The rise of financial technology and new innovations in how we manage our banking and finances has largely been a good thing. New innovations make it easier for customers to increase their financial literacy and give them the freedom to be directly involved in financial decisions.
But no new technology comes completely without risk, and FinTech is no exception. With the increase of new applications and changing technology in banks and other financial institutions, there are numerous legal issues on the rise as well.
Here we will learn about three of the top legal concerns for FinTech companies. We will explore how banks and other companies can protect themselves more effectively by building these legal protections into their technologies early on.
1. Data Protection and Cybersecurity
It should come as no surprise that the number one legal issue arising for FinTech companies is data protection and cybersecurity. FinTech companies handle, collect, and organize massive amounts of customer data in order to provide their services. But collecting private data from consumers means these companies also carry a responsibility to protect that information.
Global companies must comply with the General Data Protection Regulation (GDPR) established by the European Union in 2016 to protect personal identification information for customers. The GDPR requires companies to meet very high standards of compliance for protecting personal information, including names, addresses, ID numbers, web data, racial or ethnic information, sexual orientation, health and genetic information, and political opinions.
Many businesses are spending millions on cybersecurity ($11.7 million in 2017 on average). However, FinTech companies can’t always spend that amount of money continuously on traditional cybersecurity methods. Other alternatives may need to be explored. One such solution is a Moving Target Defense (MTD). This frustrates cyberattacks by taking the static targets with which hackers are familiar and changing them into constantly shifting points of attack.
2. RoboAdvisors and Liability
Artificial intelligences are on the rise in numerous industries, not just FinTech. RoboAdvisors and chat bots are increasingly available for online banking users and offer guidance on a variety of topics, from investments to timelines for paying off credit card debt.
The current legal issues surrounding these AIs is mainly a question of legal liability. There is a clear regulatory gap in the management of the risks inherent in relying on robot advisors and in who carries the legal responsibility if something should go wrong.
Because of the interconnectivity found in AIs and in emerging technology, it is difficult, if not impossible, to identify the exact party responsible for compensation and legal liability. Digital technology also encompasses a large amount of data. In the event that data corruption is responsible for an error, liability may not be clear.
Software is subject to constant updates and improvements. Since AIs often work with these programs, it’s impossible to predict whether an error in an update may cause a problem in other technologies interacting with the updated product. This, again, complicates legal liability.
Legal responsibility for any issues arising from use of an AI or robot advisor could be assigned to two the robot manufacturer. However, depending on the circumstances it could just as easily be argued to be the programmer, supplier, or even the users themselves.
Once the responsible party is identified, there is also a question of the degree of autonomy of the AI itself. How does one measure such a characteristic? Obviously, AI, chat bots, and robot advisors still have some significant legal questions that need to be answered.
3. Biometric Authentication
Biometric authentications are on the rise for most FinTech companies and related technologies. But with them comes the question of regulation and protection of consumer biometric data.
There are legal and security risks with the possibility for third parties to counterfeit biometrics like fingerprints and access customer’s data and accounts. Fingerprints can easily be collected from everyday objects people touch without their consent or knowledge.
Banks and financial institutions need to look for ways to protect biometric data, with ICT (information and communication technology) security equal to or better than current industry standards. Otherwise, they risk losing their reputations and customers if data and accounts are breached due to a security failure.
How Can Banks and Emerging FinTech Companies Protect Themselves?
It’s important for legal compliance to be built in early on for emerging FinTech companies. This makes the process easier in the long term, because major changes to comply with security and legal issues are not necessary. Businesses also need to have a vision for how they will be using customer data from the very start, so they are able to manage it effectively.
Cybersecurity is a must for every new FinTech company or new technology, and customer contracts must be well-thought-out and supply customers with clear and relevant information related to their data and security and clear allocations of legal liability. With these issues taken into account, FinTech companies will be poised for greater success.