About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

« Convenience Always Wins, In One Form or Another | Main | Fintech for Financial Wellness »

April 2, 2018


Advice to Fintechs: Focus on Privacy and Security from Day 1

Fintech continues to have its moment. In one week in early March, I attended three Boston-area meetings devoted to new ideas built around the blockchain, open banking APIs, and apps for every conceivable wrinkle in personal financial management.

"Disruptive" was the vocabulary word of the week.

But no matter how innovative, disruptive technology happens within an existing framework of consumer protection practices and laws. Financial products and tools—whether a robofinancial adviser seeking to consolidate your investment information or a traditional checking account at a financial institution—are subject to laws and regulations that protect consumers. As an attorney speaking at one of the Boston meetings put it, "The words 'unfair,' 'deceptive,' and 'misleading' keep me up at night."

A failure to understand the regulatory framework can play out in various ways. For example, in a recent survey of New York financial institutions (FI)s by the Fintech Innovation Lab, 60 percent of respondents reported that regulatory, compliance, or security issues made it impossible to move fintech proposals into proof-of-concept testing. Great ideas, but inadequate infrastructure.

To cite another example, in 2016, the Consumer Financial Protection Bureau took action against one firm for misrepresenting its data security practices. And just last month, the Federal Trade Commission (FTC) reached a settlement with another firm over allegations that the firm had inadequately disclosed both restrictions on funds availability for transfer to external bank accounts and consumers' ability to control the privacy of their transactions. Announcing the settlement, acting FTC chairman Maureen Ohlhausen pointed out that it sent a strong message of the "need to focus on privacy and security from day one."

As Ohlhausen made clear, whoever the disrupter—traditional financial institution or garage-based startup—consumer protection should be baked in from the start. At the Boston meetings, a number of entrepreneurs advocated a proactive stance for working with regulators and urged that new businesses bring in compliance expertise early in product design. Good advice, not only for disrupters but also for innovation labs housed in FIs, FIs adopting third-party technology, and traditional product design.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 2, 2018 in innovation , regulations , regulators | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in