Understanding the Risks of Fintech

By Ashley Kovas, Thomson Reuters Regulatory Intelligence

The term “fintech” is undefined and its scope is far from always clear. Lithuania recently announced a tender for a private blockchain as part of its developing fintech strategy and more widely this raises concerns for risk, compliance and regulators both in that country and beyond.

Chapter One

From necessity to virtue

Lithuania’s population is some three million and its banking market has been dominated by a number of traditional Scandinavian banks whose offerings have proven to be limited. Marius Jurgilas, a board member at the Bank of Lithuania, said it was important to open the market to greater competition and the use of technology provided a way to do so. A range of more innovative products would better serve Lithuanian consumers. Jurgilas also said fintech is opening up investment by venture capital firms which has not traditionally been a source of funding in Eastern Europe. This is appropriate because venture capitalists will have an appropriately high risk appetite. Although the initial need was for better, more competitive, banking services Lithuania has realized that EU passporting provisions could enable services to be offered from Lithuania to EU member states.

Chapter Two


Mantas Katinas, managing director at Invest Lithuania, defined “fintech” consistently with Jurgilas; it is the activity of smaller companies using technology to secure:

  • Improvements in the consumer experience
  • Disruption to business models, changing the competitive picture for firms

Sigitas Mitkus, director of the financial markets policy department at the Lithuanian Ministry of Finance, also highlighted the benefits for consumers in all sections of society whether they are B2C, B2B or B2G. Jurgilas noted that while fintech is spawning a new type of firm, in the longer term it amounts to the evolution of finance: fintech is changing banking so banks will increasingly become fintech firms. The Lithuanian fintech market

Chapter Three

Categorization of fintech solutions

Katinas said there are now more than 100 fintech companies established in Lithuania, most of them local; however, entrepreneurs from other countries are also attracted to Lithuania with Asia showing particular promise. Katinas identified three types of fintech solution:

  • Payments services: Particularly important because of the need for greater competition in banking.
  • Crowdfunding: A second phase that is now evolving; regulatory licenses are not always required for this activity, depending on how it is structured.
  • Hard-tech: Physical technology and software for institutions, for example to enhance machine learning or to deal with cyber risks.

The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position of Thomson Reuters. EXPERT TALK Understanding the Risks of Fintech 2 Mitkus said fintech solutions are being created in digital identification, mobile applications, cloud computing, big data analytics, artificial intelligence, blockchain and forms of distributed ledger technology (DLT). Jurgilas said most of the innovations so far concern payment and transaction services. These are the foundation of the financial system. In time, fintech can be expected to enter other areas of finance, such as asset management.

Chapter Four

Practical examples

The market continues to develop, but Katinas pointed to a number of innovations which are already changing the Lithuanian market:

  • Revolut: A British company providing free international money transfers, fee-free global spending; a popular supplier in Lithuania.
  • Paysera: Providing low-priced convenient payment services across all forms of technology.
  • P2P Lending: A technology providing competitive returns on investment.

Chapter Five

New risks

Market change and disruptive technology inevitably lead to new risks. Their novelty suggests they may be difficult to identify by the firms that create them, other market participants, customers or the regulator. As the party responsible for the product, the firm must take principal responsibility for identifying the risks. Katinas pointed to some risk mitigations already in place. For example, P2P lending platforms provide a significantly higher return than do bank deposit accounts. The correlation of risk to return suggests these investments should carry a higher risk. Katinas said there is a regulatory limit preventing consumers from investing more than 500 euros in one P2P loan. In addition, the central bank requires the platform to deposit money with it. The Lithuanian regulator has identified several risks:

Speed: Fast transactional speed is one of the benefits of fintech; however this requires firms to adapt processes, for example in fraud and regulatory reporting, that will match this speed. Some firms are not keeping up with this expectation.

  • Cross-border transactions: The provision of remote services relies on processes (e.g. identification) operated in another country.
  • Data privacy: Data may be used inappropriately.
  • Anti-money laundering and countering terrorist financing: A major risk in its own right, it must be mitigated appropriately in the fintech world. Regulators could share black lists or white lists for this purpose.

Katinas said that fintech centres provide a mitigation of risk by their very nature. The concentration of business in the jurisdiction should create a depth of understanding in both market participants and regulators about the risks that can arise.

Chapter Six

Risks to consumers

It is important that consumers are made fully aware of the risks inherent in new products, particularly where the risks may be new to the retail market in general. Perhaps consumers should be encouraged to consider correlation between risk and return and the eternal truth that there is in general no such thing as a free lunch.

Chapter Seven

Unregulated business and regulatory scope

The structure and scope of the regulatory regime has arisen for historical reasons unconnected with fintech. At the moment, some areas of fintech activity are regulated while others are not. The lack of commonly applied standards in the unregulated business may contribute to risks. Katinas said cyber security is a key risk for fintech firms and might benefit from the creation of enforceable regulatory standards.

Chapter Eight


Regulatory scope may not be keeping up in responding to fintech. In other respects, the existing regulatory regime may be impeding its development. This may or may not be the appropriate outcome. The European Commission will look at this as part of its Fintech Action Plan and annex. Both Katinas and Jurgilas agreed Asian countries and the United States are moving very fast in embracing fintech, much quicker than in Europe. Jurgilas pointed to a critical balance for regulation: to defend European values but in a way that is flexible and quick. “It takes two to three years to introduce a new EU directive, and that’s just not fast enough”. It is important for the EU to respond to the competitive threat from Asia and the United States, while avoiding a regulatory race to the bottom. From a regulatory and compliance perspective, the starting point in considering the fintech market must be based on risk. Regulators must make sure fintech firms properly consider risks and put mitigations in place where necessary. Arguably, pending any future changes to regulatory standards, regulation should make this risk analysis a mandatory requirement, with appropriate regulatory oversight. Jurgilas spoke of the importance of regulatory sandboxes. Last year, the Bank of Lithuania consulted on the development of a sandbox and this will be introduced “within the next month or two”. This will provide a safe, secure environment to explore fintech solutions and the risks arising.

Chapter Nine

The risk of a fintech bubble

The “dotcom” bubble of the late 1990s saw significant investment into firms based on faith in a technological idea, rather than any demonstrated results. The bursting of the bubble showed the folly of a faith-based investment approach. During the bubble, companies went to great lengths to present themselves as “dotcoms” to attract investment. There is a concern that the lack of definition in the term “fintech” could trigger a similar effect. Mitkus said the danger of a bubble is genuine, especially in certain areas such as crypto/tokenization, a sentiment echoed by Katinas. Regulation could be used to force a separation between different types of fintech business to distinguish the unsafe from the safer operators, Katinas said. Jurgilas agreed there are signs the bubble is already developing. The Bank of Lithuania is not overly concerned fintech firms may fail; many of them will and this is a part of a well-functioning market. It is important however that firms fail in an orderly manner and consumers are protected properly.

Chapter Ten

Understand the market

Firms must understand the fintech market as it impacts on them. This is particularly important given the potential for misuse of the term “fintech” and also because the regulatory regime may not yet properly reflect the risks in the market. The discussion above highlights the Lithuanian experience of fintech but markets differ and the scope for fintech solutions will be different. A firm could consider, perhaps at board level, what its present or likely future engagement is or will be with fintech. This may involve surveying the fintech market in different jurisdictions to understand what products are under development.

Chapter Eleven

Building on normal risk management

Risk must be the starting point for firms’ risk and compliance functions whether as fintech originators or consumers. A firm will logically measure the risks of its operations through the lens of its own future profitability. It is crucial to identify and understand the applicable risks, particularly the “extinction risks” that could force the firm out of business. The regulator’s own statutory objectives may help firms in identifying those risks. The statutory objectives of the UK regulators require attention to the well-being of:

  • Consumers
  • Market integrity
  • Financial stability

This prescription for risk management is not novel of course; firms should be undertaking such analysis whether or not they are involved in fintech. However, there is a question of scale: market commentators are predicting an avalanche of future fintech developments that will disrupt markets and release efficiency and value. If the scale of change is substantial, successful firms will need the necessary controls around risk identification. mitigation and monitoring. Firms should also take steps to ensure they understand their delegates’ situation where they outsource to external service providers.

Chapter Twelve

Avoiding bubbles

A cool-headed attention to risk may also prevent firms and other investors falling prey to any fintech over-hype. Separating people from their money through false promises is a defining feature of fraud, and it is remarkable that fraud continues to prosper in the way it does. The U.S. Securities and Exchange Commission has recently charged the founder of a fintech company with fraud after it was allegedly able to defraud investors and misappropriate funds. The amount raised by the company was $55 million. Greed is the motivating factor of course for both fraudster and victim. Every investor is looking for something for nothing but deals that seem too good to be true usually are. When the dollar signs flash, caution may be abandoned just when it is most needed.

Chapter Thirteen

Compliance capacity

Understanding the risks in technological innovations may be beyond the capabilities of second-line staff, and the costs of employing one or more experts may be prohibitive. The use of external consultants may provide a solution, but it is obviously crucial that the consultants are themselves sufficiently capable and the firm may have difficulty assessing that.

Chapter Fourteen

Contributing to debate

When fintech risks are identified, the firm may not always be able to mitigate them effectively. For example, the solution may lie in changing the scope of regulation or regulatory standards. Firms should be prepared to engage with regulators and press for regulatory change where it is necessary in the interests of consumers, markets and competition.

Thomson Reuters Risk Management Solutions

For the trusted answers that help you anticipate, mitigate and act on risk with confidence. Manage enterprise risk, corporate governance, customer and third party risk, regulatory compliance and financial risk effectively, and accelerate business performance.