5 Huge Risks Facing Fintech Operations – and What You Can Do About Them

Luke Walker
March 23, 2021
6
minutes

Fintechs offer convenience, flexibility, and outrageous speed of service in a sector previously dominated by traditional institutions and processes. 

Thanks to superior products and faster services, market expectations have shifted rapidly, and a new bar for financial product experience has been set. The fintech boom shows no signs of slowing down.

But working in an industry where security and accountability are paramount doesn’t come without some risk – a lot of risk, actually.

Operational risk in fintech

Operations teams in fintech companies bear the brunt of that risk. It’s an extremely difficult job, as – in many situations – the velocity of work, shifting market conditions, and rate of unforeseeable changes outpace the company’s established processes and operating protocols

Where traditional financial institutions have the “luxury” of time on their side, for fintechs, the expectation is that everything happens at warp speed. It’s in real-time operations management where fintech teams face the most exposure, and where 99% of the most costly mistakes happen.

Here are 5 of the most pressing risks facing fintech operations teams face today:

Regulatory noncompliance

From a regulatory and compliance perspective, the central focus in the fintech industry is undoubtedly on risk. Regulators need to be certain that fintech firms properly consider risk, and take measures to mitigate risk as prescribed. 

However, the regulatory scope in many jurisdictions fails to keep up with the pace of technological change. For many fintech teams, this means that regulatory requirements are rapidly changing, making the standardization of compliance processes extremely difficult.

Although many fintech verticals are not as strictly regulated as traditional financial institutions, regulations like GDPR and PSD2 establish clear requirements for protecting data and securing system infrastructures which do impact European fintechs more broadly. National jurisdictions often impose an additional regulatory layer with implications for fintechs as well – for instance, FCA in the United Kingdom, AMF and ACPR in France, BaFin in Germany, and the SEC and CFTC in the United States.

If these regulations are not followed carefully, companies run the risk of being caught in noncompliance, fined heavily, and losing their good reputation on the market.

Unforeseen market events

The Financial Stability Board puts it succinctly: “the financial system can overreact to news”.

Gamestop was not the first, and certainly will not be the last fluke event to cause tremors in global finance and regulatory policy – seemingly overnight.

Unpredictable market events are a major operational risk – precisely because they are unpredictable in nature. The overreaction that follows a sudden market event can lead to serious liquidity and solvency problems for fintechs as well as financial institutions. 

Contagion, pro-cyclicality, excess volatility, and many other risk factors can also emerge in the market, causing disruption of fintech services. 

In each of these cases, operations and customer support teams are forced to think on their feet, and develop rapid, ad hoc responses – contingency planning usually fails to produce the appropriate response. As usual in fintech, fast and appropriate customer communication is an absolute must.

Cyber attacks and data breaches

A major drawback of fintech is it’s potential to actively contribute risk to existing financial systems and markets: the more systems that are connected by fintech, the more potential inroads for cyber attacks to exploit.

Notably, 2020 was a particularly tough year for fintech cybersecurity.

With the variability of business and operations models in fintech, there is no “one size fits all” cybersecurity infrastructure. Hiring experienced cyber risk management and IT-security teams is vital to ensure that high-potential vectors for cybersecurity breaches are identified and mitigated.

Having the right security assets, however, does not remove the daily concern of cyber events for fintech operations leaders. As with market events, any cyber threat will require a fast, calculated response from operations teams. Any errors made in the process may prove to be extremely costly. 

Professional and personal liability

At the end of the day, most fintechs either provide or enable a financial service. 

That – in and of itself – exposes the company to negligence, service errors, fraud claims, and several other common risks associated with financial services. Fintechs, who offer brand new financial products through new and innovative service models, are especially prone to finding themselves on the wrong end of professional liability claims.

At large, the problem is one of maladjustment

Fintech companies often outgrow their own operations capacity and fail to standardize new operations processes, yielding further errors.

Consumers, on the other hand, are prone to using fintech applications with little attentiveness, and fail to take precautionary measures to protect themselves, their data, and their money.

In either case, liability will fall on the fintech provider 99% of the time.

Increasing global competition

Historically, traditional financial institutions have been protected by the national conditions of their respective markets. Within each national jurisdiction is a nuanced set of financial conditions and regulations, yielding compliant financial institutions with services tailored to local needs.   

In recent years, however, these national boundaries have rapidly eroded, driven by the rapid rise of Fintech companies offering global financial solutions. As a result, institutional finance has been forced to either compete head-on with agile fintech players, or learn to cooperate and establish partnerships with them. 

This traditional vs. agile dynamic has fueled a worldwide competitive landscape, and players who wish to prevail in this fintech race need to choose their strategic alliances wisely. 

In the case of many fintechs, seeking third party alliances – with traditional finance or otherwise – is not an optional variable. Their business models actually depend on it.

For operations teams, the added pressure of competition and the need to engage 3rd party services and partnerships to stay ahead, are sources of operative risk which may leave them exposed outside of their control. 

How to mitigate risk in fintech operations

Operational risk is the risk of doing business in fintech, and managing that risk is an unavoidable priority for operations leadership. 

Risk mitigation often starts with hiring dedicated risk management support and applying a tried and tested risk assessment framework. There is nothing wrong with this approach, but more often than not, the greater risk exposure can be found in the organization’s operations processes – or lack thereof.

Broadly speaking, operations organizations are accountable for process management in the aforementioned risk scenarios. The degree of risk in these cases is severely reduced proportionally to how well defined a respective process is, and whether or not the process is automated, in part or in total. 

Here’s how operations leaders can get a head start on reducing risk today, by understanding, risk-ranking, and automating their processes:

Document your real-time operations processes

Operations leaders should begin simply by documenting their real-time operations processes – particularly those in response to the risk scenarios mentioned above. 

Write a short description of the process or coordinated response (e.g. “market event communication”), name the responsible team 
(e.g. “customer operations”), and give an approximation as to how often it occurs on a monthly basis. 

Some processes (e.g. compliance auditing) will have regular recurrence and greater predictability. Others will be more sporadic, and ad hoc in handling. Both are risk-relevant.

Identify those processes with greatest risk / cost of failure

Look at your list of operations processes. Of those mentioned, which present the greatest operational risk?

Evaluate the list along two dimensions: 

  • Automation Maturity (AKA how manual is this process?) When your team handles a given operational situation, how many steps of the process are coordinated in an ad hoc, manual way, using – for example – email or phone calls? Processes ranking higher in this dimension will be more prone to error and more resource-intensive.
  • Business Criticality (AKA how critical is this process? Essentially, how “life or death” is this process to the continuity of your business? Will you lose customers? Reputation? Money? Processes ranking higher in this dimension will be the ones that require the most timely and well-coordinated responses.

Take a look at the top 3 processes on your list. These should be your first priority.

Start automating your processes

With a birds-eye view of overall operational risk, a list of your operations processes for responding in those scenarios, and a ranked prioritization, you’re ready to automate.

Automating fintech operations is not handing the job over to robots. You have operations teams who are trained to handle these scenarios, and – in the case of most fintechs – work extremely hard to do so. This is usually not a personnel problem.

Rather, when you automate the coordination and management of your most risk-intensive processes, you remove several, hefty burdens from your operations teams: 

  1. They no longer have to “figure it out”. The appropriate response, steps, and instructions for a process are clearly provided.

  2. They no longer need to organize their response. All processes, steps, and “who’s accountable for what” is clearly visible and transparent for teams and leadership.

  3. They no longer have to waste time on coordination. There’s no need to search through email threads, dig around for files, or switch between tools. Everything lives in the automated process, and that’s where the work gets done.

  4. They no longer need approval – unless you need to give it. If you – the operations manager – have signed off on the automated process, then teams can carry out the process straight away, with no need for extra alignment, review, or status update. However, if you need to include a review and approval, you can automate that step too. 


The good news is, you don’t need risk management professionals or consultants to tell you how to do this, provide you with the roadmap, or help you implement automated processes.

On the contrary, the operations leader is the best person in the organization to manage this directly. They understand the processes, they can visualize the ideal response in each situation to mitigate risk, and they can work with their teams to develop and implement the appropriate, automated response in each scenario.

So why not take the lead on automation yourself?

+++


Risk in fintech is unavoidable

But automating your operations processes is the most efficient and most reliable way to reduce operational risk. That’s because, no matter what the external risk or circumstances present, your operations teams are prepared to take the right steps every time – automatically.

Read to start automating fintech operations today? Download our free Operations Automation Playbook for Fintech Leaders


Subscribe

Get the latest operations thinking and Next Matter updates once a week.

You've subscribed to the
Next Matter blog.
Oops! Something went wrong while submitting the form.
About the author
Luke Walker is the Product Marketing Manager at Next Matter. He is a longtime process hacker, and writes about marketing, business digitization, leadership, and work-life balance. When he's not at work, you can find him listening to records or climbing rocks.

Ready to build a home for your operations?

TRY NEXT MATTER