The word ‘sandbox’ is like the word ‘sex’; if you put it in the heading of a fintech article, you're sure to get attention.
There is no indication that the Irish Central Bank is thinking of a sandbox or an innovation hub from today’s speech by Bernard Sheridan (Central Bank Director of Consumer Protection). However nothing in the speech reads to me that the Central Bank will not go down that path. The tone of the speech is very open and cautious, leaving the Central Bank room to manoeuvre (or pivot as we say in industry) as it responds to the challenges of fintech and, in the case of this speech, consumer protection risk. We might expect a prudential driven fintech speech in the future as the areas of financial stability and market conduct area the focal point of other Directors at the Central Bank.
At a speech given at the Financial Services Innovation Centre in the Cork yesterday, the senior central banker commenced by saying he ‘was struck by the growing and significant level of interest there is in fintech developments across a wide variety of sources including international regulatory bodies’ and it being ‘a clear sign of things to come’ for regulated and non-regulated fintech firms. Reference was made to a number of Mr Sheridan’s international peers, including;
- Mark Carney, Chair of the Financial Stability Board: global regulators are evaluating potential stability implications that emerging financial technology poses to the global financial system including “systemic implications of financial technology innovations and the systemic risks that may arise from operational disruptions”.
- European Commission: “the retail financial services sector is experiencing significant change as it is affected by digitalisation. New business models are emerging: online-only providers and technology companies are entering the market, offering services (within Member States and sometimes cross-border) including electronic money transfers, intermediation in online payments, financial data aggregation, peer-to-peer funding and price comparison”.
- Steven Maijoor, Head of EIOPA: “financial innovation is important and, at its best, contributes to economic growth. However, this can only be achieved and sustained where consumers have confidence in such innovations. Our role as European Supervisory Authorities is to monitor new financial activities and to take action where appropriate.”
Returning to Ireland, the regulator noted that its strategic plan has identified the increased risks arising from technological developments and the increased reliance on information technology by regulated firms, their customers and suppliers. He also reminded that cyber risk is a key emerging threat and that the regulator’s Consumer Protection Outlook Report highlighted financial innovations as a key consumer risk - “[t]he consumer benefits of accessibility and convenience must be matched by service reliability, safety and security, and transparency of cost of services”.
While I agree that the issue of financial stability risk arising through innovative financial services is important, this isn’t something new. Rather it seems to me that regulators, even if they considered this to be an issue previously, may not have had the confidence to express their concerns until recently. It feels like regulators have been driven out of their comfort zone and forced to confront the rapid (re)evolution in industries which they traditionally pondered about for years, if not decades, before setting out their prudential, consumer and conduct risk concerns. While it is a fair observation to note that “Fintech is transcending traditional boundaries and borders, not just physical but also regulatory as it blurs the lines between regulated and unregulated activities”, this is nothing new. The same can be said of banking and investment house conglomerates which run empires of regulated and unregulated firms, to which the same tests are applicable as to whether they are regulated or not. A significant problem in the world of fintech are the inconsistent interpretations across the EU. For example, peer-to-peer lending is considered to fall under the Payment Services Directive in Germany and Italy, but the same activity in Ireland is not. This has nothing to do with the fact that the activity is provided through fintech or not.
The regulator goes on to note that “As new technologies change the everyday provision and delivery of financial services for consumers and firms, it becomes more challenging for regulators to monitor what is going on as the regulatory rulebooks and supervisory tools struggle to keep pace with developments.” Quite frankly, I don’t understand why it becomes more challenging for regulators unless they remain static and continue with outdated and backward looking supervisory systems instead of real-time and data analytic supervisory systems. The information which they need to keep abreast of is rapidly moving to digital format. They have a number of options here: (1) insist on being provided access to this data direct, which is what fintech firm Uphold Inc voluntarily does, by providing real time transaction data to the regulators; (2) ramp up their own resources, i.e. technology, understanding of data analytics, AI, staff and education; and (3) try to stop the advancement so that it remains at a level at which regulators are capable of supervising - but good luck with regulating the internet!
Consumer protection and the Central Bank
As we know, the Central Bank has a statutory objective of effective regulation of financial service providers and markets, while ensuring that the best interests of consumers are protected. And it is fair for the regulator to let us know its thinking that the disruptive impact of financial innovation is impacting on its risk priorities and the way it does its work. The regulator noted that “[f]intech certainly has the potential to bring many benefits for firms and consumers and the framework should protect the consumer’s best interest and enable the management of additional and new risks by firms while not stifling innovation or damaging consumers’ trust and confidence in financial services”. This sounds impressive until one asks exactly what are the precise ‘risks’ which are of concern to the local and overseas regulators? Saying general that there are risks to financial stability and consumer protection simply because change is afoot does not help inform the debate.
In the eyes of the Irish regulator a few of the areas where fintech and innovation are impacting on its consumer protection work include: (1) monitoring of consumer risks; (2) authorisation process for new firms; (3) new product development; and (4) how we are changing our approach to assessing consumer risks in firms. Noting that point 4 mitigates point 1, there are really only 3 areas here.
1. Monitoring of emerging risks
Under this heading the regulator noted that the findings from its consumer focus groups included people being “time poor”, people wanting more convenient and less time consuming complaints processes, including online channels for formal complaints. I get this point, but I am at a loss as to why this “presents a real challenge as to how innovation can be utilised better to marry the two consumer needs i.e. having a convenient and easy to use complaints process while at the same time enabling interaction with an experienced member of staff to resolve complaints in a fair, timely and transparent way”. Surely the advent of online and ‘direct to supplier’ chat support forums on many of today’s websites is the starting point. This is not an issue about the channels available to consumers, but rather the quality of the interaction and therefore the resolution of a complaint?
I liked the next part of the speech. I think it was meant to provide comfort, but will probably spook those who feel that we live in an Orwellian society – “The Central Bank also undertakes regular social media monitoring and gathers intelligence from platforms such as social media sites, public discussion fora and media sources in order to gain an insight into and keep abreast of current issues being raised by consumers”. One suspects that monitoring might also focus on the behaviour of regulated firms in cyber space too.
We learn in the speech that the European Supervisory Authorities (“ESAs”) accept that increased automation of advice to consumers provides potential benefits, such as wider access, lower cost and more consistent consumer experience. And we also learn that the ESAs are concerned about potential risks, e.g. consumers’ understanding of the nature of the service, limitations or errors in the tools and/or algorithms used. The ESAs are now considering what specific regulatory or supervisory actions should be taken to mitigate consumer risk in automated advice.
2. Authorisation Process
There is nothing new under this heading. We covered this area when the changes were announced. In fact, these changes we announced following our engagement with the regulator back in 2015. See our April 2015 update here and our May update here. Suffice to say that the regulator repeated its adoption of the three key principles: accessibility; transparency; and timeliness. The Central Bank reminded that its role is not to act as advisers to potential applicants but rather to provide clarity and certainty by responding to applicants in an open and facilitative way.
3. New Product Development
From 2017 new guidelines will be in place for banks and payment institutions, which will be followed by other sectors over time. These guidelines will be a key part of the overall consumer protection framework. Product oversight and governance arrangements are to be an integral part of the firm’s governance, risk management and internal control framework requiring firms, amongst other things, to identify the target market, test products before launch, monitor how the product is performing and take remedial action where problems arise. Product testing will be required to enable the firm to “assess how the product would affect its consumers under a wide range of scenarios, including stressed scenarios”. Product monitoring will be required on an on-going basis.
4. Assessing Consumer Protection Risks
Under the last heading the Central Bank announced that it is developing its Consumer Protection Risk Assessment supervisory model which will assess how firms are utilising technology to support their consumer risk management including:
- how systems are used to alert firms to emerging and existing consumer risks;
- how firms consider consumer risk management and reporting when developing new systems;
- the maturity of firms’ analytics techniques in terms of identifying and escalating emerging and crystallised consumer risks.
In his concluding remarks Bernard Sheridan said that there was potential for:
(i) a greater level of engagement between innovators, innovation centres and regulators so that we can all be better informed and involved in helping avoid the crystalisation of consumer protection risks in new innovations;
(ii) at a firm level, there is an opportunity for fintech to play a bigger part in developing products and services that help support regulated firms in monitoring and managing consumer risks;
(iii) at the product level, fintech can bring forward innovative solutions for firms seeking to deliver suitable consumer-focused products and services and support firms meeting their regulatory requirements in product oversight and governance;
(iv) and finally, at the consumer level, fintech can help deal with the issue of product complexity and the increasing difficulties that consumers are having in understanding financial products and services.
His final words on fintech and consumer protection were, unsurprisingly, “We all can and must play our part in ensuring that innovation and consumer protection are closely aligned and, above all, that we are continuously focused on getting it right for the consumer”.