Remarks by Director of Markets Supervision, Gareth Murphy, at a seminar hosted by the Irish Ambassador to Germany on Regulatory Perspectives on Financial Technologies

08 September 2015 Speech

Good afternoon ladies and gentlemen.

Ambassador Collins, Minister Harris, regulatory colleagues and distinguished guests, I am grateful for the opportunity to speak about financial regulation in this era of innovation, technology and disruption.

Technology is changing the way economies work. It is also changing the risks that financial authorities face, especially systemic risk. For example, cyber-security is currently a focus for the Central Bank of Ireland in light of the increased incidence of attacks on personal and corporate IT systems globally. So it is essential that central banks and regulators gear up in the face of this change.

Some of the most interesting areas to benefit from technological innovation relate to (a) payments and settlement, (b) information and distribution (c) securities registration and (d) identity verification. I'll say more about some of these later. But to frame my remarks, I would like to spend a few minutes setting out an approach for thinking about regulatory engagement in general.

Regulatory engagement

Financial authorities operate across a spectrum of activity which is defined by the level of engagement in the workings of firms and the market. [See chart 1]

  1. At one end of the spectrum, there is the collection of data. Data does not come cheaply but when done well, it provides a strong foundation for the monitoring firms and markets.
  2. Analysis of the data is by no means a trivial task. It typically calls for expertise in finance, economics and statistics. However, new technologies require an understanding of fields like cryptography, complex systems and network theory. 
  3. The key public policy questions related to this activities will be framed by social and political tolerance for failure in the provision of these financial services.
  4. This may lead to the writing of a rule-book for the firms or markets – and this is regulation in the purest sense.
  5. The next step is the supervision of compliance with this new rule-book. Done well, this requires capable and experienced supervisors and a coherent supervisory model.
  6. Where supervision uncovers potential breaches, enforcement investigation and sanctions may follow.
  7. Lastly, the most intrusive form of regulatory engagement is where financial authorities seize control of firms or markets through far-reaching intervention powers, eg recovery and resolution tools, market suspensions etc.

Underlying this process of regulatory engagement are five core elements: (i) data collection, (ii) analysis, (iii) input from political and social stakeholders, (iv) a legal system and (v) a supervisory model.

The process is sequential. Each step requires a higher level of engagement. The underlying logic is that each step should be taken after deliberate cost-benefit assessment - though reality is often different as access to meaningful data often lags behind the need to answer burning public policy questions and the urge to regulate.

Regulatory consequences of technology in financial services

How do financial authorities go about addressing the consequences of technological change? [See chart 2]

New distribution technologies

Distribution in financial services is becoming faster and cheaper. There are numerous examples of new distribution models driven by technology.

  • The most striking example is that of Chinese investors diverting their bank savings into the $85bn money market fund Yu'E Bao using mobile phone-based applications developed Alibaba.
  • Another recent phenomenon is crowd-funding where investors assess the prospects of entrepreneurs (or borrowers) with whom they have been matched online with a view to making a loan or placing an equity stake.[2] In this context, we have seen examples of social networks playing a role in monitoring and improving creditworthiness.[3]
  • In the US, there are platforms that offer mobile trading using an iPhone at zero commission.[4]
  • In emerging economies with weak banking infrastructure, systems have been created to provide mobile bank accounts tied to customers' SIM cards that enables them to transfer funds by text messaging and to deposit and withdraw funds via a network of agents.[5]  
  • Nearer to home, firms are also increasingly using mobile devices and applications that directly link to a person’s bank account, enabling them to carry out a wide variety of transactions more efficiently within the existing payments infrastructure.

Identity Verification Technologies

In a small number of cases, the Central Bank of Ireland has seen fraudulent redemption requests being paid by regulated firms operating less-than-rigorous identity verification processes.

Identity can take on a whole new meaning in a virtual world where there is no face-to-face contact, no signatures, no passport and no ID cards. Consumers and investors must have confidence that they can transact safely. Demand for new identification technologies is not just about online speed and efficiency, it is also about safety and security.

New forms of identification are being explored such as social media profiles and (asymmetric) cryptography (which uses public- and private-keys to lock and unlock information and products).[6]

The quality, integrity and security of modes of identification clearly have relevance to the proper and orderly provision of financial services and compliance with anti-money laundering requirements.

New technologies for registering ownership of assets

Distributed ledger technologies are increasingly being explored as an efficient and speedy way to register the transfer of assets between counter-parties.[7] Rather than keeping a single register of information recording the ownership of assets, these technologies allow a network of users linked through the internet to maintain and update a register of ownership (known as a blockchain). When a transaction takes place, changes to that register are simultaneously validated by a network-based consensus of users (using public-key cryptography).

In an illustration of the need to assess the impact of new technologies, the European Securities and Markets Authority recently consulted on this so that the risks to consumers, investors and the financial system can be anticipated.[8]

Clearly, new technologies present a wide range of regulatory challenges. For example:

  • What activity should we measure and what new data will we require?
  • Who should we collect this data from? Do we need to draw new types of firms or activities inside the regulatory perimeter?
  • How do we assess which technologies are likely to have the greatest impact in the future (to avoid wasting resources considering every single innovation)?
  • Do we need new legal and regulatory definitions? eg What is virtual currency?
  • How do we adapt existing concepts? For example, marketing is a key concept in different parts of financial regulation. In what sense are YouTube videos marketing when search engines are optimised to find them?
  • How should financial authorities, which are typically public bodies, compete with the private sector for expertise which is in great demand?
  • Do we need to develop new supervisory (as opposed to monitoring) tools and methodologies?
  • For example, in securities markets supervision, we have been monitoring social media for the possibility of detecting insider trading for some time.

These are just a few questions - and by no means a non-exhaustive list of questions - which challenge our model of regulatory engagement.

Financial authorities have wide-ranging mandates for safeguarding stability and protecting consumers.[9]Technology is changing the nature of financial services. And the rate of change is unprecedented.[10] The benefits and risks of this need to be understood. Capability must be created to take timely and proportionate action, where necessary. In a world where technology expertise is in great demand, financial authorities must adapt to face the significant challenges of resourcing, co-ordination and organisation.

Ali, R., Barrdear, J., Clews, R. & Southgate, J., (2014), "Innovations in payment technologies and the emergence of digital currencies", Quarterly Bulletin Q3, Bank of England.

Dobbs, R., Manyika, J., & Woetzel J., (2015), "No Ordinary Disruption", McKinsey and Company.

ESMA (2014), "Opinion: Investment-based crowdfunding", European Securities and Markets Authority.

ESMA (2015a), "Call for evidence: Investment using virtual currency or distributed ledger technology", European Securities and Markets Authority.

ESMA (2015b), "Investment-based crowdfunding: Insights from regulators in the EU", European Securities and Markets Authority.

Freedman S., & Jin, G. Z., (2008), "Do Social Networks Solve Information Problems for Peer-to-Peer Lending? Evidence from", NET Institute Working Paper 08-43.

Jack, W. and Suri, T., (2011), "Mobile Money: The Economics of M-PESA", NBER Working Paper No. 16721.

Mbiti, I. and Weil, D., (2011). "Mobile Banking: The Impact of M-Pesa in Kenya", NBER Working Paper No. 17129.


[1] In preparation for this speech, I am grateful for the assistance of Kitty Moloney, Neill Killeen, Oisin Kenny and James O'Sullivan. The views presented are those of the author and do not necessarily represent the views of the Central Bank of Ireland.

[2] See ESMA (2014) and ESMA (2015b). ESMA has recently published an opinion and a survey on investment-based crowdfunding. The Opinion explained that these investments are associated with risks of dilution; asymmetric information and redemption owing to the fact that the majority of projects invested in are small and have a high rate of failure. Of the 46 entities considerer as part of the survey, 18 were authorised under MiFID, 12 were indirectly authorised as MiFID tied agents of an investment firm, and 16 were exempted or excluded from MiFID’s scope. ESMA also found the majority of the surveyed companies engaged in the MiFID activity of the ‘Reception and Transmission of Orders’ and that 19 of the 46 were subject to base capital requirements that range between €5,000 and €730,000.

[3] See Freedman and Jin (2008).


[5] See Jack and Suri (2011) and Mbiti and Weil (2011) who document the characteristics and development of M-PESA, a mobile phone based money transfer system in Kenya.

[6] I have heard cryptography experts describe a private key as being almost like a signature. Whilst we may be accustomed to losing our keys or our password from time to time, imagine losing your signature!

[7] See Ali et al (2014). They assert that this "innovation draws on advances from a range of disciplines including cryptography (secure communication), game theory (strategic decision-making) and peer-to-peer networking (networks of connections formed without central co-ordination)."

[8] See ESMA (2015a).

[9] For example, in Ireland, Section 6A(2) of the Central Bank Act 1942 sets the following objectives: "(i) the stability of the financial system overall and (ii) the proper and effective regulation of financial services providers and markets while ensuring that the best interests of consumers of financial services are protected."

[10] See Dobbs, Manyike and Woetzel, (2015).