[This is a commentary on the Central Bank of Ireland speech today on fintech. My comments in square brackets. First appeared on my LinkedIN page on 15 November 2016]
I would like to take this opportunity, in my capacity as Chair of FinCoNet, to highlight the importance of the role played by supervisory authorities in helping to protect the interests of consumers and to look at a number of the challenges we face in delivering on our mandates in an environment where the pace and scale of innovation, through increasing use of new technologies, is increasing. [Oakes: at the outset, I think personally it has been great that the Irish Central Bank Director of Consumer Protection (Bernard Sheridan) is the first Chair of FinCoNet. I imagine that the benefits flowing to Ireland from the these discussions will be very helpful to the Central Bank of Ireland in the future and that the Mr Sheridan will continue to be a strong Ambassador for Irish fintech and innovation.]
Supervisory authorities, including the Central Bank of Ireland, play such an important role in helping to protect the interests of consumers of financial services. Financial products and services enable consumers to go about their daily lives, from making payments to saving or taking out a loan; from taking out insurance to protect them against risks, to making an investment in a pension to provide for the future. Our lives as consumers are, in many ways, dependent on financial services and the providers of them. That is why most countries require financial firms to be regulated and to be supervised by a supervisory authority with a core objective to ensure that such firms are treating their customers fairly.
Since its formal establishment just three years ago, FinCoNet has been providing a very useful forum for supervisory authorities to engage with and learn from others on how best to meet these challenges. It provides a forum for sharing current and emerging risks and challenges to consumer protection. The supervisory toolbox will be a very useful resource for members as they develop their approach to monitoring and oversight of firms. FinCoNet has also been working on key areas of responsible lending practices as it is such an important consumer issue across countries. I believe its work, including the upcoming guidance on sales incentives, will help supervisory authorities shape a more consumer-focussed culture within lenders. Considerable work has also been done by FinCoNet on the emerging consumer risks in the area of payments with the recent publication of the Report on Online and Mobile Payments which focuses on how regulators and supervisors are responding to emerging risks particularly security risks and are keeping up with the pace of innovation.
One important emerging challenge for supervisory authorities and consumer protection is the extent of innovation taking place, through greater use of modern technology (fintech). Fintech can have a really positive impact on society, helping to make products and services more accessible, improving service delivery, providing greater convenience for consumers and increasing choice. For firms it can help reduce costs, enable new products and services to be developed as well as improving the quality of service delivery. Fintech can also help markets become more competitive by enabling new firms to enter a market and compete with existing firms in a viable way. However new innovations bring new risks for consumers and new challenges for supervisory authorities and it is important that supervisory authorities remain focussed on their core responsibilities for consumer protection while recognising the potential benefits for consumers. [Oakes: I don't disagree with this point, yet regulators don't appear comfortable stating what they think these specific risks are. Without which we cannot have the broader discussion about the mitigants which can be adopted to reduce gross risks to acceptable net residual risks]. FinCoNet, at its Open meeting in Amsterdam in April 2016, acknowledged the growing importance of the digitalisation of financial products and distribution channels and the specific challenges that digitalisation can pose for supervisory authorities. It is in this context, that I think it is both timely and appropriate that FinCoNet has identified the digitalisation of high cost lending and the practices and tools that are required to support risk-based supervision in a digital age as two of its priority themes for 2017-2018.
Supervisory authorities are a key part of the overall consumer protection framework. We are the gatekeepers in controlling which firms enter, and also stay in, the market. In our role as gatekeeper we seek to ensure that the senior people setting up and running firms are fit and proper to do the job. We have to determine if the proposed service falls to be authorised under relevant legislation. With the pace and scale of technological innovation it is becoming increasingly difficult for firms and regulators to determine what falls to be regulated and what falls outside, and for us all to be consistent in how we are interpreting the rules. This is particularly noticeable in the provision of payment services as well as other areas such as crowdfunding. It is important that supervisors work closely with one another and the relevant law makers to be clear on what is in and out of scope. Where innovation relates to services which fall outside of our scope, we need to be aware of the risks they may pose to consumers and have a forum for engaging with government and other policy makers to consider the appropriate response. [Oakes: This is an interesting comment. Just last week I heard from a number of European Commission, German Central Bankers, ESMA and EU government officials at a private conference in Madrid say that regulation is technology neutral and that they they are not in the business of examining one business model's delivery channel versus another's. Surely this type of analysis is necessary "if the relevant law makers [are] to be clear on what is in and out of scope. Whether we or they like it or not, regulators of financial services will soon be regulators of technology - in substance if not in form.]
Supervisory authorities can also play an important role in influencing and shaping the consumer protection framework by working with governments, standard setting bodies and other international bodies. We have the expertise and knowledge of what is happening in the market to inform wider policy developments and it is important that we proactively input into such developments. Clearly it is a challenge for supervisory authorities to keep up with the pace of change in order to ensure that the consumer protection framework is fit for purpose. FinCoNet aims to help its members to identify emerging issues through the sharing of current and emerging risks.
In most countries, it is important to note, a consumer protection framework is already in place, which can be based on domestic (national legislation/codes), regional (European directives) or international standards (OECD/G20 Principles). Even where such frameworks are not in place the OECD/G20 high level consumer protection principles, developed by the G20/OECD Task Force on Consumer Protection, set out clearly the key elements of what is necessary for consumer protection. Therefore, innovators working with regulated firms or developing unregulated financial products or services need to take these existing consumer protection standards into account. They should not be starting with a blank canvas! Other international bodies are also looking at the impact that fintech is having in the market. The G20/OECD Task Force has identified fintech as one of the key areas for examination. FinCoNet needs to work closely with the Task Force to help inform its work and to influence how the wider consumer protection framework can be enhanced to address these emerging risks. [Oakes: How do we reconcile this with the evident regulatory arbitrage happening right now in the area of crowdfunding, where in some members states the exact same activity is regulated under the EU Payment Services Directive in one member state but is not considered to be a payment services in another? This is industry issue, but it is caused directly by a lack of conformity in interpretation and is just one example which the European Commission needs to address.] Also there is a growing recognition among supervisors of the need to focus more on product development, oversight and governance in order to seek to pre-empt problems. This is particularly timely as fintech increases in importance. By developing standards on how products and services should be developed, tested, rolled out and monitored, supervisory authorities are providing the framework within which consumer-focussed innovation can happen. Regulated firms need to really think through and test their ideas before launching them and be able to demonstrate that they are meeting the needs of consumers in a fair and transparent way. Changes to distribution channels and how firms communicate with their customers also need to be fully considered by firms as to the impact they will have on customers.
Market conduct authorities also work closely with other authorities which have responsibility for prudential regulation and financial stability as we recognise the interdependence between these functions and market conduct supervision as well as the critical role they play in consumer protection. Managing risks which impact on consumers, on individual firms as well as on the wider market, needs to be done in a coordinated way across all relevant responsible bodies including market conduct supervisory authorities. For example, the need for authorities to work closely together to deal with the threat and impact of cyber attacks is becoming even more important in the digital age. [Oakes - Strictly speaking, Fintech isn't the cause or the attraction of cyber security attacks but it does add to the pool of candidates likely subject to attacks. Fintech is, according to some, the new wave of disruptors developing new IT, platforms and systems in financial services. They are not immune to cyber attacks, however proponents argue that they have the advantage of developing new systems from scratch based on current software and coding which is (hopefully) more resilient to successful attacks than legacy systems used by many incumbents. Having said that, new systems cannot be guaranteed to be immune from deficiencies - plenty of examples here. I was reminded last week that Tesco Bank is arguably a challenger bank and ipso facto it is a fintech company and that it was the victim of a successful cyber attack fraud. I may have a different view on whether Tesco Bank meets the definition of (new) fintech, but that isn't the point here - which is that regulators are right to continuing to warn in this area. And don't forget that financial stability, market integrity and consumer protection are the top three areas which they are most concerned about because they are generally statutory objectives for many of them. Regulators obviously don't like failing, so they will continue to place downward pressure on financial services firm to ensure that they don't risk putting the central banks/regulators in a position of breaching their objectives. And hopefully finserv firms don't need encouragement from regulators to have robust systems - that is something which is simply and necessarily good business practice].
And critically we monitor and enforce these standards to ensure consumers are benefiting from them and that firms are acting in their best interests. This is a core function for any supervisory authority and one on which the focus needs to be retained. It is important to say that first and foremost it is the boards and senior management of the firms themselves that have primary responsibility for ensuring they are acting in their customers’ best interests and behaving in a compliant way. They need to have the appropriate resources, controls and procedures in place. Innovation cannot be an excuse for lowering standards or for not focussing on consumer outcomes. [Oakes - I haven't heard anyone (sensible) in fintech argue that innovation should disregard consumer protection outcomes or lower regulatory standards. Indeed there are a number of fintech firms focussing on innovating in the space of client asset protection and evidencing title to assets in the face of a financial services company going into liquidation. Arguably, the stronger the digital audit trail of consumers' right of title, terms and conditions kept in durable mediums, instant access to balances and multi-factor authentication etc are evidence of innovation (and fintech) raising the bar higher for standards of financial stability and consumer protection??]. However, it is also important that there is close monitoring and oversight of firms’ activities and that supervisory and enforcement actions are taken when necessary.
But how do we know if we are doing a good job or not? This is where FinCoNet can and does provide real ‘added value’. By sharing best practices and engaging with other authorities we can learn and develop. Helping supervisory authorities deal with the challenges posed by fintech will, in my view, be a priority for FinCoNet for a considerable time.
It is fair to say that much of our work may go unnoticed or not be recognised. We, as supervisory authorities, often intervene to prevent consumer detriment from happening; we can be prohibited from disclosing the firm-specific supervisory actions we take; and we may face criticism from the media, politicians or consumer advocates for the actions we take or for not acting sooner. [Oakes: I have a lot of empathy here having been a regulator in four countries. You are never credited with preventing consumer loss, disorderly insolvencies and removing bad actors from the stage; but by God if something isn't identified in a robust risk based supervisory model, no one is interested in listening to a regulator's excuses]. We need to inform the public of our role, what we do and what we don’t do, in a way that helps them understand. We need to listen to our stakeholders and in particular, consumer groups to understand their issues and how we can best intervene. It is important that we are not only delivering for consumers but that we also have the trust and confidence of the public. [Oakes: Yes, regulators need far better narratives of their work in this area. When they are silent, people will fill the void with incorrect assumptions which damages fintech as a whole. And regulators need dedicated innovation departments which can at least help new players navigate the particular regulator's labyrinth of mazes to find the right people who can help advance discussion with start-ups. Associations and trade bodies serve a good purpose. But if you are regulator you really need to hear from the designers, architects, engineers and entrepreneurs which are turning finserv upside down].
In conclusion, as we focus on our future priorities, it is important to remind ourselves of the critical role supervisory authorities play in protecting consumers, of consumers’ reliance on us and the onus that is placed on us to act effectively, in an open and transparent way and to strive for improvement. It has been a privilege for me to act as the first chair of FinCoNet which reflects the importance that the Central Bank of Ireland places on its consumer protection role and the need to deliver to the highest standards. The Central Bank will continue to support the work of FinCoNet as it grows and develops with the aim of helping its members as they strive to protect the interests of consumers.
I would like to take this opportunity, in my capacity as Chair of FinCoNet, to highlight the importance of the role played by supervisory authorities in helping to protect the interests of consumers and to look at a number of the challenges we face in delivering on our mandates in an environment where the pace and scale of innovation, through increasing use of new technologies, is increasing. [Oakes: at the outset, I think personally it has been great that the Irish Central Bank Director of Consumer Protection (Bernard Sheridan) is the first Chair of FinCoNet. I imagine that the benefits flowing to Ireland from the these discussions will be very helpful to the Central Bank of Ireland in the future and that the Mr Sheridan will continue to be a strong Ambassador for Irish fintech and innovation.]
Supervisory authorities, including the Central Bank of Ireland, play such an important role in helping to protect the interests of consumers of financial services. Financial products and services enable consumers to go about their daily lives, from making payments to saving or taking out a loan; from taking out insurance to protect them against risks, to making an investment in a pension to provide for the future. Our lives as consumers are, in many ways, dependent on financial services and the providers of them. That is why most countries require financial firms to be regulated and to be supervised by a supervisory authority with a core objective to ensure that such firms are treating their customers fairly.
Since its formal establishment just three years ago, FinCoNet has been providing a very useful forum for supervisory authorities to engage with and learn from others on how best to meet these challenges. It provides a forum for sharing current and emerging risks and challenges to consumer protection. The supervisory toolbox will be a very useful resource for members as they develop their approach to monitoring and oversight of firms. FinCoNet has also been working on key areas of responsible lending practices as it is such an important consumer issue across countries. I believe its work, including the upcoming guidance on sales incentives, will help supervisory authorities shape a more consumer-focussed culture within lenders. Considerable work has also been done by FinCoNet on the emerging consumer risks in the area of payments with the recent publication of the Report on Online and Mobile Payments which focuses on how regulators and supervisors are responding to emerging risks particularly security risks and are keeping up with the pace of innovation.
One important emerging challenge for supervisory authorities and consumer protection is the extent of innovation taking place, through greater use of modern technology (fintech). Fintech can have a really positive impact on society, helping to make products and services more accessible, improving service delivery, providing greater convenience for consumers and increasing choice. For firms it can help reduce costs, enable new products and services to be developed as well as improving the quality of service delivery. Fintech can also help markets become more competitive by enabling new firms to enter a market and compete with existing firms in a viable way. However new innovations bring new risks for consumers and new challenges for supervisory authorities and it is important that supervisory authorities remain focussed on their core responsibilities for consumer protection while recognising the potential benefits for consumers. [Oakes: I don't disagree with this point, yet regulators don't appear comfortable stating what they think these specific risks are. Without which we cannot have the broader discussion about the mitigants which can be adopted to reduce gross risks to acceptable net residual risks]. FinCoNet, at its Open meeting in Amsterdam in April 2016, acknowledged the growing importance of the digitalisation of financial products and distribution channels and the specific challenges that digitalisation can pose for supervisory authorities. It is in this context, that I think it is both timely and appropriate that FinCoNet has identified the digitalisation of high cost lending and the practices and tools that are required to support risk-based supervision in a digital age as two of its priority themes for 2017-2018.
Supervisory authorities are a key part of the overall consumer protection framework. We are the gatekeepers in controlling which firms enter, and also stay in, the market. In our role as gatekeeper we seek to ensure that the senior people setting up and running firms are fit and proper to do the job. We have to determine if the proposed service falls to be authorised under relevant legislation. With the pace and scale of technological innovation it is becoming increasingly difficult for firms and regulators to determine what falls to be regulated and what falls outside, and for us all to be consistent in how we are interpreting the rules. This is particularly noticeable in the provision of payment services as well as other areas such as crowdfunding. It is important that supervisors work closely with one another and the relevant law makers to be clear on what is in and out of scope. Where innovation relates to services which fall outside of our scope, we need to be aware of the risks they may pose to consumers and have a forum for engaging with government and other policy makers to consider the appropriate response. [Oakes: This is an interesting comment. Just last week I heard from a number of European Commission, German Central Bankers, ESMA and EU government officials at a private conference in Madrid say that regulation is technology neutral and that they they are not in the business of examining one business model's delivery channel versus another's. Surely this type of analysis is necessary "if the relevant law makers [are] to be clear on what is in and out of scope. Whether we or they like it or not, regulators of financial services will soon be regulators of technology - in substance if not in form.]
Supervisory authorities can also play an important role in influencing and shaping the consumer protection framework by working with governments, standard setting bodies and other international bodies. We have the expertise and knowledge of what is happening in the market to inform wider policy developments and it is important that we proactively input into such developments. Clearly it is a challenge for supervisory authorities to keep up with the pace of change in order to ensure that the consumer protection framework is fit for purpose. FinCoNet aims to help its members to identify emerging issues through the sharing of current and emerging risks.
In most countries, it is important to note, a consumer protection framework is already in place, which can be based on domestic (national legislation/codes), regional (European directives) or international standards (OECD/G20 Principles). Even where such frameworks are not in place the OECD/G20 high level consumer protection principles, developed by the G20/OECD Task Force on Consumer Protection, set out clearly the key elements of what is necessary for consumer protection. Therefore, innovators working with regulated firms or developing unregulated financial products or services need to take these existing consumer protection standards into account. They should not be starting with a blank canvas! Other international bodies are also looking at the impact that fintech is having in the market. The G20/OECD Task Force has identified fintech as one of the key areas for examination. FinCoNet needs to work closely with the Task Force to help inform its work and to influence how the wider consumer protection framework can be enhanced to address these emerging risks. [Oakes: How do we reconcile this with the evident regulatory arbitrage happening right now in the area of crowdfunding, where in some members states the exact same activity is regulated under the EU Payment Services Directive in one member state but is not considered to be a payment services in another? This is industry issue, but it is caused directly by a lack of conformity in interpretation and is just one example which the European Commission needs to address.] Also there is a growing recognition among supervisors of the need to focus more on product development, oversight and governance in order to seek to pre-empt problems. This is particularly timely as fintech increases in importance. By developing standards on how products and services should be developed, tested, rolled out and monitored, supervisory authorities are providing the framework within which consumer-focussed innovation can happen. Regulated firms need to really think through and test their ideas before launching them and be able to demonstrate that they are meeting the needs of consumers in a fair and transparent way. Changes to distribution channels and how firms communicate with their customers also need to be fully considered by firms as to the impact they will have on customers.
Market conduct authorities also work closely with other authorities which have responsibility for prudential regulation and financial stability as we recognise the interdependence between these functions and market conduct supervision as well as the critical role they play in consumer protection. Managing risks which impact on consumers, on individual firms as well as on the wider market, needs to be done in a coordinated way across all relevant responsible bodies including market conduct supervisory authorities. For example, the need for authorities to work closely together to deal with the threat and impact of cyber attacks is becoming even more important in the digital age. [Oakes - Strictly speaking, Fintech isn't the cause or the attraction of cyber security attacks but it does add to the pool of candidates likely subject to attacks. Fintech is, according to some, the new wave of disruptors developing new IT, platforms and systems in financial services. They are not immune to cyber attacks, however proponents argue that they have the advantage of developing new systems from scratch based on current software and coding which is (hopefully) more resilient to successful attacks than legacy systems used by many incumbents. Having said that, new systems cannot be guaranteed to be immune from deficiencies - plenty of examples here. I was reminded last week that Tesco Bank is arguably a challenger bank and ipso facto it is a fintech company and that it was the victim of a successful cyber attack fraud. I may have a different view on whether Tesco Bank meets the definition of (new) fintech, but that isn't the point here - which is that regulators are right to continuing to warn in this area. And don't forget that financial stability, market integrity and consumer protection are the top three areas which they are most concerned about because they are generally statutory objectives for many of them. Regulators obviously don't like failing, so they will continue to place downward pressure on financial services firm to ensure that they don't risk putting the central banks/regulators in a position of breaching their objectives. And hopefully finserv firms don't need encouragement from regulators to have robust systems - that is something which is simply and necessarily good business practice].
And critically we monitor and enforce these standards to ensure consumers are benefiting from them and that firms are acting in their best interests. This is a core function for any supervisory authority and one on which the focus needs to be retained. It is important to say that first and foremost it is the boards and senior management of the firms themselves that have primary responsibility for ensuring they are acting in their customers’ best interests and behaving in a compliant way. They need to have the appropriate resources, controls and procedures in place. Innovation cannot be an excuse for lowering standards or for not focussing on consumer outcomes. [Oakes - I haven't heard anyone (sensible) in fintech argue that innovation should disregard consumer protection outcomes or lower regulatory standards. Indeed there are a number of fintech firms focussing on innovating in the space of client asset protection and evidencing title to assets in the face of a financial services company going into liquidation. Arguably, the stronger the digital audit trail of consumers' right of title, terms and conditions kept in durable mediums, instant access to balances and multi-factor authentication etc are evidence of innovation (and fintech) raising the bar higher for standards of financial stability and consumer protection??]. However, it is also important that there is close monitoring and oversight of firms’ activities and that supervisory and enforcement actions are taken when necessary.
But how do we know if we are doing a good job or not? This is where FinCoNet can and does provide real ‘added value’. By sharing best practices and engaging with other authorities we can learn and develop. Helping supervisory authorities deal with the challenges posed by fintech will, in my view, be a priority for FinCoNet for a considerable time.
It is fair to say that much of our work may go unnoticed or not be recognised. We, as supervisory authorities, often intervene to prevent consumer detriment from happening; we can be prohibited from disclosing the firm-specific supervisory actions we take; and we may face criticism from the media, politicians or consumer advocates for the actions we take or for not acting sooner. [Oakes: I have a lot of empathy here having been a regulator in four countries. You are never credited with preventing consumer loss, disorderly insolvencies and removing bad actors from the stage; but by God if something isn't identified in a robust risk based supervisory model, no one is interested in listening to a regulator's excuses]. We need to inform the public of our role, what we do and what we don’t do, in a way that helps them understand. We need to listen to our stakeholders and in particular, consumer groups to understand their issues and how we can best intervene. It is important that we are not only delivering for consumers but that we also have the trust and confidence of the public. [Oakes: Yes, regulators need far better narratives of their work in this area. When they are silent, people will fill the void with incorrect assumptions which damages fintech as a whole. And regulators need dedicated innovation departments which can at least help new players navigate the particular regulator's labyrinth of mazes to find the right people who can help advance discussion with start-ups. Associations and trade bodies serve a good purpose. But if you are regulator you really need to hear from the designers, architects, engineers and entrepreneurs which are turning finserv upside down].
In conclusion, as we focus on our future priorities, it is important to remind ourselves of the critical role supervisory authorities play in protecting consumers, of consumers’ reliance on us and the onus that is placed on us to act effectively, in an open and transparent way and to strive for improvement. It has been a privilege for me to act as the first chair of FinCoNet which reflects the importance that the Central Bank of Ireland places on its consumer protection role and the need to deliver to the highest standards. The Central Bank will continue to support the work of FinCoNet as it grows and develops with the aim of helping its members as they strive to protect the interests of consumers.