According to a Chinese proverb, when the winds of change blow, some people build walls and others build windmills. Winds of change do blow in the financial system – technological innovations in financial services (fintech) are affecting all parts of the financial industry and giving rise to a steady stream of new applications. These include new approaches to how loans are granted, payments are made, investment advice is provided, insurance is priced, and funds are channelled from those who want to invest to those in need of funding. While fintech may increase efficiency in delivering financial services, widen their range, increase competition and promote financial inclusion, it may also bring challenges – posing risks to consumers, investors, and more broadly, to financial stability and integrity. When designing an adequate policy framework for fintech, financial authorities will need to find a balance that maximises its benefits while minimising potential risks to the financial system – to choose the right combination of walls and windmills.
In a recent paper, we take stock of the policy responses to fintech developments in approximately 30 jurisdictions around the globe (Ehrentraud et al. 2020). Our goal is to give a sense of the different approaches pursued by regulators, and of the challenges and policy trade-offs they face. Building on the work done by global standard-setting bodies and other international organisations, we propose a novel conceptual framework, referred to as the ‘fintech tree’. It distinguishes three categories: fintech activities, enabling technologies, and policy enablers. Fintech activities (e.g. digital banking or robo-advice) can take various forms and be performed in different sectors of the financial industry. Enabling technologies (e.g. artificial intelligence or cloud computing) make innovation possible in the provision of financial services and, as such, form the backbone of fintech activities. Policy enablers refer to public policy measures and initiatives (e.g. open banking or regulatory sandboxes) that support the development of fintech activities and the use of enabling technologies.
Figure 1 Fintech tree: a taxonomy of the fintech environment
Source: FSI staff.
Our study finds that authorities pursue a range of approaches when regulating fintech activities. They may put in place fintech-specific licensing regimes that require entities to obtain a dedicated licence before offering their services. Alternatively or complementarily, they may issue requirements that are fintech-specific, modify existing ones, or even forbid certain activities; or, they may clarify their supervisory expectations when applying the existing regulatory framework to fintech business models.
For digital banking,1 specific licensing regimes were put in place in only a limited number of surveyed jurisdictions (Hong Kong SAR and Singapore). In other surveyed jurisdictions, deposit-taking institutions have to comply with existing banking laws and regulations, regardless of the technology they deploy. This means that applicants for a banking licence with a fintech business model need to pass through the same licensing process and face the same regulatory requirements as applicants with a traditional business model. Some jurisdictions have launched initiatives to facilitate the establishment of new banks, including digital banks (Australia and United Kingdom). In others, regulators have clarified their supervisory expectations when considering licence applications from fintech companies. For example, in 2018 the ECB issued guidance on how authorisation requirements for credit institutions would apply to applicants with new fintech business models.
For fintech balance-sheet lending,2 most surveyed jurisdictions do not have a dedicated regulatory regime, and are subject to a variety of regulatory approaches that in most cases centre on the extension of credit as a regulated activity. The exception is Brazil, which introduced direct credit companies (sociedades de crédito direto, or SCD) as a new type of financial institution whose operation requires a licence from the Central Bank of Brazil.
For loan and equity crowdfunding, many surveyed jurisdictions have issued fintech-specific regulations that apply to both activities (Table 1). Often, crowdfunding platforms need to be licensed or registered and satisfy certain conditions before they can provide their services. Although there may be only one type of licence for both activities, the regulatory framework typically includes requirements that apply to both activities, and requirements that apply to either loan or equity crowdfunding.
Table 1 Fintech-specific regulations for crowdfunding
Robo-advice is typically classified as financial advice under securities regulation; i.e. robo-advisers typically need to be authorised by the securities regulator, irrespective of whether the advice is provided digitally, face to face, or through a mix of both methods. Consequently, the majority of surveyed jurisdictions do not have fintech-specific regulations for providers of robo-advice. Nevertheless, around a third of surveyed jurisdictions published guidance on issues that are unique to robo-advice, such as how the obligation to act in the best interest of clients can be met in the face of limited or no human interaction (Table 2).
Table 2 Robo-advice: elements of regulatory guidance
For digital payment and e-money services, most surveyed jurisdictions have specific regulations. For digital payment services, initiatives put in place often aim at strengthening regulatory requirements for non-banks or facilitating their access to the payments market. For e-money services, most surveyed jurisdictions have a dedicated regulatory framework that requires non-bank e-money providers to obtain a dedicated licence from the authority. In a few jurisdictions, e-money services are considered a banking business and are subject to bank-like prudential regulation.
For insurtech, we have not seen any licensing regimes or other requirements that are specific to technology-enabled business models in the area of insurance distribution and underwriting.3 Existing licensing regimes and regulatory requirements are generally considered sufficient to address the features and risks of these new business models.
For cryptoassets and related activities,4 regulatory responses in surveyed jurisdictions vary considerably. Regulators have mostly focused on cryptoassets issued by non-regulated entities, issuing warnings and clarifying regulatory treatment. Several jurisdictions have introduced specific licensing regimes for entities providing services related to cryptoassets, and very few have established registration regimes (i.e. exchanges, wallet providers). Only a minority of jurisdictions have prohibited certain crypto-related activities (Table 3).
Table 3 Regulatory and policy responses to cryptoassets and related activities
Multiple technologies are enabling innovation in the financial sector. These include but are not limited to: application programming interfaces (APIs), artificial intelligence (AI) and machine learning (ML), biometric-based identification and authentication (biometrics), cloud computing (cloud) and distributed ledger technology (DLT).
For enabling technologies, our study finds that regulators have adjusted their existing regulations to add technology-specific elements to existing laws, regulations, or guidelines. As a result of the level of market adoption, some technologies have received more attention than others. Regulators have been particularly active on cloud, APIs, and biometrics. In contrast, for AI, ML, and to some extent, DLT, authorities have not gone beyond conducting risk assessments and issuing general guidance.
Table 4 Policy responses to enabling technologies
Our study finds that public policies enabling the provision of digital services have received considerable attention (Table 5). In order to take advantage of the economic and social opportunities that a digital economy might bring, multiple authorities (e.g. financial supervisors and competition, consumer protection and data privacy authorities) are implementing various public policies that enable digital services, such as:
- Digital identification (digital ID): Financial authorities in almost all surveyed jurisdictions have included regulatory provisions in their frameworks that allow institutions to use digital ID systems for customer verification and authentication for certain government, commercial, and/or financial digital services. Only a few jurisdictions are implementing national digital ID systems as part of a broader innovation and digital strategy in their jurisdictions.
- Data protection: Public authorities in most jurisdictions have issued new data protection regulations or enhanced existing regulations concerning the collection, use, and protection of customer information.
- Cyber security strategies: Almost all jurisdictions have put in place cyber security regulations and guidance specific to the financial sector, while a lesser number have implemented a national cyber security framework.
- Open banking initiatives: Implemented in several jurisdictions, they cover the requirements that apply for accessing and sharing customer information between banks and third-party firms.
- Innovation facilitator initiatives: Almost all surveyed countries have established an innovation hub. Regulatory sandboxes are also a common innovation facilitator, while accelerators have been established in only a few jurisdictions.
Table 5 Public policies that enable the provision of digital services
Our study finds that policymakers are actively managing the winds of change brought by fintech. When regulating fintech activities, they are pursuing a wide array of approaches – ranging from establishing fintech-specific licencing regimes or other regulations to providing guidance to the industry. For enabling technologies, regulators have mostly adjusted their existing regulations to add technology-specific elements to existing laws, regulations, or guidelines. On a broader level, public policies that enable the provision of digital services have also received considerable attention. That said, to date, technological developments have not yet resulted in any major upheaval in the structure of financial regulation. Instead, authorities have so far taken a more targeted approach to policy.
When managing the winds of change brought by fintech, authorities need to decide on the adequate combination between windmills and walls. The former, to take advantage of fintech’s benefits; the latter, to minimise potential risks it poses to the financial system.
Getting that mix right is easier said than done. Fintech developments present issues that are beyond the traditional scope of financial authorities, and the speed of innovation makes it difficult for regulators to respond in a timely manner.
In addition, important trade-offs may arise between different policy objectives. Achieving an orderly application of new technologies in the financial system will probably remain a desirable outcome of regulatory actions. At the same time, policy actions need to be consistent with the preservation of financial stability, market and financial integrity, competition and consumer protection.
Only with sufficient resources and access to timely and reliable information will authorities be able to steer innovation in a desirable direction, and agilely adjust their regulatory responses. In this context, cooperation and coordination at the local and international levels remain essential.
Authors’ note: The views expressed in this column are those of the authors and do not necessarily represent the views of the Bank for International Settlements or the Basel-based standard setters.
Basel Committee on Banking Supervision (2019), Report on open banking and application programming interfaces (APIs), November.
Ehrentraud, J, D Garcia Ocampo, L Garzoni and M Piccolo (2020), “Policy responses to fintech: a cross-country overview”, FSI Insights on policy implementation, no 23.
European Commission (2018), “Crowdfunding”.
Financial Action Task Force (2019), Draft Guidance on Digital Identity, 21 November.
Financial Stability Board (2017), Stocktake of publicly released cybersecurity regulations, guidance and supervisory practices, 13 October.
World Bank Group and Global Partnership for Financial Inclusion (2018), G20 Digital Identity Onboarding.
1 We define digital banks as deposit-taking institutions that are members of a deposit insurance scheme and deliver banking services primarily through electronic channels instead of physical branches.
2 Fintech balance sheet lending refers to credit activity facilitated by internet-based platforms (not operated by commercial banks) that use their own balance sheet in the ordinary course of business to intermediate borrowers and lenders.
3 These refer to insurtech business models like mobile, on-demand, usage-based, or technology-enabled peer-to-peer and parametric insurance.
4 These activities may include creating, distributing, storing, or exchanging cryptoassets, or using them for investment or payment purposes or as reference in financial products.