With each progressive step that moves a fintech forward, the gap between each step becomes ever larger, and so too do the risks.
Here to outline exactly what those risks are is Brett Warburton-Smith, Partner at Lockton, the world’s largest independent insurance brokerage. In this guest post for The Fintech Times, Warburton-Smith identifies the traps that rapidly growing could potentially fall into, whilst discussing what companies can do to better protect themselves over the course of the next 12 months:
The fintech sector has received unprecedented levels of funding in 2021, be it from governments through initiatives such as the UK’s £375million Future Fund for start-ups; from the regulators with the likes of sandbox and tech sprints; or VC funding, which reached an all-time high in Q3 of $4.9billion going into UK fintech.
This funding is translating into growth, which is therefore exposing these successful companies to a unique set of business risks. These risks emerge quickly and need to be dynamically prepared for. Furthermore, fintechs’ strength in offering fresh, innovative products means the associated risks are often undefined and unexpected, leaving businesses vulnerable to issues related to negligence and service errors.
The Regulatory Environment
Given their notoriously rapid rates of growth, fintech companies can struggle to standardise compliance processes, and quickly move beyond their operational capacities. Further, regulatory requirements are constantly evolving as authorities try to keep pace with technological advances, making it challenging for businesses to stay on top of these ever-changing requirements. This is further compounded in the case that fintechs expand internationally and need to consider additional jurisdictional regulations.
Failure to comply with regulations can have severe consequences, as demonstrated by German challenger bank N26. The bank’s money laundering background checks were not deemed stringent enough by the German regulator BaFin, and as a result, it threatened the bank with a client acquisition ban. N26 was in the midst of a funding round when the news hit, which had unfortunate consequences.
To avoid similar situations, N26 has now appointed a Group Chief Risk Officer, which is a role that many start-ups have generally only created quite late in their growth. Regulators expect fintechs to have a risk and compliance framework in place, so appointing the right people to manage this process is an important part of taking a comprehensive approach.
As fintechs grow and scale, they become accountable to an increasing number of stakeholders, likely to include new investors. Negligent advice and errors in client servicing or coding of software are the highest risks. However, an additional layer of risk is often also added by reliance on third party contractors who may not be sufficiently funded or carry adequate insurance for the fintech to claim on.
Theft of Funds
Fintechs can be vulnerable to theft and fraud given that for the most part, they handle a high frequency of funding movements, and the underlying tech is often new and developing. A growing profile amongst target clients and investors can at the same time draw the attention of those with much worse intentions.
Avoiding cyber hacks is complex and difficult – whilst attacks can be mitigated by having the appropriate security systems in place, emergency plans remain vital in safeguarding a business’s reputation and protecting against losses. Established financial institutions will also be stringent in selecting fintech partners based on their vulnerability to cyber-attacks.
Innovative technology is often the key driver behind the success of a fintech. The dependence on technology can however make businesses vulnerable; if it fails and customers are unable to access services they have grown to rely on, revenue and customers are at stake.
As the fintech establishes, grows and flourishes it is important they partner with an insurer willing to flex with them. One that is willing to take a long term view, riding any bumps in the road that occur. Ideally an insurer with an established track record in the fintech market and one that can react pragmatically to a change in direction, new workstream or jurisdiction.
Fintechs can protect themselves from the reputational and business risks outlined through a comprehensive risk and compliance programme framework, which makes sure that insurance is in place to cover any losses. As part of this, risk management needs to be at the forefront of the business planning and be embedded within the overall strategy. This can include defined committees with clear mandates and responsibilities, with progress reporting to the board. In addition, transparent communication channels should be set up with regulators, along with regular assessments of risk exposure, and the flexibility to make necessary changes.
Given the nascency of the industry, there remain business risks that are not yet insurable, for example hedging risks, or IP related risks protecting businesses from losing top talent. Whilst it is impossible to mitigate all business risks, losses to business or reputational damage are largely avoidable. It is therefore important for fintechs to take action and protect themselves against the above risks through insurance capable of flexing with them as they grow and evolve.