Data breaches. Security issues. Systems failures.
The list of pain points hammering the UK’s high street banks as they move into the new digital banking age has kept growing over the past few years. But most troubling of all for them has been the growth of competition from the new fintechs.
Fintech is already the UK’s fastest-growing sector with the UK now home to a disproportionate 25% of the world’s fintech unicorns. Investment of over $1billion in the first quarter of 2019 alone shows how much the sector already means to the UK’s lucrative financial services industry.
Yet reports of serious incidents of customer security and regulatory breaches involving some of the UK’s biggest fintech upstarts have started to pick up pace.
Is the UK fintech market experiencing the inadvertent digital growing pains of it’s established banking counterpart? Or does the tech industry ethos of “move fast and break things” mean we are building a new shadow financial sector of tech-based giants with as little regard for the public, laws and regulations as the traditional big banks have shown in the past?
Monzo has gained plaudits for their upfront approach to admitting when they’ve been involved in security breaches. It helps when you’ve been getting plenty of recent practice. And it’s somewhat easier when there is a third party involved to take the fall.
Last year their online survey partners Typeform dragged them into a data breach involving 20,000 customers. With personal details like email address, postcode, Twitter handles and actual customer names lost, it was embarrassing. But at least they had Typeform to throw under the bus as ultimately being responsible.
When criminals defrauded customers in a Ticketmaster-related scam, Monzo were quick to make sure everyone knew their Financial Crime team had been on the ball in spotting the fraud. Dropping the line that they tipped the US Secret Service off to the incident was a nice touch on how speedy they had been in resolving the problem.
But having a Net Promoter Score that the old incumbent banks can only dream of will only get you so far when the breaches start to come from inside your own house. Like when you announce that 500,000 of your 2.5m customers should change their PIN as they were being stored openly in log files accessible by Monzo staff.
Luckily, Monzo is claiming there is no evidence that any of the accounts involved have been victims of fraud but it’s left a bad taste in the mouth of many customers. They have grown to expect this kind of thing from the old, out-of-touch incumbents. But they expect more from the sexy new fintech crew.
Data breaches are bad. But things have been even more damaging on the PR front at competitors Revolut. In late 2018, their board instigated a sweeping internal investigation after a whistleblower outlined serious failings in their sanctions screening system.
When The Telegraph newspaper reported that thousands of transactions had failed to be screened, Revolut’s CEO Nik Storonsky took to the company blog to tell their side of the story. Storonsky claimed that it was changes made during testing of a new, more advanced screening process that caused the incident. He made it clear that it hadn’t been reported to the financial regulator because, on review, no sanctions or money laundering laws had been broken.
Having to wheel your CEO out to deny broadsheet allegations of negligence, money laundering and international sanctions violations doesn’t exactly breed consumer confidence. Not when the general public is all too aware of the high profile breaches of these very laws and regulations from the old-school high street banks they have grown up with.
In the minds of Joe and Jane Bloggs, where there is smoke, there is often fire. And these days tech companies, even in the financial sector, are far from immune to such accusations. Mark Zuckerberg’s sketchy appearances (or non-appearances) before Parliamentary commissions are recent proof.
Concerns over sanctions breaches are bad enough for any financial services provider but widespread concerns about Revolut’s links to Russia have been even more damaging to their international reputation. CEO Nik Storonsky is of Russian descent and his father’s position as a Deputy General Director of Science at Gazprom, Russia’s leading gas producer, has raised questions about the level of Kremlin influence at Revolut.
The fact that Revolut’s European banking license was granted in Lithuania in late 2018 does nothing to assuage the fears that the Russian regime has an indirect line into the bank’s operations.
Silicon Republic reported in April that the threat of Russian interference in Revolut’s affairs was so serious as to make it a point of discussion in the Lithuanian parliament. Russia’s ongoing EU and US sanctions, following their annexation of the Crimea in 2014, make for an interesting sidebar in light of the Revolut whistleblower’s claims last year.
Revolut countered the delay on launching their Lithuanian “specialized bank” by planning to apply for a banking license in Russia itself. The Lithuanian parliament had instructed a government commission “evaluating the transactions of strategic companies, to re-examine the credibility of Revolut.” Revolut has, of course, denied all allegations of Kremlin-backed interference from either Storonsky in Lithuanian politics.
The ongoing suspicions do have a very negative impact on Revolut’s plans to become a truly global financial services operator. Regulators and governments in the US, Asia and elsewhere will no doubt be keeping a close eye on developments as Revolut’s elite global licensing team look to expand their portfolio of banking licenses around the world.
Current geopolitical tensions between East and West and the ongoing uncertainty over major political issues such as Brexit are bound to play into this international propaganda war. Just because Nik Storonsky was born in Russia doesn’t mean he (or Revolut) are pawns of Vladimir Putin. Of course, it doesn’t. But in these days of Post-Truth politics and Fake News, does that really matter?
What the UK ultimately cannot afford is to allow a whole financial industry to bubble up with the same issues proliferating as those which have blighted the behaviours of the traditional high street banks. The massive public pressure for internal reform has not happened quickly enough at any of the old-timers. There is no question whatsoever that the fintech industry should be allowed to sidestep any moral duty to play the game in a more fair and conscionable way than their established counterparts.
Talk is cheap and the “fintech for good” message has to prove to be more than just a catchy slogan. If Fintech 1.0 allowed the likes of Wonga to negatively impact the financial lives of the most vulnerable members of the UK public, we have to ensure Fintech 2.0 meets its obligations. And the UK fintech unicorns have to lead the way to that brighter future.
Otherwise, it’ll just be another false dawn with value-driven millenials going in bright-eyed and idealistic and coming out the other side with their fat cat bonuses and expense accounts and a trail of destroyed customer lives in their wake. Meet the new boss, same as the old boss.
When the 1960s were done, the Woodstock generation abandoned the mantra of peace and love and embraced Reaganomics. Thatcherism’s “I’m alright Jack” attitude trumped any memories of Swinging London as the years passed and economic reality hit the Baby Boomers hard. In fifty years (if the planet hasn’t melted in on itself), will we look back on the Millenials influence on the fintech revolution in UK banking the same way? Only time will tell.