A guest post by: Pulak Sinha, CEO Pepper and Paras Shah, CEO LAMR Group
In the world of Business and Technology, two areas are drawing a great deal of attention- FinTech and Security. It’s no surprise- they are deeply connected and causally related areas. The connection between the two reminds us of the apocryphal story of Bank Robber Willie Sutton who when asked why he robbed banks, replied sheepishly, “Because that’s where the money is.” So too with Fintech.
In our experiences- very different experiences that is—the issues of Security and Financial Services converge neatly and can be summed up with two core conditions: Stewardship and Trust. When the “product” being dealt with is peoples’ money or other core assets, the absence of trust is a death-knell; conversely, the existence of trust creates a bridge to success. For the FinTech dealing with money, the role of stewardship is critical- they have to be dutiful stewards of both money and data related to that money.
Stewardship is of course not simply about intent. It is also about having the systems in place- and the processes, culture, and personnel- that allow for the enactment of that stewardship. Good intentions are wonderful, but insufficient. Stewardship is not about a point in time, either. It is about ongoing resiliency and an “always on” culture of proactive behaviors that ensure the proper handling of money, data, and other assets.
Financial Services as an industry has a mixed record here. For the most part, things are good. Most people interact with the industry on a daily basis and do so with ease. Of course, when things are almost always good, we take them for granted. As such, when a lapse or breach does take place, it becomes the defining characteristic, the Achilles heel of an otherwise useful and productive company. In addition, since we are talking about money, data, and personal information, such lapses can have outsized impacts on peoples’ and companies’ lives. It’s great to be good 99.9999% of the time. But if that .0001 % possibility is an “extinction event,” then even that is not tolerable.
The responsibilities here are joint. In the world of, for example, Asset Management, the AM company has to take the issue seriously and invest in the right systems and platforms to ensure that ROI doesn’t come at the cost of impossible risk or regulatory breach. But the investors who entrust their money to the AM company also have to demand of its executives to invest in these systems, processes, and people. The passive approach by any party is a non-starter.
Massive advances have been made in Security but just as they’ve been made, the attack vectors have multiplied exponentially. The Security industry has done a fine job of elevating Security to a top business issue, but many companies still honor that notion only rhetorically.
We need a new paradigm.
Trust in Fintech is key. So too is stewardship. A flexible and powerful security stance helps get us to both.