Last week I had the good fortune of participating in a panel discussion hosted by Pendo Systems on the state of data in FinTech. The panel included FinTech and data all-stars Ned Carroll (Chief Data Officer at TIAA), Philip Dodds (CTO at Pendo Systems), Alexandra Villarreal O'Rourke (Partner at McGuireWoods with a focus on FinTech regulatory matters), and was moderated by Patrick Rivenbark (VP of Strategic Partnerships at MEDICI). Five themes emerged from the discussion that we see affecting many of our clients, too.

Theme 1: Why FinTech Data Is Different Than Other Data

Early in the discussion an audience member asked, “Why is FinTech data any different than other data, or even other regulated industry data like healthcare?” The panelists answers varied, but Alexandra highlighted one key point: some FinTech data is actually toxic. Meaning, FinTech and financial services companies have some data that they must possess to operate the business, but are simultaneously prohibited from using by law for seemingly related uses. Credit decisioning is one such example: a company may have data attributes that could be seen as useful for making a credit risk decision, but cannot do so lawfully. Contrast this with healthcare, for example, where you hope your doctor is using all available data when treating you as a patient!

Some FinTech data is actually toxic.

As data becomes more easily indexed, analyzed, used to created derivative data and, more importantly, used to train machine learning models, the risk of unknowingly doing something prohibited with financial data grows. Nonetheless, the ability to effectively—and legally!—leverage data will have an enormous advantage.

Theme 2: Complications Created by Machine Learning Models for FinTech

The complications from ML models goes beyond the risk of inadvertently using data that should be ignored. As Philip Dodds pointed out during the discussion, there are also risks that arise from the perception of model portability. Many organizations think about ML models in the same way they think about source code: the code is static, so if a company has the appropriate licenses and indemnification, they believe they are protected.

In reality, ML models are more like source code plus training data; you can’t decouple the two. Trying to export (or import) a model should be viewed in the same light as exporting (or importing) the training data because the model is derived from the data. Moreover, a model that you know to be used by a competitor can be used to develop competitive strategies by finding weaknesses in the model and exploiting them.

There are ways to mitigate these risks, but it’s important for financial services and FinTech companies to define their strategy and engineer the appropriate controls before “letting the genie out of the bottle”.

Theme 3: New Opportunities—and Threats—Created by GDPR

The EU’s General Data Protection Regulation (GDPR) is both an asset and a liability to FinTech’s and financial services. The provisions requiring data portability are driving new business models which can be used to find new revenue streams. However, protections for consumers include penalties that are material and can create compliance difficulties. For example, consumers have a “right to erasure” of their data (with certain limitations). The implications of this are enormous: digital, unstructured data in particular can be difficult to identify and erase. For example, a PDF of a document containing personal data that lives on network storage or in email attachments can be very challenging for an organization to even know they possess, much less erase.

While tools from companies like Pendo Systems exist to help ingest, index and analyze unstructured data, organizations need to spend more time and effort in developing programs for compliance. Furthermore, although GDPR is an EU regulation, it is intended to protect EU citizens globally in their dealings with all companies, not just those based in the EU.

Theme 4: The Emergence of FinTech Partnerships With Banks

The panel pointed out that the belief that innovative FinTech companies would (destructively) disrupt traditional financial services companies is slowly giving way to a more measured view of partnership. While financial services still must take the threat of destructive disruption seriously, we see more symbiotic partnerships forming where FinTechs provide innovative technology in return for banks’ regulatory, risk and compliance programs and expertise. Many FinTech companies, particularly in the data and machine learning space, still find partnership with banks difficult because of banks’ long, complex vendor management processes.

One important distinction we see with our clients - both banks and FinTechs - is that every bank is different and even within a bank, the rigor involved with partnering with a FinTech may vary by group. For example, most banks we work with have a different posture towards technology and innovation if you talk to a technology team that supports retail bank products and a quant or strat working in equity derivatives. It’s important for FinTech companies to understand these nuances in the banking business. Likewise, it’s important for banks to continue to evaluate and adjust their vendor management practices because the ability to partner with innovative companies is a strategic, differentiating business advantage.

Theme 5: Cloud Adoption and Its Effect on Banks

An audience member asked when banks would begin seriously considering adopting cloud hosting technology. Ned commented that we’ve already reached that point. Indeed, this is in line with what we see in working with our clients: both large banks and, more tellingly, some regional banks, are making serious investments to adopt cloud technology. The banks that take action on this trend late will be at a serious disadvantage both in terms of their speed to get new products to market and in the operational efficiency of their IT environments.

While it is encouraging that more banks are making these investments, it will lead to a new set of challenges for many of them: legacy applications that were not engineered to be operated in the cloud. To achieve the maximum benefit of cloud technology, these applications should not just be “lifted and shifted” but re-architected to leverage cloud-native architectures. Indeed, when we’ve undertaken these efforts with clients in the past—for example, by moving legacy data analytics operations to AWS RedShift and Lambda—they’ve recognized orders-of-magnitude savings.


All of these themes hint at a couple important realities facing companies of all sorts, but perhaps most acutely those in financial services:

  • The pace of digital transformation is continuing to accelerate and failure to act will result in decreased competitive and ultimately the loss of revenue and higher efficiency ratios.
  • Improvements in the tools to work with and analyze data—both structured and unstructured—coupled with the elasticity of cloud infrastructure creates unique opportunities for the use of AI and machine learning.
  • These improvements will ultimately lead to even better customer experiences, powered both by internal financial services tools and by FinTech partnerships, but the future will favor those companies that begin thinking of themselves as software companies in addition to their business competency.

I’m looking forward to what our shared technology future holds.