The technical advances made in internet-related technologies during the past decades have led to a bold new world and widespread FinTech digital shift. From mobile internet, self-learning artificial intelligence (AI), robotics, big data analytics and self-driving vehicles to the Internet of Things (IoT), we are just at the beginning of a paradigm shift with an increasingly digital, 24-hour connected society. Established financial institutions (FIs) are historically considered as the most resistant industries to disruption by technology. However, they need to look at new technology and partnering solutions if they want to keep up with this new financial society.

The General FinTech Challenge

The exponential growth of FinTech (the industry is expected to manage US$2.2 trillion in assets by 2020) is creating a security concern by pushing commonly offline and time-consuming financial processes to be tucked into online millisecond decisions while managing the same amount of financial assets. FIs are basically trying to transform their traditional businesses into digital-focused, cloud-based and mobile-ready ones, migrating their services to something with a low-capital-cost operation, a focus on data capture, a change from human to algorithms-based service, regulatory arbitrage and a focus on transferring risk management to customers. This is a big change, which usually takes years but now is mostly requested to be performed in months and through outsourcing to speed the process up. This combination of factors naturally raises security discussions and concerns with experts. How prudent are governments and FIs being in this entire process concerning the security issues and risks involved?

This chapter is based on my experience in these last three years of FinTech multinational industry, events and discussions. It seeks mainly to raise the importance and urgency of discussing the security challenges of FinTech towards the visible intentions of governments and FIs to expand and heavily invest in the FinTech industry (while expecting that the newcomers will maintain or even increase safety and prudence). For the scope of this chapter I have chosen four viewpoints that I found present in the majority of conversations: business, technology, human resources and general regulation. It is important to clarify that due to the nature and scope of this chapter, there is no intention to dive deeply into academic or technical financial security details.

The Technology Security Concern

Among FIs, banks have been struggling to research, develop, assimilate and apply new technologies rapidly in response to their underperforming and outdated core banking systems (CBSs) that barely support current key processes. With renewed pressure to tamp down costs and adjust to volatile conditions, FIs currently have little confidence in their CBSs to respond to clients, manage risk and keep up with technology. FinTechs are fuelled by these internal impediments, ambitious entrepreneurs, eager job-creation-seeking governments, innovative technologies and consumer demand, which have been presenting themselves and have been seen as the answer.

Considered a modern-age gold rush, global investment in FinTech already surpasses US$13.8 billion and is paving the way for new and bold organizations that can induce much-needed financial innovation in financial services. Yet strangely, there seems to be little direct discussion about whether the pressure on the FinTech industry has the required response from the perspective of technology security, regarding the near future. Young FinTechs experience thousands of security attacks per year, with a portion of those being serious and successful. However, they are still pressured and requested to widen their range of services and grow rapidly. These young companies (on average less than five years in existence) do not possess the technological knowledge and experience of big e-commerce internet-oriented industry players. Yet, they are requested to deal with huge amounts of personal data and wealth. From another viewpoint, FinTechs typically do not always adhere to the same internal bank information technology (IT) restrictions and tests (if they do, they tend to do it at a later stage, as this implies costs that are usually not supported at the beginning of their projects).

The big security “elephant in the room” question is whether these young technology firms can really handle safely these amounts of personal and sensitive data like the big e-commerce players (e.g. Amazon, Microsoft, Apple) do, when the industry witnesses an ever-increasing number of service channels, business offers and an even higher number of cyber-attacks. For the future it is crucial that we have the best of the e-commerce technology combined with the best of banking security practices as a basis for the future of WealthTech.

The Human Capital Security Risk

A FinTech professional often combines traditional finance, internet technology and financial regulation expertise. Strangely, although empirically banks have some of these professionals in their internal IT departments, it is still uncommon to name these professionals. The result is that currently, HR departments are eagerly looking for FinTech professionals with technological, financial and regulatory skills.

It does not seem to be a problem to find pure technology-based professionals, as software developers are no different in FinTech from other software-based industries. However, to find developers with corporate banking security experience or similar financial knowledge is harder. This can be a challenge for future WealthTech security developments, as every developer with this knowledge gap will require close supervision from someone with the necessary business knowledge. Otherwise, situations like wrong stochastic or financial models, missing or corrupted financial data, missing or insufficient financial-related privacy and security implementations are more likely to occur.

In parallel with the rise of the FinTech industry over recent years, the traditional financial sector has reduced its headcount as a result of the financial crisis and cost pressures. Big institutions such as Commerzbank, Deutsche Bank, Bank of America and Citibank have taken the lead on reducing their human capital already, or intending to cut down their hiring by several to tens of thousands of people. This provides a perfect human talent transfer to the growing FinTech industry. However, HR managers seem to be presented with a culture clash challenge, as financial professionals who have been highly paid with lots of benefits and a risk-averse culture are often uncomfortable in a start-up environment with an entrepreneurial spirit. Even when successfully hired, they might take some time to adapt and might be hard to retain in young FinTech companies, as the big e-commerce players are always on the lookout for the best talent with the more appealing proposals. Therefore, from a scenario where traditional financial institutions had on their premises large numbers of specialized employees, we are now moving to a new business paradigm that is typically run on the cloud, with a small number of employees with financial and technological experience.

The Regulation Security Risk

FIs’ regulation is crucial, especially after the devastating effects of the financial crisis. Regulators act based on a risk approach, so they look more closely at banks and other big FIs than young FinTechs (especially in the early stage of development). Therefore, FinTechs tend to respond to regulatory WealthTech compliance as late as possible, which raises concerns over the security of services and private data.

In the future of WealthTech security, regulatory authorities face the challenge to be flexible enough to allow new WealthTech companies to emerge at lower costs, not to slow down or harm existing and emerging markets, while still be as effective as they are currently. Banks and FIs must also be extremely demanding in their WealthTech outsourcing requirements from FinTechs at every stage, as they are ultimately responsible for complying with all the relevant laws and regulations for their overall service offering, including any products or solutions offered by FinTech partners.

Conclusion

While FinTechs innovate, lower costs, fund new businesses and take risks, the industry is expecting them to be safer and more prudent than before. The result is an enormous amount of financial data sometimes being used by FinTech companies with young professionals who might not have the empirical experience of traditional banks or the technological know-how of big e-commerce players.

The needs of FIs, banks, investors, partners and governments are huge and FinTechs have a unique opportunity to provide solutions. Although there have been an increasing number of security issues and losses within the industry, WealthTech innovation will not slow down. This entails security challenges for the near future, which continue in many cases to be either underestimated, misjudged or ignored. The future of security in WealthTech starts today and must be a top priority for governments, FIs and FinTechs.