Why it’s important for FinTechs to understand operational risk

  • Subscribe to updates

  • Privacy
  • This field is for validation purposes and should be left unchanged.

IT risk – including cyber risk and information security risk – is such a big focus within FinTech firms that it can suck all of the oxygen out of the room, leaving discussion of other op risk types struggling to be heard. FinTech firms need to make sure they consider the diversity of op risk types.

It’s easy and obvious to think about the relationship between FinTech firms’ operations and IT risk (and controls) – and that can be a real problem for firms. Firms can become so bedazzled by FinTech that they only think in terms of technology and systems risk. The reality is that FinTech firms are just as vulnerable to other types of operational risk, within the accepted definition, as more traditional financial services operations.

The full definition of “operational risk”, according to the Basel Committee on Banking Supervision, is:

“the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.”

And that’s important to consider, whether engaging with or working inside a FinTech firm that produces software or operates a financial services platform. All FinTech is just as susceptible to people, process, external and legal risks as the rest of the financial services industry. For example:

  • People risk – It is possible to argue that FinTechs are even more exposed to people risks than more traditional financial services firms. For example, many FinTechs have small staff numbers with specialized skill sets concentrated in just one person. This makes loss of key staff risk a significant risk, and one that can be challenging to mitigate with controls. The departure of an individual with a vital set of skills can set back development, harm competitiveness, and impact financial performance. Firms should think through how this risk impacts their overall op risk profile, and consider what training might be needed to mitigate this risk.

  • Process risk – Many FinTechs are rapidly evolving operations that strive to be agile, but that agility can come at a cost. Investment in the kind of governance, risk and compliance (GRC) frameworks that traditional financial services firms have can lag far behind the development of the business. As well, resourcing process-intensive areas such as human resources, support staff, and finance operations can fall behind too. These lapses in process robustness can lead to challenges within the organization’s culture – for example, poor controls in the finance department could result in theft or fraud. In human resources, the impact could be in the form of employee lawsuits and reputational damage. 

  • External risk – For FinTechs, all the focus here could be on cyber risk – and that would be a mistake. FinTechs need people, and buildings, and infrastructure, all of which is at risk of a whole range of external threats. For example, a natural disaster could result in a loss of electrical power, and the back-up generator could fail (something that actually happened to one financial firm.) Illness could prevent employees from working – remember the Bird Flu virus that crippled Asia more than a decade ago? Or consider what might happen to a vital third party or fourth party supplier, and the impact that could have operationally. FinTechs need to consider a broad range of external events – working with scenario analysis can be particularly fruitful in this area.

  • Legal risk – Of course there are legal risks associated with technology operations, such as intellectual property actions. However, technology is just a platform upon which a product or service is delivered. So FinTech companies are just as vulnerable to more traditional lawsuits by investors, customers, competitors, and employees as other types of companies. In fact, in an environment of rapid growth and fast rises in revenues, such firms could be more at risk of speculative lawsuits. In addition, FinTechs need to consider other legal risks too.  Many firms now consider legal risk to encompass:
    • Nonconformity of documents with requirements of the law
    • Failure to take into account judicial and law enforcement practice
    • Deficiencies of the legal system
    • Legal errors made when doing business
    • Breach of the terms of existing contracts
    • Breach by counterparties/outsourcers of regulation

FinTech companies are just as exposed to these risks as other types of companies.

FinTechs should engage with the whole of the definition of operational risk – not just with the systems part of it. And because of the rapidly evolving nature of their risk ecosystem, FinTechs may also benefit from implementing tried-and-true operational risk practices such as risk and control self-assessments (RCSAs), key risk indicators (KRIs), scenario analysis, and loss event capture. Such tools can enable FinTechs to better understand the challenges they are facing today, as well as the emerging risks on the horizon. Learn more about RiskLogix’ range of operational risk training opportunities.

Related Posts

When managing People Risk, what are the key indicators?
In this, our final blog on the topic, we discuss the Key People Indicators for risk management. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  If people are, as a category, a firm’s biggest potential risk, it’s fair to ask what indicators are available to monitor that risk, …

When managing People Risk, what are the key indicators? Read More »

How do you mitigate People Risk?
In this blog we talk about key strategies for mitigating people risk and present a table to demonstrate context. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  Creating the right risk culture will do much to reduce people risks. After that, the fundamental way of mitigating those risks …

How do you mitigate People Risk? Read More »

What does your bonus system say about your risk culture? And how does that affect People Risk?
In this blog we talk about pay, reward and bonuses and their effect on managing people risk. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  Reward Rewards are a key lever to drive employee performance, engagement and retention, as well as hiring. But reward is not just about …

What does your bonus system say about your risk culture? And how does that affect People Risk? Read More »