The implications of fintech for banks | Payments & Fintech Lawyer
The growth of the fintech industry in recent years has caused regulators globally to consider their approach to supervision of players in this space. The attitude of… Read more
The growth of the fintech industry in recent years has caused regulators globally to consider their approach to supervision of players in this space. The attitude of regulators to fintech is of equal importance to firms operating in the financial industry. Focusing on the banking industry, the Basel Committee on Banking Supervision (‘BCBS’) has set up a task force to provide insight into this development, and more specifically to explore the implications for supervisors and banks’ business models. It has also published a consultation paper on the implications of fintech developments for banks and banking supervisors. The paper summarises the BCBS’s main findings and conclusions, as Jacob Ghanty, a Solicitor specialising in fintech and emerging payment technologies, explains.
The BCBS’ paper looks at a number of scenarios (possible models that the banking industry will adopt as a result of fintech developments) and assesses their potential future impact on the banking industry. A common theme across the various scenarios appears to be that banks will find it increasingly difficult to maintain their current operating models, given technological change and customer expectations. There seem to be indications that the future of banking will increasingly involve a battle for the customer relationship. In the paper, the BCBS looks at the extent to which banks or new fintech companies will own the customer relationship in each scenario. However, the BCBS indicates that the current position of incumbent banks will be challenged in almost every scenario.
The paper has some historical perspective: the BCBS recognises that the emergence of fintech is only the latest wave of innovation to affect the banking industry. It notes that banks have undergone various technology enabled innovation phases before (an example would be the trend towards online banking services in the last decade). However, its view seems to be that factors including the rapid adoption of new technologies along with their effect on lowering barriers to entry in the financial services market may prove to be more disruptive than previous changes in the banking industry. The paper is recommended reading not least as it draws together a number of concepts relevant to fintech in a perhaps more coherent and less hyped way than some other material available on this subject (see for instance the sectors for innovative services graph within the BCBS paper).
In the paper, the BCBS has identified ten key observations and related recommendations on supervisory issues for consideration by banks and bank supervisors, which are considered below.
BCBS’ observations and recommendations
Observation 1: The nature and the scope of banking risks as traditionally understood may significantly change over time with the growing adoption of fintech, in the form of both new technologies and business models. While these changes may result in new risks, they can also open up new opportunities for consumers, banks, the banking system and bank supervisors.
Observation 2: For banks, the key risks associated with the emergence of fintech include strategic risk, operational risk, cyber risk and compliance risk. These risks were identified for both incumbent banks and new fintech entrants into the financial industry.
Recommendation 1: Banks and bank supervisors should consider how they balance ensuring the safety and soundness of the banking system with minimising the risk of inadvertently inhibiting beneficial innovation in the financial sector. Such a balanced approach would promote the safety and soundness of banks, financial stability, consumer protection and compliance with applicable laws and regulations, including anti-money laundering (‘AML’) and countering financing of terrorism (‘CFT’) regulations, without unnecessarily hampering beneficial innovations in financial services, including those aimed at financial inclusion.
Recommendation 2: Banks should ensure that they have effective governance structures and risk management processes in order to identify, manage and monitor risks associated with the use of enabling technologies and the emergence of new business models and
entrants into the banking system brought about by fintech developments. These structures and processes should include:
- robust strategic and business planning processes that allow banks to adapt revenue and profitability plans in view of the potential impact of new technologies and market entrants;
- sound new product approval and change management processes to appropriately address changes not only in technology, but also in business processes;
- implementation of the Basel Committee’s Principles for Sound Management of Operational Risk (‘PSMOR’) with due consideration of fintech developments; and
- monitoring and reviewing of compliance with applicable regulatory requirements, including those related to consumer protection, data protection and AML/CFT when introducing new products, services or channels.
Comment: It seems that the BCBS, perhaps unsurprisingly, perceives the risks and opportunities of fintech very much in the framework of existing regulatory requirements. This may come from a view that fintech is a development that should be treated like any other development, that is, within the structure of existing regulatory requirements and laws. I have sympathy for this approach and it is the normal state of affairs from an English legal perspective, but regulators should be mindful of the need to ensure that laws and regulations remain fit-for-purpose and look to develop these around fintech developments – after all the law should itself develop to deal with issues as they emerge. It is encouraging to see that this point is recognised in Observation 9 (see below).
Observation 3: Banks, service providers and fintech firms are increasingly adopting and leveraging advanced technologies to deliver innovative financial products and services. These enabling technologies, such as artificial intelligence (‘AI’)/machine learning (‘ML’)/ advanced data analytics, distributed ledger technology (‘DLT’), cloud computing and application programming interfaces (‘APIs’), present opportunities, but also pose their own inherent risks.
Recommendation 3: Banks should ensure they have effective IT and other risk management processes that address the risks of the new technologies and implement effective control environments needed to properly support key innovations.
Comment: It is difficult to argue with the BCBS’ findings here. It would be useful to see in due course some guidance with some specifics on addressing the risks of new technologies.
Observation 4: Banks are increasingly partnering with and/or outsourcing operational support for technology based financial services to third party service providers, including fintech firms, causing the delivery of financial services to become more modular and commoditised. While these partnerships can arise for a multitude of reasons, outsourcing typically occurs for reasons of cost reduction, operational flexibility and/or increased security and operational resilience. While operations can be outsourced, the associated risks and liabilities for those operations and delivery of the financial services remain with the banks.
Observation 5: fintech developments are expected to raise issues that go beyond the scope of prudential supervision, as other public policy objectives may also be at stake, such as safeguarding data privacy, data and IT security, consumer protection, fostering competition
and compliance with AML/CFT.
Observation 6: While many fintech firms and their products – in particular, businesses focused on lending and investing activities – are currently focused at the national or regional level, some fintech firms already operate in multiple jurisdictions, especially in the payments and cross border remittance businesses. The potential for these firms to expand their cross border operations is high, especially in the area of wholesale payments.
Recommendation 4: Banks should ensure they have appropriate processes for due diligence, risk management and ongoing monitoring of any operation outsourced to a third party, including fintech firms. Contracts should outline the responsibilities of each party, agreed service levels and audit rights. Banks should maintain controls for outsourced services to the same standard as the operations conducted within the bank itself.
Recommendation 5: Bank supervisors should cooperate with other public authorities responsible for oversight of regulatory functions related to fintech, such as conduct authorities, data protection authorities, competition authorities and financial intelligence units,
with the objective of, where appropriate, developing standards and regulatory oversight of the provision of banking services, whether or not the service is provided by a bank or fintech firms.
Comment: It is welcome to see financial regulators recognising the need for cooperation with other types of regulators (notably data protection). With growing recognition of the importance of the use of customers’ data in financial services, it is possible that data protection regulations will become at least as important to banks as traditional financial regulations.
Observation 7: Fintech has the potentialmodels, structures and operations. As the delivery of financial services becomes increasingly technology driven, reassessment of current supervision models in response to these changes could help bank supervisors adapt to fintech-related developments and ensure continued effective oversight and supervision of the banking system.
Observation 8: The same technologies that offer efficiencies and opportunities for fintech firms and banks, such as AI/ML/advanced data analytics, DLT, cloud computing and APIs, may also improve supervisory efficiency and effectiveness.
Recommendation 6: Given the current and potential global growth of fintech companies, international cooperation between supervisors is essential. Supervisors should coordinate supervisory activities for cross border fintech operations, where appropriate.
Recommendation 7: Bank supervisors should assess their current staffing and training models to ensure that the knowledge, skills and tools of their staff remain relevant and effective in supervising new technologies and innovative business models. Supervisors should also consider whether additional specialised skills are needed to complement existing expertise.
Recommendation 8: Supervisors should consider investigating and exploring the potential of new technologies to improve their methods and processes. Information on policies and practices should be shared among supervisors.
Comment: It is vital that regulators keep up with the firms that they are supervising and developments in the industry to avoid the risk of being unable to supervise effectively. How regulators do this is clearly a challenge given that many people with the relevant technological expertise naturally prefer to work in the industry itself rather than for the regulator. One method of tackling this issue has been the use of ‘regulatory sandboxes,’ which enable regulators to monitor emerging financial technologies first hand (see Observation 10 below).
Observation 9: Current bank regulatory, supervisory and licensing frameworks generally pre-date the technologies and new business models of fintech firms. This may create the risk of unintended regulatory gaps when new business models move critical banking activities outside regulated environments or, conversely, result in unintended barriers to entry for new business models and entrants.
Observation 10: The common aim of jurisdictions is to strike the right balance between safeguarding financial stability and consumer protection while leaving room for innovation. Some agencies have put in place approaches to improve interaction with innovative financial players and to facilitate innovative technologies and business models in financial services (e.g. innovation hubs, accelerators, regulatory sandboxes and other forms of interaction) with distinct differences.
Recommendation 9: Supervisors should review their current regulatory, supervisory and licensing frameworks in light of new and evolving risks arising from innovative products and business models. Within applicable statutory authorities and jurisdictions, supervisors should consider whether these frameworks are sufficiently proportionate and adaptive to appropriately balance ensuring safety and soundness and consumer protection expectations with mitigating the risk of inadvertently raising barriers to entry for new firms or new business models.
Recommendation 10: Supervisors should learn from each other’s approaches and practices, and consider whether it would be appropriate to implement similar approaches or practices.
Comment: It is reassuring to see that the BCBS is encouraging banking supervisors internationally to address potential knowledge gaps in the fintech area. One wonders with the explosion in fintech developments that is occurring whether governments may in future look at forms of industry self regulation in appropriate circumstances to help manage the burden of actually regulating this dynamic and fast changing industry. In the UK that is how financial regulation developed originally, but the pendulum had swung against self regulation by the time of the Financial Services and Markets Act 2000. Arguably, however, with the sheer pace and volume of new entrants and developments in fintech, some form of self regulation may become necessary, perhaps via some of the fintech hubs or incubators that have grown up to support the fintech industry.
This article was first published in Payments & Fintech Lawyer November 2017
Share this blog
Jake Ghanty is the head of financial regulation and a commercial technology partner
Share this Blog
- Adtech & martech
- Agile
- Artificial intelligence
- EBA outsourcing
- Brexit
- Cloud computing
- Complex & sensitive investigations
- Connectivity
- Cryptocurrencies & blockchain
- Cybersecurity
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- Fintech
- Gambling
- GDPR
- KLick DPO
- KLick Trade Mark
- Open banking
- Retail
- SMCR
- Software & services
- Sourcing
- Travel