Welcome to part two of our ‘Fast, open finance and a new world of risk management’ series. If you haven’t read part one yet, we would recommend heading here and reading all about the risks that open banking and instant payments can bring.
Embedded finance is one of the hottest trends in finance today. But while it offers businesses a multitude of benefits by allowing them to integrate new, seamless financial products into their customers journeys, it can also open new avenues for fraud and financial crime. Here we look at those risks and how businesses can stay safe while taking advantage of the benefits of embedded finance, open banking and instant payments.
Embedded finance and its risks
Embedded finance offers a seamless experience for customers, new ways to reach them, scale operations, and rethink products and service delivery. However, aligning embedded applications with regulatory rules, while ensuring integration and ease of use, presents a formidable challenge for both incumbent financial institutions with legacy tech and new entrants lacking proper risk management capabilities.
Interoperability is the foundation of embedded finance, requiring an open cloud architecture and application programming interfaces (APIs) to facilitate communication between each organisation in the chain – from banks to infrastructure providers to fintechs. But with multiple players in the ecosystem interacting with the same data simultaneously, the security, privacy, and regulatory risks are amplified. While banks traditionally managed this risk, the proliferation of third-party vendors and emerging technologies like Web 3.0, DeFi, and cryptocurrency complicates the scenario. This ecosystem requires new tech capabilities and a strategy that manages accountability and the risks associated with interoperability between technologies and ecosystem partners.
Open architectures also complicate data ownership and sharing. With rising security concerns, lawsuits, and regulatory scrutiny, financial institutions need to enhance their digital capabilities and risk management strategies. This will allow them to leverage customer data for customised offerings and seamless authentication and authorization while protecting the integrity of underlying transactions and customers’ data.
As the focus shifts from mere risk management to value creation in embedded finance, firms need to anticipate and adapt to these new challenges. With the right risk management strategy in place, banks and financial institutions can unlock cost savings and revenue opportunities, positioning themselves as tech-enablers and expand their service scope in embedded finance ecosystems.
Navigating new regulation
As the financial services industry evolves with new opportunities and risks, banks and financial institutions need the right tools to innovate and comply with new regulations.
For example, the confirmation of payee (CoP) service enhances payment security by verifying that the recipient’s name matches the account details provided by the payer. This extra layer of protection helps prevent misdirected payments and authorized push payment (APP) fraud, giving customers greater confidence in the authenticity of their payments.
It is already being rolled out in the UK, with the likes of Barclays and NatWest offering CoP, and a further 400 firms needing to implement a CoP system by 31 October 2024. The Netherlands, too, is leading on implementation, with nearly 99.5% of payments being subject to a CoP-style check.
These tools play a crucial role in bolstering customer trust and payment security, especially in international transactions, and countering fraudulent activities – all while helping meet potential future regulations.
Managing the risks of fast, open finance
Banks and financial institutions must adopt a proactive approach to address risks in the ever-evolving financial services landscape. A three-step approach can help systematically tackle these new challenges:
Collaborative risk identification. Risk teams should work together with business units to identify critical risk areas. Business units are the first line of defence, so you need to define an operational model that ensures everyone, including third-parties, works together to address those risk areas.
Leverage new capabilities. Define new ways of working that leverage new capabilities, such as automation and explainable AI, in a way that empowers compliance and risk professionals to be heard across all lines of business.
Integrated risk intelligence. Ensure that risk data is shared across all lines of defence. This promotes a culture where businesses see compliance as a source of competitive advantage, not a tick-box exercise.
Embedded finance is opening up a new world of opportunity for all financial institutions (FIs) but in this world, it’s vital that businesses fortify against emerging threats. By implementing a robust risk management strategy and investing in the right technology, FIs can harness the opportunities presented by embedded finance while mitigating the associated risks.