Fintech Risk Management= Trust + Simplicity + Speed

By Shardul Singh on August 17, 2015

“Innovation lies at the intersection of the humanities and the sciences” – Walter Isaacson

Walter Isaacson the Author of Steve Jobs’ famous biography and “The Innovators” book has frequently quoted that when Technology and any aspect of human life come together, innovations happen (or may be what he meant is “Disruptive Innovations” happen that change the way we live). It could be education, music, communication, medicine, transportation or anything else.

Combination of Finance & Technology is another such potential combination that may cause the next disruptive innovation. Finance, one of the oldest businesses in the world and something that touches everyone’s life and I do acknowledge that a lot of innovation is already happening in the field from last few decades, for example, ATM machines, credit cards, electronic trading exchanges etc.

Yet this may be just the tip of the iceberg. Plenty more innovations to come that may completely change the way insurance, mortgage, payments, investment and many other financial products and institutions work.

Yet if we look at the past, the last two recessions were caused by Finance (Subprime Lending, 2008) and Technology (Dot Com bubble, 2001). Ideally, Financial institutions are in the business of taking and managing risk. What we noted in last recession, that these institutions were taking excessive risk, but had insufficient controls and infrastructure to manage the risk.

On the other hand Technology (i.e. Information Technology) is fast, evolving and thrives primarily on User Friendliness of the solutions. That creates another set of risks where most of the times, solutions are ‘quick & sexy’ but not many people understand the big picture, dependencies on other factors, internals of the solutions etc. As a result, users as well as innovators don’t know what all can go wrong and is there anything that can be done beforehand.

Like it or not, FinTech will have to go through the challenges of both, Finance as well as Technology and will have to implement Financial Risk Management as well as Technology Risk Management processes. Also, because FinTech is on the intersection of Finance & Technology, it can have its own new risks due to the toxic combinations of risks from each field. For example, mobile payment applications might increase the risks relating to money laundering (Easy to use, small amounts, multiple times a day, different payment destination and from your living room or a sunny beach).

Because of these reasons, FinTech Risk Management will be a new and very interesting field in the days to come. FinTech entrepreneurs will have to engage with professionals who are skilled in both, Financial as well as Technology Risk Management, early in the Software Development Life Cycle (SDLC) of their products. Application Security Testing (i.e. Pen Testing) will not be sufficient anymore as most of the insider Rogue Traders will not try SQL Injection, cross site scripting etc. but simply exploit the issues due to poor design of the application (such as toxic combinations) or poor controls over sharing of admin passwords within the team.

FinTech is a great opportunity for Financial Institutions to offer ‘Speed and Simplicity’ to their clients. However to rebuild the Trust that Financial Institutions have lost in the last few years, they will have to embed robust risk management processes and internal controls in their FinTech solution from the very early stages of solution development.

Shardul Singh

Author

Shardul Singh

FRM, CISA, CISSP FinTech Risk & Audit Consultant