The relationship between the risks of adopting FinTech in banks and their impact on the performance

Abstract

Banks give great attention to identifying the risks of adopting FinTech and the extent of its negative impact on their business. This study aims to explore the relationship between the risks of adopting FinTech in banks and their impact on performance, where the balanced scorecard was used to measure performance. This study identifies four risks, which are the most important risks affecting FinTech in banks: systemic risks, operational risks, outsourcing risks, and cyber risks. The data was collected through a questionnaire for 263 respondents at the managerial level of bank branches in Yemen from October to December 2021. Structural equation modeling PLS-SEM and a disjoint two-stage approach were used to approve the model’s constructs. The current study proved the validity of the proposed relationship between the risks and the effect of risk variables on each other, except for the impact of outsourcing risks on cyber risks. Also, the study result is that cyber risks and operational risks of adopting FinTech have a negative impact on banks’ performance. But the outsourcing risks of the adoption of FinTech have a positive impact on banks’ performance the systemic risks do not affect banks’ performance. Therefore, this study is considered one of the rare studies that contribute to analyzing the risks of adopting FinTech in banks and its impact on performance. In addition, it gives a clear picture for decision-makers in banks to identify the dark side of FinTech adoption.

Keywords:

• FinTech
• cyber risks
• outsourcing risks
• operational risks
• systemic risks
• balanced scorecard
• banks’ performance

PUBLIC INTEREST STATEMENT

Financial technology is a current topic that has caused a sensation in financial and banking businesses. Banks have also given great attention to these digital FinTech technologies and provide their services. The adoption of modern technologies results in risks; these risks need a deep study to know these risks and to what extent they affect business organizations. The current study presents the risks of adopting FinTech in banks, the impact of these risks on each other, and their impact on the performance of banks that adopt financial technology.

1. Introduction

FinTech has been met with great resonance in the field of financial business because of the significant changes it has brought about in financial services. Some researchers have even called it the FinTech revolution (Blakstad & Allen, 2018; Cortina & Schmukler, 2018; Gomber et al., 2018) due to its connection to modern digital technologies such as cloud computing, big data, artificial intelligence, the Internet of Things, and Blockchain and its integration into financial business and the emergence of FinTech companies and the provision of their digital financial services, which attracted many customers and banks to adopt and use them. This is due to banks’ benefits when adopting FinTech technologies and providing their services. However, there are risks affecting the banks that adopt FinTech (Saleem, 2021). The subject of FinTech has received significant attention from researchers and an audience that is generally interested in it, and studies and research have been submitted about it. However, it has not been explored fully, except for a few studies and research. This includes the risks of adopting FinTech in banks and their repercussions and effects.

After an insightful reading of previous studies, the researchers observed a correlation and an effect between the risk variables. Therefore this sparked the researchers’ curiosity to know the existence of a relationship or influence between the risk variables of FinTech adoption in banks. The researchers have presented a proposed relationship between the risks of adopting FinTech in banks with each other through the risk variables used in this study. The researchers proposed the impact of outsourcing risks on cyber and operational risks. They suggested the impact of cyber risks on operational and systemic risks and the impact of operational risks on systemic risks. The hypotheses for this proposal were developed and tested.

Systemic risks arise from systemic errors and problems in one bank that negatively affects the entire financial system, further affecting the real economy (Kemp, 2017). FinTech services operate on the Internet and computer networks, which may be vulnerable to cyber-attacks or technical errors that may cause a problem in the financial institution’s system. It may not stop there but may affect the entire financial sector. Since the banking system is interconnected (Gu et al., 2019), this may affect financial stability significantly, the financial crisis of 2008 being an excellent example of systemic risks (Buckley et al., 2019).

Operational risk is the risk of human error or software or technical errors that may occur during the production of services, which are defined as potential errors resulting from poor internal processes and errors in systems and programs used in production operations. The Basel Committee (Supervision), B. (Basel C. on B, 2018) also clarified that operational risks represent the cost associated with internal process errors, whether from individuals or systems or external environmental events. This was confirmed (Hasan, 2019), as he clarified that operational risks are considered losses resulting from the absence of an accurate internal control system that detects errors and problems first-hand. Moreover, operational risks are considered to be one of the most important risks for customers, as they have a significant impact on their use of FinTech services (Ryu, 2018). Global risks trade finance report (Martinez, 2013) indicates that the continuous monitoring processes to verify the internal processes and the highly qualified, trained, and experienced employees can reduce operational risks.

Many banks may outsource to adopt digital FinTech technologies and services. But outsourcing may have risks (Sridharan, 2021) that must be worked on. One of the most important risks is access to important confidential data and information and intellectual assets (Supervision), B. (Basel C. on B, 2018), which may be exposed to violations or misuse. Therefore, it is necessary to identify the risks of outsourcing and its impact on the performance of banks, so this research gap will be studied in the current study. The study (Samantra et al., 2014) also clarified that outsourcing refers to dealing with information technology services or functions to achieve strategic advantages and cost benefits. While (Bahli & Rivard, 2003) defined outsourcing risks as a four-way group that includes a scenario, the probability of this scenario occurring, the consequences, and risk mitigation mechanisms, which can mitigate or help avoid the scenario’s occurrence.

There are risks affecting FinTech companies and financial institutions that adopt FinTech, such as cyber threats that have emerged very quickly (Jayalath & Premaratne, 2021). It has recently been noted that the rate of cybercrime in the financial sector has increased due to the increased use of modern technology and the Internet (Panetta, 2018), which may bring Internet risks to it. This is what made the banks that provide FinTech services and the FinTech companies state readiness and alertness to prevent cyber-attacks (Najaf et al., 2020). Cebula and Young (2010) define cyber risks as “operational risks to information and technology assets that have consequences for the confidentiality, availability, or integrity of information or information systems.” Cyber risks could affect the technology through three things: confidentiality, integrity, and availability (Saleem, 2021). They can be divided into three types: operational, tactical, and strategic (Mehrban et al., 2020). The increased interdependence between financial institutions (Buckley et al., 2019; Vučinić, 2020), the use of the same programs and systems (Buckley et al., 2019), the weak communication between financial institutions increase cyber risks and attract digital thieves (Mesic, 2021).

The current study looks at the relationship between adopting FinTech risks and their impact on the performance of banks in Yemen. This study determines that FinTech risks include systemic, operational, outsourcing, and cyber risks. Bank performance was measured using a balanced scorecard, which comprises four perspectives—financial perspective, customer perspective, internal operation perspective, and education and growth perspective. When reviewing literature studies, it was found that there is a lack of research on the impact of FinTech risks on bank performance when using FinTech. An academic perspective and an analytical approach are brought to the risks banks face due to FinTech adoption by identifying and analyzing the systemic, operational, outsourcing, and cyber risks associated with banks’ performance. This study intends to investigate the impact of these risks of FinTech adoption on banks’ performance and with each other.

The study has presented a proposed relationship between the risks of adopting FinTech in banks with each other through the risk variables used in this study. The researcher proposed the impact of outsourcing risks on cyber and operational risks and suggested the impact of cyber risks on operational and systemic risks and the impact of operational risks on systemic risks. The hypotheses for this proposal were developed and tested.

Banks are considered important economic sectors over the world including banks in Yemen. Therefore, the study of FinTech and its effects on the banking sector has attracted the interest of many researchers because of its great importance for the consumer, the banking sector, and the governments (Wonglimpiyarat, 2017).

The Motives for growth and development of FinTech in the Yemeni Banking sector:

1. 75% of the Yemeni population is younger than 30 years old. Most of mobile phone users and Internet dealers are mostly young people of this age. This is a great opportunity for banks to adopt FinTech in providing financial services. 2. More than 70% of the population of Yemen lives in the countryside, so it is very difficult for banks to be in rural areas. This makes it an opportunity for banks to adopt technological development in financial services, which saves time, effort, and cost to deal with the bank traditionally. 3. According to the 2014 Global Financial Inclusion Indicators measurement, only 6% of the ownership of bank accounts is from adults, which is a very low rate. While Yemen Socio-Economic publication (Em, n.d.,2018), estimated about 1.8 million Yemenis only have bank accounts. 4. According to (Yemen Socio-Economic (Em, n.d.,2018) there is a decrease in the number of branches of expenses, which provides one branch for every 94,496 people. It concentrates its spread in urban areas, while 70.8% of the population lives in rural areas, and this hinders the access of a large segment of people to banking services. 5. According to Internet world stats, the number of Internet users has increased from one year to another. In 2018, the number of Internet users reached 7,031,784, compared to previous years, as in 2016 is 6,700,000. All of these factors motivate the banks to adopt FinTech and can take attention to make plans to avoid or reduce the effectiveness risks of adopting FinTech in banks. This study helps decision-makers in banks to do that.

Therefore, the study is considered one of the rare studies that contribute to analyzing the relationship between the risks of adopting FinTech in banks and their impact on performance. Through exploring the most critical risks of adopting FinTech in banks: systemic risks, operational risks, outsourcing risks (Saleem, 2021; Supervision), B. (Basel C. on B, 2018), cyber risks, and their impact on performance.

2. Review of literature

2.1. FinTech and performance

According to previous studies, academics utilize several metrics and models to assess the performance of banks, such as the CAMELS model, which was created in 1979 by regulatory authorities in the United States of America. The CAMELS model is divided into six dimensions: capital adequacy, asset quality, management quality, earnings, liquidity, and risk (Rozzani & Rahman, 2013). This model aids in the detection of issues before they develop. Furthermore, the PEAIS model focuses on financial performance operations such as asset protection and efficient financial structures, asset quality, rates of return and expenses, liquidity, and growth (Kasem et al., 2008), as well as the PATROL model, which is a financial performance monitoring tool that provides a detailed image of the institutions. This model consists of five parts: capital sufficiency, profitability, credit quality, organization (management), and liquidity (Brewer et al., 1994). Looking at past models, the researchers found that most of them concentrate on financial performance since they provide information about what occurred in the past. The balanced scorecard model is one of the most often used methods for assessing financial and non-financial performance in banks. It has provided performance metrics for non-financial views such as customer, internal operations, and education and growth. The balanced scorecard approach allows for translating a bank’s strategic vision into more concrete objectives and indicators in measurement and a focus on the outcomes in the short term in the organization’s long-term plan. So the present study adopts the balanced scorecard model.

In previous studies, when the impact of the adoption of financial technology in banks on their performance was investigated, it was found that researchers use the following procedures:

1-The rate of return on assets and the rate of return on equity, both of which indicate profitability indicators. They are regarded as quantitative metrics within indicators used to assess financial performance. These studies include (Hasaka, 2019; Ky et al., 2019; Nguyen et al., 2021; Singh et al., 2021).

2-While some research opted to assess performance by creating questionnaire questions, such as the studies (Al-Dmour et al., 2020; Chen et al., 2021; Dwivedi et al., 2021).

According to (Kaplan, R. S., Norton, D. P., Norton, D. R., Marvin Bower Professor of Leadership Development Boston, H. B. S. & Collaborative, B. S, 2005), a balanced scorecard is a tool for measuring integrated and comprehensive organizational performance. It is the incorporation of a collection of financial and non-financial performance indicators. Through information exchanged between the four perspectives, the balanced scorecard consists of two perspectives that measure internal performance (internal operations perspective, education, and growth perspective) and two perspectives that measure external performance (financial perspective and customers’ perspective).

2.2. Conceptual framework and research hypothesis

2.2.1. Cyber Risks

Studies of (Saleem, 2021) and (Vučinić, 2020) show that cyber risks threaten financial institutions FinTech companies, that use modern digital technology in their business and provide their services. This is what attracts a lot of digital thieves and cybercriminals to try to breach and tamper with data. The study (Mesic, 2021) indicates that some of the various institutions linked to each other by poor means of communication make them vulnerable to cyber-attacks. While the study by (Buckley et al., 2019) shows that many institutions use the same programs, infrastructure, and cloud computing, making them more vulnerable to cyber risks. This was supported by a study by (Najaf et al., 2020), indicating that one of the possible reasons for cyber-attacks is the compatibility of FinTech companies with financial institutions in providing their services. Studies of (Buckley et al., 2019; Mehrban et al., 2020; Panetta, 2018) indicate that the use of cloud computing without a high degree of security might be one of the causes of cyber risks due to the nature of its work in obtaining services and transferring data to more than one device, which makes it an opportunity for hackers and electronic criminals to penetrate data and attack them and manipulate them. The study of (Buckley et al., 2019) also indicates that financial intermediaries might use external service providers (i.e., outsourcing) for essential functions, which may expose data to cyber risks due to its movement between external service providers and financial agents. Studies of (Giudici, 2018; Kaur et al., 2021; Panetta, 2018; Supervision), B. (Basel C. on B, 2018) also show that cyber risks affect financial institutions and FinTech companies. So the hypothesis will be as follows.

H1: There is a statistically significant negative impact of cyber risks on the performance of banks that adopt FinTech.

H1a- H1d: There is a statistically significant negative impact of cyber risks on banks’ performance prospectives (H1a Financial Perspective, H1b Customer Perspective, H1c Operation internal Perspective, and H1d Education and growth Perspective) adopting FinTech.

2.2.2. Outsourcing risks

The study of (Qin et al., 2012) shows that there are ten risks of outsourcing when adopting information technology, including the risks of maintaining the confidentiality of important strategic data and information for the organization. Studies by (Aubert et al., 2004; Hoecht & Trott, 2006) have shown that preserving data and information from leakage and security problems may cause a financial institution to lose its competitiveness. The study (Supervision), B. (Basel C. on B, 2018) indicates that outsourcing risks are more serious when global players control third parties to provide part of the digital services that banks want to adopt. The study (Lim & Thng, 2021) has noted that by outsourcing access to digital technologies to FinTech, there may be risks in accessing confidential data and information, which no other party should not be aware of.

H2: There is a statistically significant negative impact of outsourcing risks on the performance of banks that adopt FinTech.

H2a- H2d: There is a statistically significant negative impact of outsourcing risks on banks’ performance prospectives (H2a Financial Perspectives, H2b Customer Perspectives, H2c Operation internal Perspectives, and H2d Education and growth Perspectives) adopting FinTech.

2.2.3. Operational risks

The study (Safeza Mohd Sapian et al., 2021) indicates that the use of FinTech in banks leads to banks’ exposure to operational risks or it poses other operational challenges. While the study (Khalil & Alam, 2020) shows that banks’ cooperation with FinTech companies may lead to operational risks and that there are 18 operational risk events. The study (Romanova & Kudinska, 2016) also reports that the development of FinTech adds additional risks, including an increase in operational risks. And it supports the study (Saleem, 2021), which concludes that there is a positive relationship between the development of FinTech and the perceived risks, including the operational risks, which represent (36%) of the perceived FinTech risks. In addition, the study of (M. M. Ali et al., 2021) states that customers are aware of the risks they may face from using FinTech services, such as operational risks. The study (Ryu, 2018) indicates that operational risks represent a significant obstacle for clients to use financial technology services.

H3: There is a statistically significant negative impact of operational risks on the performance of banks that adopt FinTech.

H3a- H3d: There is a statistically significant negative impact of operational risks on banks’ performance prospectives (H3a Financial Perspective, H3b Customer Perspective, H3c Operation internal Perspective, and H3d Education and growth Perspective) adopting FinTech.

2.2.4. Systemic risks

The study (Zhu & Hua, 2020) indicates a positive relationship between the development of online finance and banking systemic risks. Also, FinTech is achieved via the Internet and networks, so any technical error or malicious attack may lead to systemic risks if not the failure of the entire system (Yuan & Xu, 2020). This is supported by the study of (Bu et al., 2021), which confirms that the development of FinTech increases systemic financial risks. The study (Vučinić, 2020) indicates that despite the benefits of FinTech, which helps in financial stability, it is likely that this will negatively affect systemic risks, which may undermine financial stability. While some studies have suggested that the development of FinTech is not affected by the increase in systemic risks. The study (Giudici, 2018) indicates that the digital technologies used in FinTech, such as big data, artificial intelligence, and blockchain, help manage risks more efficiently. This is done by measuring and controlling systemic risks, measuring and controlling market risks and detecting customer risks, identifying illegal activities in the crypto markets such as fraud and money laundering, and identifying operational and information technology risks. The study of (Franco et al., 2020) supports this, which shows that FinTech companies do not contribute significantly to systemic risks. Also, the study of (Buckley et al., 2019) indicates that it does not believe that systemic risks do not come from FinTech.

H4: There is a statistically significant negative impact of systemic risks on the performance of banks that adopt FinTech.

H4a- H4d: There is a statistically significant negative impact of systemic risks on banks’ performance prospectives (H4a Financial Perspective, H4b Customer Perspective, H4c Operation internal Perspective, and H4d Education and growth Perspective) adopting FinTech.

2.2.5. Outsourcing risks with cyber risks

There is an influence relationship between outsourcing risks with cyber risks

Where (Bouveret, 2018) clarified that the risks of outsourcing may lead to cyber risks, without any nefarious intention to do so, because cyber risks may not be through electronic attacks, but maybe when programs and technologies are updated and errors occur that lead to cyber risks. The study (Mesic, 2021) indicated that the adoption of digital programs and technologies for third parties may lead to exposure to cyber risks when several institutions are linked and the communication between them is not strong and effective at the same time, which may allow hackers to penetrate these systems. The study (Buckley et al., 2019) also indicated that when outsourcing the adoption of some digital technologies in the financial sector, third parties may look at or access company, bank, or customer data, and this may lead to the risks of their misuse by employees, and this is one of the threats Outsourcing may create a fertile environment for cyber risks. The study (Chapelle, 2019) also indicated that cyber risks, which are one of the most prominent risks in the recent period, are caused by a number of other risks, including the risks of outsourcing. Through the foregoing studies, we conclude that the risks of using external sources may contribute to cyber risks.

H5: Outsourcing risks have a statistically significant impact on cyber risks.

2.2.6. Outsourcing risks with operational risks

There is an impact relationship between outsourcing risks and operational risks.

The (BCBS, 2018) study showed that when banks rely on a third party to adopt digital technologies, where the management of these technologies is controlled by third parties, the transparency of operations decreases, which increases operational risks. The study (Vučinić, 2020) also indicated that some digital technologies in the financial field, such as cloud computing, contribute to operational risks. Furthermore, these risks increase when banks use external parties to provide them with this technology. The study (Chapelle, 2019) indicated that outsourcing at times poses significant threats that may increase operational risks. Therefore, operational risks need to be focused on financial institutions, especially banks, and use external sources to adopt digital technologies.

H6: Outsourcing risks have a statistically significant impact on operational risks.

2.2.7. Cyber risks with systemic risks

There is an impact relationship between cyber risks and systemic risks.

The study (Yuan & Xu, 2020) indicated that FinTech operates on the Internet and networks, and when any technical error or malicious attack occurs for any financial institution, it may affect the entire financial sector and may lead to its failure. Therefore, individual risk may affect other financial institutions and the entire financial system (Buckley et al., 2019). The study (Buckley et al., 2019) showed that cyber threats and risks are the main sources of systemic risks in the financial sector. The study (Lukonga, 2018) indicated that appropriate safeguards must be put in place for banks using digital technologies from a malicious cyber-attack that may not affect individually but may affect the banking sector as a whole. The study (Safeza Mohd Sapian et al., 2021) indicated that in the event of a cyber attack on any FinTech platform on which trade finance activities depend on, this may affect a systemic collapse of the trade finance market. From the above studies, it is clear that there is an impact relationship between cyber risks and systemic risks.

H7: Cyber risks have a statistically significant impact on operational risks.

2.2.8. Cyber risks with operational risks

There is an impact relationship between cyber risks and operational risks.

The research (Cebula & Young, 2010) also clarified that cyber risks are the confidentiality of data and information and that any risks in them lead to operational risks. This study also shows that the cyber risks that affected the operational risks are divided into four categories as follows: 1. People’s actions 2. Failures of systems and technology 3. Failed internal processes 4. External events. Each category is divided into subcategories. The study (Saleem, 2021) reached results showing that there is a positive statistically significant relationship between FinTech and perceived risks, including cyber risks and operational risks.

H8: Cyber risks have a statistically significant impact on systemic risks.

2.2.9. Operational risks and systemic risks

Existence of an impact relationship between operational risks and systemic risks.

The study (M. M. Ali et al., 2021) concluded that Systemic risks are the most important determinant of perceived risks, including operational risks.

H9: Operational risks have a statistically significant impact on systemic risks.

3. Methods of the study

3.1. Collection of data

The descriptive and causal modeling tests were utilized as approaches in this study, which used a quantitative research method. For data collection, the survey approach used a questionnaire. The questionnaire had a 30-item instrument that quantified respondents’ systemic risks, operational risks, outsourcing risks, and cyber risks as measures of the risks of FinTech adoption. Simultaneously, financial perspectives, customer perspectives, internal operations perspectives, and education and growth perspectives assess the banks’ performance using balanced scorecard prospectives.

The research population consists of 824 questionnaires distributed to five main banks and their 206 branches in Yemen that provide FinTech payment services. About 310 questionnaires- 37.6% were distributed from October to December 2021, of which 263 questionnaires- 23%, were returned to be analyzed in this study depending on the size of the banks, see, table 1, 2.

Table 1. Population of the study

No. of main banks	No. of branches	Number of responses per branch	Total of responses for branches
5	206	4	824

Table 2. Names of banks with distributed, analyzed, and percentage

Banks	Distributed	Analyzed	Percentage
Cooperation Agricultural Credit Bank	75	59	22.4
Yemen Kuwait Bank	30	23	8.7
Tadamon International Islamic Bank	30	26	9.9
Al-Amal Microfinance Bank	25	19	7.2
Alkuraimi Islamic Bank	150	136	51.7
Total	310	263	100

Many academics at the Commerce department at Dr. Babasahab Ambedkar Marathwada University—Aurangabad, India, and professors in the Colleges of Commerce and Management at Sana’a and Thamar Universities in Yemen, assessed the questionnaire. The questionnaire was delivered to the managerial level, which included the branch manager, deputy branch manager, Customer Service Officer, and banking transaction officer. Using a stratified random sample method, the sample size dependent on stratum size was calculated for each bank since the sizes of banks vary depending on the number of branches from one bank to another. The increased number of branches allows bank services to reach more individuals.

3.2. Statistics methodology

This research paper follows the SEM model as described by (Anderson & Gerbing, 1988). It is a fantastic method for testing and estimating multivariate causal links’ (Fan et al., 2016). Smart PLS 3.3.3 is used to create SEM to test the proposed model (Hair et al., 2020). PLS is used in IS research in a wide sense (Geijteman & Mevius, 2016; Urbach & Ahlemann, 2010; Henseler et al., 2016). There is no dispute regarding the spread of components that promote reasonable systemic precision (Urbach & Ahlemann, 2010). It is also a useful model utilized in complex research, with a lot of constructs and pointers (Urbach & Ahlemann, 2010; Nitzl & Chin, 2017). It includes two standard related models, the measurement and the structural models.

The repeated indicator method cannot be used in the reflective formative technique in the second order when R² = 1.00 and path coefficient = 0.000. It should use a disjoint two-stage technique or expand on the repeated indicator method (Sarstedt et al., 2019). When using the repeated indicator strategy, the R² = 1.00 and the path coefficient = 0.000 in the present study, as shown in Figure 1. As a result, a disjoint two-stage approach was used for this inquiry. Furthermore, due to the second-order formative construct and the lack of equivalent indicators in lower-order reflective constructs (Becker et al., 2012), mode-B is the measuring mode (Aggarwal & Kapoor, 2021; F. F. Ali et al., 2018).

Figure 1. The diagram indicates to repeated indicator approach, reflective-formative.

Source: Results of a statistical analysis based on Smart-PLS.

The second-order construct is not represented in the conceptual model due to the followed guidelines (Joseph F Hair et al., 2019; Sarstedt, Hair, et al., 2019). As shown in Figure 2, the disjoint two-step approach is required for estimating the measurement model without the need for a second-order construct. The second step is to compute the latent variable scores and add them to the original data file. Lower-order constructs are used to indicate second-order constructs, i.e., lower-order constructs (Becker et al., 2012). All constructs’ reliability and validity are re-established before the final structural model assessment (Joseph F Hair et al., 2019; Sarstedt, Hair, et al., 2019).

Figure 2. Diagram indicates measurement model for lower-order constructs (Step −1).

Source: Results of a statistical analysis based on Smart-PLS.

3.3. Measures

The questionnaire included four factors as independent variables in this study: systemic risks, operational risks, outsourcing risks, and cyber risks simultaneously, and four as dependent variables reflect balanced scorecard perspectives such as financial perspectives, customer perspectives, operation internal perspectives, and education and growth perspectives. The survey instrument and evaluation scales were modified to evaluate the risks of FinTech adoption on bank systemic risks (Bu et al., 2021; Vučinić, 2020), operational risks (Khalil & Alam, 2020; Safeza Mohd; Sapian et al., 2021), outsourcing risks (Lim & Thng, 2021), and cyber risks (Giudici, 2018; Kaur et al., 2021; Panetta, 2018; Supervision), B. (Basel C. on B, 2018). The qualities in the research were assessed using a five-point Likert-type scale ranging from “strongly disagree” to “strongly agree,” as well as five questions on the participants’ demographic information using nominal scales (Gender, Job, Years of Experience, Scientific Level, and Specialization).

4. Analysis and results

4.1. Analysis of data

Table 1 displays the demographics of the final data set, which includes 263 responses. A critical sample size of greater than 200 is adequate for statistical power in data analysis, according to (Comrey & Lee, 1992; Hair et al.,). As a result, the 263 sample size obtained from this investigation is sufficient for data analysis. The path model is measured using a structural and measurement model. The disjoint two-stage approach is used with Mode B in this research for the second-order formative construct (Becker et al., 2012).

4.2. Descriptive statistics

The current study collected demographic information from the research sample, such as gender, job, years of experience, scientific level, and specialty. There are 263 total responders, with males accounting for 87.1 % and females accounting for 12.9 %. 41.1 % of respondents have 1–5 years of experience, 29.3 % have 6–10 years of experience, 5.9 % have 11–15 years of experience, and 24 % have more than 16 years of experience. Respondents with a bachelor’s degree are (90.5 %). Accounting major for 24% of responders.

4.3. Measurement model of lower-order reflective constructs

The lower-order reflective construct measurement model was tested for reliability and validity in the first stage of the disjoint two-stage approach (Joseph F Hair Jr et al., 2021). Cronbach’s alpha and composite reliability ratings were used to assess internal consistency. Table 2 displays Cronbach’s alpha values for the eight lower-order structures. It is shown with a threshold of 0.7. The composite reliability ratings are greater than 0.7. the reliability is measured and considered satisfactory (Urbach & Ahlemann, 2010). Convergent validity is examined using factor loadings and AVE (average variance explained; Cooper & Schindler, 2014). When all factor loadings exceed the permissible value of 0.70, convergent validity is proven, which is illustrated in Table 3 (Field, 2013). Table 2 displays all AVE values more than the recommended threshold of 0.5 (Joseph F Hair Jr et al., 2021). Table 4 ʹs HTMT (Heterotrait-Monotrait ratio) values are lower than the suggested threshold of 0.85 (Hair Jr et al., 2020). By comparing AVE values with the square of the correlation estimates for any two risks, the research-validated a precise discriminant validity test. Systemic risks, operational risks, outsourcing risks, cyber risks, financial perspectives, customer perspectives, internal operations perspectives, and education and growth perspectives are all higher than the squared correlation estimates (see, Table 5 cross-loading). As a result, the study’s model has no problems with discriminant validity.

Table 3. Profile of respondents (N = 263)

Factor	Number	%
Gender
Male	229	87.1
Female	34	12.9
Job
Manager of Branch	25	9.5
Deputy Manager	34	12.9
Customer Services Officer	110	41.8
Banking Transactions Officer	54	20.5
Others	40	15.2
Years Experience
From 1 to 5 years	108	41.1
From 6 to 10	77	29.3
From 11 to 15 years	15	5.7
above 16 years	63	24.0
Scientific level
Secondary school	9	3.4
Diploma After High school	11	4.2
Bachelor	238	90.5
Master	5	1.9
Specialization
Management	48	18.3
Accounting	63	24.0
Banking & Finance	25	9.5
Computer science	40	15.2
Others	87	33.1
Total	263	100.0

Source: Results of a statistical analysis based on SPSS.

Table 4. Result of measurement model -Convergent validity

Latent variable	Item No	loadings	α >0.7	CR>0.7	AVE> 0.5
Financial Perspectives	Fin_Per1	0.973	0.974	0.980	0.906
	Fin_Per2	0.954
	Fin_Per3	0.978
	Fin_Per4	0.935
	Fin_Per5	0.917
Customer Perspectives	Cus_Per1	0.862	0.968	0.975	0.885
	Cus_Per2	0.916
	Cus_Per3	0.977
	Cus_Per4	0.983
	Cus_Per5	0.961
Operation Internal Perspectives	Ope_Per1	0.925	0.958	0.968	0.857
	Ope_Per2	0.945
	Ope_Per3	0.934
	Ope_Per4	0.919
	Ope_Per5	0.905
Education and growth Perspectives	Edu_Per1	0.853	0.938	0.951	0.797
	Edu_Per2	0.797
	Edu_Per3	0.955
	Edu_Per4	0.910
	Edu_Per5	0.939
Systemic Risks	Sys_Risk1	0.978	0.957	0.979	0.958
	Sys_Risk2	0.980
Operational Risks	Opr_Risk1	0.961	0.958	0.973	0.922
	Opr_Risk2	0.951
	Opr_Risk3	0.968
Outsourcing Risks	Out_Risk1	0.949	0.866	0.937	0.881
	Out_Risk2	0.928
Cyber Risks	Cyb_Risk1	0.948	0.953	0.969	0.913
	Cyb_Risk2	0.969
	Cyb_Risk3	0.950

Source: Results of a statistical analysis based on Smart-PLS.

Note: These symbols are an abbreviation for the names of the items. Look at the appendix table to identify these items. Fin_Per = Financial Perspectives, Cus_Per = Customer Perspectives, Ope_Per = Operation Internal Perspectives, Edu_Per = Education and growth Perspectives, Sys_Risk = Systemic Risks, Opr_Risk = Operational Risks, Out_Risk = Outsourcing Risks, Cyb_Risk = Cyber Risks.

Table 5. Outcome of measurement model—fornell-larcker criterion

	Customer	Cyber Risks	Education	Financial	Operation Internal	Operation Risks	Outsourcing Risks	Systemic Risks
Customer Perspectives	0.941
Cyber Risks	−0.263	0.956
Education and growth Perspectives	0.245	−0.248	0.893
Financial Perspectives	0.273	−0.409	0.204	0.952
Operation Internal Perspectives	0.402	−0.219	0.434	0.317	0.926
Operational risks	−0.220	0.237	−0.142	−0.176	−0.202	0.960
Outsourcing Risks	0.007	0.048	0.006	0.111	0.074	0.234	0.939
Systemic Risks	−0.219	0.616	−0.246	−0.226	−0.187	0.420	0.067	0.979

Source: Results of a statistical analysis based on Smart-PLS.

4.4. Measurement model of higher-order formative constructs

The disjoint two-stage approach is used to generate the second-order reflective construct by summing the latent variables’ scores of lower-order reflective constructs. SMART-PLS estimates it without considering the higher-order build as markers of higher-order constructs at a lower level (Becker et al., 2012). The second phase explores the second-order formative construct to develop a measurement model and conduct structural model analysis (Joseph F Hair et al., 2019; Sarstedt, Hair, et al., 2019). At this level, the second-order construct is treated as a lower-order formative construct, with multicollinearity and outer weights investigated in its measurement model (Becker et al., 2012). Table 6 displays the VIF (Variance Inflation Factor) of each indicator (formative construct; Hair, Anderson, et al., 2010). Multicollinearity influences the appraisal and significance of the formative construct’s outer weights (Joseph F Hair Jr et al., 2021). Table 6 demonstrates that all VIF values are lower than the 5 cutoff levels. This study’s VIF is less than 2, indicating that the outcome is more accurate. As a consequence of the research, there is no evidence of multicollinearity. The bootstrapping technique is then performed with 5,000 sub-samples to assess the importance of outer weights. The overweights are the standardized multiple regression coefficients that demonstrate the relative importance of the relevant indicator for the formative concept (Joseph F Hair Jr et al., 2021). Table 6 shows the levels and significance of the outer weights for all formative construct indicators except operation internal perspectives, which is (0.093) less than (0.1) and is not significant, and education and growth perspectives is (0.247) more than (0.1) and it is not significant. in this case based on (Sarstedt, Hair, et al., 2019) it should go to check factor loading if the factor loading is greater than 0.50 and its significant so don’t delete it. In this study the factor loading of operation internal perspectives is (0.552) and it’s significant, education and growth perspectives is (0.510) and it’s significant. So it is acceptable. This confirms the assumptions of the cognitive model of the study that the four dimensions are the variable of performance. As a consequence, the current study achieves the measurement model. The results of measurement model—cross-loadings are clear in Table 7 and 8.

Table 6. Heterotrait-Monotrait Ratio (HTMT)

	Customer Perspectives	Cyber Risks	Education and growth Perspectives	Financial Perspectives	Operation Internal Perspectives	Operational risks	Outsourcing Risks	Systemic Risks
Customer Perspectives
Cyber Risks	0.261
Education and growth Perspectives	0.245	0.230
Financial Perspectives	0.283	0.422	0.222
Operation Internal Perspectives	0.417	0.228	0.458	0.327
Operational Risks	0.217	0.245	0.137	0.182	0.209
Outsourcing Risks	0.027	0.051	0.038	0.122	0.077	0.257
Systemic Risks	0.219	0.643	0.226	0.234	0.196	0.436	0.073

Source: Results of a statistical analysis based on Smart-PLS.

Table 7. Result of measurement model—cross-loadings

	Customer	Cyber Risks	Education	Financial	Operation Internal	Operational Risks	Outsourcing Risks	Systemic Risks
Cus_Per1	0.862	−0.128	0.178	0.266	0.354	−0.127	0.047	−0.127
Cus_Per2	0.916	−0.231	0.195	0.241	0.403	−0.136	0.018	−0.172
Cus_Per3	0.977	−0.293	0.265	0.283	0.408	−0.235	0.008	−0.234
Cus_Per4	0.983	−0.294	0.270	0.272	0.396	−0.228	−0.002	−0.229
Cus_Per5	0.961	−0.238	0.217	0.232	0.337	−0.262	−0.017	−0.228
Cyb_Risk1	−0.265	0.948	−0.210	−0.382	−0.186	0.222	0.028	0.560
Cyb_Risk2	−0.261	0.969	−0.254	−0.434	−0.233	0.261	0.068	0.636
Cyb_Risk3	−0.227	0.950	−0.246	−0.350	−0.207	0.191	0.038	0.564
Edu_Per1	0.242	−0.265	0.853	0.355	0.402	−0.118	0.032	−0.211
Edu_Per2	0.175	−0.038	0.797	0.237	0.365	−0.072	0.081	−0.035
Edu_Per3	0.246	−0.250	0.955	0.153	0.407	−0.185	−0.015	−0.284
Edu_Per4	0.187	−0.205	0.910	0.108	0.373	−0.082	0.007	−0.196
Edu_Per5	0.215	−0.218	0.939	0.097	0.397	−0.130	−0.019	−0.235
Fin_Per1	0.255	−0.389	0.179	0.973	0.292	−0.168	0.116	−0.197
Fin_Per2	0.258	−0.361	0.179	0.954	0.316	−0.165	0.128	−0.183
Fin_Per3	0.259	−0.382	0.158	0.978	0.297	−0.160	0.119	−0.203
Fin_Per4	0.258	−0.415	0.210	0.935	0.302	−0.133	0.104	−0.255
Fin_Per5	0.270	−0.397	0.247	0.917	0.303	−0.211	0.063	−0.237
Ope_Per1	0.390	−0.194	0.399	0.374	0.925	−0.204	0.097	−0.146
Ope_Per2	0.449	−0.162	0.353	0.357	0.945	−0.195	0.065	−0.128
Ope_Per3	0.422	−0.202	0.399	0.314	0.934	−0.212	0.084	−0.149
Ope_Per4	0.304	−0.231	0.422	0.210	0.919	−0.171	0.039	−0.238
Ope_Per5	0.288	−0.224	0.435	0.206	0.905	−0.148	0.054	−0.209
Opr_Risk1	−0.198	0.255	−0.144	−0.170	−0.191	0.961	0.215	0.386
Opr_Risk2	−0.199	0.195	−0.108	−0.157	−0.184	0.951	0.262	0.356
Opr_Risk3	−0.234	0.231	−0.154	−0.179	−0.205	0.968	0.204	0.459
Out_Risk1	−0.006	0.046	0.015	0.095	0.101	0.242	0.949	0.066
Out_Risk2	0.021	0.043	−0.005	0.115	0.032	0.195	0.928	0.058
Sys_Risk1	−0.225	0.605	−0.231	−0.209	−0.174	0.411	0.058	0.978
Sys_Risk2	−0.204	0.601	−0.250	−0.234	−0.192	0.411	0.072	0.980

Source: Results of a statistical analysis based on Smart-PLS.

Table 8. Higher-order constructs validity

HOC	LOC	Outer Weight	T statistics	P-value	Factor Loading	P-value	VIF
Performance	Financial Perspectives	0.720	7.234	0.000	0.884	0.000	1.149
	Customer Perspectives	0.308	2.778	0.005	0.604	0.000	1.234
	Operation Internal Perspectives	0.093	0.674	0.500	0.550	0.000	1.447
	Education and growth Perspectives	0.247	1.942	0.052	0.511	0.000	1.247

Source: Results of a statistical analysis based on Smart-PLS.

4.5. Structural model

After assessing the measurement model for validity and reliability, the study proceeds to the structural model assessment, which includes hypothesis testing, R², Q² predictive significance, effect size (f²), and model fit (Memon & Rahman, 2014).

4.5.1. Hypotheses testing

The hypotheses in this article are evaluated using (β-value, t-value, and p-value) with a sub-sample size of 5000. The connections between the constructs are T and P values are used to identify the way coefficients, (β) values are clearly and demonstrably (i.e., at p0.05,p0.01, or p0.001) in the model that depicts the route coefficients in Figure 3. Pearson’s correlation also tested the relationship between banks’ risk variables of FinTech adoption.

Figure 3. Step two of the disjoint-two stage approach.

Source: Results of a statistical analysis based on Smart-PLS.

The special indirect effect of the risk variables’ relationship with performance and each other was also tested. The details of the structural model (Path coefficient of research hypothesis) are mentioned in Table 9.

Table 9. Structural model (Path coefficient of research hypothesis)

Hy	Relationship	Std. Beta	Standard Error	T values	P Values	Decision
H1	Cyber Risks -> Performance	−0.445	0.070	−6.313	0.000	Supported
H2	Outsourcing Risks -> Performance	0.160	0.059	2.719	0.007	Supported
H3	Operational Risks -> Performance	−0.194	0.067	−2.885	0.004	Supported
H4	Systemic _Risks -> Performance	0.035	0.085	0.414	0.679	Not
H5	Outsourcing Risks -> Cyber Risks	0.056	0.060	0.933	0.351	Not
H6	Outsourcing Risks -> Operational Risks	0.233	0.054	4.334	0.000	Supported
H7	Cyber Risks -> Operational Risks	0.209	0.059	3.546	0.000	Supported
H8	Cyber Risks -> Systemic Risks	0.553	0.048	11.572	0.000	Supported
H9	Operational Risks -> Systemic Risks	0.282	0.049	5.741	0.000	Supported
H	Relationship		Std. Beta	Std. Error	T Values	P Values
H1a	Cyber Risks -> Customer Perspectives		−0.214	0.064	−3.323	0.001
H1b	Cyber Risks -> Education and growth		−0.158	0.069	−2.303	0.022
H1c	Cyber Risks -> Financial Perspectives		−0.441	0.071	−6.175	0.000
H1d	Cyber Risks -> Operation Internal		−0.175	0.067	−2.617	0.009
H2a	Outsourcing Risks -> Customer Perspectives		0.059	0.062	0.959	0.338
H2b	Outsourcing Risks -> Education and growth		0.036	0.061	0.594	0.553
H2c	Outsourcing Risks -> Financial Perspectives		0.161	0.059	2.741	0.006
H2d	Outsourcing Risks -> Operation Internal		0.127	0.065	1.943	0.053
H3a	Operational Risks -> Customer Perspectives		−0.176	0.064	−2.752	0.006
H3b	Operational Risks -> Education and growth		−0.061	0.070	−0.870	0.385
H3c	Operational Risks -> Financial Perspectives		−0.150	0.069	−2.183	0.029
H3d	Operational Risks -> Operation Internal		−0.186	0.073	−2.535	0.012
H4a	Systemic Risks -> Customer Perspectives		−0.017	0.064	−0.264	0.792
H4b	Systemic Risks -> Education and growth		−0.125	0.076	−1.644	0.101
H4c	Systemic Risks -> Financial Perspectives		0.098	0.090	1.086	0.278
H4d	Systemic Risks -> Operation Internal		−0.010	0.076	−0.131	0.896

Source: Results of a statistical analysis based on Smart-PLS.

The results of hypothesis testing show that there are risks that negatively affect the performance of banks that adopt FinTech, such as cyber risks and operational risks, both at the dimension level or at the level of balanced scorecard perspectives, except for the education and growth perspective for operational risks. It also showed the positive impact of outsourcing risks on performance and financial perspectives. The hypothesis testing results also showed systemic risks do not affect performance at the dimension or the balanced scorecard perspectives. Results also showed the validity of the proposal submitted on the impact of risks with each other, except the effects of outsourcing risks with cyber risks. Pearson correlations of a proposed relationship between the risks are clear in Table 10. And the details of specific indirect effects were demonstrated in Table 11.

Table 10. Pearson correlations of a proposed relationship between the risks

		Cyber Risks	Operational Risks	Outsourcing Risks	Systemic Risks
Cyber Risks	Correlation	1	0.220**	0.055	0.614**
	Sig.		0.000	0.377	0.000
Operational Risks	Correlation	0.220**	1	0.241**	0.404**
	Sig.	0.000		0.000	0.000
Outsourcing Risks	Correlation	0.055	0.241**	1	0.056
	Sig.	0.377	0.000		0.366
Systemic Risks	Correlation	0.614**	0.404**	0.056	1
	Sig.	0.000	0.000	0.366

**.Correlation is significant at the 0.01 level (2-tailed).

Source: Results of a statistical analysis based on SPSS.

Table 11. Specific indirect effects

Relationship	Std. Beta	Std. Error	T value	P Value
Cyber Risks -> Operational Risks -> Performance	−0.040	0.020	−2.042	0.041
Cyber Risks -> Operational Risks -> Systemic _Risks	0.059	0.019	3.100	0.002
Outsourcing Risks -> Operational Risks -> Performance	−0.045	0.020	−2.298	0.022
Outsourcing Risks -> Operational Risks -> Systemic Risks	0.066	0.019	3.536	0.000

Source: Results of a statistical analysis based on Smart-PLS.

5. Test of correlations of a proposed relationship between the risks

There is a relationship between the four risk variables which was tested by the Pearson Relationship Test, shown in table (10), and it is evident from the following table:

There is a significant relationship between the outsourcing risks and the operational risks with a value of (0.241), as well as a significant relationship between cyber risks and operational risks with a value of (0.220). The results showed that the cyber and operational risks have a significant relationship with the systemic risks with the values of (0.614) and (0.404) respectively. While there is no significant relationship between outsourcing risks with cyber and systemic risks, the correlation value is (0.055) and (0.056), respectively. This result reinforces the validity of the proposed relationship between the risk, except for the relationship between outsourcing and cyber risks.

6. Test of specific indirect effects of a proposed relationship between the risks

Table (11) presents the special indirect relationship of the risk variables. It shows that there is a significant impact of cyber risks on operational risks, which in turn affects performance negatively and systemic risks positively in an indirect relationship. where the value of beta is (−0.040), T value is (−2.042), and P value is (0.041), and beta is (0.059), T value is (3.100), and P value is (0.002) respectively. This result supports the validity of Hypothesis No. 7,8 that cyber risks affect operational and systemic risks directly and indirectly.

Also, it shows that there is a significant impact of outsourcing risks on operational risks, which in turn affect performance negatively and systemic risks positively in an indirect relationship. where the value of beta is (−0.045), T value is (−2.298), and P value is (0.022), beta is (0.066), T value is (3.536), and P value is (0.000) respectively. This result supports the validity of Hypothesis No. 6, 9 that outsourcing risks affect operational and systemic risks directly and indirectly. These results support the hypotheses (6,7,8,9) and the results of the correlation of risks, which confirmed all these tests on the validity of a proposed relationship between the risks except for the impact and relationship of outsourcing risks with cyber risks.

6.0.2. Assessing (R²) and predictive relevance Q²

This research requires measuring the (R²) predictive relevance of Q² and R-Square to the variation in the dependant variable (DV) that free factor/s (IVs) clarity. According to (Fan et al., 2016), the dependent variable is 0.253, explaining the effect of the independent variables, as indicated in Table 8 and Figure 3. PLS 3ʹs careless technique is utilized to assess Q^2ʹs predictive significance. Q² has a cut-off point larger than zero, suggesting that the model’s purpose is predictive (Joe F Joe F Hair et al., 2011). According to Table 8, the Q² value of FinTech adoption is 0.101 >0. The predictive supporting relevance of the model is to the latent endogenous variables. Q²: Predictive relevance blindfolding is used to produce cross-validated redundancy metrics for each component, resulting in Q² estimates larger than zero, demonstrating that the exogenous structures have predictive value for the endogenous construct under consideration (Joe F Joe F Hair et al., 2011). The details of R square & Q square are included in Table 12.

Table 12. R square & Q square

SRMR Value	Model Value 0.037
Construct	R^2	Q^2
Performance	0.253	0.101
Systematic Risks	0.455	0.431
Operational Risks	0.103	0.092
Cyber Risks	0.003	0.002

Note: R Square: above 0.10, Q Square: should be above 0.000

Source: Results of a statistical analysis based on Smart-PLS.

6.0.3. Assessing the model fit

The model fit is calculated as the last step. The following methods are used to test model fit in PLS:

The model’s Goodness of Fit (GoF):

Through the Goodness of Fit, (Joe F Hair et al., 2011) demonstrate how well the chosen model replicates the observed covariance structure among the marker items (GoF). The current research created the file as a broad fraction of the model, namely the estimate and underlying PLS models. The model’s forecast execution is a single estimate (Vinzi et al., 2010). In PLS, there is no measure of global fit. However, scientists suggest a global GoF defined as the mathematical mean of both the normal of AVE and the normal of R2 for endogenous (Tenenhaus et al., 2005), as calculated using the simultaneous equation:

$GoF=\sqrt{\left(\overline{R^2}\times \overline{AVE}\right)}$

The GoF requirements are as follows: Not fit, small, medium, or large have by (Wetzels et al., 2009): GoF 0.1 indicates that there is no fit, GoF between 0.1 and 0.25 indicates a small fit, GoF between 0.25 and 0.36 indicates a medium fit, and GoF more than 0.36 indicates a large fit. The current research comprises GoF = 0.426, which is more than 0.36 and reflects a high value.

$\overline{AVE}$ = 0.891, $\overline{{\mathrm{R}}^2}$ = 0.203

$GoF=\sqrt{\left(0.203\times 0.891\right)}=0.426$

6.1. Standardized root mean square residual (SRMR)

(SRMR) is determined using a cut-off estimate of less than or equal to 0.08 (Henseler et al., 2016). Using PLS 3, the SRMR in this study is 0.046, which means that the model is acceptable.

7. Discussions

Cyber Risks (H1). The results for the effects cyber risks on performance (β = −0.439, p = 0.000). The results indicate significant negative path coefficients signifying the influence between cyber risks and banks’ performance. That means when the cyber risks increase, the banks’ performance decrease. These risks give disasters to banks, such as data and information penetration and their manipulation. It comes from cybercriminals and hackers. This could be by hacking and penetrating customer data and infringing on their privacy when conducting their financial transactions via the Internet or it could be through security threats that may be exposed to banking systems. A large amount of implicit data may be subject to violations when providing FinTech services through banks, such as customer account numbers, financial transaction numbers, monetary amounts, financial fees, and other financial data.

The results of the hypothesis (H1a-H1d) show a significant negative influence on (Financial, Customer, Internal Operation, and Education and Growth) Perspectives by cyber risks. Thus, cyber risks are considered the most risks affecting the performance of banks.

Outsourcing Risks (H2). A significant positive effect is found between outsourcing risks with banks’ performance (H2) as a result (β = 0.155, p = 0.046). The result appears to argue this hypothesis. As a result, there is a positive significant effect of outsourcing risks on the banks’ performance. This explains that outsourcing risks represented in accessing bank data, information and secrets, represent a strong incentive to take the necessary precautions and prepare to avoid these risks and make the most of outsourcing to use FinTech techniques and provide competitive digital services. To confirm this result, personal interviews were also conducted with the same research sample. Interviews were conducted with 10 branch managers from different banks. Their answers indicated that banks had not faced any risks when outsourcing so far, especially in confidentiality and privacy of data. This is because they deal with well-known companies and they executed strict contracts and penal conditions. This supports the findings of this study. Moreover, outsourcing the development of demolition and adopting high technologies brings a lot of advantages, which directly impact performance. Banks may be attracting experts in FinTech techniques who work to follow up the work and pay attention to any risks to data confidentiality or other methods to ensure that. In this method, these risks can be avoided, and the maximum benefit from outsourcing benefits the banks and positively affects their performance. The study of (Qin et al., 2012) rejects the risks of outsourcing represented in “the theft of the unique intellectual assets of the organization and confidential data by the provider.” This supports the findings of the current study on the risks of outsourcing.

The results of the hypothesis (H2a-H2b) show a significant positive effect on the financial perspective; this shows the impact of utilizing direct outsourcing on the financial perspective. Moreover, this result indicates the capabilities of financial technology and its impact on the financial perspective of performance through outsourcing the adoption of FinTech.

Operational Risks (H3). The hypothesis explores the influence of operational risks proposed performance of banks. The results of the hypothesis (β = −0.194, p = 0.003). There is a significant negative effect of operational risks on the banks’ performance. That means when the banks control and avoid the operational risk, the performance will increase. This explains that banks face operational risks during the adoption of FinTech, which is represented by: technical or digital errors that may occur to bank systems during work, whether operational mistakes by bank employees or due to the modernity of digital technologies and services. Errors that may occur by technicians and engineers. Errors may occur during the conduct of financial operations for clients via digital technologies. These errors, which pose risks during the operations of FinTech services in banks, whether by customers or employees, have a negative impact on the performance of banks.

The results of the hypothesis (H3a-H3b) display a significant negative effect on all dimensions of the balanced scorecard, except the Education and growth perspective by operational risks. This shows the impact of negative operational risks on most of the balanced scorecard perspectives, which indicates the importance of managing operational risks when adopting FinTech in banks.

Systemic Risks (H4). The results for the factor systemic risks indicate that it is insignificant at (p,0.05). The hypotheses (H4) are rejected and show no significant effect of the systemic risks on banks’ performance. This shows that the systemic risks, which represent the risks of information technology, and software technologies in the banking business, do not affect the performance of banks. The rejection of this hypothesis can be explained by the fact that the digital technologies of FinTech are recent digital developments when used by banks that may increase the risks of information technology. Still, the necessary and expected preparations may be ready to avoid these risks, which may not affect the performance of banks. Also, digital technologies such as Blockchain have a high technology to maintain data confidentiality and help not penetrate it. Artificial intelligence techniques help in detecting and identifying risks and finding the expected risks, as well as in big data technology that analyzes data and helps detect any data or information that may lead to risks to the organization.

Outsourcing risks with Cyber risks (H5): The results for the hypotheses systemic risks indicate that it is insignificant at (p,0.05). And the Pearson Correlation value is (0.055) and insignificant which means there is no correlation. The hypotheses (H5) are rejected and show no significant effect of outsourcing risks on cyber risks. This result is indicated by the studies (Bouveret, 2018; Buckley et al., 2019; Chapelle, 2019; Mesic, 2021). The risks of outsourcing may not lead to cyber risks when third parties update software and technologies. An unintended error may occur that leads to cyber risks when third parties have access to bank data, or when financial institutions are linked, and the communication between them is weak. These possibilities may not occur as financial institutions operate contracts with strict third parties and set penal conditions for breaching any contract clause. So third parties try not to leave any loophole allowing cyber risks. This reassures decision-makers about outsourcing. This may explain why this hypothesis is not accepted.

Outsourcing risks with Operational risks (H6): The hypothesis explores the influence of outsourcing risks and proposed operational risks. The results of the hypothesis (β = 0.233, T = 4.334, p =0.000), and the Pearson Correlation value is (0.241) and (0.000) significant that means there is correlation. There is a significant positive effect of outsourcing risks on operational risks. When banks adopt digital FinTech technologies from third parties, these technologies work on the banks’ operating systems as these technologies work to provide digital financial services or develop the banking system, which is done through outsourcing. Therefore, any risks that occur when outsourcing increase the operational risks. Third parties may control the management of these technologies, the transparency of operations decreases, and thus the possibility of operational risks increases, which is what the study indicated (BCBS, 2018). Some digital technologies provided by third parties work mainly on the operating systems of banks, such as cloud computing, which poses a direct danger to the operating systems at a high rate. And this is indicated by a study (Vučinić, 2020); therefore, any risks of outsourcing this technology increase operational risks. Thus, outsourcing risks positively impact operational risks, meaning that the greater the risks of outsourcing, the greater the occurrence of operational risks.

Cyber risks with Operational risks (H7): The results for the effects of cyber risks on operational risks (β = 0.209, p = 0.000). The results indicate significant positive path coefficients signifying the influence between cyber risks and banks’ operational risks. The Pearson Correlation value is (0.220) and (0.000) significant that means there is correlation. This hypothesis is accepted. Hackers and cybercriminals work to penetrate the systems of financial institutions, manipulate confidential data and information, and carry out their crimes. Thus, cyber risks are mainly affected by the operating systems of financial institutions, meaning that cyber risks affect operational risks. The study (Cebula & Young, 2010) indicated that cyber risks are considered operational risks, as they significantly impact data and information availability, which leads to operational risks. This is the reason behind the positive impact of cyber risks on operational risks, meaning that the higher the cyber risks, the higher the operational risks.

Cyber risks with Systemic risks (H8): The results for the effects of cyber risks on systemic risks (β = 0.553, p = 0.000). The results indicate significant positive path coefficients signifying the influence between cyber risks and banks’ systemic risks. The Pearson Correlation value is (0.614) and (0.000) significant that means there is correlation. FinTech technologies and digital services operate via the Internet, which may raise cyber risks through technical or digital error or electronic violations and attacks on any financial institution. It may affect a financial institution and the entire financial sector. The financial institutions work together and cooperate in providing financial services. Some financial institutions are connected by networks or otherwise. Some financial institutions have effective communication with each other. When an electronic penetration or attack occurs for one financial institution, it may affect the rest directly or indirectly and even affect the entire financial sector. It increases the systemic risk. Therefore, cyber risks positively impact systemic risks, meaning that the greater the cyber risks may increase the occurrence of systemic risks. The result of this hypothesis supports what some studies have indicated, such as those of (Safeza Mohd Sapian et al., 2021; Yuan & Xu, 2020).

Operational risks and Systemic risks (9): The results for the effects of cyber risks on systemic risks (β = 0.282, p = 0.000). The results indicate significant positive path coefficients signifying the influence between cyber risks and banks’ systemic risks. The Pearson Correlation value is (0.404) and (0.000) significant that means there is correlation. Operational operations are mainly related to the systems of financial institutions, so the operational risks affect the systems of financial institutions. The financial institutions are closely related to each other. When one financial institution is affected by operational risks, it may affect the rest of the financial institutions, and thus systemic risks increase. This explains that operational risks have a positive impact on systemic risks.

8. Conclusions

8.1. Conclusions

The current study proved the validity of the proposed relationship between the risk variables on each other, except for the impact of outsourcing risks on cyber risks. The results showed an impact and relationship of cyber risks on operational and systemic risks, an impact of outsourcing risks on operational risks, and an impact of operational risks on systemic risks.

The study concluded that there is a significant negative impact of cyber risks on the performance of banks adopting FinTech. Cyber risks ranked first and most affected the banks’ performance, among other variables. It was found that it affects all four performance perspectives negatively. This indicates the high impact of cyber risks on performance in general and on all perspectives.

The study also found a significant negative impact of operational risks on the performance of FinTech banks. The results revealed that all performance perspectives were negatively affected by operational risks, except for education and growth.

As for the outsourcing risks, they turned out to have a significant positive impact on the performance of the banks. This result shows that outsourcing risks put banks in a state of readiness, caution, and full vigilance to avoid any risks that threaten them by outsourcing when adopting FinTech. This enhances the maximum benefits of outsourcing, which increases performance positively. The study found that it had a positive impact on the financial perspective.

As for the impact of the systemic risks of adopting FinTech on the performance of banks, it was found that there is no impact on the performance of banks. The impact of systemic risks on performance perspectives was tested, and it was found that there was no impact on the four perspectives.

8.2. Limitations and future research

This study succeeded in achieving its objectives, but there are some limitations as follows:

This study used primary data (questionnaires and interviews). Future studies can use the variables of this study, use secondary data, and know the difference between the current study and the study through secondary data. This study also used cyber, operational, systemic, and outsourcing risks; therefore, future studies can identify other risks for adopting FinTech and know the extent of their impact on the performance of the banks that adopt FinTech, such as (strategic risks, money laundering risks, terrorist financing, and other risks). In addition, future studies can study the systemic risks of adopting FinTech in banks as an integrated and broad study and know the extent of its impact on banks’ performance. Future studies also can examine outsourcing for adopting FinTech in banks comprehensively and deeply and then identify its impact on performance, especially in less developed countries. Thus, this suggests future studies examining the impact of outsourcing risks on cyber risks when FinTech is widely and deeply adopted in banks.

Data availability

Data are available upon request.

Disclosure statement

No potential conflict of interest was reported by the authors.

Additional information

Funding

The authors received no direct funding for this research.

Appendix A

Table

Constructs		Indicator and item	Source
Balanced scorecard Financial Perspective	Fin_Per1	The bank’s adoption of financial technology leads to an increase in market share.	(Owusu & Liu, 2017)
	Fin_Per2	The Bank seeks by adopting FinTech services to reduce costs to a minimum.
	Fin_Per3	The bank’s adoption of financial technology leads to higher profits from year to year.
	Fin_Per4	The bank’s adoption of financial technology leads to maximizing shareholders’ wealth.
	Fin_Per5	The bank seeks by providing financial technology services to achieve higher productivity and thus increase profits.
Customer Perspective	Cus_Per1	The bank seeks to improve the quality of its services to meet the wishes and needs of customers.	(Owusu & Liu, 2017)
	Cus_Per2	The Bank treats complaints submitted by customers with great care.
	Cus_Per3	The bank lowers the price of the service provided compared to the competitive market price.
	Cus_Per4	The bank aims to increase the number of customers from year to year.
	Cus_Per5	The Bank seeks to retain existing customers by responding to their needs.
Internal Operation Perspectives	Ope_Per1	The bank reduces the time to complete the work.	(Owusu & Liu, 2017)
	Ope_Per2	The Bank seeks to make optimal use of the available resources.
	Ope_Per3	The bank works to reduce routine and inappropriate repetition at work.
	Ope_Per4	The bank trends to digital technology to get rid of paperwork.
	Ope_Per5	The bank seeks to increase the level of quality of services.
Education and growth perspective	Edu_Per1	The Bank is keen to hold qualitative training courses for its employees to keep pace with the era of digital technology.	(Owusu & Liu, 2017)
	Edu_Per2	The Bank is keen to update the technology used constantly.
	Edu_Per3	The Bank seeks to develop employees’ skills and improve the use of modern technologies according to the era of digital technology.
	Edu_Per4	The bank is keen to continue to develop its creativity and to reserve a higher place among banks.
	Edu_Per5	The Bank is constantly improving and developing its services.
Cyber Risks	Cyb_Risk1	The banking system is exposed to threats and security breaches when adopting financial technology services through mobile applications.	(Kaur et al., 2021)
	Cyb_Risk2	The banking system is exposed to penetrations and security threats when adopting financial technology services via online platforms.
	Cyb_Risk3	The banking system is exposed to large amounts of implicit data for violations when adopting financial technology techniques such as (customer account numbers, financial operations, financial charges … and others)
Operational Risks	Opr_Risk1	Banks face the risks of maintaining the privacy of customer data when using mobile financial technology services.	(Aldasoro et al., 2020)
	Opr_Risk2	Banks face the risks of maintaining information security and data confidentiality in providing financial technology services to customers via mobile phones.
	Opr_Risk3	Banks need to take the necessary precautions and measures when adopting financial technology to combat potential cybercrimes.
Outsourcing Risks	Out_Risk1	The bank’s use of outsourcing to provide FinTech services leads to risks in maintaining the confidentiality of the Bank’s data and information.	(Supervision), B. (Basel C. on B, 2018)
	Out_Risk2	The bank’s use of outsourcing to implement FinTech services leads to the risks of maintaining data privacy.
Systemic Risks	Sys_Risk1	Bank systemic risks increase with the increasing adoption of FinTech services.	(Supervision), B. (Basel C. on B, 2018)
	Sys_Risk2	When banks adopt fintech, Bank information technology risks lead to systemic risk.