This article was written by Urszula McCormack and Evan Manolios.
To gaze into the crystal ball of future technology regulation is to peer into the busy workings of global regulatory influencers. And they have certainly been busy.
In the past few weeks alone, the Financial Stability Board (FSB), Bank of International Settlements (BIS), International Organization of Securities Commissions (IOSCO), Financial Action Task Force (FATF), G20 and numerous others, have weighed into the future of tech. Even more recently, BIS released its "Green swan" paper focussing on climate change and financial stability. This will ultimately require strong tech development for systems, data, product development, analytics and supervision.
This alert provides a summary of three key papers issued by the FSB, as well as summarising developments from other influential global policy-makers.
FSB – a focus on BigTechs,[1] cloud and stablecoins
The FSB is an international body focussed on financial stability headquartered in Switzerland. It has released three papers[2] on the disruptions and risks arising from three very topical areas:
We extrapolate some of the FSB's key findings in relation to each below.
BigTechs in finance
Recently, BigTechs have gained much media attention by their announcements of new financial products (for example, Google's checking account, Apple Card, and Facebook Pay). Earlier this year, the "Chinese dual", Tencent and Alibaba, through various joint ventures obtained virtual banking licences from the Hong Kong Monetary Authority. A review of the virtual bank licensees and their shareholders reveals interesting partnerships between BigTechs, technology companies and incumbent financial service providers. The presence of BigTech in finance is hard to ignore, and it is not surprising that the FSB has released its report on Bigtech in finance.
Key messages from the report
The FSB's key observations in its paper are as follows:
- BigTechs have been able to penetrate financial markets – Furthermore, in advanced economies, the FSB observed that BigTechs' activities are more focussed (eg payments-related functions), while in emerging markets and developing economies, they generally tap into a broader market covering areas such as credit extension, asset management and insurance.
- BigTechs' comparative advantages – Advantages may include established customer networks, brand recognition, and a wide range of customer data and state-of-the-art technology. In the new data economy, BigTechs are well placed – they are able to create momentum by utilising their wealth of customer data from their core businesses and can achieve more tailored products and precise pricing.
- BigTechs are at the same time competing and partnering with incumbent FIs – Some BigTechs directly compete with existing FIs in certain areas (eg by setting up their own virtual banks). Others partner with FIs in various forms (eg by providing FIs with various tech-related services such as cloud, data analytics, or by interfacing with customers to facilitate distribution of bank products). In some instances, BigTechs are seeking to utilise incumbent FIs' licences, compliance framework and controls, while they focus on the non-regulated activities. In many instances, there are upsides to both the incumbent FIs and BigTechs.
- There are upsides and risks associated with BigTechs' involve in financial services – On the one hand, BigTechs promote innovation, competition and financial inclusion by introducing cheaper and more diversified products with improved efficiencies. On the other hand, BigTechs' activities could potentially pose certain risks, such as:
- directing funds away from the banking system may reduce the profitability as well as resilience of FIs, affecting stability of FIs' funding and reducing transparency in ownership and governance;
- interlinkages and interdependencies between BigTechs and FIs may trigger domino effects, which seriously disrupt the market in case any BigTech fails; and
- in relation to credit provision, new forms of credit assessment may lack rigorous testing, and BigTechs' ability to maintain credit supply in a downturn may also be uncertain.
- Ensuring a sufficiently diverse market is also important – BigTechs, with their vast access to customer data, are likely to become crucial market players as direct financial service providers. The FSB has recognised that currently, there is no evidence that BigTechs are hindering competition in financial markets, but nonetheless stresses the importance of future market diversity. The FSB also noted that as BigTechs become increasingly important in the financial system, their failure may cause wide disruption to the broader economy. This risk is more prominent in emerging markets and developing areas than in advanced economies.
- How should regulators respond? The FSB emphasised the importance of cooperation among policymakers and regulators across banking and non-banking sectors, and also via international fora. Given the sizes of and risks associated with the BigTechs' financial activities, the FSB suggested that BigTechs should be subject to financial regulations as FIs. The FSB also commented that regulators may consider imposing reciprocal data-sharing obligations on big techs to mirror open banking initiatives such as PDS2, such that there is a level playing field for competition. In our view, this remark is consistent with the growing trend of domestic regulators to promote data sharing and open banking, for example the regulatory regimes being implemented in Australia, Hong Kong SAR* and United Kingdom.
Cloud - third-party dependencies
As financial institutions often use and increasingly depend on the cloud services provided by the same BigTechs that may start moving into their competitive territory, there is an extra layer of complexity around the interlinkage between the two, which regulators are vigilantly monitoring. This subject was considered in the FSB's report on Third-Party dependencies in cloud services.
Key messages from the report
The FSB's key findings demonstrated the strong benefits of cloud, but also signalled flags that merit regulatory attention:
- Cloud usage is growing – Responses from a global survey of FIs indicated that global and regional cloud service providers are highly concentrated, and that although FIs are reportedly still at an initial stage in their deployment of cloud technology, there is a trend of moving core systems to cloud.
- Cloud services have both cost-saving and technical benefits for the industry – Utilising third party cloud services frees up capital by avoiding the need to establish and maintain expensive IT infrastructure. Moreover, FIs may leverage the tech-knowhow and geographical locations of large cloud providers to achieve geographic diversity and risk-resilience.
- Regulators face access difficulties – Knowledge asymmetries, contractual, cross-border and/or legal restraints mean that it may be difficult both for FIs to oversee the cloud services and for regulators to exercise access rights. It is also uncertain to which extent FIs are prepared for possible unexpected outages. Market domination by a small concentrated group of service providers amplifies the risks of systemic failure.
For businesses which engage third parties in cloud services as well as cloud service providers, it is worth monitoring global developments on the subject. For example, the Securities and Futures Commission (SFC) has had regard to a number of the abovementioned factors as part of its recent Circular regarding the "Use of external electronic data storage", which is very much focussed on providing a framework for cloud data storage, and ensuring that the SFC retains prompt and appropriate access rights as needed. See our alert here for more information on this circular.
Regulatory issues of stablecoins
In this brief report, the FSB expressed its view that global stablecoins (GSCs) may become "a source of systemic risk", although due to their novelty, very limited information is currently available for solid assessment. Amidst all the uncertainties and speculations, the FSB warned of financial stability risks GSCs may introduce. This is particularly because of their potential to establish a global user base, infiltrate domestic financial systems, and substitute fiat currencies. There was also the potential for GSCs to open up a pandora's box and cause serious erosions in market competition, data protection and financial crime activities given privacy and pseudonymity related features of some virtual assets.
The FSB suggested that regulators should build a thorough understanding of the individual components of stablecoin arrangements. Based on this understanding, regulators should then identify how the current domestic legal framework applies to and addresses the risks under stablecoin arrangements. The FSB also emphasised the importance of cross-jurisdictional co-operation in ensuring that national regulations are compatible.
Recent discussions on GSCs across the international regulatory fora (as we summarise in the next section) echo with the FSB's wariness about the potential systemic risks surrounding GSCs, and demand suitable risk-management to be undertaken by both stablecoin developers and global regulators. For example, the G7 Working Group on Stablecoins (Working Group) published a report in which it identified a range of risks and challenges associated GSCs, and expressed its belief that GSC projects should not commence operation unless the risks and challenges identified are adequately addressed. The Working Group also stressed the importance of cross-border collaboration, and suggested that national regulators adhere to principles established by standard-setting bodies to ensure international consistency. IOSCO and the European Central Bank (ECB) also published statements and notes expressing similar views.
At the same time, innovation is still highly prized. On that note, the Hong Kong Monetary Authority and Bank of Thailand have just issued their report on their collaborative "Project Inthanon-LionRock" effort to explore a potential Hong Kong Dollar-Thai Baht blockchain-based cross-border payment arrangement, and several other projects are on foot internationally."
What are other global trend-setters saying?
Multiple regulators are looking at technology, new asset classes like virtual assets, and regulation. The following table summarises a number of key developments you should know about.
Transnational body |
Key development |
Further information or actions |
Virtual asset and general blockchain developments |
||
Bank for International Settlements |
Consultation – Virtual asset regulation The BIS has released a consultation paper on "Designing a prudential treatment for crypto-assets", which:
|
Feedback on how this asset class should be regulated going forward is due on 13 March 2020. Whilst BIS thought leadership and guidance were particularly relevant to banks, all stakeholders are encouraged to respond. Many virtual asset firms and technology players rely on banks, so it's important to engage on this topic. |
BIS |
Report – Optimising design of wholesale digital tokens The BIS issued a report exploring:
|
Whether you are a token developer, a business which is interested in exploring alternative payment arrangements or a crypto-enthusiast, this report gives a concise overview of the concerns around wholesale digital token arrangements. |
BIS |
Report – Building regulation into blockchain finance This BIS working paper makes the case for embedding a regulatory framework for compliance in tokenised markets through the design of the market's distributed ledger technology. The working paper outlines the proposed advantages of using blockchain technology as a "regtech" based tool, as well describing the key principles that should govern a regulatory framework to use such technology for financial supervision. |
This working paper is useful to track as compliance as a service grows with the use of blockchain technology. |
G7 Working Group on Stablecoins (Working Group) |
Report – Impact of stablecoins
|
According to the Working Group, the FSB will submit a consultative report to the G20 Finance Ministers and central bank Governors in April 2020, and the final report will be released in July 2020. |
International Organization of Securities Commissions (IOSCO) |
Statement – IOSCO's study of GSCs IOSCO published a statement regarding stablecoins, commenting that:
|
Keep an eye out for the FSB report on stablecoins upon its scheduled release this coming July. |
European Central Bank (ECB) |
Report – Innovation and its impact on the European retail payment landscape The ECB issued a note on the impact of innovation on the following three topics:
|
Keep an eye out for further developments. As we summarise below, the ECB also recently published a proof-of-concept on embedding AML/CFT measures within a CBDC. Overall, the ECB has demonstrated a "crypto-friendly" stance, and we expect interested European entities will closely follow this trend. |
Anti-money laundering and counter-terrorist financing developments |
||
The Financial Action Taskforce (FATF) |
Consultation – Digital identity systems for customer due diligence The FATF has published a "Draft guidance on digital identity for public consultation" (Draft Guidance), which:
|
Keep an eye out for updates and amendments scheduled to be released in February 2020. Digital identity systems are increasingly embraced as a useful tool in customer due diligence. The Draft Guidance helpfully outlines the relevant risks and practical considerations. All interested entities which use or are thinking about shifting to digital identity systems in their customer due diligence practice should incorporate FATF's suggestions in their RBA. |
FATF |
Warning – money laundering risks from "stablecoins" and other emerging assets The FATF published a warning that:
|
Familiarise yourself with the Virtual Asset Guidance if you are a virtual asset service provider or are otherwise engaging in virtual asset-related activities. Previously, we've written about the Virtual Asset Guidance, which you may find helpful in having an overview of your obligations under it. |
ECB |
Proof of concept – Balancing privacy and AML/CFT enforcement in electronic payments via central bank digital currency (CBDC) The ECB has published a brief proof of concept for a simplified digital cash (referred to as CBDC) payment system which strives to strike a balance between privacy in low-value transactions and the enforcement of mandatory AML/CFT controls for higher-value transactions. The core of the system is a new concept of "anonymity vouchers", which are distributed to users by the AML authority to enable anonymous transfers of CBDC to a limited extent. |
Keep an eye out for further developments in the ECB's CBDC initiative. Although the ECB emphasised that the proof of concept did not imply any plan of proceeding with CBDC, it also stated that it was open to act when such need arised in the future. |
Environmental, social and corporate governance |
||
BIS |
The green swan – Central banking and financial stability in the age of climate change This recent BIS paper identifies climate change as a key future source of financial and price instability given the ability of climate change to generate physical risks and transition risks. Despite challenges in incorporating climate-related risk into stability monitoring, BIS argues that if left unchecked, climate change could be the cause of the next systemic financial crisis through a series of "green swan" events.[3] BIS makes the point for climate change to be considered as part of all economic and forecasting models, while at the same time arguing that many traditional backward-looking risk assessment models may be inappropriate for the future systemic risk posed by climate change. |
Climate change is increasingly become a priority area for financial regulators in multiple jurisdictions and this trend will undoubtedly continue. This paper is therefore a "must-read" for those involved in governance and legal/compliance, but also for those looking to build products to satisfy growing demand for ESG-compliant investments. There will also be a need for technology innovation to support this growing area, particularly in the areas of systems, data, product development, analytics and supervision. Scoring methodologies, impact measurement, reporting mechanisms and reliable data require particular focus. |
Key takeaways
Pulling together the wealth of global regulatory developments, we give our final take on the current state of play on BigTechs and global regulatory trends:
- BigTechs' engagement in financial activities is not new, but regulators are now taking a greater interest in how to best regulate BigTechs. Multiple research institutions and international bodies have published articles with similar observations as the FSB. For example, in June 2019, the BIS published its take on the BigTech phenomenon, suggesting a new regulatory compass to facilitate policy-making and cross-sector cooperation among regulators in finance, competition and data protection. The legal landscape is changing rapidly to catch up with the market trend. Some have already expressed worries that FinTech start-ups may also get drowned in this new wave of regulating BigTechs, and innovation will be stifled. The FSB's acknowledgement that "regulation [should be] proportionate to the relative size and risk of both large BigTech and smaller FinTech firms" offers comfort and sensible view in this regard.
- Utilisation and monetisation of data is a tricky issue. The FSB's seriousness in monitoring data use by BigTechs shows that data not only increases competitiveness in businesses, but also brings responsibilities and burdens in compliance. FinTech firms with less market share and less prominent presence will presumably attract less regulatory oversight than BigTechs do. Nonetheless, FinTech firms should be mindful to ensure that their use of data accords with legal requirements. Both legal challenges and exciting opportunities lay ahead.
- Cloud service providers continue to be under the spotlight. As more FIs use cloud services, there is an increased regulatory effort in dealing with such risks. Clear local guidance from regulators on the subject is welcome to ensure clarity for both service providers and regulated entities. However, seeing how requirements such as those recently imposed in Hong Kong play out in practice will undoubtedly influence others on issues such as data access and localisation.
- Global regulatory bodies consider stablecoins a systemic potential risk. As we have briefly summarised in the regulatory update table, many global standard-setting organisations have expressed their concern regarding stablecoins and the associated risks to the existing central banking framework. The future of stablecoins is still full of uncertainties, but we expect to see an uptick in their regulation to mitigate the above-mentioned risks. We recommend that anyone dealing with stablecoins stay abreast of regulatory developments, and also obtain advice about the regulatory nature of the particular stablecoins they deal in.
- Novel products, asset classes (like virtual assets) and distribution channels lead to new money laundering and terrorist financing typologies, which in turn results in new controls and guidance.
- Innovation remains a priority.
Exciting times await. Please let us know if you would like any further information on any of the abovementioned topics.
Disclaimer:
This is general information only and should not be relied on as legal advice.
[1] "BigTech" is commonly used to refer to the handful of major technology companies, such as Google, Facebook, Tencent and Amazon that dominate the technology landscape.
[2] The FSB, BigTech in Finance: Market development and potential financial stability implications, issued December 2019; Third-party dependencies in cloud services: Considerations on financial stability implications, issued December 2019; and Regulatory issues of stablecoins, issued October 2019.
[3] "The "green swan" concept is a variation on the concept of a "black swan" for the arena of climate change and is explained more fully in Box A on page 3 of the paper.
*Any reference to "Hong Kong" or "Hong Kong SAR" shall be construed as a reference to "Hong Kong Special Administrative Region of the People's Republic of China".