Stringent Regulatory Measures Are Needed To Protect Fast-Growing Fintech: IMF

(Source IMF)

Over 3,000 cyberattacks were reported by the Ethiopian Network Security Agency (INSA) during the first half of 2021/22. The Agency disclosed that the number had nearly tripled compared to the same period the previous year. Five months later, the total number reached a staggering 6,000. 

The majority of cyberattacks were directed at financial and other service-providing institutions. According to INSA, hackers also targeted other institutions, including government institutions, regional bureaus, academic institutions, and media outlets. 

“Policies that target both FinTech firms and traditional banks proportionately are needed. This way, the opportunities that FinTech offers are fostered, while risks are contained.” 

Putting in place strong risk mitigation mechanisms is essential for the rapidly expanding fintech ecosystem. This is something that Ethiopia can learn from global experiences that have advanced ahead of the country. 

Threats to cyber security, fraud, anti-money laundering, and the battle against financing terrorist organizations are some of the potential threats that fintech companies must defend themselves against. 

Although Ethiopia is ranked among the lowest in its cybersecurity readiness, with the fast-changing technology world, it is never early to think about cybersecurity for regulators and implementers. 

According to a blog post published by the International Monetary Fund (IMF), although the majority of individual FinTech firms are currently small, they can expand relatively rapidly across both riskier clientele and business areas faster than traditional lenders (IMF). 

There is the potential for system-wide hazards to emerge as a consequence of both the rapid expansion and the growing significance of the financial services provided by FinTech companies for the operation of the financial intermediation system. 

Not only do companies that specialize in FinTech take on higher risks for themselves, but they also put pressure on more traditional competitors in the business. 

Read IMF’s Blog here.

 In a survey done by KPMG, in Ethiopia, 20% of respondents indicated that they had been a victim of ransomware in the recent past.

Business email compromise and data leaking are the second most experienced attacks faced by financial institutions, while 17% of respondents stated they had not experienced any attack. 

International Telecommunication Union’s Global cybersecurity index ranks Ethiopia 115th out of 182 countries, receiving a score of 27.7 out of 100. Mauritius ranked first in Africa. 

The index analyses legal framework, cooperative and technical measures, and capacity development. 

Ethiopia received the highest score on legal measures, while it received no points for cooperative measures. 

Legal measures include the availability of data protection, theft of personal information, identity theft and data and privacy protection, online harassment and illegal access legislations, and breach notification measures. 

Read more about the methodology of ranking here.

Additional resources 

Are African countries doing enough to ensure cybersecurity and Internet safety?

https://www.imf.org/en/Publications/WP/Issues/2018/06/22/Cyber-Risk-for-the-Financial-Sector-A-Framework-for-Quantitative-Assessment-45924

https://www.fintechfutures.com/2022/03/the-evolving-cyber-threat-landscape-in-2022-and-how-fintechs-can-mitigate-risk/