In a world increasingly defined by digital disruption, few sectors have experienced transformation on the scale witnessed in banking. Traditional banks face an existential threat from rapid technological innovation and shifting consumer behaviors. Additionally, the rise of fintech is intensifying competitive pressures across the industry.
There are over 1.75 billion active digital banking accounts worldwide, collectively processing $1.4 trillion annually. This tremendous scale underscores the importance of robust risk management.
While digital banks have undoubtedly improved user convenience, they have also introduced complex and emerging risks:
By virtue of its speed and global reach, digital Bnking is susceptible to fraud.
For example, financial messaging giant SWIFT has rolled out AI-driven enhancement to its Payment Controls Service, precisely because conventional monitoring is unable to keep up with the speed of digital flows. The enhancement analyzes pseudonymized data from billions of transactions across its network, aiming to flag anomalous behavior in real time – recognizing that static, rule-based systems are no longer sufficient.
Sylvester Swee
To address deficiencies, regulators have begun penalizing digital banks for compliance failures. In October 2024, the U.K. Financial Conduct Authority fined digital lender Starling Bank £29 million for lax controls, where its automated sanctions screening system only covered a fraction of the full list of names involved in fraud or money laundering.
The Monetary Authority of Singapore’s Shared Responsibility Framework for phishing scams took effect in December 2024. Financial institutions in Singapore are required to implement real-time fraud surveillance (e.g., automatically holding or blocking suspicious transactions involving sums exceeding SGD 25,000 or rapid outflows).
Digital banks have been increasingly criticized for their inability to scale anti-financial crime capacities as quickly as their user bases grew – a gap not seen in more established traditional banks. It is noteworthy that a single high-profile breach can erode public confidence in an institution overnight.
Beyond fraud risk, digital banks face elevated credit risk, particularly as their target markets primarily involve the underserved population.
According to Fitch, a majority of Asia-Pacific digital banks face higher credit risks than traditional ones, due to their focus on underserved or unbanked market segments. While this finding pertains to the APAC market, similar dynamics exist for U.S. digital lenders.
A study by researchers at UCLA, cited in Chicago Booth Review, highlighted that digital banks’ charge-off rates – the percentage of loans written off as uncollectible – are more than triple those of traditional ones, because of their larger share of riskier loans. The exact impact in an economic downturn remains to be seen.
The funding side of the equation, i.e., how digital banks attract and retain deposits, also plays a pivotal role in shaping their risk profile.
Research in the Chicago Booth Review finds that digital banks offering high deposit rates to compete with traditional ones have two distinct challenges: They need to loan out money at a rate that exceeds what they are paying depositors, and must also manage the volatility of “hot” deposits which are easily withdrawn in times of uncertainty. App-based ease of transfers poses destabilization risks as sudden outflows could cause instability.
In a bid to address those challenges, the finding is that digital banks tend to make shorter-term and higher-risk loans, i.e., hold portfolios with weaker credit profiles.
Automated fraud detection, transaction monitoring and credit scoring by digital banks rely heavily on machine learning models. These models possess known vulnerabilities:
Digital banks’ growing reliance on third-party providers introduces systemic risk that extends beyond individual firms to threaten broader financial stability. For example, an AWS data center power failure disrupted services for major centralized crypto exchanges and digital banks – most notably Binance, MEXC and associated wallet providers. The outage demonstrates how dependency can halt critical financial services, triggering market volatility and panic.
South Korea's Financial Supervisory Service has published new guidelines on third-party risk management in which draw on international standards and are observably in response to the increasing reliance on outsourcing and cloud services.
For digital banks: Embed risk-based authentication and multi-factor (MFA) protocols to prevent unauthorized access or account takeover. Real-time anomaly detection should also be deployed, leveraging behavioral analytics to flag suspicious behavior early.
Dynamic, risk-based pricing is suggested, to segment borrowers by risk profile, and tailoring interest rates and repayment terms accordingly. Adoption of explainable AI (XAI) techniques (e.g. SHAP, LIME) is recommended, so that credit decisions can be justified in plain language upon customer request.
Workload distribution across multiple cloud platforms can reduce both the impact and likelihood of potential service disruptions. In addition, there is need to develop and regularly test disaster recovery plans to ensure business continuity during system outages.
For consumers: Individual users can protect themselves by ensuring funds are held with an insured institution. Funds should also be diversified across multiple banks, especially including traditional ones, to guard against sudden outflows and run risk.
Users may also consider retaining transactional records – statements or screen shots, especially for essential services. That way, if digital bank apps are not working, payments can still be verified during outages.
The growth of digital banking is a story of innovation and inclusion. Its swift expansion has irrevocably transformed banking. However, it has also introduced the global financial system to complex and evolving risks.
If left unaddressed, these threats can erode institutional trust and destabilize markets across the broader ecosystem. The challenge, therefore, is not only to innovate, but to do so responsibly.
Sylvester Swee, FRM, (sylvesterswee@hotmail.com) is a credit risk professional with 17 years of experience across APAC banks and a member of the Economic Society of Singapore (ESS).