I keenly followed the recently organised Money Summit 2023 held by the Business and Financial Times (B&FT). A couple of important historical and prospective issues were discussed during the summit, throwing deep insight into key topics that need further enlightening due to their pervasive nature. One such issue is the subject of risk management within the Fintech ecosystem.
Risk is a matter that concerns everyone – whether at the personal, firm, industry, national or global level. As such, it requires adequate attention to ensure it does more good than harm.
The Committee on Sponsoring Organization (COSO) defines risk as the possibility that events will occur and affect the achievement of strategy and business objectives. From an enterprise viewpoint, risk can be classified under the following categories
In simple terms, Fintechs stand the chance of not realising their financial inclusion agenda or objectives due to circumstances that may surface in the course of their operations. This paper will focus on the core risk identified from the afore-mentioned perspectives that are associated with the key stakeholders that follow.
Fintech businesses do not operate in isolation. Several interested persons and groups come together to form the ecosystem to achieve the financial inclusion agenda. It is important to note that some stakeholders play direct roles while others play complementary roles. But all in all, their actions join forces to shape the Fintech space in any jurisdiction. Please refer to the diagram that follows for a general overview of key Fintech stakeholders we will focus on in this article.
Regulators are government agencies with the constitutional mandate to license and supervise Fintechs in any given jurisdiction. Authority is exercised through diverse regulatory instruments, such as Acts, guidelines, notices, etc.
Regulators’ core risk will emerge in their inability to develop relevant regulations that enable and complement the Fintech space, but rather stifle it. This possibility can be prevented via effective stakeholder engagement targetted at resolving the afore-mentioned risk and ensuring frequent reviews of the various regulatory instruments based on market conditions and global sentiments.
Fintechs are regulated financial technology institutions enabled to provide digital financial inclusion products and services to their customers, including the excluded segments.
The fundamental risk with fintechs may be the inability to develop products and services that address the unique needs of excluded customer segments. This may result from cultural, behavioural, taste and preferencial differences. Fintechs may address this high-risk issue by using market research and data analysis insights to develop and enhance products and services.
Banks are regulated financial institutions with the sole mandate of providing banking services, such as payment, savings and loans, to the general public. As a haven, banks are mandated by law to keep trust account services on behalf of customers of Fintechs. The trust account keeps customer funds and remain separate (unencumbered) from other funds held by the bank.
Banks may be exposed to liquidity risk due to several reasons, like bank run, the recent DDEP (in Ghana), among others, which could affect the funds held by the bank on behalf of Fintech customers. Ways to manage this exposure includes contract management and regulatory reporting, in addition to full compliance with deposit protection regulations, where applicable.
The Fintech space continues to grow on the back of partnerships at various levels of engagement. Partners complement the efforts of Fintechs in developing products and services to reach the financially excluded segment. Partners may be financial institutions offering non-core service of the Fintech, such as credit, remittance, etc. or technical vendors providing technology or systems – including platforms, artificial intelligence, algorithms, etc., for credit scoring decisions.
The risk of unclear expectations and duties of each party in the partnership could arise. Agreeing and documenting KPIs and SLA’s, including escalations, is extremely essential. In most cases, regulatory approval is required to seal the partnership. Customer data breaches may also arise from these partnerships; thus, there is a need for parties to implement appropriate privacy measures.
One risk associated with consumers of financial inclusion products is inadequate awareness of protection measures to ensure value for money. One such measure is the need to avoid sharing PIN used to access and validate transactions. The inability of customers to protect their PINs results in fraud and loss of money, thereby reducing their trust in Fintech products.
Fintech operators need to intensify their literacy campaigns to engage customers on the holistic use of Fintech products and services. Customers are encouraged to make use of Fintech contact centres in case they require support.
Merchants are set up to receive payment for goods and services procured by customers. In the case of online sales, merchants may receive payment for goods but will not supply same to customers. Thus, using the merchant wallet to defraud the public. Merchants may use their collection wallet set-up for money laundering and terrorist financing purposes.
Fintechs must develop Know Your Customer/Customer Due Diligence (KYC/CDD) measures and procedures, including transaction monitoring rules to manage this risk.
Agents refer to intermediary people between electronic money issuers (Fintech operators) and customers, where the latter enjoy basic services – such as cash-in and cash-out.
The risk of charging unauthorized fees by agents on customer transactions is very eminent in the Fintech ecosystem due to inappropriate incentive structure by the Fintech operators. While Fintechs must ensure adequate compensation for the agents, the entire ecosystem must create adequate awareness on transparency practices (pricing).
It is obvious that the Fintech ecosystem has a shared responsibility when it comes to risk management. The need for stakeholders to identify their unique exposures and indirect risks that affect them cannot be overemphasised. The caution here is that to manage their exposures, stakeholders must develop control measures that are proportionate to the identified risk and add value to the entire ecosystem.