Fintech Risk Events

From Open Risk Manual


Fintech Risk Events is an open catalog of observed (publicized) operational failures of fintech business models. The catalog aims to document (in due course) such events reasonably accurately to allow risk managers understand the (potentially new) vulnerabilities of new financial services models.

Criteria for inclusion

Company Scope

Fintech companies, i.e. newly established financial services providers that operate primarily or exclusively via new (digital) platforms and may be unregulated, as distinct from established financial services firms that operate with a mix of older technology platforms and are (mostly) regulated. Indicatively, the crisis period of 2008-2009 is the cutoff date for newly established entities.

As established firms adopt "fintech" models the list will aim to include any operational risk events associated with these platforms (to the extend that this can be clearly identified in published information). Out of scope are risk events captured under other risk categories such as unexpected credit losses (credit risk) or market losses (market risk), although sometimes it is difficult to cleanly classify an event.

General purpose digital marketplaces (e-commerce) are not in scope.

Risk Event Eligibility

There should be adequate, independent, confirmed and public information about the event, with authoritative, permanent urls.

Materiality Threshold

At present there is no explicit materiality threshold except for bitcoin incidents where a 1mln (rough) equivalent threshold is used.

Risk Event Classification

Basel Operational Risk Categories

Given the close relation of Fintech to the financial industry it is instructive to attempt to classify events according to the globally recognized bank regulatory framework (Basel II) as listed below:

  • Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery
  • External Fraud - theft of information, hacking damage, third-party theft and forgery
  • Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety
  • Legal Risk - Clients, Products, and Business Practice - market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
  • Physical Damage - Damage to Physical Assets - natural disasters, terrorism, vandalism
  • Business Disruption and Systems Failures - utility disruptions, software failures, hardware failures
  • Business Execution, Delivery, and Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets

This classification may be tenuous for some instances, given the novelty of business models.

Business Failure Events

The Basel classification scheme does not include total business failure (that is, events of administration, bankruptcy etc) as an operational risk event. This is because the operational risk framework is primarily meant to help manage / mitigate operational risks, whereas bankruptcy is clearly the final outcome when all management efforts have failed. We currently do include fintech business failures as a category, as they are informative for risk management purposes. A threshold of total funding raised will be applied (to differentiate bankruptcies from the much more common business model failures of early stage startups). On the other hand, failure of a new business model to flourish (resulting e.g. in an orderly sale to third party), while possibly informative about risk factors associated with the adopted business model, can not be cleanly separated from more traditional risk management categories and will no be included.

List of Events

Fintech Risk Events
1. Entity 2. Publication Date 3. Country 4. Category 5. Event Description 6. Event Type 7. Loss Amount 8. Links
MtGox Jun 2011 Japan Cryptocurrency Security Breach EF 2,609 BTC Wikipedia
Clinkle Jan 2014 US Payments API Security Breach EF N/A Techcrunch
Wonga April - Oct 2014 UK Payday Loans Bad Debt Collection Practices, Debt writeoffs CPBP ~240mln Pounds Wikipedia
MtGox Dec 2014 Japan Cryptocurrency Theft IF 744,408 BTC Wikipedia
TrustBuddy Aug 2015 Sweden P2P Lending Misuse of client funds, Bankruptcy IF N/A FT, Telegraph
Prosper Dec 2015 US P2P Lending Enabling financing to suspected terrorist CPBP N/A LAT
Powa Technologies Feb 2016 UK POS, Payments Bankruptcy Business Failure N/A Wikipedia
Ezubao Feb 2016 China P2P Fake investment products to one million retail investors CPBP $7.6bln NYT
Dwolla Mar 2016 US Online Payments Poor Consumer Data Protection Practices CPBP $100k WSJ
LendingClub May 2016 US P2P Lending Altering Loan Information IF,CPBP N/A Wikipedia Jun 2016 Germany Cryptocurrency Software Hack EF, BE 3,641,694 ether NYT
Bitfinex August 2016 Hong Kong Cryptocurrency Security Breach EF 120,000 BTC Reuters
LendUp September 2016 US Payday Loans Misleading borrowers about pricing, failing to report credit information CBPB $6.4 million in fines WSJ
Wonga April 2016 UK Payday Loans Client Data Breach EF N/A BBC
Prosper May 2017 US P2P Lending Overstating Returns BE N/A Bloomberg
Yapizon May 2017 South Korea Cryptocurrency Security Breach EF $5.3 mln in BTC
Swarm City,Edgeless Casino, Aeternity July 2017 US Cryptocurrency Security Breach EF $32.6 million / 153,000 ether CNBC
Bithumb July 2017 South Korea Cryptocurrency Security Breach EF $1 mln in BTC / ether Fortune
CoinDash August 2017 US Cryptocurrency Security Breach EF $7 mln (in ether) CNBC
Enigma August 2017 US Cryptocurrency Security Breach EF $500,000 (1,492 ether) Wired
Huobi, OKCoin August 2017 China Cryptocurrency Misuse of client funds IF $150 mln Quartz
Tezos Sep 2017 US / Switzerland Cryptocurrency Misuse of client funds IF $232 mln Reuters
NextBlock Global Oct 2017 Canada Cryptocurrency False representations CPBP NA Forbes
Parity Technologies Nov 2017 UK Cryptocurrency Software bug / User error BD $300 mln Guardian
Tether Nov 2017 Hong Kong / US Cryptocurrency Security Breach EF $31 mln Bloomberg
NiceHash Dec 2017 Slovenia Cryptocurrency Security Breach EF 4,700 BTC ($70 million) WSJ
Youbit Dec 2017 South Corea Cryptocurrency Security Breach leading to bankruptcy EF 17% of assets BBC


There are various reports (and reporting sites) about crowdfunding scams. While the proliferation of such events can potentially tarnish the reputation of crowdfunding platforms, to date there appears to be no event that would qualify

Further bitcoin related events

A larger list of bitcoin incidents was maintained in the List of Bitcoin Heists (apparently no longer updated)

Contributors to this article

» Wiki admin