AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023


Guest blog by Felix Ong | 7 August 2018

Fintech (short for Financial Technology) is the generic term used for the innovative use of technology in the design and delivery of financial services.

With the development of technology, traditional financial institutions have expanded their business using Fintech through methods such as internet banking, contactless payments, access to bank accounts through smartphones and the use of Big Data in data analytics.

With further advancement in the use of social media and apps a gap has grown between customer expectation and user experience, a gap which is more and more being filled by specialist fintech businesses. Examples of this include crypto currencies, crowd funding, peer to peer lending and digital payments. Fintech companies are able to leverage off their front-end distribution channels; leaving the traditional financial institutions to continue to pick up the less attractive back end eg reconciliations, inter-bank settlement, cash provision etc.

Fintech is prevalent in other financial markets, particularly Asia Pacific and increasingly the US, and is developing at a great pace in UK and Europe, leveraging off the experiences from overseas.

However, these activities are beginning to receive increased attention from regulators (fintech’s are included in the UK Financial Conduct Authority Business Plan for 2018/19) and there are also concerns around data security (NB the recent implementation of GDPR) and cyber-security, eg hacking, with the increased use of the internet.

In the UK, the Competition and Markets Authority (CMA) seeks to increase competition by driving innovation in the quality of products and services that bank customers receive. Through the Open Banking regime, the banks in the UK are legally required to create open standards for APIs (Application Programming Interface), with full read and write functionality, making the customers’ account data available to third parties. Similar initiatives are currently underway with the Second Payment Services Directive (PSD2). From the above initiatives, the insurance companies in UK and Europe can also expect to operate under similar regulatory regime in the near future.

With the data that is available through the open API, innovations in the different segments of the financial services industry such as payments, savings, credit and insurance can lead to new opportunities to serve both the ‘banked’ and ‘unbanked’ population.

As a third party in the UK, fintech’s can gain access to a person’s financial transaction data, initiate payments directly from a person’s account as a bank transfer, etc. The following table is an example of how a fintech in the UK can replicate the fintech business model in Asia Pacific: 

Fintech reference from China

Business model of fintech startup in UK

How it can disrupt the banking/insurance sector in UK

WeChat (a multi-purpose messaging, social media and mobile payment app developed by Tencent)- has evolved into many areas by leveraging on the customer data. 

Ping An built a mobile platform called Ping An Good Doctor, which now has 77 million registered users and more than 50,000 doctors on board. Zhong An the first company in China to win an internet insurance licence.

The startup gains a huge customer base through its initial mobile service (eg social networking). Thereafter, the mobile service expands to making payments to third parties, purchase of insurance, etc. The provision of the additional services is made possible through the open data API as part of the open banking regime. 

The startup creates a portal that connects doctors across UK. The platform comprises of medical advice, appointment booking and niche medical services for the users. 

The startup further monetarises the customers’ medical data by cross-selling life insurance policies to prospective customers.

The banks traditionally earn a commission whenever it facilitates payments to third parties on behalf of customers. In addition, the banks earn a commission whenever its customers purchases an insurance policy through bancassurance.



What risks does this bring to the business? What do internal audit need to consider?


How well do they understand the risks inherent in fintech initiatives and business models and challenge accordingly?


Are staff development processes in place to ensure that bank personnel at all levels have the appropriate awareness and capability to management fintech risks?

Legacy bank technology platforms

Are they equipped to cater to challenges coming from new products and services and what controls are being put in place?


What safeguards have been put in place to protect customers with the new data sharing regulations, leading to more customers’ personal details being widely disseminated?


Is there clarity and consistency between departments?


Increased interconnectivity with different fintech firms, which may not be subject to equivalent regulatory expectations – how are these being monitored?

Internal audit needs to:

  • develop skills and resources aligned to business innovation hubs to ensure it can map the environment, understand risk profile and provide timely assurance, and
  • stay close to industry innovation and regulators’ evolving expectations to be able to appropriately challenge and support the business where it is seeking to innovate or use ‘disruptive’ technology.

Further reading

Financial Conduct Authority: Business plan 2018-19

Content reviewed: 1 February 2023