Co-authored by Denny Wan and Jonathan Hitch, peer-reviewed by Bob Mark. Denny is the chair of the FAIR-CAM User Workgroup. Jonathan leads the Embedded Finance Workstream in the Workgroup. Bob is a member of the FAIR-CAM Workgroup Advisory Board.
The FAIR-CAM™ controls model was created by Jack Jones, the author of Factor Analysis of Information Risk (FAIR™), the international standard for quantification of cyber and technology risk. The FAIR-CAM™ model is an extension of the FAIR standard that documents how controls physiology functions by describing how controls affect the frequency and magnitude of loss events. The FAIR-CAM™ model accounts for controls both with direct and indirect effects on risk, yielding a complete system view.
Controls Physiology
Controls physiology is a revolutionary approach for modeling complex real-world risk management challenges such as embedded finance in the financial supply chain. The prevalent risk modeling approach confines the modeling process to a functional silo such as Open Banking API Standards. This traditional approach is akin to studying the physiology of the heart without considering a patient's lifestyle, such as smoking and drinking, which harms the arteries connecting the heart to vital organs. There is a place for both types of physiology examinations.
This paper applies the FAIR-CAM Variance Management Controls to examine the discretional operational risk decisions by entities along the embedded finance chain. These discretional operational risk decisions are equivalent to the patient's lifestyle choices. These insights expose regulatory options in embedded finance.
Variance arises where discretional decisions do not appear to align with their expected behavior as captured as Terms of Service (TOS) in their supply contracts. The data breach committed by Cambridge Analytica against Facebook, described by Facebook as a mere breach of TOS, highlighted the difficulty in and importance of managing TOS through control variance management.
The FAIR Institute welcomes content contributions from the FAIR community. Contact us with your ideas!
Financial Inclusion to Combat Cost of Living Pressure
An important emerging embedded finance use case is to improve financial inclusion. The end of the COVID lockdown is a welcoming relief to many, enabling traveling and reviving the retail sector. However, it also directly contributes to the rapid increase in the cost of living that is driven up by the increases in successive interest rates to combat inflation. As a result, disadvantaged populations are disproportionately impacted by this market distortion, further deepening their isolation from the financial system.
Enabling financial inclusion is a long-held objective for most governments in Western economies. There is a long-held myth that financial inclusion, such as the unbanked and under-banked, are only a fixture in third-world countries labored under an immature economic structure. The fact is that, according to the 2021 FDIC National Survey of Unbanked and Underbanked Households report, an estimated 4.5 percent of U.S. households (approximately 5.9 million) were “unbanked” in 2021. According to Forbes, 16% of Americans are underbanked.
An underbanked household has a bank account but lacks adequate access to other traditional financial services, such as credit and loans. Being unbanked can be inconvenient and costly. Unbanked Americans must pay high fees for everyday financial services like check cashing and money orders. It can cost anywhere from a few dollars to well over $10 to cash a check and up to $2 or more per money order. Similarly, underbanked households may also use expensive and risky credit products like rent-to-own, payday, and auto title loans.
Breaking the Rules or Innovation
Payday loan providers are known for exploiting vulnerable populations suffering from financial exclusion who heavily rely on the cash economy. The transaction cost for cash-based payments is generally significantly higher than equivalent credit or electronic transactions. These vulnerable people are exploited because they lack access to a checking/saving account and credit facility. This includes receiving their wages in cash due to the lack of a receiving bank account.
The buy now pay later (BNPL) products have taken the global market by storm in the past few years, offering an alternative to traditional credit products. At the same time, these products do help to ease some of the financial exclusion challenges by offering an unsecured loan to the population who suffer from low FICO scores by leveraging real-time credit assessment at the point of purchase. Masquerading these products as a payment instalment service innovation instead of a credit product has helped the industry to delay the inevitable regulatory oversight until recently. Moreover, the double whammy of a rapid rise in the interest rate and imminent imposition of regulatory burden has significantly depressed the market valuation of these product providers.
There is always room for true innovation, such as Uber providing on-demand transportation without running a vehicle fleet or Airbnb providing on-demand accommodation without maintaining properties. BNLP, in its proper form, is providing on-demand credit without maintaining a financial network. These are true innovations that challenge the existing rules for a good reason. For example, they are pushing commercial boundaries and regulatory envelopes.
What Is Embedded Finance?
According to McKinsey, embedded finance is placing a financial product in a nonfinancial customer experience, journey, or platform. In itself, that is nothing new. For decades, nonbanks have offered financial services via private-label credit cards at retail chains, supermarkets, and airlines. Other common forms of embedded finance include sales financing at appliance retailers and auto loans at dealerships. Arrangements like these operate as a channel for the banks behind the embedded finance transactions to reach customers.
For embedded-finance providers, success demands clear differentiation in product breadth or depth or the provision of ancillary program management services. These transformations challenge the status quo and push the technology envelope. BNPL providers place heavy reliance on technological innovation to deliver success. Juniper Research estimates the global embedded finance market to be worth over $60 billion in 2022 and estimated to reach over $180 billion in 2027.
Sample innovation includes API-driven account onboarding and operations:
>>Virtual Accounts - Managing accounts without any banking activities.
>>Deposit Accounts - Consumer virtual accounts, backed by a traditional bank account.
For embedded-finance providers, success demands clear differentiation in product breadth or depth or the provision of ancillary program management services.
FAIR-CAM – Guardrails for Innovation
Acceleration in the embedded finance market will put more commercial pressure on the financial supply chain, further driving innovation. As discussed above, true innovation inevitably demands challenging the status quo and breaking the rules within the bounds of applicable laws.
Supply chains are governed by detailed contracts. For financial supply chains, rules are encoded in the contracts under the Terms of Service (TOS). Interpretation and enforcement of TOS require legal expertise and a long lead time to build a litigation case history. A self-regulation approach focusing on common interests along the embedded finance supply chain is more sustainable and scalable.
FAIR-CAM is a transformational framework that enables a deep understanding of the root causes of variance in control design and operation reflected in the decision gap. These insights help to inform uplift in the design for Loss Event Controls.
The goal of the workstream is to capture the practitioner’s perspective on the root cause of variance in control design and implementation based on the review of transactional patterns and user behavior analytics (UEBA). These insights help to inform a constructive and scalable regulatory framework as guardrails for these emerging markets. The workstream is a community of risk managers to exchange ideas and insights into these practical risk governance challenges. The workstream's goal is not to develop new standards, practices, or templates. The goal of the workstream is to improve understanding of the regulatory challenge in embedded finance through the lens of control physiology.
Below is a snapshot of the key controls under the FAIR-CAM Model:
Authors:
Denny Wan is the chair of the FAIR-CAM Workgroup and founder of the Sydney Chapter of the FAIR Institute. He is a recognised global thought leader in applying the FAIR Cyber Risk Quantification framework to enable the management of cyber risks as financial risks. His post Targeting Cybersecurity Investment – the FAIR Approach lays the foundations for this cyber risk management paradigm. The FAIR-CAM model is a structured approach to operationalize the above investment approach by selecting the most appropriate controls based on their cost-effectiveness. Denny’s expertise in FAIR-CAM enables the diagnosis of the root cause of variance, which results in reducing the effectiveness of the target controls and decision gaps. These variances are sometimes mislabelled as Procrastination which is unfortunate and unfairly tarnishes the reputation of the owner of the controls. FAIR-CAM helps to expose the root cause of variance and enables proactive and coordinated efforts to improve the cost-effectiveness of these controls and lift overall cyber resilience.
Jonathan is the leader of the FAIR-CAM Workgroup Embedded Finance workstream. He is a multi-talented information technology, risk management, supply chain, reengineering, operations and financial professional with over 20 years of diverse experience. He has delivered solutions involving executives, managers and staff on strategic initiatives including the reengineering of functions, process improvements and leveraging technology for fiscal gain. Jonathan has expertise in the areas of cyber risk, operations strategy and review, IT management, business process reengineering, technology risk assessment, and supply chain planning solution delivery.
Peer reviewer:
Dr. Robert M. Mark is a recognized expert in the FAIR Cyber Risk Quantification framework. He co-authored the Open Group Paper series “Calculating Reserves for Cyber Risk Vetting Cyber Risk Models” with Mike Jerbic, Chair of the Open Group Security Forum. Dr. Bob Mark is a Managing Partner at Black Diamond, serves on several boards, led Treasury/Trading activities, and was a Chief Risk Officer at Tier 1 banks. He was the partner in charge of a top-tier accounting company's Financial Risk Management Consulting practice, is the founding executive director of the MFE Program at UCLA, a past GARP Risk Manager of the Year, and is a co-founder of PRMIA. Dr. Mark co-authored three books on Risk Management and holds an Applied Math Ph.D.
