On October 27, the North American Securities Administrators Association held its 2020 symposium on Fintech and Cybersecurity. A key theme of the symposium was the impact that the pandemic has had on fintech, cybersecurity, and regulating the financial markets – given that regulators and securities industry professionals are largely working from home. The panelists also discussed new technological innovations that are likely to impact both the fintech industry and cybersecurity.
Kavita Jain, previously a Director in FINRA’s Office of Innovation and now the Deputy Associate Director of Innovation Policy at the Federal Reserve Board, delivered the keynote address. She started the symposium discussing the role of regulators in fostering innovation in the financial services industry. Jain noted the traditional role of banking regulators is to ensure that banks control for risk. Because innovation necessarily involves new risk, regulators need to be prepared to monitor the new types of risk that innovation can introduce. Failing to keep up with innovation can be a type of risk. Jain commented that regulators can facilitate responsible innovation in the financial industry by engaging with key stakeholders, collaborating with other regulators, and providing regulatory clarity.
The keynote address was followed by four panel discussions.
The first panel, “Algorithms Make the World Go ‘Round,” reviewed some technological advancements in the financial industry. Shawnna Hoffman, the Global Blockchain Offering leader at IBM Watson Health, discussed the advent of quantum computing and the impact that it will likely have. Quantum computing, which will make computers exponentially more powerful than they are now, evokes a need for quantum encryption. While less than 1% of enterprises budgeted for quantum computing projects in 2017, it was predicted that more than 20% of global enterprises will budget for it in 2023. Usman Ahmed, Head of Global Policy and Research at PayPal, emphasized the important role that fintech companies have in providing access to the economy. During the pandemic, fintech lenders were able to efficiently and safely onboard new customers, which allowed many small businesses to access Paycheck Protection Program loans that they would not have been able access to through traditional lenders. In discussing the characteristics of fintech companies, Dan Gorfine, Founder and CEO of Gattaca Horizons LLC, emphasized speed, access, and “disintermediation” of traditional processes, noting that regulators historically have regulated through intermediaries, like banks and brokerages. The panel also discussed the digital dollar project, which is exploring the potential for a digital based currency backed by a central bank (Central Bank Digital Currency – CBDC). Panelists noted that a tokenized dollar could help solve some issues exposed by the pandemic, like tens of millions of people awaiting paper checks from the government, while needing to pay creditors whose bills are automated.
The second panel explored how artificial intelligence (AI) is transforming the financial services industry. While the ability of AI to recognize complex patterns unrecognizable to humans can be a powerful tool in the industry, it call also have pitfalls. The second panel discussed how AI that is premised on partial or outdated data can potentially lead to data bias. Jake van der Laan, with the New Brunswick Financial & Consumer Services Commission, discussed the importance of ensuring that any AI models are thoroughly vetted and continually tested once they are implemented. Firms using AI systems need to ensure that there are guardrails built into the system. FINRA’s White Paper on Artificial Intelligence in the Securities Industry, in June of 2019, provides some good guidelines in implementing AI. The International Organization of Securities Commissions (IOSCO) and the European Securities and Markets Authority (ESMA) have also published white papers on AI. Each of these guides provides best practices with AI that are helpful to consider and implement.
The third panel, “Technology as a Sword and Shield,” discussed how technology can be used to both perpetrate and defend against cyber attacks. For example, while AI is used to monitor transactions and detect fraud, in the hands of the wrong person, it can be used to enhance phishing scams. The panel emphasized the importance of continually auditing and testing technology used to combat cyber attacks. Ruth Hill Bro, the Co-Chair of the ABA’s Cybersecurity Legal Task Force, said that the volume and sophistication of cyber attacks continue to grow – and in some instances are exacerbated by the pandemic, given the need for millions of people to work from home. The greatest weapon against threats like ransomware, phishing, and malware is a “culture of awareness,” since people are often the weakest link in a firm’s cybersecurity program.
The last panel of the day focused on “Cyber Challenges During a Challenging Time,” emphasizing the impact that the pandemic has had on regulating the financial markets and on cyber security. Dave Kelley, FINRA’s Director of Member Supervision Specialist Programs – Cybersecurity, said that phishing remains the number one issue during the pandemic. They have also seen an increase in the number of imposter websites popping up on the Internet. Thus, while regulators are regulating from home, fraudsters are continuing to scheme from home unabated. Professor Tonya Evans, who is an expert in cryptocurrency and blockchain, noted that with the pandemic there has been an increased reliance on technology. Ransomeware continues to be a big issue – as is blackmail. In both schemes, the perpetrators often demand payment in cryptocurrency, since the payment cannot be retrieved once it has been transmitted. Dr. Lorrie Cranor, Professor of Computer Science, Engineering and Public Policy at Carnegie Mellon, closed the panel by discussing steps people can take to better secure data in their remote workspaces – such as never using a password twice and using two-factor authentication.
As the pandemic continues, and we continue to adjust to large numbers of regulators, industry professionals, and consumers working remotely, these themes will continue to have a significant impact on fintech and cybersecurity.
1. NASAA is a voluntary association whose membership consists of 67 state, provincial, and territorial securities administrators in the 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Canada, and Mexico.