FINTECH RISKS DRIVE NEW REGULATORY MINDSET.
Regulators are getting to grips with the fintech’s transformative power, but will need new approaches to collaboration and oversight. Chris Hall reports.
Well-known to financial regulators, the ‘Goldilocks’ principle was recently invoked in the debate on cryptocurrency regulation. “Too much regulation and cryptocurrencies will succumb to compliance costs. Too little regulation and the cryptocurrency market will fail to achieve the integrity it needs to attract mainstream investors,” warned Paul Kupiec, resident scholar at the American Enterprise Institute (AEI) and former chairman of the Basel Committee on Banking Supervision’s Research Task Force.
Kupiec’s concerns are echoed in regulators’ responses to the shifting risks and opportunities arising from fintech dynamism. It’s hard to define, let alone regulate a fast-moving, constantly-evolving range of diverse technologies and organisations. However, it is critical to finance sector growth and strength. The Financial Stability Board has called for collaboration to address operational, cyber-security and macro-financial risks stemming from increased fintech activity as an “essential” part of regulators’ efforts to safeguard financial stability.
For regulators, fintech represents as many downsides as upsides. If they are too slow to adapt, they may miss opportunities to improve outcomes and reduce risks and costs, e.g. by not providing sufficient support, or not leveraging regtech innovations to enhance supervision. If they are too ‘gung ho’ though they might ignore or misunderstand attendant risks, introducing competition too fast or underestimating fintech’s impact on dependencies and relationships in a complex eco-system. Either way, ignorance of fintech’s transformative power exacerbates risks.
Sometimes the boldest steps are taken by necessity. Hit hard by the global financial crisis and ensuing scandals, the UK’s finance sector was in dire need of new blood. Armed with a new pro-competition mandate in 2014, the Financial Conduct Authority’s (FCA) innovation-friendly agenda, ‘Project Innovate’, placed incumbents on notice to deliver cheaper, simpler and transparent services – or face the consequences.
Executive director of strategy and competition Christopher Woolard says the FCA had to shift its mindset from ‘what’s the risk’ to ‘what’s the risk of not doing this’. The risk of inaction was that new technologies and providers would go underground if not permitted to flourish, evading the attention of the authorities until too late. Nevertheless, the FCA had to offset the reality that new entrants can bring new risks if balance sheets or operating infrastructures are too weak or too porous, or if services are overly complex or opaque.
To balance these risks, the FCA built a sandbox. Since 2016, 70 firms (not all from UK and not all start-ups) have used it to test new services, models and platforms in a safe, closely monitored environment with a limited time period and customer base. This brings products to market quickly, cheaply and safely, whilst giving regulators ground-level view on potential risks. The concept has been adopted and adapted in multiple markets, and is now going global.
At the Innovate Finance Global Summit 2018, Woolard said the pace and scale of innovation called for cross-border collaboration on a multi-jurisdictional framework to road-test new services. To this end, the FCA and peers are discussing a global dictionary to cover jurisdictions’ data needs and oversight by a college of regulators to better support innovation, “especially for smaller firms who are keen to expand internationally”. Another sign of changing attitudes is that pragmatism trumps perfection. Perhaps alert to the limits of collaboration, Woolard has eschewed developing global standards to focus on pressing common priorities, such as financial crime.
Growing up in public
Regulatory collaboration does not require lockstep coordination. The FCA has signed multiple cooperation and framework agreements with like-minded regulators, including ‘referral mechanisms’ that smooth fintech entry into new markets. Another example is a UK-Australia fintech ‘bridge’ announced in March to explore opportunities and risks associated with cryptocurrencies and blockchain.
However, are regulators doing enough to support innovation? A collective failure to create a cohesive global framework for OTC derivatives reporting ten years after a G20 mandate reflects the challenges. Some argue current initiatives don’t go far enough in supporting the practical implementation of fintech innovation. By agreeing common frameworks for bringing fintech solutions into the mainstream or integrating fintech solutions with the legacy technology infrastructures of incumbents, regulators could counter operational risks arising from creative chaos.
“Whilst too rigid a framework could stifle innovation, there is an argument for regulators to collaborate with the industry in support of a more standards-based approach to implementation and connectivity,” says Mark John, head of product and business development for BNY Mellon’s Pershing and broker-dealer services in EMEA, noting both the difficulties for incumbents in identifying suitable fintech partners and future connectivity challenges as new services flood onto the market. “As the sandbox concept evolves and broadens, it can address the industry’s increasing ‘plug and play’ needs through standards.”
Realms of fantasy
Holding the hands of innovators helps to bring new ideas and technologies further and deeper into the financial markets in a safe and sustainable manner. How do regulators though handle the pace of change and the shift from human to digital that fintech represents?
“One of the biggest challenges is how we move from processes designed to be conducted by humans to ones designed to be executed by machines. We need to be conscious of how the replacement of humans by machines alters the risk profile of a process,” notes PJ Di Giammarino, CEO of regulatory consultancy JWG.
The wider use of artificial intelligence is being constrained by difficulties explaining machine-generated recommendations, but there are opportunities to reduce risks too. The data generated by digitised processes makes them more easily and cheaply monitored, and potentially in real time, which is critical when it’s not just in the trading room that risks can be transferred at warp speed.
Di Giammarino predicts digitisation of the relationship between regulator and regulated. “By making rules machine readable, we can reduce the considerable cost and risk currently involved in achieving regulatory compliance. We’ve made trading an STP process: we can do the same for regulation by matching a firm’s standards and processes to the rule book,” he says.
Machine-readable compliance might sound like science fantasy to anyone still adjusting to MiFID II’s reporting requirements, but several strands of FCA Innovate’s work programme are aimed at using semantics and standards to enable compliance via digital means, thus making reporting, approvals and other regulatory processes more timely and accurate. The UK regulator launched a consultation in February on how technology can improve the quality of information supplied to regulators, while an Australian counterpart, the Australian Securities and Investments Commission, is conducting proofs of concept involving natural language processing.
Jo Ann Barefoot, former deputy head of the US Office of Comptroller of the Currency and CEO of Barefoot Innovation Group, supports the development of ‘alternative regulatory channels’ for both fintechs and incumbents. A community bank, for example, might submit data for evaluation against known quantitative metrics to prove its services are simple and transparent, perform as advertised, do not rely on penalty income, and generate low levels of complaint. By automatically generating and sharing this data with regulators, the firm could be relieved of most traditional oversight of its compliance management system.
While acknowledging recent advances, Barefoot suggests further mindset changes are needed among regulators and regulated. “Today, the process takes so long that by the time the compliance-driven changes have been built into the investment cycle the risks may no longer exist. In future, regulators could have such data-rich monitoring processes that they can focus on outcomes and results rather than line-by-line compliance,” she says.
In future fairy tales, the three bears might not need to come home to know they have a visitor.