What?
The report by IBM Promontory for the European Commission examines embedding supervision in decentralized finance (DeFi). It followed four phases: selecting use cases and protocols, defining benchmarks against traditional finance (TradFi), developing a data collection tool, and analyzing the data for supervisory potential. The study found that ledger technologies enable real-time access to transaction data, supporting regulatory objectives. However, DeFi data remains limited compared to TradFi due to its lower maturity. Challenges include the lack of standards, required expertise, and wallet pseudonymization. A risk-based approach focusing on major protocols and liquidity pools, along with reference data collection, is essential to address these issues.

Summary:
The engagement was to evaluate the feasibility of embedded supervision in decentralized finance (DeFi), identifying both challenges and opportunities. The study followed four phases: selecting relevant protocols and use cases, defining supervisory benchmarks, developing software for data collection, and analyzing the data to assess embedded supervision’s potential.
Eight protocols across four key DeFi use cases—decentralized exchanges (DEXs), lending, insurance, and aggregators—were assessed against traditional finance (TradFi) benchmarks. A software application was developed to extract and analyze Ethereum ledger data, overcoming challenges such as ledger synchronization and smart contract complexity. The system included a monitoring service for transaction tracking and a Data Collection & Processing (DCP) service for data storage and enhancement.
The findings highlight that public distributed ledgers offer real-time transaction data, supporting market surveillance and liquidity pool monitoring. However, key challenges remain, including a lack of standardization, the need for expertise in both DeFi and TradFi, reliance on off-chain data for regulatory completeness, and the pseudonymization of wallets.
To address these issues, IBM Promontory recommends a risk-based approach prioritizing major protocols and liquidity pools, fostering cooperation between DeFi and TradFi experts, promoting standardized reference data on ledgers, and developing a Proof of Concept with regulatory participation to refine supervision methodologies.

Read Final Report HERE 

It is not often that one hears of fintechs having sympathy for the very people they set out to disrupt: bankers. However, a case in Ireland against senior banker David Guinane has set alarm bells ringing at fintechs, insurers, asset managers and funds companies.

Source:

• ​https://www.bankingriskandregulation.com/why-the-guinane-case-is-a-game-changer-for-the-c-suite/

Last week, it was revealed that the former CEO of Permanent TSB “participated” in a breach of regulation admitted by his former employer in 2019.

Three years after PTSB held up its hands to 42 regulatory breaches between 2004 and 2018, and agreed to pay €21mn in fines, the Irish regulator went after Guinane personally.

The Central Bank of Ireland opened an inquiry to determine Guinane’s role in the affair, which impacted 2,007 tracker mortgage customers and led to €54mn in redress and compensation.

The inquiry’s chair, esteemed barrister Peter Hinchcliffe, found that on the balance of probabilities, Guinane did not ensure his bank acted fairly in the best interest of its customers under a general principle of Irish consumer protection law.

​The finding sets a precedent for anyone working in regulated financial services in Ireland and marks a step-up in enforcement from the supervisor

 “Okay with that”

The facts turn on an ambiguously worded special condition known as the “SC706 clause” in certain mortgage holders’ contracts and a three-word email response.

The regulator’s case against the banking chief rests largely on what has been coined the ‘smoking gun’: “Okay with that.” Guinane emailed these three words 16 years ago when asked to sign off on a proposal from his management team. His legal staff had reviewed the proposal to deal with certain mortgage customers who wanted to return to their original low tracker-rate loan after coming off a period of fixed rates. 
The bank’s default position was to place them on a higher standard variable rate.

What should concern fintech executives and others at regulated financial services providers operating in Ireland is how the outcome of this case applies to their industries — specifically personal accountability.

Since the Irish regulator’s new Senior Executive Accountability Regime, analogous to the UK’s Senior Managers Regime, came into force in 2024, certain senior managers and board members can face proceedings independent of their employer.

Most regulated fintechs currently fall outside SEAR, which is meant primarily for banks, insurers and investment managers, but the Guinane case sets an alarming new precedent. Despite Guinane’s conduct predating SEAR by more than a decade, he has been found personally liable for PTSB’s regulatory breaches and faces a fine of up to €500,000. 

For those in management at regulated fintechs, the case is a reminder that they can be pursued and held accountable for failures by their company, even though fintechs fall outside the new SEAR regime.

​What’s more, the maximum fine went up to €1mn in July.

How was Guinane deemed accountable?

Hinchcliffe had to consider whether the banker was “a person concerned in the management” of PTSB.

While Guinane held the position of CEO, the ultimate responsibility for regulatory compliance at PTSB fell to its owner, Irish Life & Permanent Group.

While Guinane did not sit on the board of IL&PG, the inquiry ruled he fell within its jurisdiction.

These failures derive from breaches of prescribed contraventions of “relevant obligations” — for which there is no comprehensive list readily available.

Recent comments from the CBI’s former deputy governor, Sharon Donnery, now a senior executive at the European Central Bank, give some clues about the regulator’s thinking.

Donnery told the Fintech Ireland Summit in November that, in an age of rapid technological advancement, the “basics” — good governance, risk management and consumer protection — “remain true”.

Fintechs drew a sharp breath of air when she singled them out: “Unfortunately, it does have to be said that our supervisory experience continues to point to instances of [fintech] firms failing to provide the basic statutory obligations around protecting people’s money.”

​Donnery’s pointed comments and now the Guinane precedent mean that fintech executives — not just the “big boys” of banking, insurance and investment services — are on notice that they too can be proceeded against for breaching Ireland’s consumer protection code.

Firm up internal processes

Many have expressed sympathy for Guinane, whom the inquiry confirmed neither acted dishonestly nor had any intention to harm or take advantage of customers. Of particular worry for senior executives is a comment by Hinchcliffe that Guinane was entitled to receive better support from within IL&PG.

Now a sanction hearing will determine what penalty, if any, should be imposed. It could range from a caution or reprimand to a maximum cash fine of €500,000 through to being disqualified from working in management at a regulated service provider. The kicker is a potential costs order.

A recent shake-up at the CBI offers little hope of leniency for Guinane. The enforcement directorate has a new leader in the form of Colm Kincaid from the consumer protection directorate. He replaces a fellow lawyer, Seána Cunningham, who now leads the insurance supervision directorate.

However, nothing here suggests any change to the enforcement unit’s appetite and operations for pursuing individuals.

Finally, fintech executives must actively consider their internal procedures. They need to demonstrate regulatory compliance and, more importantly, prove they have considered the implications for customers when signing off on business strategies.

​One wonders whether this will be enough given comments by Mr Guinane legal team that he has been singled out and that an appeal is inevitable. After all, no other banker in Ireland has faced inquiry, despite more than half a dozen banks being hit with €280mn of fines over the exact same scandal.