Fintech Evolution in the Banking System and Managing Consequent risks

Wednesday, 8 December 2021


Governor's speech


Nicosia, 8 December 2021


The pandemic has highlighted the importance that technology plays in allowing the financial system to continue, as smoothly as possible with its operations.

Global Fintech investment continued its remarkable growth, rising from $87 billion in H2’20 to $98 billion in H1’21. Global Fintech deal volume also hit a new record of 2,456 during H1’21.

Data also shows that consumers worldwide are adopting Fintech services much more quickly than anticipated. In 2017 it was predicted that 52% of consumers worldwide would have adopted Fintech services by 2019, but the estimate proved to be too conservative as the actual figure overshot it by 12 points. This overshooting happened before the pandemic. Although data is not yet available, the recent health crisis must have accelerated further this figure.

The growth in the Fintech market is also obvious from the number of Fintech startups. As of November 2021, there were 10,755 Fintech startups in the Americas, making it the region with the most Fintech startups globally. In comparison, there were 9,323 such startups in Europe, the Middle East, and Africa and 6,268 in the Asia Pacific region.

Cyprus is no exception to this global trend. There are currently 14 authorised electronic money institutions and 10 authorised payment institutions while there are 43 pending applications (32 EMIs and 11 PIs). Compare this with the 12 local and foreign authorised banks and subsidiaries in our country.

However, as with all revolutions, these global developments come with costs and risks. The number of cyber incidents reported to the ECB Banking Supervision in 2020 increased by 54% compared to 2019. Banks are specifically targeted. Banks underwent almost 26% of cybercrimes in 2019. These included compromised credit cards, leaked credentials and malicious banking applications.


Banking landscape and future change

The euro area banking sector is undergoing a transformation, with higher competition from non-bank financial intermediaries and Fintech institutions. The euro area’s financial structure has seen a movement from strong bank dominance towards a more balanced composition[1]. The development of non-bank lending diversifies the sources of finance available to businesses, providing competition to the banking sector.

As a result, Credit institutions need to adapt to the  unfolding competitive landscape. The ongoing digitalisation of society at large, coupled with the changes in the way people work and conduct their purchases because of the pandemic, force the banking sector to adapt to a new way of conducting business.

In addition, the low profitability challenge that European banks face, exacerbates the need to adjust and acts as a catalyst for the already strong competition banks are experiencing from Fintech and the non-bank financial intermediation firms.

Fintech institutions operate on a very different business model compared to traditional banks and as such, they have a competitive advantage in terms of cost structure and overheads. Their cost advantage and speed of operational and business decision making is evident by their rapid expansion and their proven ability to grow their user base quickly.

However, although Fintech bring obvious benefits to users, up until recently we haven’t seen large defections of customers from traditional banks to these new players. The confidence to the incumbent banking structure together with the value that people place on their existing bank relationships provide the opportunity for an adjustment period for incumbents. Having said that, generational differences matter. Consumers aged 25 to 40, also known as generation Y, have had the biggest effect on digitization of financial services[2]. Generation Y account for almost 50% of mobile banking users. Based on this trend, banks can expect Generation Z (ages up to 24 years) to be even more engaged in digital banking and technology driven solutions. In contrast, generation X, the baby boomers, still see value in live communication and visiting physical bank branches.

These younger consumers look for alternative ways of processing their financial transactions that are simpler and faster. The banking system needs to adapt. Incumbent banks that work with dated technologies and overextended branch networks are likely to lose their competitive edge. Technological innovation is the way to increase efficiency as a result of new competitors entering the market and new generations being more reliant on technology.

Since the global financial crisis, the euro area banking sector has been going through a gradual restructuring process, which involves the search for new business models, the adjustment to the revised regulatory regime, consolidation and the resolution of non-performing assets[3]. In fact in 2020 the number of completed mergers and acquisitions in the banking euro area increased even though this type of M&A had been decreasing since 2010.

In an effort to further contain costs and consolidate the banking sector, the number of euro area banks and branches has continuously declined by approximately 30% since 2008[4].

Incumbent banks must restructure and improve on technology and efficiency simultaneously with the entry of new competition also from Bigtech.

Technology giants are entering financial services as their next related business. Global technology giants have built extraordinary market advantages: large and engaged customer network; huge data enabling robust and increasingly precise understanding of individual customers, experience in scaling innovative technologies and because of their size, access to low cost of capital. BigTech players have already gained a foothold in financial services in select domains such as payments and in some cases lending and insurance.

However, digitalisation also poses significant financial and operational risks, both in the banking sector and in the Fintech / BigTech companies, themselves.

The Financial Stability Board[5] has recognised a number of operational risks, including:

  1. Operational risks of third-party reliance that are transferred to banks. Usage of services, such as cloud computing, increase the interdependence of banks to third-party providers and consequently increase operational risk. Therefore, the banking system is becoming increasingly more vulnerable to operational incidents at third-party service providers.
  2. The reliance of banks on digital platforms for the marketing and distribution of financial services is creating new forms of reputational interdependencies within the EU’s banking and payments sector.
  3. Furthermore, excessive reliance on automation and IT might increase the challenges for Know Your Customer (KYC) procedures and offer new scope for money-laundering.
  4. Cyber risk can be further exacerbated in the case of unsupervised parallel payment systems and rising interconnectedness between application interfaces (such as smart phone payments).

Further financial risks include:

  1. the robustness of Fintech companies which has not been tested yet fully. In fact, the Financial Stability Board has noticed several high-profile failures among Fintech platforms such as the Lending Club in the US and Trust Buddy in Sweden;
  2. also, the evolution of BigTech companies and the risk of becoming too-big-to-fail can be another source of systemic financial risk. A malfunction at a systemically important BigTech company, could bring down key services across multiple banks and countries.

The above risks translate directly to financial stability threats. The transmission of any of the above risks to one institution could be immediate to other institutions or sectors as a whole. These systemic risks should be tackled by authorities.

Macroprudential authorities should coordinate their actions in order to mitigate these risks and seek ways to balance the protection of customers’ interests and financial institution risks with specific policy objectives, a level-playing field being one of them.

The initiatives taken by the European Commission, such as the digital finance package, that captures – among others - the proposal for digital operational resilience act (DORA[6]), and the revision of the second Payment Services Directive, are steps towards mitigating the identified risks.

The increasing number of Cyber-attacks in Europe indicates that a lot more needs to be done.

The growth of the Fintech sector has raised the need for regulators to adjust their role within the perimeter of prudential regulation. Extending the perimeter of bank regulation to all financial service providers could possibly constrain financial innovation. But keeping the new entrants completely out of the perimeter will tilt the playing field in their favour and leave consumers unprotected. A balance must be found to allow the regulatory perimeter to cover all activities that have systemic risk potential, while allowing for innovation.

Finally, Data protection is important in order to safeguard confidence in the banking sector.  As a result, Cyber security should be further enhanced and prioritised and Cyber-risk incidents need to be included in financial institutions’ business continuity and disaster recovery plans and be tested frequently.

Given the cross-border activities of Fintech and BigTech, authorities across jurisdictions should cooperate in regulating them.





[1] Financial Integration and Structure in the Euro Area:

[2] 4 Challenges for the financial industry and the best tech solutions to fight them, Rocky Osborn, November 2020.

[3] Financial Stability Review, November 2021:

[4] EU structural financial indicators: end of 2020:

[5] Financial Stability Implications from the FinTech, Financial Stability Board, 27 June 2017.

[6] DORA is a European attempt to streamline the third-party risk management process across financial institutions, by ensuring that an organization can continue to guarantee the continuity and quality of its services in the face of operational disruptions in information and communication technologies.