Financial Technology (FinTech) companies strive to work with financial institutions and consumers to provide the ability to conveniently access financial data, mobile banking and investment options. However, the opportunities for convenience open up opportunities for risk related to the sensitive data that is transferred among technologies.
Potential vulnerabilities in FinTech systems inherently exist between the API and the software systems they connect.
FinTech firms build Application Programming Interfaces (APIs) to connect to banking systems and provide the “seamless” and “convenient” experience. However, with no regulatory framework, FinTech firms are vulnerable to the potential for compromise of the personal data they process and maintain access to, as well as any security weaknesses and issues caused by incompatibilities or errors in the interaction with other financial institutional systems.
When connecting disparate systems that have disproportionate qualities, it’s often the case that the system engineers, and any third-party developers involved, do not have access to or the detailed knowledge and intricacies of how the other system(s) work.
As financial institutions continue to leverage FinTech firms for the enhancement of interface functionality and convenience, the rapid innovation exposes inherent risks – with little to no advancements to the regulatory and compliance requirements of these firms.
What to Do?
The best approach to secure systems and underlying data, across platforms, is to design and implement effective controls within the technology design phase. Embedding security-measures into the initial design phase will aid in reducing the number of vulnerabilities that exist due to cross-platform contamination risks.
To continue to ensure that systems are secure, risks assessments, and design and effectiveness testing, need to be performed regularly through compliance initiatives related to customer and consumer requirements, including the following:
Other compliance regulations or frameworks might also apply, depending on the specifics of the FinTech product, services and/or related industries being served.
The compliance process needs to be cyclical in nature to ensure that risks are identified and addressed on a regular basis, so that the control structure can thrive alongside the business.
Schneider Downs has helped FinTech firms through a number of the above compliance initiatives, and we would be happy to discuss any compliance concerns and issues you are encountering. Contact us at [email protected].
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.