FinTech innovations worry federal regulators while state officials create a new enforcement team

The US Office of the Comptroller of the Currency (OCC) is out with new guidance that warns banks about the risks and rewards of FinTech and related innovations. Meanwhile, New York financial regulators have launched a cybersecurity division responsible for enforcing the state’s year-old cybersecurity regulations.

Federal Actions
Twice each year, the OCC reports on trends in the US financial sector that could be a “strategic risk” to the financial health and stability of banks. The most recent guidance includes a specific section on the risks associated with the rapid rise of FinTech and other innovations that complicate the way banks operate.

Not only does the OCC acknowledge tech-related security risks, but regulators also nod to the business risks of failing to adapt to changing market conditions that drive innovation such as customer expectations and the popularity of mobile banking: “Operational risk is elevated as banks adapt to a changing and increasingly complex operating environment. Key drivers for operational risk include persistent cybersecurity threats as well as innovation in financial products and services, and increasing use of third parties to provide and support operations that are not effectively understood, implemented, and controlled.”

In advising banking executives on what steps to take, the OCC notes: “Banks that do not assess business relevancy and impacts from technological advancement or innovation, or are slow adopters to industry changes, may be exposed to increasing strategic risk.”

State Actions
On the state level, New York’s Department of Financial Services (DFS) has created a Cybersecurity Division to enforce the State’s first-in-the-nation cybersecurity regulations adopted in 2017. The new unit will focus on protecting consumers and industries from cyber threats, a first for a state banking or insurance regulator.

“As technology changes the financial services industry, regulation must evolve, and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation,” noted DFS Acting Superintendent Linda Lacewell said.

New York’s action comes at a time when numerous states have strengthened their data privacy and security laws in the wake of continuing security breaches and ground-breaking privacy laws in Europe and California.