Risky business: the legal dangers fintech companies can face

19 Apr 2016

If you fail to take appropriate legal steps, such as adequately protecting your IP, your company could easily end up finding itself outsmarted by other players in the fintech space

Mason Hayes & Curran looks at the rapid growth of fintech and the legal risks fintech companies should be aware of when putting their technology and data out into the world.

The term fintech can encompass two different types of technology in the financial services industry: new and innovative consumer-facing financial products, or 
new technology that tackles existing problems or improves existing processes.

The pace of modern technological innovation and the current global financial climate are two factors 
that have contributed to the rapid growth of fintech. In banking, for example, fintech is part of a transformation that is changing numerous aspects of the end-customer experience.

Customers are becoming accustomed to online and mobile-friendly services and banking options ‘on the go’, which are facilitated by 24-7 connectivity through tablets and smartphone devices. This is, in turn, forcing financial services organisations to invest in these capabilities in a 
bid to stay competitive. The ‘age of austerity’ and the global financial crisis also helped agile fintech start-ups to compete against incumbents that, due to a lack of resources or regulatory scrutiny, did not modernise or improve their existing products and processes.

The case in Ireland

To illustrate how important fintech is becoming globally, Accenture reports that worldwide investment in fintech tripled to $12bn in 2014, with UK and Ireland-based companies taking the largest share of Europe’s fintech deals. In a similar manner, Deloitte estimates that the fintech industry 
has the potential to employ more than 10,000 people in Ireland by the year 2020.

The Irish government is showing 
its support through the publication of ‘IFS2020: A Strategy For Ireland’s International Financial Services Sector 2015 – 2020’. IFS2020 sets out the Government’s renewed commitment and support for the sector and seeks
 to position Ireland as a leading global centre for fintech investment.

One of IFS2020’s main objectives 
is driving research, innovation and entrepreneurship in the international financial services sector for both existing multinational financial services firms and new fintech companies.

With all of this in mind, it is no surprise that interest in Ireland’s fintech ‘hub’ in Dublin is booming, and it is common to see indigenous start-ups working alongside established international financial services companies.

Key tech risks in fintech

From a technology law perspective there are a variety of unique legal and business risks that fintech companies of all sizes need to be aware of.

Cyberattacks and security

As recent news headlines illustrate, damages arising from cyberattacks are no longer limited to financial loss but can also include reputational damage, business interruption, data loss, claims for compensation and regulatory fines.

While banks have historically been the main target of cyber-criminals, modern cyber-criminals may try to focus on fintech companies that have a completely online presence, coupled with fewer resources to invest in security. Indeed, the amount of financial or personal data that the average fintech company collects means that both the harm and likelihood of a successful attack could be substantial.

To minimise the risk of, and damage arising from, cybercrime, a fintech company needs to be able to react quickly, isolate attacks, and eliminate the threat. Cybersecurity is only effective if a fintech company has clear organisational practices and training in place.

At a minimum, it should have adequate security and data protection processes, as well as disaster-management plans that are clear and that employees are trained to operate. While these strategies can help, it is important to keep in mind that the ultimate goal is to maximise the chances of preventing a cyberattack before it can occur.

Data privacy and big data

The rise of fintech, coupled with the financial service industry’s more general shift online, has resulted in a tremendous amount of digital data being created and processed every day. These sets of “big data” come with great opportunities that a fintech company can exploit through new business models that identify possibilities for new products or manage existing risk.

But they also come with dangers that are multiplying as the volume of data being collected grows. In the 
current environment of big data collection and analytics, confidentiality and data privacy are key concerns for regulators and customers.

With this in mind, a critical component of the success of a fintech company is to understand data protection and privacy laws, regulations and export controls and how to comply with them in a cost-effective way. A fintech company needs to have in place appropriate privacy policies, cookies policies and data-transfer arrangements.

The issue of who is a data controller and who is a data processor applies to fintech companies in the same way that it applies to any organisation processing and storing personal data. Moreover, the ability of a company to demonstrate that it takes data privacy seriously has the added benefit of building its reputation in the marketplace as a trusted provider.

Intellectual property protection

Fintech has facilitated the development of disruptive software and technology that prioritises the end-customer experience and provides more control over their money. As a result, an investor will view a significant portion of the value of a company as its brand and underlying technology. One of
the most damaging things in the technology industry, from
 a financial, legal and public relations perspective, is being suspected of infringing another party’s intellectual property.

For these reasons, it is essential that all intellectual property a fintech company owns or licenses is adequately protected. Entering appropriate software licensing and development agreements, filing relevant patents, registering trademarks, protecting confidential information and ensuring that all relevant website addresses and social media sites are secured are ways to help accomplish this.

From a cost perspective, a fintech company may also wish
 to consider entering into licensing agreements that allow 
it to lawfully use and exploit the IP and technology of other companies, as this helps it to utilise what is already available in the market without having to invest valuable capital in creating new IP that ‘reinvents the wheel’.

Undoubtedly, fintech is re-shaping and improving financial services and money in a fundamental way. The race is on for technology and financial services companies to create faster, cheaper and more efficient solutions that integrate with the modern lifestyle.

In order to continue their surge and be able to tap into future funding, it is vital that fintech companies adequately address risks such as cyberattacks, data privacy and loss of control over intellectual property. The ultimate challenge for these companies is to understand the legal and business risks they may encounter, as well as strategies to mitigate these risks, while staying on the right side of legislation and regulators.

Philip Nolan & Mark Adair

Philip Nolan is a partner, and Mark Adair is a senior associate, with Mason Hayes & Curran Lawyers.

Chess board image via Shutterstock