FinTech Risk Assessment Nuances
When it comes to risk management, credit unions are typically well-equipped to manage the fundamentals. They understand the need for internal controls, the value of preparing for their yearly audit and the standard compliance risks associated with the Bank Secrecy Act, Anti-Money Laundering and other industry regulations. Where they tend to fall short however, is in their early adoption of innovative services, particularly when it comes to financial technology that has never been seen or used before.
This is the danger of being a “first mover,” or even a “fast follower” as credit union executives and their staff may be unfamiliar with how such technology operates and where potential risks may lie. While they may have a data flow diagram, for example, that does not necessarily translate to the information being protected at each step, or the controls being adequately robust.
Likewise, if a credit union is unable to articulate the risks of a new technology internally, they will almost certainly have difficulty in explaining those risks to regulators, much less how that technology is being managed. Regulators are looking to credit unions to clearly explain how such technology works, where any potential risks exist and what has been done to mitigate those risks. If they cannot do so, regulators will not hesitate to pull the plug on fintech projects (even in instances where the institution has executed a contract with a third-party fintech).