The World Economic Forum has announced a consortium aimed at addressing one of most pressing problems in digital banking: strengthening cybersecurity for fintech companies and data aggregators as the industry migrates to the so-called open banking model.

The founding members include Citigroup, Kabbage, the Depository Trust & Clearing Corp., Hewlett Packard Enterprise and Zurich Insurance Group. While the consortium is still determining many of the details, its big idea is to create a goalpost designed to help tech companies implement cybersecurity measures from the get-go.

“Fintechs can only deliver on their customer experience promises if the financial system is able to manage the risks adequately,” Matthew Blake, head of the financial and monetary system initiative at the World Economic Forum, said in a press release Tuesday. “This consortium will offer technology companies a clear goalpost and thus enable them to implement sound cybersecurity measures at the product design stage.”

In open banking, consumers choose which app — bank or nonbank — gets what transaction data. Critics warn that the model presents new opportunities for data theft.

Matthew Blake, head of the financial and Monetary System Initiative at the World Economic Forum
“Fintechs can only deliver on their customer experience promises if the financial system is able to manage the risks adequately,” said Matthew Blake, head of the financial and monetary system initiative at the World Economic Forum. Benedikt von Loebell, World Economic Forum

In addition to announcing the consortium, the World Economic Forum published a paper that proposed solutions to cyberfraud, such as developing a preliminary set of metrics to quantify digital risks. The members of the consortium, meanwhile, will work together on turning some of the paper’s ideas into realities. Up first, however, is adding about five or six more members to the group.

“Then we have a lot of work ahead,” Blake told American Banker.

Some of that work includes determining whether the group will focus on specific geographies, such as the U.S., or take a global perspective. “It depends on the composition of the group,” Blake said.

The goal is to get an entrepreneur, who typically wants to go to market as fast as possible, to think about cybersecurity upfront, and ultimately reduce the risk of introducing another source of entry for malicious activity, especially as banks and fintech companies work together more and more.

As an online lender that pulls in data from third-party sources, Kabbage sees its involvement with the consortium as helping to advocate for ways to address data security risks without stalling progress on innovation. “They don’t have to be at odds,” said Rob Frohwein, Kabbage's CEO.

The effort underscores how the stakes for cybersecurity initiatives are only rising in a digital banking world. The new consortium comes on the heels of a top Treasury Department official saying the administration’s upcoming report will address whether fintech companies need to be regulated more like banks, among other things.

Blake, meanwhile, emphasized how the consortium does not want to reinvent the wheel as much as bring best-of-breed ideas together. In the coming months, the consortium plans to create common principles for cybersecurity assessments in addition to offering fintech companies guidance for implementation, and creating a point-based scoring framework.

Mary Wisniewski

Mary Wisniewski

Mary is deputy editor of BankThink. She also writes on a variety of subjects as part of American Banker's bank tech team.