Innovation and technology in financial services: a regulatory perspective - Derville Rowland, Director General Financial Conduct
20 April 2018
Speech
Speaking at the Cork University Business School | University College Cork Financial Services Innovation Centre (FSIC)
Good morning, ladies and gentlemen. I am pleased to be here in Cork to talk about innovation in financial services. Institutions like the Financial Services Innovation Centre are immensely important for Ireland in the 21st century. They play a vital role in nurturing the talent that gives our small economy such a big presence in technology.
Technological innovation is all around us, in countless ways. Innovations that have occurred within our lifetimes have become so deeply entrenched in our daily routines that we hardly even notice. Personally, I have had the opportunity to speak in various cities around Europe recently. In each, I read the news from a variety of international newspaper apps on my phone, while purchasing my morning coffee by tapping the bank card, seamlessly, all without a second thought. Try to remember what that would have been like five, ten or twenty years ago. Many of you may remember using traveller’s cheques when abroad.
I’m sure that, to everyone here, buying coffee or using my phone in this way is utterly mundane. This is exactly the point. After all, how many of you recently tapped your card for coffee, here or abroad? Or maybe even paid for it with your phone? If it was abroad, you probably booked the tickets that got you there online. Maybe you found that off-the-beaten-track yet worthwhile coffee shop using a GPS map. By the time we have set foot in the office or the classroom for the day, most of us have done a dozen tasks with technology that were impossible such a short time ago. Could you have imagined doing all of that on your first mobile phone? Just imagine what the engineers working on the first moon landing would have thought of this.
These small examples show us how technology has changed our everyday lives. What will financial services look like in the future? How will we, as consumers or SMEs, source funding in the future? Will we approach a traditional lender or investor? Or will we pitch our ideas via a crowdfunding platform? How will we pay for things and save for retirement? These are just some of the questions that we have to consider as we look to the future of financial services.
Technology in the financial services
Technology has made our lives easier and more connected, overwhelmingly so. And at a global level financial services are, safe to say, an area where technological innovation is focussed. New technologies and processes are being leveraged to develop more innovative financial products and services. Established players and new entrants are competing to out-innovate one another and better serve their customers. Of course, better serving consumers and firms operating more effectively are good outcomes.
Technology has the potential to lower costs, increase convenience and transaction speeds, enhance customer choice and disintermediate traditional financial services. But technology also raises new risks and challenges that we need to consider.
A good example of this dynamic is the increased use of Big Data in financial services. Big Data has the potential to bring benefits to consumers, such as more tailored products and services. With artificial intelligence, it can benefit firms through improved fraud analytics and organisational efficiencies. However, Big Data can also lead to increased segmentation of customers, potentially limiting availability and access to certain financial services or products.
Similarly, biometrics and facial recognition technology have major implications for customer identification and know-your-customer requirements, some of the most difficult areas for both firms and regulators. On the one hand, the potential benefits of biometrics are staggering. On the other, it raises a whole host of data privacy concerns.
These examples show the very real tension inherent in these complex issues. And balancing these types of competing concerns will be a significant challenge in the years to come for regulators and for the firms that we regulate.
Trust is the foundation
As we consider these questions, we have to remember that the whole technology ecosystem—not just financial services—is built on trust. What is trust? Reliability, competency and integrity are the hallmarks of trust.
Consumers need to trust that the technology will function the way they expect. They need to trust that their assets and information are secure. They need to trust that their data is being used appropriately, consistent with their approval. Without trust, consumers won’t shop online. They won’t engage with social media. They certainly won’t do their banking online or use a robo-advisor. They will revert to traditional forms of commerce, losing all of the convenience, connectivity and time that technology bring.
This is where the role of the regulator comes in.
The Global and European Regulatory Environment
The issues raised by the spread of new technologies in financial services have become priorities at the global level. The Financial Stability Board, the International Organisation of Securities Commissions (IOSCO), the Basel Committee for Banking Supervision, the International Association of Insurance Supervisors—the list goes on—have all taken up FinTech from their unique perspectives in recent years. Simply put, the overwhelming impact of FinTech has been recognised by nearly every relevant global institution across every financial services sector. The themes are consistent. Benefits and risks for consumers and firms alike. Challenges for the existing regulatory framework. Underlying all of this work is the realisation that actors across financial services—both firms and regulators—need to adapt along with the changing industry.
Technology enables the cross-border provision of financial services. New technologies, such as distributed ledger technology, cut across national borders. For example, virtual currencies easily cross borders, as they exist on a ledger distributed across the globe. In many ways, borders are irrelevant to the forces of innovation. The cross-border nature of technology can heighten vulnerabilities. Take cybersecurity, for example. Cyberattacks have the potential to hit anywhere, from anywhere. This makes international coordination and cooperation all the more vital.
And this is why it is welcome to see that the European Commission in its recently published Action Plan on FinTech, is seeking to drive a more unified European response to FinTech. The Commission’s Action Plan focusses on supporting innovative business models to scale up across the single market; encouraging the adoption of new technologies in the financial sector; and increasing cybersecurity and the integrity of the financial system.
What is especially welcome in the European Commission’s FinTech Action Plan is that it embeds a heightened focus on FinTech at every level of regulation in the EU. It builds on the work underway at each of the three European Supervisory Authorities (ESAs) and in individual Member States. Broadly speaking, the Commission’s Action Plan heralds a change from the financial crisis focus of the last decade, to a focus on technology in the years to come.
The Commission, in its Action Plan, recognises the importance of FinTech to achieving the Capital Markets Union and Digital Single Market. FinTech has the potential to facilitate finance for small- and medium-sized enterprises, foster retail investment, strengthen the European capital markets and facilitate cross-border investment.
FinTech creates opportunities to advance financial inclusion, by lowering the bar to entry and simplifying access, and supports better access to online services, giving consumers more choices. The benefits of FinTech accrue to Europe as a whole, down to the individual. FinTech has the potential to deepen and broaden EU capital markets, and enhance the competitiveness of the European economy. It is difficult to overstate the value that these, taken together, can bring to Europe and Ireland.
The European Commission concluded that broad regulatory or legislative action is not warranted based on the extensive feedback received to the preceding consultation. This is good news. It shows that the European framework is not restricting innovation in financial services. Nevertheless, the Commission identified a number of opportunities to improve the EU framework with targeted actions.
The Action Plan is ambitious. It sets forth 20 action items aimed at supporting innovative business models to scale up across the single market; encouraging the adoption of new technologies in the financial sector; and increasing cybersecurity and the integrity of the financial system. The European Commission looks to advance the European response on initiatives such as EU-wide cyber risk stress testing, a review of best practices in innovation programmes, work on an EU public blockchain infrastructure, and an EU-level crowdfunding framework, among others. The European Commission’s commitment to these issues is welcome.
It is intended that the three ESAs will accomplish much of the Commission’s Action Plan. For example, the European Banking Authority (EBA) in its FinTech Road Map takes on board much of the Action Plan. The FinTech Road Map sets out the EBA’s work plan and milestones for the coming quarters based on the new mandates in the Action Plan along with stakeholder feedback to its own discussion paper. It addresses a number of topics across the banking sector. It focuses on analysing the impact on incumbent institutions’ business models and the prudential implications. It looks to address the consumer protection issues arising from FinTech, ranging from disclosure to virtual currencies. It will assess money laundering and terrorism financing risks.
The Commission’s Action Plan further envisages that all three of the ESAs (EBA, EIOPA and ESMA) will review innovation hubs and sandboxes in each of their sectors with the goal of determining best practices. We look forward to continuing to participate in the development of policy at the ESAs, as well as at other EU fora, such as the Single Supervisory Mechanism, and international fora, such as IOSCO, and attach such a high importance to these efforts.
The Central Bank and Innovation to Date
My job as a financial conduct regulator is, simply put, to care about risks to consumers and investors. And, alongside all of the benefits of new technologies, risks emerge that are new or enhanced. Now, I realise that we, as regulators, cannot eliminate or mitigate every risk. But we want, and need, to understand these new technologies, new business models, and the risks that they bring, so we can continue to regulate effectively.
To help us to understand the risks (and of course, the benefits too) of innovation and technologies, we must first identify the extent of FinTech activity here in the Irish market. FinTech, as this audience will know, exists both inside and outside the traditional financial services industry. Many of the new technologies and innovations are created by firms that operate outside of what we call the regulatory perimeter. This can be because their activities do not currently require regulation, for example, a crowdfunding platform.
Or because they are creating technology that will enhance existing processes in financial services, for example, the development of telematic technology to collect driving data for assessment of insurance premium pricing. As a regulator, it is important that we see innovations sufficiently early. We cannot afford to wait until after they are already in broad use. In order to identify the extent of FinTech activity in the Irish market we have to look beyond the firms that we regulate. An expert group in the Central Bank developed a picture of current FinTech activity in Ireland. This work drew on our own expertise and that of industry. We also engaged with stakeholders such as start-ups and incumbents, and support providers, such as incubators and accelerators.
We found that typically, FinTech innovations reach the market in three ways: 1) start-up firms using innovative technologies become authorised under the existing regulatory framework; 2) existing regulated firms innovate and develop their own technologies; and 3) existing regulated firms partner with or buy start-ups so that they can use the technologies that they have developed.
Developments in the payments sector, in particular, strongly demonstrate this diversity, involving start-ups, incumbent banks and payment institutions, even BigTech companies. In Ireland, FinTech activity is at its most intense in the payments sector. In part driven by the Payment Services Directive 2 (PSD2) and requirements to enable open banking, which allow account holders to authorise third party service providers to access their account information.
FinTech: Challenges facing the Central Bank
There is no question that the financial services landscape is changing. We realise that the increased adoption of advanced technologies in the financial services sector raises challenges for the Central Bank as a regulator. We will be increasingly called upon to apply our regulations and processes in the context of new business models, products and services. We need to keep pace with these innovations to do this effectively.
Technology raises questions for a regulator. How do new types of firms, products and services fit within the existing regulatory framework, when they did not exist when it was being developed? How do we assess the decision-making process and outcome drivers of advanced technologies used by the firms that we regulate? How do we authorise firms that are increasingly technologically focussed? How do we adapt as a regulator in the face of increasing regulatory technology and supervisory technology?
We understand the need to adapt to remain effective.
Our ongoing work on consumer protection and digitalisation is a good example of this. We believe in a ‘technology neutral’ approach. This means that the same principles of regulation, including the rules of the Consumer Protection Code, apply equally to both digital and traditional delivery environments. But our goal is to make sure that consumers are, and continue to be, protected from the risks emerging from digitalisation.
Knowing that financial services in Ireland are evolving, we needed to ask the question: is the Consumer Protection Code adequately protecting consumers in an innovative and more technology-driven financial services environment. This resulted in the publication of a Discussion Paper last year seeking industry and stakeholder feedback on how the Consumer Protection Code addresses risks from digitalisation. We want to determine if the existing protections need to be enhanced or adapted. Equally as important, we are looking at whether there are impediments in the Code hindering firms from adopting technologies that may be beneficial to consumers.
It is important that consumers are protected throughout their relationships with their financial services providers. So we framed our consideration of these issues by a discussion of potential benefits and potential risks in six areas of consumer protection: access, information provision, suitability, complaints, claims handling and retention of consumer records. When we looked at new developments and innovations under each of those consumer protection headings we found that there are risks and benefits under each heading. For example, questions arise about whether some technologies can create information overload; whether they can drive better decision-making by consumers, or worsen consumer decision-making, and so on. We received feedback from a variety of stakeholders, which remains under consideration.
Cybersecurity was one of the first areas where we recognised the need to act. It has been a priority for the Central Bank for a number of years. Cybersecurity is fundamental to the trust that underlies all financial technology, and is a potential threat to the stability of the financial sector. We issued cross-sectoral guidance on cybersecurity practices back in 2016 addressing governance and risk management. Our guidance also addressed outsourcing, an issue that has become increasingly important as financial firms make use of advanced technologies from vendors, and more data moves to the cloud.
The Central Bank is also making greater use of technologies within our organisation to drive efficiency and effectiveness. This must be built on a foundation of effective use of data. For example, due to recent changes in European legislation, the Central Bank now receives more than 10 million records of securities markets transactions every day. With this volume of data, it is clear that we need technology to help us do our job and to effectively analyse the data that we receive. Improving the effectiveness of our supervision through the better use of data is a key priority for the Central Bank. This is why, for example, we established our analytics teams to be smarter about how we use our data. This helps us, as supervisors, to prioritise workflow and areas of focus based on key metrics and statistical filters.
We realise that increased use of Regulatory Technology by both regulators and firms will also be central to these efforts. To that point, we hosted a RegTech Roundtable earlier this month with UCC’s Governance Risk and Compliance Technology Centre, the UK’s Financial Conduct Authority and the Bank of England. The Roundtable focused on Model Driven Machine Readable and Executable Regulatory Reporting. Or, more simply, how to design a rulebook to be read by a computer. Development of RegTech, here and in other areas, has the potential to give compliance officers the time to focus on other important issues like conduct and behaviour. We will continue to engage with other authorities like the FCA, as well as organisations such as the RegTech Council, as we continue on this path.
Further, to improve the future effectiveness of our specialist resources, 2018 sees us bring together our specialist IT inspections resources from the different sectoral areas into one centralised IT inspections team. Notwithstanding the work that we have already done, we know that we have to keep up with the changing face of financial services. Crucially, we have to be informed and aware of the technologies that are causing this change.
As you may know, the Central Bank has been reviewing its approach to FinTech and innovation over the past several months. Our review has built on the work we have been doing at the Central Bank over the past several years, in particular our work to understand the current state of the Irish FinTech sector.
One of the steps that we took in our review was to engage with domestic and international FinTech stakeholders. We wanted to understand what they expected from the regulator.
Our engagement with the sector has told us that firms want to know that the regulator is open and accessible to them; to have a direct point of contact where they can ask for a steer on the regulations that they should be considering. There was also an understanding about the limitations of what the regulator could provide. They understood that to be an impartial regulator and to avoid any conflicts, we could not provide formal opinions or legal advice, or endorse technologies or products.
Other Regulators’ Approaches to FinTech and Innovation
The Central Bank is of course not the first regulator to consider how it should engage with FinTech and innovation. In developing an approach to FinTech and innovation, it was important for us to identify and consider best practices in other regulators.
What we found is that most regulators recognise the benefit of engaging with technology developments and innovation early. Earlier engagement gives them sight of innovations before they become mainstream. It allows them to proactively assess potential risks and regulatory gaps sooner rather than later.
Not surprisingly, different regulators have taken different approaches. Their approaches are largely dependent on their differing mandates. From a review of the different approaches taken, we can identify two features that are common across most regulators: dedicated innovation units or hubs; and industry engagement programmes.
Typically, a dedicated innovation unit provides a dedicated point of contact for start-ups or incumbents seeking to innovate. It allows the regulator and innovator to directly engage with each other, to a mutual benefit. The industry engagement programmes vary but in general involve the regulator participating in or hosting FinTech events.
It is difficult to discuss regulatory approaches to FinTech without mentioning Sandboxes. The term does not have a common meaning across different jurisdictions; rather, regulators have adopted a wide variety of approaches all under the label “Sandbox.” Generally speaking, however, a Sandbox is a controlled testing environment where firms may launch new technologies subject to specific regulator-imposed limitations, often with enhanced regulatory oversight.
In our discussions with FinTech industry stakeholders here in Ireland, we came to understand that firms, first and foremost, are looking for a way to engage with the Central Bank outside of the existing formal channels. In our discussions with other European authorities, we learned that Sandboxes are not necessarily a first step. Rather, the development of the Sandbox may be driven by engagement through Innovation Hub programmes.
Indeed, we have engaged with a number of regulators across Europe to understand the details and specifics of their approaches and how they operate. Regulators with established approaches indicate that there is a value from direct engagement for both the regulator and the firm. It helps regulators to identify the potential risks from innovation and FinTech.
The Central Bank’s New Approach to Engagement with FinTech and Innovation
At the Central Bank, we understand the value of engaging with our stakeholders. We know that engagement drives good policy, good consumer outcomes and financial stability. This is not new for us. We appreciate the feedback and insight we receive from our stakeholders—both positive and negative—for this very reason.
Our work in consumer protection, in RegTech, and elsewhere has highlighted the importance of engaging specifically with stakeholders in financial technology. We understand the need to listen to innovators and experts in these fields. Engagement with the people developing new technologies, gives us first-hand knowledge of the innovations they are developing. In turn, this enhances our understanding of any potential risks and, importantly, potential mitigants. Of course, we also need to listen to existing firms that are becoming increasingly innovative and technology-based.
To achieve this I am pleased to tell you that we are developing an innovation hub for firms to engage directly with the Central Bank on innovation and FinTech. The absence of an accessible point of contact for FinTechs is an issue that has come up repeatedly in our discussions with stakeholders. It is also a common facility provided by other regulators. I think that this initiative is a good example of us being ready and willing to adapt in the face of a changing world.
This new Central Bank unit will focus on engagement, sharing and listening, and will be a two-way street. We will have a direct contact point for new FinTech firms and existing firms that are becoming more innovative. Innovative firms will be able to contact the Central Bank at [email protected] with questions. This will start a conversation. It will give firms a way to engage with us outside of more formal regulatory interactions, such as in the authorisations process. In so doing, the Central Bank will be able to learn from the firms about their ideas, the technologies they are developing, and have a view to where financial services are heading.
We already harness knowledge and information on upcoming technologies and innovations. Understanding new business models, products and services, already play an important role in how we conduct our regulatory activities, including our policy development, supervision and authorisation. The engagement I am announcing today will enhance our existing intelligence, in particular, by giving us early sight of new technologies—many of which, by the way, will come from places like UCC’s FSIC. In short, it will ensure that our regulatory programmes continue to remain fit for purpose as the pace of change in the financial services continues to accelerate. All of this will drive good outcomes for consumers, and we look forward to engaging with innovative firms.
There can be a perception that, when a regulator says “engagement with FinTech,” it means favouring start-ups over incumbents. Just to be clear, we mean inclusive engagement with all firms that are innovating and changing financial services, that is, with both start-ups and incumbents. This new facility will be a resource for both equally, because our experience shows that innovation is already happening at existing financial services firms too.
We will also launch a new dedicated page on our website. This will act as a portal of information for FinTech stakeholders. It will enable us to address common questions or issues and to share information that is relevant for FinTech stakeholders.
Industry Engagement
The Central Bank will also build on its direct firm engagement with an expanded industry engagement programme. Our new industry engagement programme is founded on the idea that good outcomes are driven by active engagement.
The centrepiece of our new industry engagement programme will be FinTech Roundtables hosted by the Central Bank starting later in 2018. The Roundtables will bring together relevant stakeholders to discuss issues relevant to FinTech and innovation. They will be a forum for conversation where we can all learn from each other and share issues and ideas. Given the pace of change in the FinTech space, we understand the importance of holding these Roundtables regularly.
We think that both our direct engagement programme and the industry engagement programme will work together to help solidify the Central Bank as a thought leader among regulators, as we become more informed on emerging technologies.
And you can expect to see more of us too. Industry engagement does not end with inviting stakeholders into our offices at North Wall Quay. We will be pro-active in seeking out engagement, and not simply waiting for it to come to us. We will be out at events and meeting with innovators. Importantly, we want to be, and will be, accessible.
We look forward to announcing more details in due course and engaging with you further in the future.
Conclusion
I will conclude here. Technological advancement brings great change to the way we live our lives and to the financial services landscape. The Central Bank is launching an innovation hub and industry engagement programmes to keep step with the evolving FinTech and regulatory landscapes. We look forward to engaging with you on FinTech developments. I would like to thank the Financial Services Innovation Centre again for the invitation to speak today. I am happy to take questions from the audience.