Amid all of the hype about fintech, regtech and technology innovation in the financial services industry, the Basel Committee on Banking Supervision has released a new consultative document. Sound Practices: Implications of fintech developments for banks and bank supervisors is the result of months of thinking by the international financial services regulatory body, which aims to provide foundational thinking for the technology industry, financial services and supervisors around the globe.
The paper’s 10 key observations are paired with recommendations designed to help regulators shape the future evolution of both technology and financial services. When it comes to fintech, regulators are concerned about both the stability of individual institutions as well as systemic risks.
Balancing Innovation with Sound Risk Management
Several of the recommendations suggest that banks must take a responsible, balanced approach to adopting emerging technology capabilities, encouraging participants to manage risk without stifling innovation.
The very first recommendation says that both banks and bank supervisors should carefully consider balancing speed to market with sound risk management when it comes to technology innovation in the sector – a key issue we’ve talked about in a whitepaper earlier this year.
The consultation paper also discusses supervisory hopes for regulatory technology, regtech, which the Basel Committee feels has the potential to help banks comply with regulatory requirements and manage risk as well as regulatory change more effectively.
The potential risks posed by innovation are the focus of the second, third and fourth observations in the paper, which specifically highlight strategic risk, operational risk, compliance risk, third-party risk, cyber risk and overall IT risk management. In particular, the paper calls out the need for the application of the Basel Committee’s principles for sound management of operational risk by banks to fintech developments, as well as the need to have robust third-party risk management practices in place, which we recently explored in another whitepaper.
When comes to these special third-party relationships, regulators are concerned about what financial institutions are doing to increase security and privacy – both in terms of current challenges and also in the face of technology innovation. Fintech and regtech firms can often be start-ups or, in any case, much smaller in size than their financial institution clients, and may not have the same level of IT compliance and risk infrastructure.
Implications for Supervisors and Regulatory Frameworks
Regulators have given themselves quite a lot of homework in this document, too. The fifth recommendation asks supervisors to cooperate more with other public authorities responsible for overseeing areas such as safeguarding data privacy, data and IT security, consumer protection, fostering competition, and compliance with AML/CFT. The sixth recommendation suggests supervisors should work more closely with each other going forward, because of the global growth of fintech and the global nature of many of their platforms.
The seventh recommendation suggests that regulatory bodies need to staff up with fintech and regtech experts, while the eighth observation suggests that “suptech” – the innovative use of technology by supervisory authorities – has interesting potential.
Recommendation nine asks supervisors to review their current regulatory, supervisory and licensing frameworks to take fintech and regtech into account – in places this work has already begun. An example is the European Union’s second Payment Services Directive, which comes into force in January 2018. Another effort under way is the U.S. Office of the Comptroller of the Currency’s draft supplement, released in March, which further outlines the application guidelines for fintech bank charters.
The last observation suggests that regulators have common aims striking the right balance between safeguarding financial stability and consumer protection while leaving room for innovation, and so they should collaborate among themselves, sharing approaches where it makes sense.
Balancing the speed of innovation with sound risk management will become increasingly important in the coming years and will require close collaboration between banks, non-banks and near banks. While fintech provides many exciting possibilities to re-invent business models, create efficiencies and drive new areas of market share, it must also be managed effectively to mitigate new and emerging risks that are only beginning to be discovered.
While immediate fintech risks must be contemplated, banking supervision must also factor and anticipate entry of the large technology companies penetrating the financial services sector and the potential implications they pose to create significant market disruption. Regulatory sandboxes will need to have appropriate rules that take more of a global perspective and adopt best practices from other jurisdictions that are made fit for purpose for the specific region and industry to push forward innovation responsibly and not stifle it. Finally, through better and more open collaboration between global regulatory bodies, financial services firms and technology companies, the development of standards could be possible in areas to the benefit of all.
The consultation paper outlines a path forward for both market participants and regulators, while remaining respectful of the needs of managing risk – both to individual institutions and the industry – as well as the need for continuing innovation. Getting this equation right is a critical success factor for the industry.
The consultation paper is open for responses through October 31.