EBA report on risks and opportunities arising from FinTech

On July 3rd 2018 the European Banking Authority published a Report on the prudential risks and opportunities arising for institutions from FinTech (financial technology).

EBA perceives that the rapid evolution of FinTech may fundamentally change the risk profiles of institutions by creating new risks and/or amplifying some existing risks. Thus this is a good moment institutions to review their risk management frameworks and strategies. The report objective is no direct recommendation but just sharing information to competent authorities and institutions.

The analysis of potential prudential risks and opportunities is presented on the seven use cases. These may serve as examples which can analogically be applied to other financial processes, procedures and services. EBA stresses that there is no intention to favour or discourage the use of any technology or to provide an exhaustive list of possible prudential risks and opportunities.

The use cases focus e.g. on:

• the use of biometrics which brings streamlining of the authentication process and improved security on one hand, on the other hand increases third-party risk and ICT-outsourcing risk as well as ICT (Information and Communication Technology) security and data integrity risk;
• machine-learning techniques and their application called credit scoring which improves credit portfolio quality on one hand, however may adversely affect legal and conduct risk, alongside reputation risk, in the event of unauthorised use of customer data;
• providing automated investment advice through online robo-advisors that offers fast and low-cost services, but brings the risk of third-party providers, legal uncertainty issues, reputation and conduct risk and overall increase in ICT risks;
• mobile wallets with the use of NFC (Near Field Communication) which enable to make contactless payments but raise concerns regarding third-party access to customers’ bank accounts when customers use a third-party wallet, affecting aspects of ICT security risk and data protection;
• using the services of cloud service providers which can increase ICT change risk, ICT outsourcing risk, data security risks, systems and banking secrecy issues etc.

The Report is part of EBA’s FinTech Roadmap published in March 2018, which identifies the EBA’s priorities and provides an indicative timeline of key milestones in the area of FinTech.