Innovation risk management in financial institutions

The extensive use of financial technologies and innovations in the provision and utilization of financial products and services causes new risks that require constant attention. The article aims to improve innovation risk management methods to increase the operational stability of financial institutions in Ukraine. By generalizing international practice, the types of innovation risks are classified, and their impact on the activities of financial institutions and consumers is characterized. The attention is drawn to the control strengthening over the impact of operational and regulatory risks, based on important theoretical provisions contained in WBG, BIS, BCBS, and FSB documents. An organizational scheme for the interaction of a financial institution and an IT company is proposed to conclude “smart contracts” based on the use of a cloud service and blockchain technology. The authors propose additional methods of insurance protection and compensation for losses caused by the implementation of risks of using ICT and innovation based on creating the Collective Risk Insurance Fund of financial institutions; offer approaches to the calculation of variable and fixed parts of the contribution to the insurance fund for certain groups of financial institutions. It is concluded that to maintain the proper operational stability of financial institutions in Ukraine, it is necessary to introduce additional collective compensation methods for the risks of innovation and the strengthening of cyber threats.


INTRODUCTION
The use of innovation creates additional risks in the activities of financial institutions related to financial technologies and innovations. Due to the complexity of financial products and services, information asymmetry between suppliers and consumers increases, which leads to the transformation of existing types of risks into others. This requires strengthening control and the introduction of new methods for their assessment and management.
Important features of the current stage of financial institutions' activities are a significant expansion of forms and methods of remote digital services and provision of information to customers, an increase in the number of consumers, expanding the range of tools and methods used to provide services, as well as increasing their level of innovation and technical sophistication that can expose financial institutions and consumers to risks inherent in ICT.
In recent years, in response to requests from financial service consumers, FinTech has become widespread, covering about 1/4 of the banking market, the payment market, insurance, and asset management. This applies to the use of blockchain technology, big data, smart contracts, new online financial instruments (crowdfunding, crowdinvest-ing), new technical solutions (cloud technologies, open interface), and the creation of virtual financial institutions. According to PricewaterhouseCoopers (PwC, 2016), 22-28% of financial institutions may be at risk due to the increased innovation component.
Analysis of the practice of introducing and using innovations in financial institutions shows that the realization of operational risks (through information, technical and technological violations, and impact on the operational stability of financial institutions) and regulatory risks (compliance risks) most significantly affects their performance. This nature of the impact of risks of using innovative tools, products, and technologies is because, in the financial sector digitalization process, there is a transition from predominantly retail operations to the institutional application of new technologies throughout the financial system.
Meanwhile, the unresolved aspects of managing innovation risks are an insufficiently clear classification of such risks and determining the nature of their impact on financial institutions and financial service consumers and an insufficient level of legislative, methodological, organizational, and informational support for the risk management process.
Further study of this problem should include an increase in the level of legislative regulation, methodological, organizational, and information support for managing innovation risks in the activities of financial institutions.

LITERATURE REVIEW
A lot of attention is paid to innovation risk management in the scientific literature. More specifically, Allen and Gale (1997), Gabor and Brooks (2017) explored the theoretical and methodological aspects of this problem. Bessis (2015) studied some aspects of risk management in banks. Kang and Duoqi (2020) identified the root causes of risks of using FinTech and uncovered the legal aspects of risk management of FinTech innovations in financial institutions. Ghosh (2012) and King (2014) investigated innovation risk management for commercial and retail customers.
The methodological principles of researching innovation risk management by financial institutions were laid down in the late 20 th century. Thus, Minsky (1993) concluded that the uncontrolled use of innovation in the financial sector could threaten financial stability and suggested strengthening government regulation and control over the implementation and use of innovation.
Allen and Gale (1997) argued that financial liberalization carries significantly more risks than introducing financial innovation. At the same time, they shared the opinion of Minsky (1993) on the need to strengthen regulation and management of innovation processes in the financial sector.
Given the complex nature and specific forms of innovation risks and cyber threats, especially in the context of the FinTech development, there has been increasing attention to the regulatory aspects of the problem. This is because risks arose in the financial sector, the nature and extent of which the regulators were unable to timely and adequately assess, and introduce effective methods to manage them. Zetzsche et al. (2019) and Franco et al. (2020) explored the impact of innovation and FinTech on systemic risks in the USA and Europe, in particular, data protection regulation, the use of regulatory technologies (RegTech), digital identification, reliable operation of payment systems and digital transformation of the financial services market and the financial regulatory system in general. Vučinić (2020) focuses on the impact of FinTech technologies on financial stability and compliance risk management. Planesa et al. (2001) proved that with an effective risk management system, the activities of innovative financial institutions are no more risky than other institutions. Innovative institutions have additional advantages, particularly a better structure of balance sheet liabilities, advantages in obtaining exter-nal financing, lower interest rates on loans, more favorable non-price lending conditions, etc.
The risks inherent in innovation are much lower than the risks arising from the lack of access to financial services by the general public (WBG, 2020;WBG, 2016;BIS, 2006). Therefore, it is important to study financial service consumers' risk management issues when using new services and technologies. ). This is due to technical problems and an increase in operational, information, and reputational risks.

AIMS
The article aims to improve innovation risk management methods in financial institutions in order to increase their operational stability and compensate for losses associated with increasing of cyber threats.

METHODS
The study is based on the analysis of the modern practice of introducing and using innovations by financial institutions in the context of deepening digitalization of the economy and the conclusions and author's calculations based on the use of empirical, economical, and statistical methods of scientific analysis.
The research methodology for innovation risk management in financial institutions was built bearing in mind the Joint Forum High-level principles for business continuity (BIS, 2006), the principles of operational stability (BIS, 2020), the principles of effective operational risk management (BIS, 2020), and the Financial Stability Board's regulations on the identification of critical transactions by financial institutions (FSB, 2013).
Given the growing risks of ICT and innovation, defining a bank's operational stability as the ability to seamlessly carry out critical operations (BIS, 2006) is of particular importance. The term "critical operations" is based on the Joint Forum Highlevel principles for business continuity (BIS, 2020).
In turn, critical operations are allocated to identify critical functions defined by the Financial Stability Board (FSB), which encompass "activities, processes, services and relevant supporting assets the disruption of which would be material to the continued operation of the bank or its role in the financial system. Whether a particular transaction is "critical" depends on the nature of the bank and its role in the financial system" (FSB, 2013). Comparison, analogy, and sample methods were used to benchmark the impact of innovation across financial institutions and to examine best practices recommended by the WBG, BIS, and FSB. Economic and statistical methods were used to determine and quantify the relationships between individual phenomena and processes.

RESULTS
The characteristic features of the current stage of the financial services market development are the growth in the provision of digital services, the use of blockchain and artificial intelligence technologies, the extensive use of electronic and mobile money, personalization of financial services, an increase in cyber threats, and increased responsibility of government regulators in the use of digital technologies, which exposes financial institutions to additional risks associated with innovation (PwC, 2016).
Therefore, first of all, risk management requires their clear classification according to individual characteristics, nature, and the level of impact on the activities of financial institutions and innovative service consumers. For this purpose, the classification of types of innovation risks in financial institutions is proposed, in which the main classification features are: scope, nature, and forms of manifestation, technical complexity, and the level of protection of information systems from cyber threats ( Table 1). The use of such a classification allows singling out the types of risks and characterizing the features and level of their impact on the activities of financial institutions and consumers of innovative services and products.
Based on the proposed classification, specific areas of risk impact on the activities of financial institutions and financial service consumers were described and identified ( Table 2). This can then be used to quantitatively and qualitatively assess risks and justify management strategies.
One of the important areas of transforming financial institutions and reducing the innovation risk is the use of distributed registers and blockchain technology. Their advantages are ensuring decentralization of management, increasing the level of reliability and transparency of all transactions, and their immediate availability for all participants. These technologies are currently used by leading banks and other companies: JP Morgan Chase, Citibank, HSBC, MasterCard payment organizations, and non-financial companies IBM, British Petroleum, Oracle, Nasdaq, Bank of England, and many other private and public institutions. Internal Revenue Service USA, Federal Bureau of Investigation USA, and Europol use the Chainalysis blockchain service to monitor cryptocurrency transactions.
Blockchain technology allows the extensive use of smart contracts, which are a kind of computerized protocol (algorithm) of transactions to conclude commercial contracts using a cloud service. One example of such contracts based on the use of the Masterchain blockchain plat- Table 1 Information risks, fraud, and cyber threats form is the mechanism for providing financial institutions with digital guarantees (Figure 1). According to the developed scheme, a financial institution concludes an agreement with an IT company and leases the IT platform developed by it, to which all interested counterparties are connected. Information about the provided guarantee is stored in a distributed register on the cloud service and is available to the beneficiary online. The digital format automates the business process, reduces costs, and simplifies the management process. The term of service provision is significantly reduced, the interaction between participants is accelerated, the level of confidentiality is increased, and the risks of both the financial institution and the guarantee are reduced.
A promising area for applying blockchain technologies and smart contracts in the activities of financial institutions can be the provision of factoring services due to their specificity, namely a wide range of counterparties and a large list of types of transactions (loans, guarantees, accounting for monetary claims, consulting, etc.). Such conditions are most suitable for using blockchain technology for digital identification, data storage, registration services, insurance, which reduces the risks of financial institutions in using the innovations.
In the context of financial institutions' activities in a digital format, the main directions for preventing the occurrence of risks and overcoming their consequences can be: • implementation and continuous updating of a dynamic SaaS (Software model as a Service) model in conjunction with PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) platforms; • creating a publicly available blockchain register as a single decentralized system of distributed ledgers that form the operational infrastructure of the financial market; • protecting interfaces of financial institutions and IT platforms from unauthorized access; • using the results of big data analytics to track hidden threats and detect fraud; • using biometric smart cards and remote user identification tools; • increasing the level of information protection when creating and using IoT devices; • ensuring consumer data confidentiality; and • continuous training of specialists of financial institutions.
Due to the need to prevent cyber threats and increase the level of risk management of innovation, the transition to a risk-based model of regulation and supervision over the activities of financial institutions becomes relevant, which provides for in-depth control of those activities, tools, and products that have the greatest innovation risks.
The risk management mechanism for introducing and using innovation in financial institutions should include an appropriate organizational structure, a risk management unit, internal documents, risk assessment methods, information system, and risk management tools to develop an effective risk management model.  The analysis of world and domestic practice of innovation risk management in financial institutions allowed developing and recommending a practical structural and logical scheme for managing innovation risk, including the main stages of its development and use ( Figure 2).
Risk management should be carried out by implementing certain organizational, methodological, technological, and administrative procedures, which imply the sequential implementation of a set of actions following a financial institution's internal documents, rules, and requirements for risk management. To implement the tasks and functions of the innovation risk management model in financial institutions, the direction of documented procedures for managing innovation risks in financial institutions has been determined ( Figure 3). It should be noted that when constructing this scheme, the need to comply with the Basel Committee's operational resilience principles, first of all, Principle 7, was considered.
Given the emergence of new risks associated with the introduction of innovations, the use of digital technologies, and the emergence of cyber threats, it is necessary to develop additional mechanisms to protect and compensate financial institutions for losses arising from such risks. In this case, the main task of the system for insuring risks of financial institutions against cyber threats and fraud should be to maintain the operational stability of the financial institution, bearing in mind the possibility of performing critical operations and recovering losses.
Risk insurance of financial institutions against the introduction of innovations and cyber threats can be carried out by creating the following systems: • national insurance system (as a subject of public law with state participation); Source: Developed by the authors. The most promising can be a system of voluntary collective insurance of risks of financial institutions by creating a joint insurance fund based on one of the existing insurance companies. The financial institution is automatically entitled to compensation for losses based on its legally registered membership in the Insurance Fund and the contributions made to it.
Given the specifics of such a fund, the basic principles of insuring financial institutions' risks associated with the introduction of innovation and cyber threats should be: joint and several liabilities, reciprocity, proportionality of insurance premiums and compensations, as well as non-commercial nature of activities.
The main governing body of the Collective Insurance Fund may be the Board of the Fund, which includes representatives of financial institutions -Fund participants. Depending on the number of participants in the Fund, different options for forming the Board can be im-    The assessment of risks and cyber threats and the calculation of the amount of losses of a particular financial institution are carried out by a specialized committee subordinate to the Fund's Directorate. The decision to compensate for losses from the implementation of cyber threats and risks associated with the use of innovations is made by a committee accountable to the Fund's Board.
The rates of contributions of financial institutions to the Collective Insurance Fund should be consistent with the nature and degree of the financial institution's exposure to risks and be sufficient to compen-sate for losses in the event of risks or cyber threats. A portion of these contributions should cover the administrative expenses of the Fund (or the insurance company based on which the Fund was created) intended for the management of the Fund.
To equalize the financial burden on individual financial institutions, especially small ones, and their compliance with real threats and potential losses, it is advisable to use a proportionate approach in the Fund's activities, which should take into account the size of a financial institution, the type of business model, compliance with market rules, etc.
The amount of the insurance premium of a financial institution should consist of two parts: fixed and variable.
The fixed part of the contribution can be defined as a certain percentage of a financial institution's total turnover, differentiated by certain groups and types of activities. Given the peculiarities of individual financial institutions' activities, this standard is calculated for certain groups of financial companies. So, for banks and credit unions, the fixed contribution part can be 0.001% of the volume of loans granted, for financial companies -0.04% of the volume of services provided, and for non-bank payment institutions -0.002% of the amount of payments made (Table 3). It is necessary to reduce the risks of innovative financial service consumers and compensate for their losses by creating systematic protection of their rights and interests by complying with the legislation, rules, and conditions for the provision of services by financial institutions, improving the requirements for the disclosure of information about financial products and services if they are provided using digital channels, full disclosure of all risks that a consumer may be exposed to, providing recommendations on financial awareness, creating a compensation system for consumers in case of violation of their rights, and increasing the responsibility of financial institutions for violation of rules and unfair market behavior.

CONCLUSION
Based on the study results, specific areas of impact of innovation risks on the activities of financial institutions and consumers of financial services have been identified.
To maintain proper operational stability and uninterrupted execution of critical operations, the process of risk management of innovation in financial institutions is specified by types of technological, administrative, methodological, and organizational measures.
The advantages of the transformation of financial institutions' activity and the reduction of risks of introduction of innovations based on using the distributed registers are defined. The scheme of interaction of a financial institution with an IT company for concluding "smart contracts" based on the use of cloud service and blockchain technology is specified.
To expand the sources of compensation for possible losses, proposals for developing a system of collective insurance protection of financial institutions against the risks of innovation and cyber threats are substantiated. The authors propose creating the Fund for Collective Insurance of Risks of Financial Institutions related to the implementation of ICT and innovation, determine the options for forming the main governing body -the Board of the Fund, the procedure for interaction between the Fund and participants.
The value of standards for calculating the fixed part of the contribution is calculated. The methods of calculating the variable part of the contribution to the Fund for certain groups of participants depending on the specifics of financial institutions, potential risks, and cyber threats are identified. However, the issues of equalizing the financial burden and ensuring that the contributions to the Fund corresponding to the real threats of financial institutions are the most difficult and controversial.