As more industries and consumers embrace mobile money, expanded interoperability and tighter integration with e-commerce platforms will become necessary. The emergence of blockchain similarly offers new perspectives across Africa. Expanding the breadth of mobile financial services to new areas such as consumer lending and enterprise payments is paramount. Applying the best cybersecurity standards while Expanding Financial Inclusion across Africa, is something achievable for the long term health of the financial sector for consumers and providers.
Technology introduces new risks, and many countries still must update cybersecurity laws and develop their capacity to enforce data privacy protections.
- Having an effective regulatory that includes requirements for adequate cybersecurity measures would benefit all fintech products and players. This would, in turn, boost consumer confidence, bring greater societal benefits, fintech industry business success, and help meet regulatory mandates for maintaining financial stability and security.
- Including cybersecurity requirements will mean developers and software engineers need to spend more time testing code and identifying risks in development and integration. This may be time-consuming and expensive but is vitally important not least because non-banked and under-banked consumers may be new to technology and therefore more susceptible to phishing and other socially engineered online scams. Online hackers and real-world criminals will pounce on this vulnerability.
- Data privacy—through the collection and use of personally identifying information—also needs to be addressed. As we create more and more digital citizens, their online footprint is growing. This makes them vulnerable to exploitation and abuse where poor documentation can be taken advantage of and used for illicit purposes such as money laundering. We need appropriate rules and regulations on the collection and use of commercial data and cross-referencing with customer data, including meta-data.
- Fintech regulators should adopt international cybersecurity standards. Luckily, international standards are available to identify cyber risk and introduce appropriate controls. Two prominent and leading sets of standards are showing the way. One is the ISO-IEC 27000 standard for information security management, a joint effort from the International Organization for Standardization and the International Electrotechnical Commission to help organizations of all shapes and sizes manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties. The other is the US National Institute of Standards and Technology’s Cyber Security Framework, a flexible and cost-effective approach consisting of standards, guidelines, and best practices to manage cybersecurity risks.
- Individual governments and regulatory bodies need to adopt and expand on these standards when they are setting up their fintech regulatory .A proper regulatory environment should demand suitable risk management tools and techniques relevant to the fintech product or service being developed. Clearly, the goal is not to stymie innovation. Rather, it is to insert the necessary rigour into risk management and cybersecurity surrounding useful technological innovations.
- A change will be ever-present as societies ride this wave—artificial intelligence and automation will make sure of that—yet with balanced regulation and rules in place we can stop innovative cybercriminals before they target valuable online financial services.
T
