Dr. Jamshaid Anwar Chattha
Dr. Jamshaid Anwar Chattha is Chief Financial Analyst at the Central Bank of Kuwait.
Financial technology (known as FinTech) is a buzzword. It is a mantra indicating ‘innovation is future’. There are intense debates and coverage of FinTech on social media, for instance, Twitter, LinkedIn, Facebook, and blogs. Having seen rapid growth over the last few years, it is no more a nascent financial technology industry. There are international banks and regions competing for being new financial technology hubs.
This innovation has not only enticed but also engaged all walks of professionals and market participants from software developer to entrepreneur, companies to financial institutions, and banks (including Islamic banks) to regulators. As a result, we have seen various developments over the last couple of years reflecting FinTech. I here share my thoughts on one dimension of it, that is, potential regulatory issues and implications arising out of FinTech, although, many regulators differ in their respective approach to FinTech.
In the 21st century, the global financial services industry is facing a wave of digital disruption with FinTech, which is a combination of financial technology and innovation. It has mainly two purposes: (a) to compete with traditional financial approaches in the delivery of financial services; (b) to make financial services more accessible to the general public. Within these aims, FinTech has echoed various implications for risk management in financial institutions (e.g. banking, insurer) and supervisors regulating financial and non-financial institutions.
The following trending topics are gaining significant traction: Blockchains, Regulation Technology (RegTech), Initial Coin Offerings (ICOs), Distributed Ledger Technology, Soundwave technology, the Tangle, Anonymous Cryptocurrencies, and Open Banking or Application Programming Interface (API) Banking. These are just a few examples to mention. Now, there are numerous FinTech companies and startups in the world. There is no dearth of research on the topic. Here, the focus is on key regulatory concerns in line with best practices such as FSB, BCBS, and IMF.
The pace at which the FinTech is accelerating no doubt presents economic benefits to the financial system and society at large, but it also has potential risks and unintended consequences. Some of these concerns are exhibited in Figure 1 and are discoursed below; though, it is understood that the list of the issues is not exhaustive, and it would keep evolving over time.
Regulation and Supervision
First and foremost is the regulation for, and effective supervision of, the FinTech. Generally, regulators are mindful that FinTech has the potential to deliver economic benefits, by lowering the cost of operations and enhancing competition, and societal benefits, by boosting financial inclusion and delivering more convenient financial services.
However, risk and failure are an integral part of innovation in FinTech solution. It is, therefore, vital for regulators to ensure availability of appropriate safeguards to manage the risks (such as institution-specific micro-financial risks and system-wide macro-financial risks). Hence, providing parameters and regulatory clarity through a set of framework (for FinTech business models) is critical for FinTech’s mass adoption in order to ensure the financial stability of the system. Regulatory sandbox is only one of the approaches to manage FinTech and may not fit circumstances in different jurisdictions. Supervisors will have to ensure that financial institutions or firms have robust governance frameworks and are cultivating the right culture including ongoing engagement on the evolution of RegTech. This should be complemented by the increasingly intense and data-driven supervision.
Figure 1: FinTech and Key Regulatory Concerns
Let us not forget that there is a genuine concern for regulators on cryptocurrency to be accepted as legal tender in jurisdictions. Such currency may have future repercussions and have large risks associated with them including anti-money laundering (AML). The public may not be cautious of the risks associated with the usage of such digital currency. Moreover, Initial Coin Offerings (ICO) – being a new method of raising funds or capital through unconventional and unregulated means – has the potential to bypass rigorous and well-regulated requirements for funds-raising established by regulators. In addition, there is also serious concern on the risk of AML and financing of terrorism, termed as AML/CFT, which requires financial institutions including banks to have adequate measures to counter the risk of AML/CFT. For instance, the implementation of full know-your-customer (KYC)onboarding procedures for all those customers who participate in the FinTech.
From a risk management point of view, operational risk (reflecting cyber-security, fraud and theft, data privacy and legal issues) stands out significantly. Similar to the Basel Committee on Banking Supervision (BCBS), the Islamic Financial Services Board (IFSB) – which is an Islamic finance standard-setting body-capital regime for operational risk is far less advanced compared to the regime for credit risk and market risk for some types of financial institutions. More notably, while measures such as BCBS/IFSB capital requirements can create incentives to address certain operational risks, such as business continuity, capital is not sufficient to restore operations if a financial institution suffers a cyber incident or similar one. This issue has to be given considerable attention by supervisors of banks including Islamic banks.
On the Islamic finance side, the bigger challenge is ensuring that innovative solutions for Islamic financial services are consistent with prevailing Shariah rules and principles not only domestically but also internationally. The larger issue is the role of the Shariah supervisory board (SSB) in the oversight of the product innovation at the financial institution level and ultimate responsibility for Shariah compliance issues for consolidated supervision. In this respect, the CIBAFI has recently suggested (in its comments submitted to the BCBS’s consultative document) that Islamic banks will (a) need to consider how they can ensure that the end to end transactions are in line with Shariah, including the rights and ownership at each stage; (b) also need to consider not only whether there is a valid contractual relationship between the parties involved, but how that relationship is to be characterized in terms of Islamic financial jurisprudence.Likewise, the IFSB has also highlighted in its report the innovations related to FinTech and a corresponding set of challenges it raises for the Islamic finance in particular. Having said that the Shariah compliance issues have sparked massive debate in the industry at different forums (e.g. ISRA FinTech, CIBAFI, IFSB, a thorough guidance covering all the modalities of the FinTech issues from Islamic finance, is not readily available.
To this end, rapidly evolving developments of FinTech necessitates supervisors to provide a new framework or guidelines to the financial institutions as a forward-looking guidance to accommodate positive technological development. One of the ways this can be achieved is through creating a unit responsible for FinTech, where this unit should be well diversified, having a skilled set of innovators, IT Security, and financial stability. I shed more light on this below.
Financial Stability and Consumer Protection
The second consideration is the extension of the first. In FinTech, what supervisors will need to ensure is that financial institutions including banks have in place robust plans for scenarios that could threaten their own stability or the interests of customers. For instance, in robo-advisory services, which rely on algorithms and portfolio management to analyze investors’ data and automatically recommend investment portfolios, how can regulators be sure that asset allocation models generated by computers are accurate and can handle extreme “black swan” events? Similarly, third-party service providers to financial institutions are quickly becoming more prominent and critical, especially in the areas of cloud computing and data services. The fact that many third-party providers may fall outside the regulatory perimeter places increased emphasis on the importance of managing related operational risks, which could ultimately undermine financial stability.
Under financial stability, consumer protection including data security is one of the issues regulators should be concerned about. The threat of hacking, as well as the need to protect sensitive consumer and corporate financial data, is very critical. It is argued that any data breach, no matter how small, can result in severe financial and reputation consequences for a FinTech company. Undeniably, a number of recent incidents have involved fraud and theft through mobile banking apps, and there have been breaches of personally identifiable information, particularly as a large number of mobile devices lack anti-virus software. This raises issues of financial risk, data privacy, ownership and administration, and legal liability. Therefore, to avoid any adverse effects, there is much work to be done on enhancing cyber-security and mitigating cyber risks. This work may include, among others, having in place ex-ante contingency plans for cyber-attacks and financial and technology literacy.
Moreover, at the banking supervisory level, the coordination between banking supervision departments (On-site and Off-site) and IT department is pivotal in ensuring the financial safety and soundness of banking institutions. The inclusion of more IT graduates with financial skills will be an added advantage to the supervisory authorities in addressing the risks emerging from FinTech.
Domestic and Cross-Border Arrangements
Both domestic and cross-border considerations are important for supervisors. At domestic level, for FinTech developments, there has to be a coordination among the supervisory agencies regulating financial institutions. A common approach and strategy needs to be in place to address FinTech issues at country level.
Regulators are generally focused on how FinTech is affecting the domestic financial landscape; cross-border issues (such as cross-border payments through licensing of foreign-based service providers) are generally not being discussed. Regional cooperation is a relevant factor for FinTech. Furthermore, innovations in cross-border lending, trading and payment transactions, including via smart contracts, raise questions about the cross-jurisdictional compatibility of national legal frameworks.
Moreover, a cross-sectoral supervisory committee, comprising members from different regulators (e.g. central bank, securities commission or capital markets board, insurance authority), should further strengthen the risk management and potential financial stability issues for any jurisdiction. This arrangement of cooperative oversight within the jurisdiction, in line with international practice will help in achieving the oversight objectives of FinTech. This approach can be extended at the cross-border level and regional level.
Lastly, capacity building is one of the areas, which is receiving less attention, but have a critical role to play. Though traditionally for supervisors, this has not been a key concern, there are serious challenges for building staff capacity in new areas of required expertise.No matter what the size of the Islamic bank is, proper planning for capacity building has to be part of the overall strategy.
Supervisors should consider placing greater emphasis on ensuring that they have the adequate resources and skill-sets (whether in-house or outsourced) to deal with FinTech. One way to ensure is having regulators and financial institutions to put concerted efforts in capacity building and development of IT Infrastructure.
The academic business schools or universities should also enhance training of next-generation talent through updating their current curriculum by adding courses that focus on FinTech, Design Thinking, Coding and Product Development, Risk Management and Prudential Supervision of the FinTech.
Technology is ever changing.The world economy, as we see it today, was different in the past, and surely, will be drastically different in future. Regulators will have to adapt to the new environment and technologies. In future, FinTech will significantly affect the business model of the banks, thus, giving rise to concerns on the supervision of FinTech firms. The inspiration of FinTech appears to be pervasive but it is risky, thus, requiring supervisors to remain vigilant for the emerging risks. Having in place a proper regulatory regime will be a key driver. Without clear regulatory guidance, the prospects of FinTech integration and safe acceleration in the financial industry are restricted.
Finally, it is important to realize that so long FinTech has been demand driven in the financial industry by consumers. Thus regulators will have to address the key risk implications arising out of FinTech for licensed financial institutions including banks. What the regulators would not want to see is exposing the entire financial system to be unstable and insecure. Thus, there is a pressing need to strike a balance between accommodating the overwhelming FinTech boom and ensuring consumer protection, and the soundness and stability of the financial system. The role of the SSB in facilitating the adoption of innovative FinTech solutions in Islamic finance is critical.
The views expressed in this article are those of the author, and they do not reflect the views of the CBK.