Development of Cybersecurity Framework for FinTech: Bahrain as a Case Study

Abstract

For decades, the Kingdom of Bahrain has embraced the changes brought by technology through
its commitment to further increase dynamism, creativity, and innovation. With the support of
its business-empowering regulations, Bahrain strives to establish an ideal, secure, and
streamlined environment for Financial Technology (FinTech) innovations and become a
regional FinTech hub.
The COVID-19 pandemic increased the reliance on digital platforms as the world adapted to
working remotely and performing online financial transactions. Cybercriminals seized the
opportunity to exploit vulnerabilities in FinTech systems. Phishing attacks, ransomware, and
data breaches have become more prevalent, targeting individuals and FinTech institutions.
Bahrain, which is not different from the rest of the world, was impacted by such cyber threats.
Thus, FinTech companies have had to strengthen their cybersecurity countermeasures and
protocols to combat these threats.
Existing countermeasures in the literature primarily focus on general cybersecurity practices
and frameworks, with limited attention given to the specific needs of the FinTech industry.
Hence, the main research problem addressed in this study is the lack of a focused cybersecurity
framework tailored to the specific needs of the FinTech industry in Bahrain. To bridge this gap,
this research addresses the problem by conducting an extensive review of existing
cybersecurity challenges, common practices, and cybersecurity standards and through in-depth
research interviews with executives, experts, and other FinTech business stakeholders.
Leveraging this knowledge, this research proposed a novel and adaptable framework that
addresses the risks and vulnerabilities faced by FinTech innovations in Bahrain. The framework
comprises six principles, the Capacity Building and Awareness, Regulation and Governance,
Third Parties, Risk Management, Secure Service Delivery, and Best Practices. It involves
twenty-four control activities, and fifty guidelines adopting a risk-based approach to address
current and future technological advancements and potential threats.
The proposed framework was evaluated by industry experts through panel discussions and
Delphi sessions, who confirmed its practical feasibility, ability to address specific risks, and
compatibility with the existing FinTech regulatory landscape in Bahrain.
The adaptability and high acceptance of the proposed framework by industry experts highlight
its novelty and potential to significantly enhance the cybersecurity resilience of the FinTech
sector and establish Bahrain as a regional FinTech hub.