How to cite:

Franciskus Antonius Alijoyo, Ivonne Bonita, and Kevin Bastian

Sirait (2021). Evaluation of Risk Management Maturity of a

Fintech Firm in Indonesia. Journal Eduvest. 1(12): 1478-1487

E-ISSN:

2775-3727

Published by:

https://greenpublisher.id/

Eduvest – Journal of Universal Studies

Volume 1 Number 12, December 2021

p- ISSN 2775-3735 e-ISSN 2775-3727

EVALUATION OF RISK MANAGEMENT MATURITY OF A FINTECH

FIRM IN INDONESIA

Franciskus Antonius Alijoyo

, Ivonne Bonita

, and Kevin Bastian Sirait

Faculty of Economics, Parahyangan Catholic University, Indonesia

Center for Risk Management and Sustainability, Indonesia

E-mail: antonius.alijoyo@gmail.com, ivonne.bonita11@gmail.com,

kbastian26@gmail.com

ARTICLE INFO ABSTRACT

Received:

November, 26

2021

Revised:

December, 17

2021

Approved:

December, 19

2021

This study identified the risk management maturity status,

revealed the major sources of the firm risk management

maturity, issues in running quality risk management of a

financial technology firm in Indonesia, and recommended

enhancements. It used the Risk and Insurance

Management Society – Risk Maturity Model to evaluate

the risk management maturity status. To get detailed

information about the risk management implementation,

the researchers also did observations and interviews. This

study confirmed that the firm was in ad-hoc status. The

firm was overconfident of their previous success in

implementing risk management and careless in

transforming the risk management concepts into real

practices. Thus, they lost their ability to decide

appropriate decisions in handling the risks that they faced.

As a result, they could not run effective and efficient

management. Detail findings and recommendations on

the risk management maturity of the firm are provided in

this article.

KEYWORDS

Fintech Firm, Issues In Risk Management, Risk Management

Maturity Status, Risk Maturity Model

Franciskus Antonius Alijoyo, Ivonne Bonita, and Kevin Bastian Sirait

Evaluation of Risk Management Maturity of a Fintech Firm in Indonesia 1479

This work is licensed under a Creative Commons

Attribution-ShareAlike 4.0 International

INTRODUCTION

Financial technology (fintech) has a crucial role in today’s economic system.

This new technology erases the boundary of financial institutions, markets, and new

service providers and enhances the quality of their services (Barbu, Florea, Dabija, &

Barbu, 2021; Makina, 2019; Zhang & Kim, 2020). Thus, a fintech firm can be defined as

a company engaged in financial services that uses technology to accelerate and facilitate

aspects of the financial services it provides. By providing various products and services

with fast access, fintech firms will help the growth of the national economy (Narayan,

2020; Ozili, 2018; Saksonova & Kuzmina-Merlino, 2017).

However, fintech firms are a kind of company with a high risk (Chaudhry,

Ahmed, Huynh, & Benjasak, 2022; Jianping Li, Li, Zhu, Yao, & Casu, 2020). The risks

that the company needs to consider include the threat of cybercrime and cybersecurity

(Adeyoju, 2021; Kareem, Duhaidahawi, Zhang, & Abdulreza, 2020). Thus, fintech firms

need to run an effective and efficient risk management system, since risk management is

crucial in running a company (Junkes, Tereso, & Afonso, 2015). It helps the company to

determine the right decision to make for its future (Aven, 2016). In addition, good risk

management will help the company maintain its financial health and enhance its

competitiveness (Otero González, Durán Santomil, & Tamayo Herrera, 2020; Silva

Rampini, Takia, & Berssaneti, 2019; Susanto & Meiryani, 2018).

Not all companies have a good risk management system. Some of them may have

a very mature risk management program, while the others may have an unplanned risk

management program (Linshan Li, 2018; Sennewald, 2011). The level of risk

management maturity has a great impact on the companies’ financial health (Mohammed

& Knapkova, 2016; Otero González et al., 2020). In addition, the level of risk

management maturity also may affect the company's performance (Ekwere, 2016;

Hartono, Wijaya, & Arini, 2019).

Since the fintech firm has a critical role in the economy and no study has been

conducted to specifically explore the risk management maturity level of the fintech firms

in Indonesia, this study aimed to identify the risk management maturity of a fintech firm

in Indonesia. This study identified the risk management maturity status and revealed the

major sources of the firm's risk management maturity, issues in running quality risk

management of a financial technology firm in Indonesia. Then, based on those

identifications, some recommendations were proposed for enhancements.

RESEARCH METHOD

This study was conducted in an Indonesian fintech firm registered in Bank

Indonesia. Since the fintech firm that was taken as the setting of the study did not allow

the researchers to expose its name, the researchers named the firm Firm X in this study.

The company used the ISO 31000 standard as their point-of-reference in implementing

Enterprise Risk Management. The researchers selected 19 respondents to collect the data.

Those respondents were selected by using the purposive sampling technique. Those 19

respondents consisted of seven respondents from the top management level, and the other

twelve respondents were from the middle management level. To collect the study's data,

the researchers developed a questionnaire based on the risk management maturity model

Eduvest – Journal of Universal Studies

Volume 1 Number 12, December 2021

1480 http://eduvest.greenvest.co.id

developed by The Risk and Insurance Management Society (RIMS, 2006). The score

from the questionnaire results was calculated based on the following steps and formula:

a. Each competency driver's maturity score is obtained by calculating the average

score for all readiness indicators belonging to the specific competency drivers. It

is determined by applying the formula 𝐶𝐷𝑖 = 1 𝑁 ∑ 𝐼𝑥, 𝑛 𝑥=1. In which 𝐶𝐷𝑖

represents the maturity score of competency driver 𝑖, 𝐼𝑥, represents the average of

the participants' score of readiness indicator 𝑥 that is associated with competency

driver 𝑖, and 𝑁 represents the total number of readiness indicators that belong to

the specific competency driver.

b. The firm's risk management maturity score is obtained by averaging each

competency drivers' score. It is obtained by applying the 𝑀 = 1 𝑁 ∑ 𝐶𝐷𝑖 𝑛 𝑖=1.

Where 𝑀 represents the firm's maturity score, 𝐶𝐷𝑖 represents the maturity score

of competency driver 𝑖, and 𝑁 represents the number of competency drivers

within the RIMS RMM.

c. The maturity score is then matched with the risk management maturity intervals

as suggested by RIMS RMM. The intervals are given as follows: (1) Non-

existent: 𝑀 < 1, (2) ad-hoc: 1 ≤ 𝑀 < 2 , (3) initial: 2 ≤ 𝑀 < 3, (4) repeatable: 3 ≤

𝑀 < 4, (5) managed: 4 ≤ 𝑀 < 5, and (6) leadership: 𝑀 = 5. In which, 𝑀 represents

the firm's risk management maturity score.

d. The questionnaire result was categorized by following the Risk and Insurance

Management Society Risk Management Maturity level as shown in Table 1.

Table 1. The RIMS RMM maturity level and its interpretation

Score

Level

Interpretation

Non-existent

The firm's recognition of ERM is limited. The firm's ERM

implementation is either insufficient or none, and there is no

risk management framework within the firm, including risk

indicators, risk measurement, and objectives.

Ad-hoc

The level of risk management within the firm is in a primitive

stage. The implementation of risk management depends on

certain individuals' actions by using improvised procedures

and minimum knowledge of the process.

Initial

The risks are managed in silos, and there is little aggregation

of risk or risk integration. In which the lack of discipline

accompanies the processes.

Repeatable

The framework of risk assessment is in place, and the board

of directors conducts the risk overview. The implementation

of risk management is established and conducted repeatedly.

Managed

The implementation of ERM is established in the firm, and

each aspect of ERM is integrated and harmonized, along with

its measurement and controls. The ERM procedures and their

principles are communicated and understood by the firm.

Leadership

Within the strategic level of the firm, the risk-based

discussion is already taken place. Moreover, risk tolerance

and appetite are understood within executive management and

the board of directors and accompanied by alerts to inform the

top management if the risk threshold is exceeded.

Source: RIMS (2006).

The researchers also did interviews to collect data about the major sources of the

Franciskus Antonius Alijoyo, Ivonne Bonita, and Kevin Bastian Sirait

Evaluation of Risk Management Maturity of a Fintech Firm in Indonesia 1481

firm risk management maturity and the issues in running quality risk management. They

interviewed the 19 respondents of the study, one by one. In addition, to support and

confirm the data from the interviews, they also conducted observations. The researchers

observed the implementation of the risk management system that the fintech firm had.

The results of the interviews and observations were analyzed qualitatively.

RESULT AND DISCUSSION

Based on the purposes of the study, there were three major findings in this study.

The first finding is about the fintech firm's risk management maturity level. The second

one is about the major sources of the firm risk management maturity. The third finding is

about the issues in running quality risk management. The followings are the detailed

findings of the study.

The fintech firm risk management maturity level

The questionnaire results show that the risk management maturity level

of firm X was at the ad-hoc level. This can be seen from the score of the questionnaire

that was 1.765. Based on the risk management maturity level criteria shown in Table 1, if

the score is below 2, it is categorized as ad-hoc level. It means that the implementation of

risk management of firm X is dependent on the actions of particular individuals with the

minimum knowledge of risk management. Table 2 shows the detailed result of the

questionnaire.

Table 2. Firm X Risk Management Maturity Level

Aspect

Mean

score

Category

Adoption of ERM-based approach

2.015

Initial

ERM process management

1.537

Ad-hoc

Risk appetite management

1.182

Ad-hoc

Root cause discipline

1.647

Ad-hoc

Uncovering risks

1.880

Ad-hoc

Performance management

2.073

Ad-hoc

Business resiliency and sustainability

2.025

Initial

Firm X Maturity score

1.765

Ad-hoc

Based on the interpretation of the risk management maturity level in Table 1. In

general, the result of the questionnaire indicates that Firm X implemented its risk

management depending on the actions of certain individuals by using improvised

procedures and minimum knowledge of the process. Thus, in general, Firm X is obliged

to fix its views on the importance of risk management. From the results found, it can be

seen that Firm X has not given optimal attention to the planning and implementation of

risk management within the company. This is something that can endanger the existence

of the company. Weak risk management of a company has been empirically proven to

harm various vital things in the company. Implementing good risk management will

positively impact the financial health of a company (Ebenezer & Omar, 2016; Hasan,

Rahmadini, Indonesia, & Indonesia, 2021; Sinurat & Siregar, 2019). The financial factor

is very vital in the company's performance. Therefore, poor implementation of risk

management is proven to weaken the company's performance and vice versa (Alsaadi,

2020; Setiawaty, 2016). In other words, it can be said that weak risk management will

affect a company's performance (El Shal & Kadery, 2021; Sedana & Dewi, 2017).

Therefore, it can be assumed that Firm X also tends to experience problems in its

Eduvest – Journal of Universal Studies

Volume 1 Number 12, December 2021

1482 http://eduvest.greenvest.co.id

performance if they do not immediately improve the quality of their risk management in

terms of planning and implementation.

The major sources of the firm risk management maturity level

Based on the interviews and observations, this study found three main sources

that caused Company X's level of risk management to be at the Ad-Hoc level. First, the

attitude and perspective of employees who are apathetic towards the implementation of

ERM. The success of the implementation of risk management is strongly influenced by

the attitude of all employees towards policies regarding risk management that apply in the

company. If all employees understand and comply with the policies regarding risk

management that apply in the company, the policies are likely to be implemented well

and achieve success (Braumann, 2018; Jianguo & Qamruzzaman, 2017). However, if all

employees do not comply with the applicable risk management policy, it will be difficult

for the policy to achieve success as expected (Eniowo, Onafadejiadeniyi, &

Ogundejititobiloluwa, 2018; Pratono, 2018).

Second, company X shows no interest in implementing and developing ERM to

its full potential because its executives have experienced a series of successes from its

inception to early 2019. Leadership has a crucial role in the operations of a company. The

attitude of the company's leaders will affect the attitude of the employees as a whole

(Farahnak, Ehrhart, Torres, & Aarons, 2019; Inayah & Balqiah, 2017; Khuwaja, Ahmed,

Abid, & Adeel, 2020). Therefore, if the company's leaders do not consider risk

management important, other employees will most likely not care about risk management

(Gantz & Philpott, 2013). So, if we look at the case that occurred in Firm X, the

unsuccessful implementation of risk management is most likely due to the leader's

attitude who does not care about the risk management policies that apply in the company.

Third, the company's scope and attitude to risk (for example, risk appetite,

tolerance, and capacity) are not in the internal control mechanisms and detailed

procedures. The concept of ERM is not embedded in the company's business activities

and decision-making of its executives. The implementation of risk management must be

an integral part of the company's activities, especially decision-making (Zhu, Haugen, &

Liu, 2021). This is because one of the objectives of risk management is to assist the

leadership in determining policies so that these policies do not endanger the company's

position (Karunathilake et al., 2020; Merkelbachm & Daudin, 2011). However, from the

findings of this study, it can be said that Company X ignores risk management in its

activities and decision making, which of course, has the potential to harm the success of

the company itself.

The barriers and challenges of implementing effective ERM

Based on the results of Firm X's risk management maturity and the participants'

information on the company's internal ERM status, it is found that the main obstacles to

the implementation of the company's internal risk management are highly concentrated

on the company's attitude and perception of understanding and embracing. The concept of

ERM affects the quality of the integration of ERM with company activities and decision-

making. The company's primary task of implementing a risk management mechanism is

to comply with Indonesian financial technology regulations rather than creating and

protecting its value through ERM.

Therefore, X Company's indifference to the implementation of risk management

has brought a series of challenges in realizing the overall and integrated ERM process

within the company. They are: (1) the implementation of internal ERM within the

company is entirely based on the experience and intuition of employees integrating risk

Franciskus Antonius Alijoyo, Ivonne Bonita, and Kevin Bastian Sirait

Evaluation of Risk Management Maturity of a Fintech Firm in Indonesia 1483

management mechanisms into departmental activities, (2) the lack of integration and

cooperation between corporate departments when implementing the ERM process, (3) the

lack of risk management within the company experts to help the company adjust the

department’s views and standard operating procedures from the perspective of risk

management, (4) lack of knowledge and familiarity with ERM tools to use risk

management, (5) insufficient risk reporting and recording in most departments, and (6)

The company has incomplete information on the nature of risks (for example, the scale,

impact, and triggers of the risk) because the flow of risk-oriented information in all

company management is below average.

In other words, the problems that occur in Firm X are mostly at the

implementation level, and these kinds of problems are common in a company (Fraser &

Simkins, 2016). For this reason, Firm X is obliged to improve the quality of its risk

management implementation by increasing the awareness of all employees of the

importance of risk management for the existence and development of the company. This

should start from company leaders who can provide examples of the correct

implementation of risk management. They must also provide examples of how to

implement risk management correctly and prove that it is important to do this. When

leaders give good examples, the other employees normally will follow those good

examples (al-Baradie, 2014; Gächter & Renner, 2018; Hetland, Hetland, Bakker, &

Demerouti, 2018). With the ability of leaders to set an example for other employees, it is

hoped that the implementation of risk management will become a culture within the

company.

Recommendation

Considering the findings of this study, the researcher recommends several things

that can later be used as alternative efforts to increase the risk management maturity of

Firm X. First, Firm X must build awareness and ownership of risk management for all

employees. In detail, this includes: (1) building awareness and understanding of the

proper implementation of risk management at the top and middle management levels by

way of continuous executive direction, (2) building the board's commitment to leadership

and ownership risk-taking so that risk management is carried out effectively, a systematic

approach based on integrated risk management principles, frameworks and processes, and

(3) awareness building on risk management for all employees by conducting training,

focus group discussions, and risk management competency certification for personnel,

and at a later stage, in establishing risk ownership at all levels of company management,

it is advisable to link their performance indicators with risk management.

Second, it is necessary to reorganize the company's priorities and objectives in

implementing risk management. Given that the implementation of ERM is carried out

according to the ISO 31000 standard, what needs to be done is (1) to establish risk

management policies and standard operating procedures from the level of the strategic

decision-making process to the level of operational business processes, (2) to ensure that

all elements of risk management are linked to indicators key performance of employees,

and (3) realizing the consistent and continuous implementation of the three pillars of the

ISO 31000 standard, namely principles, frameworks, and risk management processes.

Third, it is necessary to integrate the implementation of the ISO 31000 standard

into all aspects of company X, which include: (1) alignment of the company's ERM

program with its objectives, with the aim that all employees understand the importance

and relevance of risk management to company sustainability, (2) implementation of

management processes risk explicitly into the company's strategy in achieving its

Eduvest – Journal of Universal Studies

Volume 1 Number 12, December 2021

1484 http://eduvest.greenvest.co.id

objectives so that employees understand the criticality and importance of risk

management in the company's strategy and build strong risk ownership, (3) certainty of

the availability of resources in implementing risk management to the company, (4)

implementation of periodic evaluations of company performance based on the identified

risks and their impacts, (5) regular communication of company policies and their position

and focus on managing and overcoming the identified risks, and (6) periodic evaluation

of the progress of risk management implementation within the company.

CONCLUSION

The ERM maturity assessment results show that X company's ERM maturity is at a

temporary level. This means that Company X is in a state of incompetence and

incompetence, unable to use ERM methods to protect and create company value.

Especially in terms of regulatory compliance, the company has fulfilled all regulations

and requirements imposed by regulatory agencies on enterprise risk management.

However, in terms of performance, the quality and effectiveness of the company's ERM

process are below the standard. Although Company X has adopted the ISO 31000

standard as a guide for the implementation and integration of ERM processes in its

activities, its risk management department's role is only to deal with legal risks, while its

IT department manages the company's general risks. Therefore, the company's limited

scope and awareness of the necessity of applying risk management hindered the quality

and effectiveness of its ERM process in the overall identification and management of

risks.

The fundamental reason for company X's low ERM maturity is its indifferent

attitude towards the concept and role of its internal risk management. Since regulatory

requirements and regulations drive the implementation of ERM, the definition and

interpretation of risks and ERM are not clearly stated and presented in the company's

internal control mechanisms and procedures. Therefore, the company's risk-related

information flow is limited because it is only passed to two departments (ie, risk and IT

departments)

Since this research is a case study method, the specific conditions of Firm X are

different from other fintech companies in Indonesia or any other part of the world.

Therefore, the results and recommendations are valid for the fintech companies of

particular interest in this research. Therefore, further research involving more companies

is needed to reveal the average level of ERM maturity in Indonesia's fintech industry and

the obstacles and challenges that hinder fintech companies from improving their ERM

maturity. It intends to increase the generalizability of future research results when

assessing the ERM maturity level of fintech companies and their industries. In addition,

for every financial technology company that uses the ISO 31000 standard as a guide, it is

recommended to consider applying an ERM maturity model that is clearly designed

according to the requirements and specifications of the ISO 31000 standard to evaluate

and improve its ERM effectiveness and maturity level.

REFERENCES

Adeyoju, Ademola. (2021). Cybercrime and Cybersecurity: FinTech’s Greatest

Challenges. SSRN Electronic Journal, 1–5. https://doi.org/10.2139/ssrn.3486277

al-Baradie, Raidah S. (2014). Encouraging the heart. International Journal of Pediatrics

and Adolescent Medicine, 1(1), 11–16.

https://doi.org/https://doi.org/10.1016/j.ijpam.2014.09.008

Franciskus Antonius Alijoyo, Ivonne Bonita, and Kevin Bastian Sirait

Evaluation of Risk Management Maturity of a Fintech Firm in Indonesia 1485

Alsaadi, Nasser. (2020). The Impact of Risk Management Practices on the Performance

of Construction Projects. Estudios de Economia Aplicada, 39(4).

https://doi.org/DOI: http://dx.doi.org/10.25115/eea.v39i4.4164 Volumen:39-4

Aven, Terje. (2016). Risk assessment and risk management: Review of recent advances

on their foundation. European Journal of Operational Research, 253(1), 1–13.

https://doi.org/https://doi.org/10.1016/j.ejor.2015.12.023

Barbu, Cătălin Mihail, Florea, Dorian Laurenţiu, Dabija, Dan Cristian, & Barbu, Mihai

Constantin Răzvan. (2021). Customer experience in fintech. Journal of Theoretical

and Applied Electronic Commerce Research, 16(5), 1415–1433.

https://doi.org/10.3390/jtaer16050080

Braumann, Evelyn C. (2018). Analyzing the Role of Risk Awareness in Enterprise Risk

Management. Journal of Management Accounting Research, 30(2), 241–268.

https://doi.org/10.2308/jmar-52084

Chaudhry, Sajid M., Ahmed, Rizwan, Huynh, Toan Luu Duc, & Benjasak, Chonlakan.

(2022). Tail risk and systemic risk of finance and technology (FinTech) firms.

Technological Forecasting and Social Change, 174, 121191.

https://doi.org/https://doi.org/10.1016/j.techfore.2021.121191

Ebenezer, Olalere Oluwaseyi, & Omar, Wan Ahmad bin. (2016). Risk Management and

the Financial Performance of Commercial Banks in Nigeria : A Literature Review

Revisited. IOSR Journal of Economics and Finance, 7(2), 14–19.

https://doi.org/10.9790/5933-0702031419

Ekwere, Nsikan. (2016). Framework of Effective Risk Management in Small and

Medium Enterprises (SMESs): a Literature Review. Bina Ekonomi, 20(1), 23–46.

https://doi.org/10.26593/be.v20i1.1894.23-46

El Shal, Bahaa, & Kadery, Mona. (2021). Organizational Project Management Maturity

Effect on the Relationship Between Entrepreneurial Orientation and Organizational

Performance in Egyptian Organizations. Journal of Business and Management

Sciences, 9(1), 36–49.

Eniowo, D. Olushola, Onafadejiadeniyi, O., & Ogundejititobiloluwa, Y. (2018). The

Effect of Employees ’ Orientation on Risk Management in Leigh and Lloyd Mining

Firm. International Journal of Business and Management Invention, 7(4), 20–27.

Farahnak, Lauren R., Ehrhart, Mark G., Torres, Elisa M., & Aarons, Gregory A. (2019).

The Influence of Transformational Leadership and Leader Attitudes on Subordinate

Attitudes and Implementation Success. Journal of Leadership & Organizational

Studies, 27(1), 98–111. https://doi.org/10.1177/1548051818824529

Fraser, J. R. S., & Simkins, B. J. (2016). The challenges of and solutions for

implementing enterprise risk management. Business Horizons, 59(6), 689–698.

https://doi.org/10.1016/j

Gächter, Simon, & Renner, Elke. (2018). Leaders as role models and ‘belief managers’ in

social dilemmas. Journal of Economic Behavior & Organization, 154, 321–334.

https://doi.org/https://doi.org/10.1016/j.jebo.2018.08.001

Gantz, Stephen D., & Philpott, Daniel R. (2013). Chapter 3 - Thinking About Risk

(Stephen D. Gantz & Daniel R. B. T. FISMA and the Risk Management Framework

Philpott, Eds.). https://doi.org/https://doi.org/10.1016/B978-1-59-749641-4.00003-5

Hartono, Budi, Wijaya, Deo F., & Arini, Hilya M. (2019). The impact of project risk

management maturity on performance: Complexity as a moderating variable.

International Journal of Engineering Business Management, 11,

1847979019855504. https://doi.org/10.1177/1847979019855504

Hasan, Nida Nadya, Rahmadini, Fatia, Indonesia, Universitas, & Indonesia, Universitas.

(2021). terhadap Risiko Perbankan Application Risk. 1(2), 67–84.

Eduvest – Journal of Universal Studies

Volume 1 Number 12, December 2021

1486 http://eduvest.greenvest.co.id

Hetland, Jørn, Hetland, Hilde, Bakker, Arnold B., & Demerouti, Evangelia. (2018). Daily

transformational leadership and employee job crafting: The role of promotion focus.

European Management Journal, 36(6), 746–756.

https://doi.org/https://doi.org/10.1016/j.emj.2018.01.002

Inayah, Asty Khairi, & Balqiah, Tengku Ezni. (2017). The influence of leadership style

on organizational culture. Accounting & Business Conference 2017, 405–421.

Jianguo, Wei, & Qamruzzaman, Md. (2017). Management Practice : A case study of the

financial sector in Bangladesh. The Cost and Management, 45(November).

Junkes, M. Bernadete, Tereso, Anabela P., & Afonso, Paulo S. L. P. (2015). The

Importance of Risk Assessment in the Context of Investment Project Management:

A Case Study. Procedia Computer Science, 64, 902–910.

https://doi.org/https://doi.org/10.1016/j.procs.2015.08.606

Kareem, Hayder M., Duhaidahawi, Al, Zhang, Jing, & Abdulreza, Mustafa S. (2020).

Research in Business & Social Science Analysing the effects of FinTech variables

on cybersecurity : Evidence form Iraqi Banks. International Journal of Research in

Business and Social Science, 9(6), 123–133.

Karunathilake, Hirushie, Bakhtavar, Ezzeddin, Chhipi-Shrestha, Gyan, Mian, Haroon R.,

Hewage, Kasun, & Sadiq, Rehan. (2020). Chapter Seven - Decision making for risk

management: A multi-criteria perspective. In Faisal I. Khan & Paul R. B. T.

Methods in Chemical Process Safety Amyotte (Eds.), Advanced Methods of Risk

Assessment and Management (Vol. 4, pp. 239–287).

https://doi.org/https://doi.org/10.1016/bs.mcps.2020.02.004

Khuwaja, Uzair, Ahmed, Kaleem, Abid, Ghulam, & Adeel, Ahmad. (2020). Leadership

and employee attitudes: The mediating role of perception of organizational politics.

Cogent Business & Management, 7(1), 1720066.

https://doi.org/10.1080/23311975.2020.1720066

Li, Jianping, Li, Jingyu, Zhu, Xiaoqian, Yao, Yinhong, & Casu, Barbara. (2020). Risk

spillovers between FinTech and traditional financial institutions: Evidence from the

U.S. International Review of Financial Analysis, 71, 101544.

https://doi.org/https://doi.org/10.1016/j.irfa.2020.101544

Li, Linshan. (2018). A Study on Enterprise Risk Management and Business Performance.

Journal of Financial Risk Management, 07(01), 123–138.

https://doi.org/10.4236/jfrm.2018.71008

Makina, Daniel. (2019). 14 - The Potential of FinTech in Enabling Financial Inclusion

(Daniel B. T. Extending Financial Inclusion in Africa Makina, Ed.).

https://doi.org/https://doi.org/10.1016/B978-0-12-814164-9.00014-1

Merkelbachm, Maarten, & Daudin, Pascal. (2011). From Security Management To Risk

Management: Critical Reflections On Aid Agency Security Management And The

ISO Risk Management Guidelines. Security Management Initiative, 59.

Mohammed, Hamdu Kedir, & Knapkova, Adriana. (2016). The Impact of Total Risk

Management on Company’s Performance. Procedia - Social and Behavioral

Sciences, 220, 271–277. https://doi.org/10.1016/j.sbspro.2016.05.499

Narayan, Seema Wati. (2020). Does fintech matter for Indonesia’s economic growth?

Buletin Ekonomi Moneter Dan Perbankan, 22(4), 437–456.

https://doi.org/10.21098/bemp.v22i4.1237

Otero González, Luís, Durán Santomil, Pablo, & Tamayo Herrera, Aracely. (2020). The

effect of Enterprise Risk Management on the risk and the performance of Spanish

listed companies. European Research on Management and Business Economics,

26(3), 111–120. https://doi.org/https://doi.org/10.1016/j.iedeen.2020.08.002

Franciskus Antonius Alijoyo, Ivonne Bonita, and Kevin Bastian Sirait

Evaluation of Risk Management Maturity of a Fintech Firm in Indonesia 1487

Ozili, Peterson K. (2018). Impact of digital finance on financial inclusion and stability.

Borsa Istanbul Review, 18(4), 329–340.

https://doi.org/https://doi.org/10.1016/j.bir.2017.12.003

Pratono, Aluisius Hery. (2018). Does firm performance increase with risk-taking behavior

under information technological turbulence?: Empirical evidence from Indonesian

SMEs. Journal of Risk Finance, 19(4), 361–378. https://doi.org/10.1108/JRF-10-

2017-0170

Saksonova, Svetlana, & Kuzmina-Merlino, Irina. (2017). Fintech as Financial Innovation

– The Possibilities and Problems of Implementation. European Research Studies

Journal, 20(3), 961–973. https://doi.org/10.1021/ja00368a049

Sedana, Ida Bagus Panji, & Dewi, Ni Made Indah Purnama. (2017). Efektivitas

Manajemen Risiko Dalam Mengendalikan Risiko Kredit Di Pt Bank Rakyat

Indonesia. E-Jurnal Manajemen Universitas Udayana, 6(8), 244607.

Sennewald, Charles. (2011). Effective Security Management (5th ed.).

https://doi.org/https://doi.org/10.1016/C2009-0-63531-5

Setiawaty, Agus. (2016). Pengaruh Mekanisme Good Corporate Governance Terhadap

Kinerja Perbankan Dengan Manajemen Risiko Sebagai Variabel Intervening.

Kinerja : Jurnal Ekonomi Dan Manajemen, 13(1), 17–24.

Silva Rampini, Gabriel Henrique, Takia, Harmi, & Berssaneti, Fernando Tobal. (2019).

Critical Success Factors of Risk Management with the Advent of ISO 31000 2018 -

Descriptive and Content Analyzes. Procedia Manufacturing, 39, 894–903.

https://doi.org/https://doi.org/10.1016/j.promfg.2020.01.400

Sinurat, Andreas Mulatua, & Siregar, Sylvia Veronica. (2019). The effect of risk

management on firm financial performance. Proceedings of the 33rd International

Business Information Management Association Conference, IBIMA 2019:

Education Excellence and Innovation Management through Vision 2020, 2(3),

9818–9827.

Susanto, Azhar, & Meiryani. (2018). The importance of risk management in an

organizations. International Journal of Scientific and Technology Research, 7(11),

103–107.

Zhang, Lin Lin, & Kim, Ha Kyun. (2020). The influence of financial service

characteristics on use intention through customer satisfaction with mobile fintech.

Journal of System and Management Sciences, 10(2), 82–94.

https://doi.org/10.33168/jsms.2020.0206

Zhu, Tiantian, Haugen, Stein, & Liu, Yiliu. (2021). Risk information in decision-making:

definitions, requirements and various functions. Journal of Loss Prevention in the

Process Industries, 72, 104572.

https://doi.org/https://doi.org/10.1016/j.jlp.2021.104572