particular may remain unseen until it is too late, but this at least provides a starting point from which future analysis and monitoring can be made. The fact that fintech activities are currently generally small due to the limited resources available to such firms creates good conditions for testing the framework with limited stakes, refining it for when activities start getting bigger and riskier.
Based, in part, on the relatively small scale of fintech innovation at the moment, along with findings drawn from literature, academics and results from current regulatory approaches, the FSB believes that there are presently no significant risks to financial stability coming from fintech innovation. However, they have identified a number of issues that regulatory authorities will need to pay attention to, some of which will require international collaboration. Examples of these issues include:
- Managing operation risks from third-party service providers
- Mitigating cybersecurity risks
- Cross-border legal issues and regulatory arrangements
- Shared learning with a diverse set of private sector parties
- Building staff capacity in new areas of required expertise
In the case of both cybersecurity and financial stability, the main implication of innovations in fintech appears to be the need for extreme vigilance. The advancement of the technology involved is very exciting but, like most exciting things, there are risks inherent in it - risks that need to be respected and mitigated. Fortunately, it appears that current measures are proving adequate to the task and risks are currently kept to a minimum but, with developments and innovations coming thick and fast - and, in some cases, without much testing and study - how long these measures will remain adequate remains to be seen.