By Lalita Clozel
WASHINGTON -- Four financial companies including Citigroup Inc. and online lender Kabbage Inc. said Tuesday they have formed a consortium to address fintech firms' cybersecurity risks, a sign of the industry's growing links to traditional banks and insurers.
The consortium, which was created in response to recommendations in a World Economic Forum report released Tuesday, also includes Zurich Insurance Group and Depository Trust & Clearing Corp., a U.S. securities clearinghouse.
"There are a lot of these fintechs popping up left and right," said Matthew Blake, head of the financial and monetary system initiative at the World Economic Forum. "The financial system is becoming much more modular," he added, noting that the "one-stop shop" model of banking is being challenged by new types of financial services companies.
The group's first objective will be to come up with a set of criteria allowing fintech companies to evaluate the level of their cybersecurity defenses. The effort is a response to the World Economic Forum report, which called for the creation of such criteria as well as a common metric to measure fintech firms' cybersecurity exposure. This would allow traditional financial institutions to better evaluate the level of risk they are exposing themselves to when partnering with fintech firms, Mr. Blake suggested.
"Technologists are not incentivized to focus on cybersecurity upfront in the design phase," said Mr. Blake. "Really innovative companies [have] some cybersecurity preparedness but not to the level of what an incumbent company would offer," he said.
The World Economic Forum's recommendations, based on input from dozens of bank leaders and other financial executives, lays out more than a dozen additional steps financial companies should take to evaluate and improve fintech firms' cybersecurity defenses.
"There was initially a view that fintech companies would be disruptive, but many institutions are taking more of a partnership approach," said Mr. Blake. For banks and other traditional financial players, "those partnership linkages make a lot of sense," he added. "But they need to do that with a vendor approach that tries to mitigate any cyberrisk."
Write to Lalita Clozel at lalita.clozel.@wsj.com