Risk Management for FinTech Businesses

FinTech businesses, because of their very nature, can grow very rapidly. As they grow at such a fast pace, they need their risk management and compliance functions to keep up with this growth.

What is Financial Technology (FinTech)?

FinTech is used to describe technology that seeks to improve or automate the use and delivery of financial services. FinTech can be seen in different sectors for different uses such as crowdfunding, investment management, banking, education, insurance and cryptocurrencies to name just a few.

FinTech businesses, because of their very nature, can grow very rapidly. As they grow at such a fast pace, they need their risk management and compliance functions to keep up with this growth. Additionally, FinTechs need to constantly scan the environment for emerging risks as their operating environment changes rapidly too. FinTechs are also gaining the interest of regulators and it has become necessary for these businesses to meet regulatory requirements unless they want to run the risk of non compliance with hefty fines and costly suspensions.

FinTech in the Maldives

FinTech is a growing market all over the world. New FinTech initiatives, even though few for now, are being introduced in the Maldives. The FinTech businesses in Maldives are centered mainly around payment solutions which was further facilitated by the National Payment System Act and Regulations on Payment Service issued by the Maldives Monetary Authority (MMA). Also, one digital bank was given license to operate in the Maldives. In addition to these areas, we can see FinTech being introduced in areas such as insurance and investment management.

We need more initiative by the government and the private sector to develop a strong FinTech ecosystem in the country which will lead to the increase in the amount and quality of FinTech solutions offered. Even though smart phone and internet usage are high amongst the population, this is not being reflected in the use of FinTech solutions. This may be the result of high internet costs, lack of sufficient infrastructure and quality FinTech solutions, lack of enabling regulations and qualified human capital.

Adopting FinTech solutions is very important in the quest to improve financial inclusion in the country. FinTech solutions are key to creating a more equitable, fair and thriving economy and are crucial in a geographically dispersed country like the Maldives.

In order to encourage the growth of FinTech businesses while reducing risks, we need to create a regulatory field which is open to sustainable competition and at the same time create a framework which will include regular monitoring of the appropriateness of regulations. In addition, guidance needs to be provided to businesses who adopt novel applications of technology.

Although FinTech is the key to financial inclusion and development, it comes with financial vulnerabilities too. Policy makers need to balance financial stability, cybersecurity and data protection concerns with the benefits it brings. A risk based approach needs to be adopted where regulatory requirements and policies are commensurate with the risk inherent in the business activities aiming to reduce risk while supporting innovation.

FinTech Risk Management

Managing risk is a crucial element for FinTech businesses. Changes in the market and disruptive technology leads to new risks. As the party responsible for the product, a pioneer business must take principal responsibility for identifying its risks. Some of the risks that FinTechs are exposed to include, cybersecurity and data privacy risks, money laundering and terrorism financing risk, regulatory risk, fraud risk, outsourcing risk, merchant risk and credit risk.

With the introduction of FinTech solutions by a business, it becomes necessary for it to have a robust risk management solution in line with the increase in its risk exposure. And when businesses are in their introductory stage it becomes easier for it to shape its risk culture.

Cybersecurity and Data Privacy Risk

With the increase in FinTech, it also attracts cyber criminals who are looking to take advantage of any vulnerabilities inherent in services such as mobile payments. While the internet has made it easy for FinTech to reach customers, it has also made it easier for cyber criminals to connect with potential targets. Customer trust is built through having strong data privacy standards which ensures customers that their information is safe.

Having trusted identity systems to verify customers and validate consent is key to managing data privacy risks.

Money Laundering and Terrorism Financing Risk

Money Laundering and Terrorism Financing risk is another key area which FinTech businesses need to focus. Failure to have appropriate risk management in place may lead to the business being used to launder money by criminals. The failure of non-compliance with AML CFT regulations is another risk that these companies have to face.

Money Laundering and Terrorism Financing risks arise from the nature of FinTech Services. For example, fast transactional speed is one of the advantages of FinTech solutions and this must be matched by faster processes for example, Know Your Customer (KYC) requirements, Enhanced Due Diligence (EDD) measures, transaction screening and lodging of Suspicious Transaction Reports (STRs).

Regulatory Risk

With the increase in FinTech, more regulations will be coming into effect. As the general pace of regulatory change accelerates, FinTechs will have more complexities to manage. One of the biggest advantages of being a FinTech is the lower level of regulations applied to it compared with a traditional financial service provider such as a bank. Over regulation of the FinTech businesses may lead to the erosion of these advantages for FinTech businesses.

However, not all regulations are created equal. Some regulations can help FinTech by enabling their growth. In the Maldives, we need some of these ‘enabling’ regulations in order for the FinTechs to grow and thrive. FinTechs need to be regulated by taking into consideration the risks and the benefits.

Regulatory risks involve the risk of not complying with regulations and in some cases the risk of not being able to operate in a certain manner because of lack of regulation. Regulatory risks become greater for those businesses which operate in multiple jurisdictions, as they have to navigate different laws and regulations in each country. In addition, it is very important for FinTech businesses to easily and instantly prove their level of compliance with laws and regulations to their stakeholders to increase the level of trust the stakeholders have on the business.

As FinTech is in its introductory stage in the Maldives, it is very important for the service providers to have a close dialogue with the institutions responsible for regulating the sector. The businesses drive the growth of the FinTech space and are in a better position to understand the implications of its operations compared to regulators or the customer. In this aspect, FinTech businesses have an important role to play in educating the market and regulators.

Outsourcing Risk

Outsourcing risk or third party risks needs to be managed effectively by FinTech businesses because they rely heavily on contractors to perform services on their behalf. One such area is cloud computing, which if not managed appropriately can lead to data beaches and loopholes for criminals to enter into the business system.

Fraud Risk

The increase in online payment processing and online transactions causes operational concerns when it comes to monitoring and detecting fraudulent transactions. Transaction monitoring needs to be at the same speed for fraudulent behavior to be detected. In addition, remote working increases cyber security risks including fraud risks which need to be managed. Fraud risks need to be also identified for third parties with robust fraud monitoring and oversight.

In addition to these risks, there are other risks such as credit risk, merchant risk and reputational risk which need to be managed by FinTech businesses.

Risk management is critical for FinTech businesses and a proper risk management system will identify all risks and help the business to manage and mitigate these risks in a timely manner. An enterprise wide approach to risk management ensures that the proper policies, frameworks and the architecture for effective risk management is implemented and the right risk culture is ingrained into the business.

About the author:

Aminath Shaeera, CPA, IRM Cert.
CEO & Co-founder of Achievia Consultancy.

An Enterprise Risk Management expert passionate with a vision to take organizations up the ERM maturity curve. Concluding a decade of experience in Maldives Monetary Authority as the Head of the Risk & Compliance Unit, she is a certified ERM professional as well as being a Certified Practising Accountant. Since moving to the private sector, she has contributed to the strategic development of numerous organizations.