RGlobal advances in access to and usage of formal financial services among underserved populations, driven in part by the proliferation of innovative digital financial platforms and services, amplify opportunities for individuals to enhance their financial well-being and contribute to broader economic growth. Yet global progress toward financial inclusion also raises important questions about the security of the financial ecosystem. After all, those who are most likely to be underserved by or excluded from the financial system—including low-income individuals and women—often stand to be the most adversely affected by financial losses associated with cybercrime.
Robin J. Lewis
Senior Research Associate and Associate Fellow - Governance Studies
Deputy Director - Leveraging Transparency to Reduce Corruption
Nonresident Senior Fellow - Governance Studies, Center for Technology Innovation
Darrell M. West
Senior Fellow - Center for Technology Innovation
Douglas Dillon Chair in Governmental Studies
To facilitate dialogue surrounding these questions, the Brookings Financial and Digital Inclusion Project (FDIP) team hosted a roundtable in February 2017 that explored the intersection of cybersecurity and financial inclusion. This roundtable provided an opportunity for a diverse array of public sector, private sector, and civil society representatives to discuss key cybersecurity challenges and opportunities within the digital financial ecosystem and explore possible pathways for policymakers, regulators, financial service providers, nongovernmental organizations, and other stakeholders to help strengthen the state of cybersecurity within the global financial landscape.
Below, we highlight key themes that emerged during the conversation and identify possible next steps for the financial inclusion community with respect to bolstering cybersecurity.
Exploring linkages between cybersecurity, financial inclusion, and other considerations
Cybersecurity solutions within the financial sector and anti-money laundering/combating the financing of terrorism (AML/CFT) controls aim to advance the security, stability, and integrity of the financial system. A secure and resilient financial ecosystem helps foster consumer trust, which serves as an important condition for many individuals’ willingness to engage with formal financial services. Financial inclusion initiatives can help facilitate access to and usage of these services among those at the margins of, or outside of, the formal financial ecosystem. These efforts to advance the adoption of regulated formal financial services and products help enhance transparency with respect to consumers’ financial activities, which in turn contributes to AML/CFT’s objective of promoting financial integrity.
Verification and authentication processes are important components of AML/CFT controls. Digital identity initiatives that leverage biometric information, including the Aadhaar program in India, are one example of a mechanism that can help support these processes. However, digital identity initiatives also raise important questions surrounding consumer privacy and the vulnerabilities associated with centralized repositories of sensitive personal information. For more information about the issue of digital identity as it pertains to financial inclusion and financial integrity, read this post from a previous FDIP roundtable.
Advancing proportionate AML/CFT approaches and proactively investing in cybersecurity measures can help attenuate the possibility of cybercrime. However, even when preventative mechanisms are in place, the risk of fraud, cyberattacks, and other forms of financial crime remains. Robust consumer protection frameworks are a key component of successful financial inclusion environments, in part because they help mitigate the consequences of these risks and support consumer confidence in, and engagement with, the formal financial ecosystem.
Identifying cybersecurity-related risks within the financial inclusion ecosystem
From a technical perspective, outdated and centralized systems that may be vulnerable to attack pose a significant challenge for the cybersecurity community. At the same time, newer technologies such as blockchain are not exempt from cybersecurity threats such as hacking. Several participants at the roundtable raised concerns that regulators and financial service providers, including nontraditional entities that have emerged with the rise of FinTech, often neglect to adequately invest in cybersecurity measures. There are a number of possible explanations for this problem, including budget constraints, competing policy priorities, unwillingness to draw attention to cyber threats, and a lack of awareness surrounding cybersecurity issues.
From a financial inclusion perspective, other participants expressed concerns that elevating conversations surrounding cybersecurity within the financial inclusion community might actually have a chilling effect on some customers’ willingness to engage with digital financial services. The rationale underpinning this concern is that the term “cybersecurity” might sound sufficiently alarming to diminish consumer trust in and engagement with these services, particularly among individuals who have limited familiarity with the formal financial sector. Some participants also suggested that pivoting the conversation from cybersecurity to consumer protection and fraud prevention more broadly would help shift the focus from banks to a more inclusive representation of digital financial service providers.
Ultimately, participants agreed that while there is a certain amount of risk inherent in the use of any financial product or service, customers should be encouraged to evaluate that risk in light of the benefits afforded by financial tools. For example, in order to use a credit card online, customers must provide all the information a malicious actor would hypothetically need to defraud them—and yet, for many individuals, the advantages of accessing credit through this platform far outweigh the risks.
Strengthening cybersecurity moving forward
Participants generally agreed that the issue of cybersecurity merits greater attention from financial service providers, customers, and the regulatory community. Below we identify four possible action items for these stakeholders to consider in their efforts to foster a secure, stable, and inclusive financial ecosystem.
- Enhance technical assistance. Amplifying technical assistance for public and private sector stakeholders within the financial inclusion ecosystem—including regulators, policymakers, and financial service providers—would help equip these entities with a greater understanding of key cybersecurity pain points and best practices.
- Advance consumer protection frameworks and financial capability initiatives. As noted in the 2016 Brookings FDIP report, developing and implementing robust financial consumer protection frameworks is a key dimension of financial inclusion. Other mechanisms for helping protect consumers include promoting financial education and capability programs that equip customers with information about the risks and opportunities associated with different products and services, as well as training on ways to securely manage them.
- Consider the use-cases and technologies involved. When developing cybersecurity guidance and solutions, stakeholders must consider the full spectrum of technologies and applications deployed by relevant market segments. For example, while smartphone penetration and mobile broadband network coverage continue to gain momentum, many underserved individuals are still relying on older technologies (e.g., 2G networks). Cybersecurity solutions must be tailored to these varying circumstances accordingly.
- Facilitate knowledge sharing across sectors. Given the proliferation of diverse entities situated at the intersection of finance and technology, fostering dialogue between traditional and nontraditional financial service providers, regulators, and policymakers is critical for determining how to best cultivate a secure and inclusive financial system. This dialogue could inform the development of a “menu” of policy options aimed at sustainably strengthening cybersecurity. Moving forward, determining what type of entity (or entities) would be best positioned to lead the development of such a menu could be a helpful next step for the financial inclusion community.