“The FSB will continue to monitor and discuss the evolution of the potential financial stability implications from FinTech going forward, using its existing Financial Innovation Network. While there are currently no compelling signs of macro financial risks materializing, experience shows that they can emerge quickly if left unchecked.” – Financial Stability Implications from FinTech, Supervisory and Regulatory Issues that Merit Authorities’ Attention, June 27, 2017
Credit Unions likely understand they should ask vendors for a SOC audit report, specifically if that vendor manages sensitive member data. The SOC 2 is especially critical with any FinTech type vendor, as it examines security, confidentiality and privacy controls. The FSB, or Financial Services Board, is in existence to develop regulatory, supervisor, and financial policies, affecting the financial sector globally, and they are creating awareness and prediction of escalated regulatory and compliance legislation placed on FinTech companies. They are highlighting the importance of security and risk management within FinTech organizations and published the paper “
2017 shone a light on the “tech” in FinTech with this paper from the FSB Board that dives into areas asking for prioritization around security and risk. At a high level the top three are:
- Managing operational risks from third party providers,
- Mitigating cyber risks, and
- Monitoring microfinancial risks.
FinTech companies and vendors who audit under SOC2 will see increased focus in trust services criteria, cyber security, and an increased emphasis on protecting the confidentiality of data in 2018. This is important for every Credit Union, as they manage and secure member data.
For example, the new SOC Cybersecurity standard notes:
- The establishment and articulation of a cybersecurity risk management program that addresses policies and procedures that address risk and serve to protect sensitive information.
- The implementation of controls to protect sensitive information that aligns with the established framework, whether based on NIST or ISO 27001
These developments run parallel to the FSB report. Credit Unions are feeling the heightened visibility of cyber security and operational risk. Cybersecurity being centrist to many of the concerns.
In 2018, FinTech companies can expect more legislation aimed at regulatory compliance. Credit Unions will continue to push regulatory evidence and audit compliance into the basic operation forcing FinTech companies to kick up their audit game. For many in this space, it’s a new burden to take on. For those already on board, it’s the cost of doing business for the opportunity to serve.