FinTech and the Risk of Convenience

Financial Technology (FinTech) companies strive to work with financial institutions and consumers to provide the ability to conveniently access financial data, mobile banking and investment options. However, the opportunities for convenience open up opportunities for risk related to the sensitive data that is transferred among technologies.

Potential vulnerabilities in FinTech systems inherently exist between the API and the software systems they connect.

FinTech firms build Application Programming Interfaces (APIs) to connect to banking systems and provide the “seamless” and “convenient” experience. However, with no regulatory framework, FinTech firms are vulnerable to the potential for compromise of the personal data they process and maintain access to, as well as any security weaknesses and issues caused by incompatibilities or errors in the interaction with other financial institutional systems.

When connecting disparate systems that have disproportionate qualities, it’s often the case that the system engineers, and any third-party developers involved, do not have access to or the detailed knowledge and intricacies of how the other system(s) work.

As financial institutions continue to leverage FinTech firms for the enhancement of interface functionality and convenience, the rapid innovation exposes inherent risks – with little to no advancements to the regulatory and compliance requirements of these firms.

What to Do?

The best approach to secure systems and underlying data, across platforms, is to design and implement effective controls within the technology design phase. Embedding security-measures into the initial design phase will aid in reducing the number of vulnerabilities that exist due to cross-platform contamination risks.

To continue to ensure that systems are secure, risks assessments, and design and effectiveness testing, need to be performed regularly through compliance initiatives related to customer and consumer requirements, including the following:

Other compliance regulations or frameworks might also apply, depending on the specifics of the FinTech product, services and/or related industries being served.

The compliance process needs to be cyclical in nature to ensure that risks are identified and addressed on a regular basis, so that the control structure can thrive alongside the business.

Schneider Downs has helped FinTech firms through a number of the above compliance initiatives, and we would be happy to discuss any compliance concerns and issues you are encountering. Contact us at

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Do Relocation Companies Require a SOC (System and Organization Controls) Report?
What has COVID-19 taught us about our businesses processes?
Risks to Consider When Reopening Your Branches
HMDA Reporting Thresholds Increased by CFPB
ProLock Ransomware Attacks Overview and Mitigation Strategies
How Risk Management and Internal Audit Can Add Value in Light of the Current Pandemic: COVID-19 Risk Considerations

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102