Fintech Risk Events
Purpose
Fintech Risk Events is an open catalog of observed (publicized) operational failures (Risk Event) of fintech business models (excluding cryptocurrency). The catalog aims to document (in due course) such events reasonably accurately to allow risk managers understand the (potentially new) vulnerabilities of new financial services models.
List of Events
1. Entity | 2. Publication Date | 3. Country | 4. Category | 5. Event Description | 6. Event Type | 7. Loss Amount | 8. Links |
---|---|---|---|---|---|---|---|
Clinkle | Jan 2014 | US | Payments | API Security Breach | EF | N/A | Techcrunch |
Wonga | April - Oct 2014 | UK | Payday Loans | Bad Debt Collection Practices, Debt writeoffs | CPBP | ~240mln Pounds | Wikipedia |
TrustBuddy | Aug 2015 | Sweden | P2P Lending | Misuse of client funds, Bankruptcy | IF | N/A | FT, Telegraph |
Prosper | Dec 2015 | US | P2P Lending | Enabling financing to suspected terrorist | CPBP | N/A | LAT |
Powa Technologies | Feb 2016 | UK | POS, Payments | Bankruptcy | Business Failure | N/A | Wikipedia |
Ezubao | Feb 2016 | China | P2P Lending | Fake investment products to one million retail investors | CPBP | $7.6bln | NYT |
Dwolla | Mar 2016 | US | Payments | Poor Consumer Data Protection Practices | CPBP | $100k | WSJ |
LendingClub | May 2016 | US | P2P Lending | Altering Loan Information | IF,CPBP | N/A | Wikipedia |
LendUp | September 2016 | US | Payday Loans | Misleading borrowers about pricing, failing to report credit information | CPBP | $6.4 million in fines | WSJ |
Wonga | April 2016 | UK | Payday Loans | Client Data Breach | EF | N/A | BBC |
Prosper | May 2017 | US | P2P Lending | Overstating Returns | BE | N/A | Bloomberg |
Think Finance LLC | Nov 2017 | US | Payday Loans | Unfair, deceptive, and abusive acts and practices in collecting online installment loans | CPBP, Bankruptcy | N/A | CFPB |
Revolut | Jul 2018 | UK | Payments | Suspected Money Laundering | IF | N/A | Reuters |
Wirecard | Jan 2018 | DE, SG | Payments | Accounting Irregularities | IF | N/A | Deutsche Welle |
Monzo | Aug 2019 | UK | Digital Bank | Potential Security Breach (Unencrypted PIN's) | BE | N/A | Guardian |
Chime | Oct 2019 | US | Digital Bank | Service Outage | BE | N/A | CNBC |
Chinese P2P Lenders | 2018 - Oct 2019 | China | P2P Lending | Sector-wide crackdown | IF, CPBP, Bankruptcies | N/A | Bloomberg, |
Robinhood | Nov 2019 | US | Electronic Trading | Software Glitch enabled clients with unlimited leverage | BE | N/A | Bloomberg |
Apple/Goldman Sachs | Nov 2019 | US | Credit Cards | Algorithmic Bias | CPBP | N/A | BBC |
Loqbox | Dec 2020 | UK | Credit Ratings | Data Breach | BE | N/A | Register |
Schema
Entity
An (informal) identification of the entity involved
Category
The subsector of the fintech industry in which the entity is operating
Publication Date
A rough indication (+/- Month of the Year) of when the risk event has become more widely known
Event Description
A brief narrative of the main aspects of the event, ideally with links to corresponding explanatory entries of the underlying risk mechanisms
Country
The Country where the company is incorporate and / or where the risk event materialized
Loss Amount
A monetary amount as an indicator of the scale of the event
Links
Links to reputable and permanent URL's where the event is discussed.
Event Type
Given the close relation of Fintech to the financial industry it is instructive to attempt to classify events according to the globally recognized bank regulatory framework (Basel II) as listed below:
- Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery
- External Fraud - theft of information, hacking damage, third-party theft and forgery
- Employment Practices - discrimination, workers compensation, employee health and safety
- Legal Risk - Clients, Products, and Business Practice - market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
- Physical Damage - Damage to Physical Assets - natural disasters, terrorism, vandalism
- Business Disruption and Systems Failures - utility disruptions, software failures, hardware failures
- Business Execution, Delivery, and Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets
NB: This classification of Fintech Risk Events may be tenuous for some instances, given the novelty of business models.
Business Failure Events
The Basel classification scheme does not include total business failure (that is, events of administration, bankruptcy etc) as an operational risk event. This is because the operational risk framework is primarily meant to help manage / mitigate operational risks, whereas Bankruptcy is the final outcome when all management efforts have failed.
We currently do include fintech business failures as a category, as they are informative for risk management purposes. A threshold of total funding raised will be applied (to differentiate bankruptcies from the much more common business model failures of early stage startups). On the other hand, failure of a new business model to flourish (resulting e.g. in an orderly sale to third party), while possibly informative about risk factors associated with the adopted business model, can not be cleanly separated from more traditional risk management categories and is not included.
Criteria for inclusion
Risk Event Eligibility
There should be adequate, independent, confirmed and public information about the event, with authoritative, permanent urls.
Materiality Threshold
At present there is no explicit materiality threshold
Company Scope
Fintech companies, i.e. newly established financial services providers that operate primarily or exclusively via new (digital) platforms and may be unregulated, as distinct from established financial services firms that operate with a mix of older technology platforms and are (mostly) regulated. Indicatively, the crisis period of 2008-2009 is the cutoff date for newly established entities.
As established firms adopt "fintech" models the list will aim to include any operational risk events associated with these platforms (to the extend that this can be clearly identified in published information). Out of scope are risk events captured under other risk categories such as unexpected credit losses (credit risk) or market losses (market risk), although sometimes it is difficult to cleanly classify an event.
General purpose digital marketplaces (e-commerce) are not in scope.
Crowdfunding
There are various reports (and reporting sites) about crowdfunding scams. While the proliferation of such events can potentially tarnish the reputation of crowdfunding platforms, to date there appears to be no event that would qualify