Other parts of this series:
One thing regulators agree on is that digital and technical innovation in financial services is changing the way customers engage with their banks, their expectations, the way banking is conducted and the conduct risk profile. The Financial Conduct Authority (FCA) 2016/2017 Business plan lists technology as a key risk,1 and in February 2016 Mark Carney, Governor of the Bank of England, added ‘innovations in financial technology’ to the list of Financial Stability Board concerns.2 In addition, the Lending Standards Board has issued a Call for Input to understand how lending standards can be developed in response to emerging digital capabilities.3
Most countries have put in place a framework for Conduct Risk Regulation and launched initiatives that firms will be implementing up until 2020 (for example Markets in Financial Instruments Directive (MiFID) II, Packaged Retail and Insurance-based Investment Products (PRIIPS), Open Banking, etc.).
Now, in our view, regulation should evolve to incorporate the real risks firms face from developments in technology capabilities. This would help support a stable environment for the delivery of good customer outcomes.
Source: Accenture, February 2017
As well, the increased usage of Big Data, Robo-Advisors, Peer-to-Peer lending platforms, the evolution of payments methods such as Blockchain and the Cloud all pose new risks and should lead to new regulations to address these.
How is the regulatory response likely to evolve?
- ‘Regulate for control’ – with greater focus on prescriptive regulation to mitigate the inherent risks associated with certain emerging technologies. For example, in the US, the New York Department of Financial Services looks set to issue prescriptive controls on cyber risk such as mandating a chief information security officer at the firm level.4 Other potential mandates include demanding that large banks keep certain branches open, or placing limitations on incentivised pricing for internet only products (which could arguably discriminate vulnerable people without access).
- ‘Regulate for innovation’ – with regulators encouraging RegTech and FinTech start-ups to ‘test their innovations,’ extending the sandbox environment idea, and letting industry take the lead. Mandates could include requiring all firms to set aside a certain amount of revenue for the fair treatment of vulnerable customers for greater appropriateness in the sales process.
- ‘Wait and see’ – with regulators focusing on communicating their objectives, principals and desired customer outcomes and waiting for banks to take the lead in setting industry standards.
What are the regulators doing to support innovation?
It can be said that regulators try to maintain a balance between encouraging’ innovation and proactivity, and self-regulation with its inherent risks. Examples of useful actions to support innovation include:
- Sandboxes. Regulators like the FCA have built a channel to better understand technology developments using sandboxes, ‘Project Innovate’ and RegTech, a step being mirrored globally. These projects allow the regulator to understand―and firms to test―developments, and work through the associated potential risks in a safe testing environment.
- Formal Guidance. Regulators are maturing their approach to issuing guidance that supports firms in their efforts to reach the regulatory outcomes they desire quickly before risks crystallise.
- Evolving Regulation. Regulators are also revaluating whether a new approach to guidance is needed. For example, in the UK the Financial Advice Market Review5 highlighted the need to re-look and clarify what ‘advice’ was and the FCA have set up an ‘Advice Unit’ to help firms understand the regulatory requirements.
- Consulting with Industry. Collaboration between regulators and firms has improved with the aim of mutually understanding risks ahead of the imposition of controls. The FCA for one, undergoes extensive efforts to engage and consult with practitioners and encourages direct feedback on their part.
Regulators are learning about the new technologies and how to manage risks originating from these. They appear to be supporting firms in managing the conduct risks stemming from these new technologies. However, new conduct regulation should take time to prepare and is unlikely to have the breadth or depth needed to help firms effectively manage this type of risk or within the timeframe required. Firms are encouraged to develop their own standards for control, with little guidance across complex areas. I will discuss this in more detail in my next blog.
- “Business Plan 2016/17,” Financial Conduct Authority. Access at: https://www.fca.org.uk/publication/corporate/business-plan-2016-17.pdf
- “Financial Stability Board adds fintech to list of worries,” The Financial Times, February 27, 2016. Access at: https://www.ft.com/content/d6813cba-dd55-11e5-b072-006d8d362ba3
- “Call for Input,” Lending Standards Board. Access at: https://www.lendingstandardsboard.org.uk/wp-content/uploads/2016/12/call-for-input-digital-2016.pdf
- “New York Proposes Cybersecurity Regulations for Banks,” The Wall Street Journal, September 13, 2016. Access at: http://www.wsj.com/articles/new-york-proposes-cybersecurity-regulations-for-banks-1473792867
- “Financial Advice Market Review – Final Report,” HM Treasury, Financial Conduct Authority, March 2016. Access at: https://www.fca.org.uk/publication/corporate/famr-final-report.pdf