FinTech and the Risk of Convenience

Financial Technology (FinTech) companies strive to work with financial institutions and consumers to provide the ability to conveniently access financial data, mobile banking and investment options. However, the opportunities for convenience open up opportunities for risk related to the sensitive data that is transferred among technologies.

Potential vulnerabilities in FinTech systems inherently exist between the API and the software systems they connect.

FinTech firms build Application Programming Interfaces (APIs) to connect to banking systems and provide the “seamless” and “convenient” experience. However, with no regulatory framework, FinTech firms are vulnerable to the potential for compromise of the personal data they process and maintain access to, as well as any security weaknesses and issues caused by incompatibilities or errors in the interaction with other financial institutional systems.

When connecting disparate systems that have disproportionate qualities, it’s often the case that the system engineers, and any third-party developers involved, do not have access to or the detailed knowledge and intricacies of how the other system(s) work.

As financial institutions continue to leverage FinTech firms for the enhancement of interface functionality and convenience, the rapid innovation exposes inherent risks – with little to no advancements to the regulatory and compliance requirements of these firms.

What to Do?

The best approach to secure systems and underlying data, across platforms, is to design and implement effective controls within the technology design phase. Embedding security-measures into the initial design phase will aid in reducing the number of vulnerabilities that exist due to cross-platform contamination risks.

To continue to ensure that systems are secure, risks assessments, and design and effectiveness testing, need to be performed regularly through compliance initiatives related to customer and consumer requirements, including the following:

Other compliance regulations or frameworks might also apply, depending on the specifics of the FinTech product, services and/or related industries being served.

The compliance process needs to be cyclical in nature to ensure that risks are identified and addressed on a regular basis, so that the control structure can thrive alongside the business.

Schneider Downs has helped FinTech firms through a number of the above compliance initiatives, and we would be happy to discuss any compliance concerns and issues you are encountering. Contact us at [email protected].

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
What are the OCC’s Key Areas of Focus for Fiscal Year 2024?
The SEC ‘Names Rule’: Unpacking the Impacts to ESG Funds
Protect Your Financial and Insurance Data: 3 Common Cyber Attack Methods to Watch Out for in 2023
Deutsche Bank Fined $186 Million For Insufficient Anti-Money Laundering Controls
ESG and Internal Audit: Board and Audit Committee Considerations
ESG and Internal Audit
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×