FinTech and the Risk of Convenience

Financial Technology (FinTech) companies strive to work with financial institutions and consumers to provide the ability to conveniently access financial data, mobile banking and investment options. However, the opportunities for convenience open up opportunities for risk related to the sensitive data that is transferred among technologies.

Potential vulnerabilities in FinTech systems inherently exist between the API and the software systems they connect.

FinTech firms build Application Programming Interfaces (APIs) to connect to banking systems and provide the “seamless” and “convenient” experience. However, with no regulatory framework, FinTech firms are vulnerable to the potential for compromise of the personal data they process and maintain access to, as well as any security weaknesses and issues caused by incompatibilities or errors in the interaction with other financial institutional systems.

When connecting disparate systems that have disproportionate qualities, it’s often the case that the system engineers, and any third-party developers involved, do not have access to or the detailed knowledge and intricacies of how the other system(s) work.

As financial institutions continue to leverage FinTech firms for the enhancement of interface functionality and convenience, the rapid innovation exposes inherent risks – with little to no advancements to the regulatory and compliance requirements of these firms.

What to Do?

The best approach to secure systems and underlying data, across platforms, is to design and implement effective controls within the technology design phase. Embedding security-measures into the initial design phase will aid in reducing the number of vulnerabilities that exist due to cross-platform contamination risks.

To continue to ensure that systems are secure, risks assessments, and design and effectiveness testing, need to be performed regularly through compliance initiatives related to customer and consumer requirements, including the following:

Other compliance regulations or frameworks might also apply, depending on the specifics of the FinTech product, services and/or related industries being served.

The compliance process needs to be cyclical in nature to ensure that risks are identified and addressed on a regular basis, so that the control structure can thrive alongside the business.

Schneider Downs has helped FinTech firms through a number of the above compliance initiatives, and we would be happy to discuss any compliance concerns and issues you are encountering. Contact us at contactsd@schneiderdowns.com.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

SOC 2 Considerations When Moving to a Remote Workforce
The Coronavirus Pandemic and the Potential Effect on CECL
Coronavirus Small Business Financial Relief Options - Ohio
Judge Hands Down Longest Sentence to Date in College Admissions Scandal
California Utility Crisis Could Reshape Regulatory Environment
Continuous Monitoring and Auditing – A Growing Automation Trend in Internal Audit

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102