Why Fintech Should Focus on Availability

by Sarah Harvey / March 4th, 2020

Robinhood, an investing and trading platform, experienced every startup’s nightmare: service outages at a crucial time, leaving frustrated customers unable to trade. TechCrunch explains, “It’s perhaps the worst-timed bug in the history of the seven-year-old company, because it coincided with one of the biggest single-day gains in the history of the Dow Jones Industrial Average, and huge gains on the Nasdaq, as well. In all, markets gained $1.1 trillion in value while Robinhood users were forced to sit on the sidelines.” This outage points to a critical component for successful fintech: availability.

Fintech Case Study

In 2014, Robinhood became a “pioneer” for online, commission-free trading and was an attractive platform to millions of customers. As a startup, it raised $1 billion in capital and had a valuation of $7.6 billion, competing with E-Trade and Charles Schwab. But after continuous service outages this week, the fintech company is experiencing significant customer loss and mistrust, financial consequences, and a damaged reputation. Customers have been vocal on social media about leaving Robinhood and now the company will look at compensation for customers on a case-by-case basis.

One of Robinhood’s most blatant mistakes was the lack of communication to its customers. When there’s a service availability issue, your customers need to know what’s happening – especially what’s happening with their money. Robinhood didn’t publicly acknowledge the first outage for several hours, and the New York Times reported that when Robinhood customers reached out, they couldn’t even get a response from the support team. The outages have continued throughout the week, with no exact cause given.

Richard Rieben, Lead Practitioner at KirkpatrickPrice, commented, “System availability and contingency planning is exactly the type of thing we look at when we are performing SOC 2 assessments for fintech companies. We look at availability, and not just in the way of backups and stuff, but more so in the ability to scale, to monitor and meet surging demands, in testing high loads on your platform, and in preparing to respond to all of it.”

Growth is key to a company’s success – so why not proactively prepare your platform for all levels of growth? Let’s talk about availability and now critical it is to business continuity.

Availability in Fintech

Availability is a key concept for fintech. When you’re handling someone’s money (and data), your services need to function when you say they’re going to function. Many information security frameworks include availability topics, but under the SOC 2 Trust Services Criteria, availability is covered through requirements like:

  • The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives.
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.
  • The entity tests recovery plan procedures supporting system recovery to meet its objectives.

In the simplest terms, the availability category for SOC 2 compliance tests organizations to determine if their system is available for operation and use as agreed upon. Points of focus for the availability category include:

  • Does the entity measure the current usage to establish a baseline for capacity management?
  • Does the entity forecast the expected average and peak use of their system components?
  • Does the entity make changes to their system based on the forecasts?

In Robinhood’s case, many areas missed the mark on availability, from IT to developers to customer service. How can your organization avoid an incident like this one? Let’s talk today.

More Availability Resources

Preparing for Current and Future Availability Needs

Data Backup Best Practices

PCI Backup Requirements