In the ideal world, we'd all have our diaries blocked daily to catch up on industry and regulatory updates which, at least in 2020, seemed to keep flooding the inboxes. Now, this being a busy, pandemic-stricken, limited networking world, it has realistically proven impossible to keep on top of all things fintech, emerging from a risk perspective.

A quick and subjective cheat sheet to concepts that every fintech risk owner should have ideally embraced by now:

• 3 lines model (...no longer of defense!): the industry model of three lines has been officially revamped in the summer of 2020 by the Institute of Internal Auditors. The official guidance is to drop the "defense" perspective in favour of proactively seizing opportunities to add value and formally allows for blending some first-and second-line roles (with risk management firmly remaining in the 1st line).

More on the scope of changes from the IIA: IIA Issues Important Update to Three Lines Model

• BNPL: Klarna, anybody? The buy now pay later model, or unsecured credit offering, has proven both incredibly profitable for the likes of Klarna and Clearpay, and incredibly uncomfortable for the regulators overseeing consumer protection measures at the height of the pandemic. The critics point to a largely unregulated market, competitors (regulated credit providers) to a drop in revenues, while the fintech industry is again proving success in innovation goes hand in hand with timing:

More on the FCA review of the unsecured credit market: FCA Call for Input: review into change and innovation in the unsecured credit market

• Synthetic identity: remote collaboration and trends such as online client onboarding have created a breeding ground for virtual fake identities used for AI enabled social engineering attacks. From fake audio, video to bots, the countermeasures are still limited and resource intensive. Often referred to as "the fraud that 85 percent of fraud detection systems miss", it better is a risk not missing from your risk registers.

• Fraud: you heard it right, the old fashioned fraud risk management is back on every respectful CROs mind. From the FCA to the BIS, a somewhat refreshing call to action has been issued in the context of the pandemic, Wirecard and cyber crimes in 2020: it is the management responsibility to prevent fraud, and fraud prevention in the digital space is only one more way collusion and collaborative threats manifest themselves.

• Resilience: again, one of those you have seen around for a while, and yet operational stress testing, documentation, prevention and controls have, most probably, been high up on your regulatory updates to do list both in 2020 and 2021. The pandemic has only increased regulatory focus on stressing operational limits, given the multitude of underlying aspects it entails, from third party relationships you founded your business model on, through the viability of your IT infrastructure the integrity of your offering relies on, to formally mapping out worse case scenarios of winding down an insolvent business, especially if entails safeguarding client money.

More on the European Commission's legislative proposal for a regulation on digital operational

resilience for the financial sector: digital operational resilience for the financial sector