Authors: Ali Mwase, Ernest Ketcha Ngassam, Shawren Singh
Affiliation: Makerere University Business School, University of South Africa


Keywords: Fintech, Security risks, Risk management, Cyber security, Risks
ABSTRACT. The rapid evolution of financial technology (Fintech) has brought about unprecedented opportunities and challenges, particularly in the realm of security. This research paper conducts a thorough exploration of the security landscape within the Fintech sector, with a focus on identifying and understanding the diverse risks that pose threats to the industry's resilience. The study delves into operational, technological, regulatory, and cybersecurity risks, unraveling their complexities and implications for the Fintech ecosystem. The core of this research lies in the comprehensive examination of risk management strategies employed by Fintech entities to fortify their resilience against the identified security threats. By synthesizing current literature and industry practices, the paper provides valuable insights into innovative risk mitigation approaches, considering the dynamic nature of the Fintech environment. Special attention is given to the integration of advanced technologies, regulatory compliance, and collaborative frameworks that contribute to enhancing the sector's overall resilience. Furthermore, the study proposes a Fintech Ecosystem Risk Management Metamodel to illustrate the practical application of risk management in addressing security challenges for the sector. The findings aim to equip industry practitioners, policymakers, and researchers with a nuanced understanding of the interconnected dynamics between security risks and effective risk management in the Fintech landscape. Ultimately, this study contributes to the ongoing discourse on fostering resilience within Fintech, ensuring the sustained growth and stability of this transformative sector.


1. Aagedal, J.O., Den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D. and Stolen, K. (2002).September. Model-based risk assessment to improve enterprise security. In Proceedings. Sixth International Enterprise Distributed Object Computing (pp. 51-62). IEEE.
2. Akanksha, M. (2022).Top 10 Fintech API Security Risks and Challenges. Available at:
3. Alijoyo, F.A. (2022). The use ISO 31000: 2018 in Indonesian Fintech Lending Companies: What Can We Learn?. Journal of Business and Management Studies, 4(1), pp.16-22.
4. Alliance for Financial Inclusion(AFI),( 2020).Creating Enabling Fintech Ecosystems: The Role Of Regulators.Special Report.
5. Amundrud, Ø., Aven, T. and Flage, R.(2017). How the definition of security risk can be made compatible with safety definitions. Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 231(3), pp.286-294.
6. Armenia, S., Angelini, M., Nonino, F., Palombi, G. and Schlitzer, M.F., (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 147, p.113580.
7. Asgarkhani, M., Correia, E. and Sarkar, A. (2017). February. An overview of information security governance. In 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET) (pp. 1-4). IEEE.
8. Callen-Naviglia, J. and James, J.(2018).FINTECH, REGTECH AND THE IMPORTANCE OF CYBERSECURITY. Issues in Information Systems, 19(3).
9. Cernisevs, O., Popova, Y. and Cernisevs, D.(2023). Risk-Based Approach for Selecting Company Key Performance Indicator in an Example of Financial Services. In Informatics (Vol. 10, No. 2, p. 54). MDPI.
10. Cobb,M.,(2022).How to perform a cybersecurity risk assessment in 5 steps. Available at:
11. CYE.(2022). A Step-By-Step Guide to Cyber Risk Assessment: How to strengthen your security posture and optimize security investments by assessing and prioritizing cyber risks.
12. Dattani, I.(2016).Financial Services and Fintech A review of the Cyber Security threats and implications. Technical Report. Research gate.
13. Dunn Cavelty, M., (2014). Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and engineering ethics, 20, pp.701-715.
14. Fenwick, M., and Erik PM V. (2020).Banking and regulatory responses to FinTech revisited-building the sustainable financial service'ecosystems' of tomorrow.: 165-189. Singapore Journal of Legal Studies Mar 2020.
15. Fintech Global (2021).Why risk assessment is important for financial institutions in a digital era. Available at
16. Gomber,P., Robert J. Kauffman, Chris Parker & Bruce W. Weber.(2018).On the Fintech Revolution: Interpreting the Forces of Innovation, Disruption, and Transformation in Financial Services, Journal of Management Information Systems, 35:1, 220-265, DOI:10.1080/07421222.2018.1440766.
17. Govindraj, B. (2022). Understanding Fintech Security Concerns For A Safer Fintech Ecosystem. Global Business Head Available at:
18. Gurdip,K., and Arash, H.,L.(2021). Understanding cybersecurity management for FinTech: cybersecurity threats in FinTech (Article 3) Available at:
19. Hamilton.A.(2020). 2020 review:Top five cyberattacks this year. Available at:
20. Haneef, S., Riaz, T., Ramzan, M., Rana, M.A., Hafiz, M.I. and Karim, Y. (2012). Impact of risk management on non-performing loans and profitability of banking sector of Pakistan. International Journal of Business and Social Science, 3(7).
21. Hutchins, G. (2018).ISO 31000: 2018 enterprise risk management. Greg Hutchins.
22. IBM.(2023).What are security controls?.Available at:
23. Innerhofer-Oberperfler, F. and Breu, R. (2006).Using an Enterprise Architecture for IT Risk Management. In ISSA (pp. 1-12).
24. ISO, (2002). Risk management vocabulary. ISO/IEC Guide 73
25. Kaur, G., Lashkari, Z.H. and Lashkari, A.H. (2021).Understanding Cybersecurity Management in FinTech. Springer International Publishing.
26. Keong, O. C., Leong, T. K., & Bao, C. J. (2020). Perceived Risk Factors Affect Intention To Use FinTech. Journal of Accounting and Finance in Emerging Economies, 6(2), 453–463.
27. Khalil, F. and Alam, H.M.(2020).Identification of Fintech Driven Operational Risk Events. Journal of the Research Society of Pakistan, 57(1), p.75.
28. Krejcie, R. V., & Morgan, D. W.(1970). Determining sample size for research activities. Educational and psychological measurement, 30(3), 607-610.
29. Kure, H.I., Islam, S. and Razzaque, M.A.(2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences, 8(6), p.898.
30. Lake, A.J.(2013). Risk management in Mobile Money: Observed risks and proposed mitigants for mobile money operators. World Bank.
31. Li, Y. and Liu, Q., (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, pp.8176-8186.
32. Lukonga,I.(2018). Fintech, Inclusive Growth and Cyber Risks: A Focus on the MENAP and CCA Regions. IMF Working Paper.
33. Machi, L. A., & McEvoy, B. T. (2016).The literature review: Six steps to success.
34. Maseno, E.M.; Ogao, P. Matende, S.(2017).Vishing Attacks on Mobile Platform in Nairobi County Kenya. Int. J.Adv. Res. Comput. Sci. Technol.
35. Mayer, J. and Fagundes, L.L.(2009). A model to assess the maturity level of the risk management process in information security. In 2009 IFIP/IEEE International Symposium on Integrated Network Management-Workshops (pp. 61-70). IEEE.
36. Mehrotra, A. and Menon, S. (2021). Second round of FinTech-Trends and challenges. In 2021 2nd International Conference on Computation, Automation and Knowledge Management (ICCAKM) (pp. 243-248). IEEE.
37. Muhn, J. (2020).Cybersecurity: The Hidden Risks of Fintech Services” .Available at Accessed on 25th-June-2020. [108]NSFOCUS.: 2017 Fintech Security Analysis Report. Available at:
38. Noor, U., Anwar, Z., Amjad, T., & Choo, K. K. R. (2019). A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise. Future Generation Computer Systems, 96, 227-242.
39. NSFOCUS.(2018).2017 Fintech Security Analysis Report. Available at:
40. NSFOCUS.(2018).2017 Fintech Security Analysis Report. Available at:
41. Park, J. K., & Kim, I. (2015).A Study of Countermeasure against Security Risk of Fintech Services for Financial Innovation. Knowledge Management Research, 16(4), 35-45.
42. Prewett, K., & Terry, A. (2018).COSO's updated enterprise risk management framework—A quest for depth and clarity. Journal of Corporate Accounting & Finance, 29(3), 16-23.
43. Razzaque, A., Cummings, R. T., Karolak, M., & Hamdan, A. (2020).The Propensity to Use FinTech: Input from Bankers in the Kingdom of Bahrain. Journal of Information and Knowledge Management, 19(1), 1–22.
44. Sampat, B., Mogaji, E., & Nguyen, N. P. (2023).The dark side of FinTech in financial services: a qualitative enquiry into FinTech developers’ perspective. International Journal of Bank Marketing.
45. Santa, R. and Carlos, H.,(2014). Physical and Infrastructure Security IT. Computer Science.
46. Stoneburner, G., Goguen, A. and Feringa, A. (2002). Risk management guide for information technology systems. Nist special publication, 800(30), pp.800-30.
47. Tunggal,A.,T.(2023). Cybersecurity:How to Perform a Cybersecurity Risk Assessment (2023 Guide). Available at:
48. UN (2021).CEPA strategy guidance note on Risk management frameworks.
49. Vellani, K.(2006). Strategic security management: a risk assessment guide for decision makers. Elsevier.
50. Vučinić, M.( 2020). Fintech and Financial Stability Potential Influence of Fintech on Financial Stability, Risks and Benefits. Journal of Central Banking Theory and Practice, 9(2), pp.43-66.
51. Wang,J.(2021).4 Security Issues Fintech Firms are Facing. Available at:
52. Whitman, M.E. and Mattord, H.J.( 2021). Principles of information security. Cengage learning.
53. World Bank.(2021). Consumer Risks in Fintech: New Manifestations of Consumer Risks and Emerging Regulatory Approaches. World Bank.