March 24, 2018
OCC Fintech Security Recommendations
Fintech and cybersecurity must develop in step with one another. A recent Reuters article highlights a report published by the US Office of the Comptroller (OCC) outlining banks’ relationship with financial technology (fintech) companies and cybersecurity. Primarily, the report identifies key risk areas including the operating environment of financial institutions and their supervisory actions.
Security through Authentication
Currently, operational risk remains a major risk for banks. Cybersecurity threats targeting personal data of customers. The report recommends that banks deploy strong levels of authentication and only allow certain access to managers and above. The security approach should be multi-layered.
The outsourcing to third-party service providers for fintech innovation from cloud computing to chatbot development also poses risks for banks. While outsourcing is one of the best ways to implement the latest technologies, supervisory protocols must be put in place to ensure these activities are secure.
According to the OCC report, compliance risk remains high as banks face increasing instances of money-laundering. There’s also increasingly complex risk in consumer compliance regulations. Banks must espouse risk management programs that keep pace with evolving compliance risks and policies. Banks are expected to be aware of changing compliance changes including the Financial Crimes Enforcement Network’s ownership and customer due diligence regulation.
Risk in the Credit Environment
While lending practices may not be directly impacted by fintech yet, it still remains an area of major risk for banks. The OCC reports of incremental easing in lending underwriting practices. They think this is due to increasing competition in the credit environment. Practices will become increasingly risky as the economy weakens. Advanced data analytics in this area could present some opportunities for fintech innovators.