Financial regulation and technological innovation: a thematic approach - Gerry Cross, Director of Policy & Risk

27 November 2019 Speech

Gerry Cross

Speech delivered at Digital Finance Summit 2019, Brussels

Good afternoon. It is a pleasure to be here at the Digital Finance Summit and to participate in this afternoon’s session focused on Regulation and Fintech.

Today I want to speak, you won’t be surprised to hear, about the interplay between financial regulation and rapid technological innovation. It is an important topic and one which is high on the agenda of the Central Bank of Ireland.

I have spoken before about the value of the triple lens of opportunity, risks, and challenges that can usefully be adopted to this topic. That remains a very good way of understanding how we at the Central Bank of Ireland think about and approach this important area.

In our three year Strategic Plan covering the period 2019 to 2021, we set out how the Central Bank of Ireland sees its mission. We say there that we serve the public interest by safeguarding monetary and financial stability and by working to ensure that the financial system operates in the best interests of consumers and the wider economy.

That is what underpins our approach to this topic. We ask ourselves the question: how should we, as financial regulators, best engage with technological innovation so that the financial system that we regulate best serves the interests of consumers and the wider economy.

The Central Bank of Ireland is both a prudential and a conduct regulator. And as a Central Bank we are responsible for financial stability. So we come at this from all sides: ensuring that firms are soundly governed and run, that they act fairly and in the best interests of their customers, and that collectively they do not give rise to vulnerabilities which could undermine the ongoing stability of the system and funding of the economy.

We are a regulator that is deeply integrated in the European System of Financial Supervision. Therefore the focus of our regulation is on delivering on our objectives both domestically and in relation to the European economy and European users of financial services. And of course in the area of technological innovation in financial services, the European Commission has a very active and important agenda - as I am sure Peter Kerstens will be explaining further during the course of this afternoon. So do the three European Supervisory Authorities: the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), in all of which the Central Bank of Ireland is an active participant.

As financial regulators, we recognise that advancements in technology can bring major benefits to consumers and to the economy. But they can also bring significant risks. I will cover just some of these in my comments this afternoon.

Rapid change

Advances in technology are bringing rapid and deep changes to the financial services sector. These are impacting business models, decision-making, systems and processes, and products. They are having a material effect on the operation of financial markets, financial supervision and the economy.

Financial firms are looking to technological innovation for its potential to deliver cost reductions and efficiencies, and competitive advantage resulting from improved customer offerings. Increased automation, digitisation of processes, the use of algorithms and machine learning - these and others are amongst the aspects that firms are seeking to benefit from. Big Data Analytics can allow for advanced risk assessment and pricing.

New payment methods and platforms bring challenges for the traditional role and dominance of banks in this area, while digital payment channels have lowered the barrier to entry for alternative providers. Consumers increasingly expect a customer-centric, seamless digital experience when buying financial products and services or engaging with their financial service provider1 and these drivers are demanding solutions which technological innovation is aptly placed to provide.

Innovation Hub

All of this presents a range of challenges for financial regulators. How should we respond to this context of rapid technological change? How should we ensure that we are achieving effective supervision when financial firms’ risk profiles are evolving so rapidly? How should we organise ourselves to leverage skills and capabilities most effectively? How should we ensure that we have a full and practicable understanding of the sweep of developments? How should we prioritise amongst the myriad things that we could focus on?

As one part of our response to these questions, in April 2018, at the Central Bank of Ireland, we launched our Innovation Hub designed to facilitate an open and active engagement with the FinTech sector. This was done with three aims in mind: firstly, to provide us with a way to engage more effectively with persons and entities engaged in fintech innovation, so that we as supervisors could gain an enhanced understanding of the developments underway and likely to emerge. Secondly to enhance our discussions on regulatory aspects with innovators, for many of whom the world of financial regulation is an unaccustomed and potentially intimidating one. And thirdly, to help ensure that new financial firms emerging onto the market are well placed to comply with the requirements of financial regulation which is key to the continuing achievement of the consumer protection and financial stability outcomes that are at the heart of our mandate.

Since launching our Innovation Hub eighteen months ago, we have had over 150 engagements with firms and individuals contacting us through the Hub. Amongst the areas where we have seen a particular focus are:

Regtech: Know your customer (KYC) onboarding, which is one area that we see focus on. Firms in this space noted broad interest in the idea of establishing portable digital identities for customers. Another area of interest is fund focused risk management solutions. Technology deployed in this space includes cloud computing and data analytics, with user-friendly data presentation key.

Payments: The launch of the Innovation Hub coincided with two significant external developments impacting the payments sector: the implementation of the second Payments Services Directive (PSD2), and the period following the United Kingdom’s invocation of Article 50 of the Treaty of the European Union (Brexit). These two factors have driven a good deal of payments-related engagement with the Innovation Hub, as well as a significant increase in the number of payments services application lodged with the Central Bank.

Markets & Exchanges:  this is an area where we see in the context of the Innovation Hub the highest adoption of more advanced technology, with 71% of enquiries involving blockchain related applications.

We publish an annual report on the activities of the Innovation Hub.

The Innovation Hub is also seeing how innovators in FinTech are targeting individual core functions of financial services to create a more tailored and user-friendly digital experience largely through developing cloud-based platforms that provide an extra layer between back-end systems and front-end mobile/web applications, facilitating communication and sharing of data across the value chain.

Central Bank's approach to Technological Innovation

A key challenge for financial regulators is how to best to organise ourselves faced with this context of rapid technological innovation. At the Central Bank of Ireland there are three key aspects to our approach: firstly we have developed a hub and spokes model. We make use of a cross-Bank Innovation Steering Committee, a network of experts, and a small central team to ensure that we are well coordinated and joined up across the different areas of the business. But much of the work and development takes place in the different areas of the business where the issues naturally arise.

Secondly, we seek to prioritise well. It is not an effective use of resources to try and focus on all aspects at once. So we seek to be clear about what it is we think are the areas of focus that will deliver the most value add, and to prioritise our resource allocation accordingly.

And thirdly we have been developing a thematic approach. That is we seek to identify a range of overarching themes, and to prioritise amongst and within those themes. Let me mention some of the themes related to technological innovation that we have currently identified as constituting some of the key areas of interest for financial regulation.

Consumer protection

Technology has of course the potential to both significantly improve and to undermine the quality of engagement between financial firms and their customers. It has the potential to significantly enhance the outcomes that consumers experience while at the same time bringing risks including around fair treatment, suitability of offering, information and disclosure, amongst others.

In 2017 the Central Bank of Ireland published a Discussion Paper: Consumer Protection Code and the Digitalisation of Financial Services2. This Discussion Paper sought to identify a range of key risks and opportunities from technological innovation and to provide the basis for an informed discussion around some of these issues.

Building on this Discussion Paper and the continuing thinking we are planning to take this work forward in a new phase in the coming year. In particular we will be reviewing our Consumer Protection Code, to update it so as to ensure its appropriateness for an increasingly digitalised world.

Big Data:

One topic where technological innovation is having a material impact is in the area of Big Data and its use. Big Data analytics can bring important benefits – think for example of its use in making possible lower insurance premiums for careful drivers – but it also brings important challenges, including in particular making sure that such techniques are not used in ways incompatible with the fair treatment of customers.

At the Central Bank of Ireland we are currently preparing a review of differential pricing practices by insurers in the coming period. Our consumer code requires that firms must act honestly, fairly and professionally in the best interests of their customers and make full disclosure of all relevant material information. Our review will take a close look at the facts around differential pricing and whether action is needed to ensure that the firms are living up to their obligations in this regard.

Crypto Assets

Crypto assets is a further topic which has been receiving a good deal of regulatory attention over the recent period.

This is a very good example of an area of technological innovation which has raised challenges for financial regulation precisely because it represents something very new, and which therefore has to be considered from a variety of perspectives to make sure that it is being properly considered by the financial regulatory framework.

We have seen for example that competent authorities, at the European and national levels, including ourselves in Ireland have issued consumer warnings in relation to both virtual currencies (high levels of volatility, unregulated products); and initial coin offerings (unregulated, risky products vulnerable to fraud, volatility).

There has been a good deal of work undertaken to consider whether or not cryptoassets fall within existing financial services regulatory definitions. This has found that there are in fact differences across Europe in how some things are defined. In any event, because of the different features that can be incorporated in these assets, a case-by-case analysis is needed looking at the precise nature and details of the asset. There is a concern as to the money laundering risks around such products. Their features and operating models make them particularly vulnerable to money laundering and other financial crime activities. There is also work underway considering how they should be treated from a prudential regulatory point of view.

Recent discussion has focused on so called stablecoins which are the latest type of cryptocurrency to have entered the market. A so called stablecoin (or SCS) is an electronically stored monetary value denominated in, and pegged to, a common unit of account such as the euro, dollar, yen, or a basket thereof. They aim to address the volatility problem of traditional cryptocurrencies by pegging their value to a stable asset such as a fiat currency or currencies. 

The main potential advantages of these SCS is their potential to provide faster, cheaper and more convenient payment options, particularly in a cross-border context. They are borderless and offer potential efficiencies for individuals and businesses transferring payments across countries.

However, SCS are largely untested in a real-world environment particularly on a large scale. They give rise to a number of serious risks related to public policy priorities including anti-money laundering and countering terrorist financing, as well as consumer and data protection, and cyber resilience. They could also, depending upon their scale and penetration, pose significant issues related to monetary policy transmission, financial stability, data privacy and public trust in the global payment system.

What is of high importance in the context of cryptoassets, including so called stablecoins, is that there is a well coordinated and consistent approach to such matters both across Europe and internationally. We have seen how bodies such as the European Commission, the G7, the Bank for International Settlements, ESMA, and EBA have taken forward important and welcome work in this broad area over the recent period.

Anti-money laundering

Changing technology brings with it opportunities for the ill intentioned. It is a priority that our approach to regulation and supervision of anti-money laundering and countering terrorism financing (AML/CTF) continues to evolve and to keep pace with changing technology. The  implementation of the fifth Anti-Money Laundering Directive (5AMLD) for example will see custodian wallet providers and virtual currency exchanges brought within the AML/CTF regulatory perimeter. As regulatory authorities we must remain constantly alive to the new money laundering / financial crime risks associated with the evolving technological landscape.

An evolving financial sector

We are seeing new firms, with business models based on  state of the art technology enter the market. These can bring important potential benefits for consumers and the economy.  At the Central Bank of Ireland we approach such applicants on the basis of technological neutrality. We seek to ensure that these firms, like any firm we authorise, are soundly run and governed, on the basis of a sustainable business model, in a way that ensures that customers are treated fairly and not exposed to inappropriate losses.

These developments do however bring new challenges for financial regulators which we need to identify and respond to.

For example, the ever increased embedding of technology in financial services presents heightened cyber security issues and increased Information and Communication Technology (ICT) risks. This presents increased challenges for firms to deal with both the risk and the occurrence of cyber threats, outages, or data breaches, for example, and for supervisors to ensure that they are doing so to high standard. To this end at the Central Bank of Ireland we published in 2016 Cross Industry Guidance in respect of ICT and Cybersecurity Risks. It is an ongoing important focus of our supervision to ensure that regulated firms have appropriate governance, strategy, resilience, risk management, and business continuity in respect of ICT risks.

We are also seeing an increasing role for new types of service providers in the broader financial services area. Cloud service outsource providers are an example of a new actor which are having an increasingly prominent role in this broader context. In 2018 we published a Discussion Paper, Outsourcing – findings and issues for discussion3, an important part of which focused on the challenges arising from the increasing importance of cloud outsourcing activities. These include such aspects as concentration risk; effective oversight; risks around the transfer and integrity of sensitive data; substitutability and business continuity.

Evolving financial supervision

As well as potential benefits for the users of financial services and the wider economy, technological innovation has significant potential benefits for us as financial supervisors. Technological improvement, increased data availability, and enhanced data analytical techniques, for example, have the potential to allow us to supervise the financial sector not only more efficiently but also more effectively. The enhanced ability which these can bring to identify emerging risks, developing patterns, or outlier features, whether at the firm, product, or sectoral levels is something that we at the Central Bank of Ireland are very much focused on. While there is a road to travel, we are already evolving our structures, approaches and techniques to reflect this.

As supervisors, we are also conscious that the increased deepening of technology within the financial services sector and the technological enhancement of our supervisory approach has implications for our own organisation and approach. We need to continue to develop our own capacity and capability so we can act as robust regulators and supervisors in this changing landscape. A challenge all regulators face is that technology and innovation tend to move faster than regulation. This makes it important that we build our capacity not for just for today’s changing world, but for tomorrow’s.

Conclusion

So, let me conclude here. I hope you will find what I have said of some help in understanding how we as financial regulators approach this context of rapid technological innovation. And that it will have provided a few insights into some of the key  themes around which we are organising ourselves.

Thank you for your attention.


Thanks to Michelle O’Donnell Keating for her significant work on this speech.

1 Central Bank of Ireland: "Discussion Paper 7 - Digitalisation and Consumer Protection Code" (2017)

2 ibid

3 Central Bank of Ireland: "Discussion Paper 8 - Outsourcing - Findings and Issues for Discussion" (2019)