Fintech and Innovation in Lending

Cybersecurity Regulation Overview
Fintech and Innovation in Lending


Financial technology, or fintech, companies’ innovative strategies for lending have created unique opportunities for investors and financial institutions. But financial innovation can also create heightened sensitivity for investors, regulators and the broader market. Market reactions to recent operational breakdowns at a fintech company, which included the knowledgeable sale of loans that did not meet investor criteria, exemplified the magnitude of impact an operational breakdown at a company, regardless of asset quality, can have on the wider industry. This particular market shock also involved subpoenas being issued by the U.S. Department of Justice, which contributed to the significant drop in the stock price of all of the companies involved. As a result, there has been a decline in new loan purchases, with many existing loan purchases being terminated and a reduction in direct investment in fintech companies. 

Fintech lenders depend on backing by investor funds and commitments to grow their loan portfolios. It is therefore essential for the financial technology community to demonstrate a heightened focus on risk management activities, giving investors the confidence to invest in financial innovation and new products to keep pace with consumer demand. 

Given the rapid growth of the fintech sector, regulators have increased their focus on the industry, with regulatory requirements for this evolving market anticipated to expand shortly. Throughout history, innovation has always outpaced regulation, and based on recent regulatory publications, regulators around the world are preparing to formulate new rules and guidance to allow innovation to occur without adversely impacting the financial system, investors or, most importantly, consumers. This situation can be viewed as a challenge or an opportunity for proactive fintech companies, but the timeline for action is shrinking as the regulators ramp up discussions on the topic of financial innovationand possible regulation.

It is therefore essential for the financial technology community to demonstrate a heightened focus on risk management activities, giving investors the confidence to invest in financial innovation. 

Challenges and Opportunities

Investors are also expressing increasing concern over the risk posed by fintech companies. Overall investor demand for loans originated by financial technology platforms has decreased, which is also impacting the financial performance of many fintech lenders.1 Generally these concerns stem from investor insecurities and lack of understanding of fintech companies’ control processes and their effectiveness, particularly within such rapidly growing innovative start-up firms with very different cultures. 

As the financial services industry continues to progress its the latter years of a traditional credit cycle, its capacity for operational risk failures will continue to tighten. And in light of recent operational failures in the fintech industry, financial technology companies will need to take a proactive approach to revitalizing investor demand for the loans they originate. With regulatory pressure increasing, fintech firms need to take the initiative and collaborate with the regulators as they develop regulations affecting the industry, which could pose a significant strategic advantage. 

Our Point of View

Fintech firms need to focus first on three key areas, set out below, in advance of further regulation of their industry. Taking this approach will help convince the regulators that the industry is innovating safely, and will also place the individual fintech company on a more stable footing to be able to grow the business rapidly and securely.

Risk Management: Given fintech companies’ preference for an automated business model, which leverages technology and modeling techniques to efficiently onboard borrowers, operational risk management needs to be a critical focus, with minimal to no tolerance for mistakes. Risk governance processes must be formally established, well-documented and effectively controlled. Processes and controls should be clearly documented and regularly updated to ensure completeness of control activities that keep pace with innovative change in the organization. This formally documented control framework should be regularly tested and made transparent to create a competitive advantage with investors by delivering comfort that the processes in place effectively mitigate emerging risks and issues. Senior management and the board should be regularly updated on the company’s roadmap to continuously improve risk capabilities and the results from testing the effectiveness of these capabilities.

Given fintech companies’ preference for an automated business model, which leverages technology and modeling techniques to efficiently onboard borrowers, operational risk management needs to be a critical focus.

Demonstrating Capabilities to the Market: Financial technology companies require a level of failure in order to develop next-generation innovative solutions. This capacity for failure for new and enhanced products is critical to ongoing innovation; without this capability, online lending, for example, would not exist today. Although fintech firms recognize their ability to learn from failure, it can also be a detriment to investor confidence if it impacts risk management practices and leads to operational failures and heightened systemic risk in the market. With the recent market shock driving down investor demand for fintech products, rebuilding investor demand will require fintech lenders to actively demonstrate to the market that their operational risk controls are effective today and are sustainable for their planned future growth.

Regulatory Environment: The fintech industry is enjoying a relatively less rigorous regulatory environment today compared to the more traditional financial services companies. This has created a unique opportunity for fintech companies to deploy more capital and expand market share. Recent regulatory publications from both the Office of the Comptroller of the Currency and the U.S. Department of the Treasury indicate an upward trajectory for regulatory scrutiny of fintech firms.2 On the surface this regulatory reaction appears to be an impending challenge, but the U.S. Treasury Department states that it recognizes the importance of not stifling innovation at the cost of regulation. It has also expressed an interest in learning from the fintech community. It may prove to be beneficial in the long term for fintech companies to engage in dialogue with regulators at an early stage to help define “responsible” innovation and use these discussions to gain ground in advance of formal requirements. Understanding and balancing the level of transparency the regulators view as necessary to regulate with the confidential nature of innovative products and techniques fintech companies require will help gain the trust of the regulators. The lack of any specific proposals to implement new regulations further reinforces the ability for fintech companies to get ahead of the game.

Fintech companies [need to] engage in dialogue with regulators at an early stage to help define “responsible” innovation.

How We Help Companies Succeed

Protiviti’s dedicated financial services practice helps financial institutions and fintech companies alike define and enhance their risk and control structures, demonstrating their commitment to strengthening risk management practices and allowing them to continue to innovate and evolve. In light of market reactions to recent financial technology events, the opportunity to demonstrate capabilities and transparency in risk management is critical. Protiviti is well-positioned as a leader in risk, compliance, IT, data and internal audit to support fintech and financial services companies through their ongoing innovation.

Protiviti’s risk and compliance experts help our clients enhance process and operational controls, policies and procedures, and securitization processes, reviewing processes across the credit lifecycle to instill confidence in investors. As fintech companies continue to evolve, a focus on organization structure and governance framework, as well as monitoring, testing and reporting, become increasingly important.

Protiviti’s regulatory risk practice deploys industry-leading experts in the areas of consumer compliance and anti-money laundering who have helped to build and review consumer compliance programs to comply with national and local regulatory requirements in place today and in consideration of impending changes to regulatory oversight.

Protiviti’s IT consulting and data management teams help enhance customer experience by focusing on digital transformation strategy; customer journey, experience and product strategy; and risk management strategy. Protiviti supports companies with business process improvement, advanced data analytics, legacy system modernization, fintech integration and change management. Additionally, Protiviti is a leader in IT risk management, focusing on system controls, including physical and network security, data security and back-up, segregation of duties, access controls, and disaster recovery as well as end-to-end data management structure and capabilities.


Ed Page 

Managing Director


[email protected]
Owen Roderik Strijland 

Director Fintech Services


[email protected]
Steven Stachowicz

Managing Director 


[email protected]
Nirav Shah



[email protected]
Brian Sullivan



[email protected]