Fintech Cybersecurity Risks to Small Businesses
Is industry disruption positive? Many companies now tout they are a “disruptive” company as a badge of distinction. One sector that is gaining traction in disruption is fintech – financial technology. Venture capitalists are attracted to the sector and customers for many of the companies like the services offered by various fintech companies. A report by H2 Ventures and KPMG identified the top existing and emerging companies in this evolving space.
Cyber Security Risks in Fintech
As with any company that is happy to be disruptive, fintech companies often view existing rules and regulations as not being applicable to themselves. While this may be great for the customers for most transactions, regulations around money have a long history promoting the protection of the customers’ money as well as the ongoing stability of the financial institution.
FDIC insurance was implemented for the protection of bank depositors. Information security regulations (of which there are several) are for the protection of the customers’ confidential data and safe movement of funds from deposit accounts to payees as well as incoming deposits to customers’ accounts.
At this time, U.S. fintech companies are not regulated by any of the financial institution specific regulations. Funds are not FDIC insured. Nor do the stringent bank regulations on network controls, data storage, or other cyber security requirements apply to fintech companies.
Government Regulation for Fintechs
One of the beautiful aspects of this focus on “disruptive” businesses is the resulting innovation. The fintech companies are solving both existing and new needs with creative solutions. Many businesses can greatly benefit from a revamp of 1930s era banking models.
The Office of Comptroller of the Currency (OCC), one of the major bank regulators, recently announced they will consider applications for special bank charters to fintech companies. The OCC currently provides special charters for trust banks and credit card banks. These special charter banks do not offer the full range of traditional deposit and lending services.
If the OCC does issue a special charter to a fintech business, the fintech would be held to the same rigorous standards of safety and soundness, fair access, and fair treatment of customers that apply to all national banks and federal savings associations. This would include the same standards for nondiscrimination, qualified management, and financial stability of the fintech. They would require the fintech to have strong cybersecurity measures in place with specific monitoring and controls. The OCC does not grant any charter without due diligence and scrutiny.
What you can do
Just as you evaluate your options for legal services, accounting services, and other professional services, you should evaluate the risks and benefits of services offered by fintech companies. They may be right for some or even all of your financial needs, but be sure to evaluate them in terms of risk as well as financial impact to your company.
You can also share your thoughts with the regulators and the Federal Reserve. Businesses have the opportunity to assist the government in determining how Fintech companies can support the financial needs of small and mid-size businesses safely and with confidence. Visit the OOC site regarding the OCC’s request for comments, which are due by January 15, 2017. In addition, here is a link to the Federal Reserve of New York, which is surveying small businesses on credit. It also provides other resources and workshops on access to capital.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.