A Fintech Risk Assessment Model

The financial technology, or “fintech,”¹ revolution is happening right now.² Mobile payments are changing consumer spending habits, online brokerage services are creating opportunities to make investments from home, financial chatbots are advising individuals about new products and services, online banking is part of day-to-day lives, and cryptocurrencies are becoming an important component of asset portfolios.

The term “fintech” was used as early as 1972 and was defined as: “…an acronym which stands for financial technology, combining bank expertise with modern management science techniques and the computer.”³ Today, fintech is defined as the “new financial industry that applies technology to improve financial activities.”⁴

Fintech has become the epicenter of financial innovation, producing a great deal of value for clients and investors, but also generating numerous risk scenarios.^{5, 6} Therefore, based on the Project Management Institute’s (PMI’s) definition of risk, “fintech risk” can be defined as “an uncertain event or condition that, if it occurs, creates a threat or opportunity for a fintech initiative.”⁷

It is worthwhile to examine how to apply fintech risk assessment to a hypothetical fintech start-up. This process illustrates the integration of a fintech risk assessment model with a fintech risk management framework.

The Fintech Ecosystem

The fintech industry’s ecosystem consists of five elements:⁸

1. Fintech start-ups—Wealth management, payment, capital market, crowdfunding, lending and insurance enterprises
2. Technology developers—Cryptocurrency, cloud computing, big data analytics and media developers
3. Financial customers—Enterprises and individuals
4. Traditional financial institutions—Conventional banks, insurance enterprises, stock brokerage firms and venture capitalist enterprises
5. Government—Financial regulators and legislatures

The Concept of Fintech Risk Management

By adapting some fundamental ideas coming from several scholarly and practitioner sources, “fintech risk management” can be defined as “a collection of phases concerned with fintech risk organizing and planning, fintech risk assessment, fintech risk reaction, and fintech risk monitoring and control.”^{9, 10, 11, 12, 13}

A FINTECH RISK MANAGEMENT FRAMEWORK IS THE BASIC STRUCTURE UNDERLYING THE RISK MANAGEMENT EFFORTS OF A FINTECH ENTERPRISE.

Accordingly, in light of a fintech initiative, there are four elements to the previous definition. The first element deals with fintech risk organizing and planning, which has to do with structuring and putting together a fintech risk team. In this phase, a risk management approach is defined and a plan is established to address the risk of a fintech organization. The second element deals with fintech risk assessment, which has to do with performing a detailed identification of the fintech enterprise risk area and fintech innovative solutions risk area. This is the phase in which qualitative and quantitative fintech risk analyses are performed. The third element is the fintech risk reaction, which establishes an approach to respond to the identified risk. Finally, the last element deals with fintech risk monitor and control, which has to do with following up and overseeing the fintech risk of the organization.

The Risk Assessment Model

Based on numerous perspectives coming from scholars and practitioners, the proposed fintech risk assessment model includes three processes: identify fintech risk, perform qualitative risk analysis and perform quantitative risk analysis. However, the most novel aspect of this model is its orientation toward fintech enterprise risk areas and fintech innovative solutions risk areas as depicted in figure 1.^{14, 15, 16, 17, 18, 19, 20, 21, 22, 23}

It is important to mention that this model is already embedded in the fintech risk management framework discussed later. It is also important to point out that the purpose here is not to develop a fintech risk management methodology. The intent is to adopt proven best practices (in terms of risk management frameworks), backed up by new concepts originating from fintech researchers and practitioners.

The components of the proposed fintech risk assessment model can be described as:

• Identify fintech risk—This process recognizes and documents the risk factors that may affect the fintech initiative.
• Perform qualitative risk analysis—This process determines the probability of occurrence of the fintech risk and the impact on the fintech initiative. Qualitative risk analysis might use numeric ratings and nonnumeric ratings by means of a low-medium-high scorecard.
• Perform quantitative risk analysis—This process involves a mathematical calculation of the expected monetary value (EMV) of a risk.
• Address fintech enterprise risk area—This component includes six fintech challenges: investment management, customer management, regulation, technology integration, security and privacy, and risk management practices.²⁴
• Implement fintech innovative solutions risk area—This component examines the risk associated with implementing “technologically enabled financial innovations that could result in new business models, applications, processes, products or services,”²⁵ as highlighted in the definition of fintech presented by the Financial Stability Board (FSB).

The two risk areas described—fintech enterprise and fintech innovative solutions—can be broken down into several categories, as illustrated in figure 2. However, in this model, the risk categories have been elevated to the level of processes to provide the right tools to search for fintech risk.

The Risk Management Framework

A fintech risk management framework is the basic structure underlying the risk management efforts of a fintech enterprise. The fintech risk management framework proposed herein is divided into three domains as introduced in figure 3:

1. Domain 1: Fintech risk management phases and processes
2. Domain 2: Fintech enterprise risk area
3. Domain 3: Fintech innovative solutions risk area

Domain 1 includes four phases: fintech risk organizing and planning, fintech risk assessment, fintech risk reaction, and fintech risk monitoring and control. The four phases of domain 1 comprise six processes: organize and plan fintech risk effort, identify fintech risk, perform a qualitative risk analysis, perform a quantitative risk analysis, respond to risk, and monitor and control risk.

Domain 2 includes risk management related to six fintech challenges: investment management, customer management, regulation, technology integration, security and privacy, and risk management practices.²⁶

Domain 3 deals with risk management related to the following fintech innovative solutions: new business models, applications, processes, products or services.²⁷

From domain 1, one can navigate to domain 2, domain 3 or both. However, when conducting risk management of a fintech enterprise, domain 1 must be applied to domain 2. In contrast, when conducting risk management of fintech innovative solutions, domain 1 must be applied to domain 3.

Practical Guidance for Conducting a Fintech Risk Assessment

To illustrate how to conduct a fintech risk assessment, the following examples are used.

Enterprise Background
The hypothetical enterprise is a fintech start-up specializing in payments. It focuses on consumer and retail payments, peer-to-peer (P2P) mobile payments, mobile wallets, and foreign exchange and remittances.

Example 1: Fintech Enterprise Risk Area
For this hypothetical enterprise and looking at the investment-management challenge, the following fintech enterprise risk has been identified: lack of fintech project portfolio management.

To perform a qualitative risk analysis, the risk factor (RF) can be calculated by multiplying the probability of occurrence (P) (i.e., the likelihood of a fintech risk occurring) by the impact of risk occurrence (I) (i.e., how severely the fintech initiative will be affected if the risk occurs).

Therefore,

RF=P × I
=75% × 0.3
=22.5%

This particular example uses a numeric rating technique.

Similarly, to perform a quantitative risk analysis, the EMV has been calculated as follows:

EMV=P × I
=80% × US$1,200,000
=US$960,000 (the value of the risk)

Example 2: Fintech Innovative Solutions Risk Area
Similarly, by examining intelligent mobile payments corresponding to the “applications” solution of a fintech innovative solutions risk area, the following risk has been identified: unproven mobile technology.

Therefore,

RF=P × I
=55% × 0.7
=38.5%

This case also uses a numeric rating technique.

Likewise, the EMV has been calculated as follows:

EMV=P × I
=15% × US$2,000,000
=US$300,000

Finally, to recap the previous processes, the steps followed in example 1 were:

1. Visit domain 2 (fintech enterprise risk area).
2. Select challenge (i.e., investment management).
3. Identify fintech risk.
4. Perform qualitative risk analysis.
5. Perform quantitative risk analysis.

Likewise, the steps followed in example 2 were:

1. Visit domain 3 (fintech innovative solutions risk area).
2. Select an innovative solution (i.e., applications: intelligent mobile payments).
3. Identify fintech risk.
4. Perform qualitative risk analysis.
5. Perform quantitative risk analysis.

As a result, figure 4 provides an outcome of the fintech risk assessment illustrated in this article.

Conclusion

The model described previously highlighted the following fintech risk zones: fintech enterprise risk area and fintech innovative solutions risk area, which in reality account for most of the risk areas of a fintech organization. In that context, the fintech risk assessment model was embedded within a fintech risk management framework to construct the foundation of fintech governance. It is important to remember that fintech risk management, fintech governance and fintech innovative solutions represent the three pillars of success or failure of a fintech organization.

Endnotes

¹ Zavolokina, L.; M. Dolata; G. Schwabe; “FinTech—What’s in a Name?” 37^th International Conference on Information Systems, Dublin, Ireland, 2016
² London Business School, “The Fintech Revolution,” London Business School Review, vol. 26, iss. 3, 2015, p. 50–53
³ Bettinger, A.; “FINTECH: A Series of 40 Time Shared Models Used at Manufacturers Hanover Trust Company,” Interfaces, vol. 2, iss. 4, 1972, p. 62–63
⁴ Schueffel, P.; “Taming the Beast: A Scientific Definition of Fintech,” Journal of Innovation Management, vol. 4, 2016, p. 32–54
⁵ Thakor, A. V.; “Incentives to Innovate and Financial Crises,” Journal of Financial Economics, vol. 103, iss. 1, 2012, p. 130–148
⁶ Chen, M. A.; Q. Wu; B. Yang; “How Valuable Is Fintech Innovation?” Review of Financial Studies, vol. 32, iss. 5, 2019, p. 2062–2106
⁷ Project Management Institute (PMI), A Guide to the Project Management Body of Knowledge (PMBOK Guide), 6^th Edition, USA, 2017
⁸ Lee, I.; Y. J. Shin; “Fintech: Ecosystem, Business Models, Investment Decisions, and Challenges,” Business Horizons, Kelley School of Business, Indiana University, USA, vol. 61, 2018, p. 35–46
⁹ Microsoft Corporation, Risk Assessment and Compliance Guide for Financial Institutions in the Microsoft Cloud, USA, 2018
¹⁰ Rovins, J. E.; T. M. Wilson; J. Hayes; S. J. Jensen; J. Dohaney; J. Mitchell; D. M. Johnston.; A. Davies; Risk Assessment Handbook, GNS Science Miscellaneous Series, New Zealand, 2015
¹¹ Op cit PMI 2017
¹² Project Management Institute (PMI), Practice Standard for Project Risk Management, USA, 2009
¹³ Turner, J. R.; The Handbook of Project-Based Management: Leading Strategic Change in Organizations, 3^rd Edition, McGraw-Hill, USA, 2009
¹⁴ Op cit Lee, Shin
¹⁵ Schindler, J.; “FinTech and Financial Innovation: Drivers and Depth,” Finance and Economics Discussion Series 2017-081, Board of Governors of the Federal Reserve System, USA, 2017, https://doi.org/10.17016/FEDS.2017.081
¹⁶ Financial Stability Board, FinTech and Market Structure in Financial Services: Market Developments and Potential Financial Stability Implications, Switzerland, 2019
¹⁷ Op cit PMI 2017
¹⁸ Op cit PMI 2009
¹⁹ Op cit Turner
²⁰ Op cit Microsoft Corporation
²¹ Giudici, P.; “Fintech Risk Management: A Research Challenge for Artificial Intelligence in Finance,” Frontiers in Artificial Intelligence, 28 November 2018, https://www.frontiersin.org/articles/10.3389/frai.2018.00001/full
²² Deloitte Development LLC., Fintech Rsk and Compliance Management: A Framework to Empower the Organization, UK 2019
²³ Barclay Simpson, FinTech: Growth Versus Governance, UK, 2018, https://www.bankingtech.com/files/2018/11/Barclay-Simpson-growth-versus-governance.pdf
²⁴ Op cit Lee, Shin
²⁵ Op cit Schindler
²⁶ Op cit Lee, Shin
²⁷ Op cit Schindler

Luis Emilio Alvarez-Dionisi, Ph.D.
Is a fintech professor and management consultant. He has provided advisory services to chief executive officers, boards of directors and senior managers of Fortune 500 companies and has consulted on project, program and portfolio management with numerous enterprises worldwide, including Intel, IBM, Merck, Chevron, Isuzu, Smiths Detection, the Beijing 2008 Olympic Games, Citibank, Standard Chartered Bank and the Government of Singapore Investment Corporation (GIC). His research focuses on fintech risk management, fintech robo-advisory consulting, fintech governance structures and fintech start-up fundraising. He can be reached at dr.luis.alvarez@outlook.com.