VoxEU Column Financial Markets Financial Regulation and Banking

Regulating fintech: Ignore, duck type, or code

Two events have shaped the financial system over the past ten years: the Global Crisis and the rise of fintech. But while the lessons learned after the crisis have been widely discussed and the regulatory response broadly agreed upon, the question of whether and how to regulate fintech is a topic of an ongoing policy debate. This column discusses the three basic options that regulators have: ignore it, ‘duck type’ rules into existing regulations, or specifically tailor new regulations.

Two events have shaped the financial system over the past ten years: the global financial crisis and the rise of the crypto-finance ecosystem, broadly labelled ‘fintech’. Both of these events have raised questions about the appropriate regulatory response. The lessons learned after the crisis have been widely discussed and the regulatory response broadly agreed upon – even though it is not yet fully implemented – in the Basel III framework by the Financial Stability Board (FSB). However, the answer as to whether and how to regulate fintech is still in its early stages and is a topic of an ongoing policy debate.

In the current traditional regulatory framework, a few aspects – such as conduct and money laundering – apply to the full financial universe. However, in most aspects, the regulatory framework differs by instrument, institution, and platform (see Figure 1). Where does fintech fit into this landscape? The answer is not trivial as fintech encapsulates a broad spectrum of activities. A one-size-fits-all regulatory approach seems to risk stifling innovation and discouraging new market entrants. Accordingly, Claessens et al. (2018) focus on fintech credit and Kaal (2018) focuses on ICOs, both finding that the current regulatory responses differ widely across types of fintech activities and jurisdictions. In this chapter, I argue that despite these disparate differences regulators essentially have three options in this regard: ignore, duck type, or code (Amstad 2019).

This column is taken from the VoxEU eBook, The Economics of Fintech and Digital Currencies, available to download here

Figure 1 Regulating digital finance

Source: Amstad (2019).

Ignore — ‘keep it unregulated’

The first option is to leave fintech largely unregulated. A precondition for good regulation is clarity about the need for, and goals of, regulation. The finance literature commonly gives three forms of market failure as a basis for the justification of regulation: information asymmetry, moral hazard, and monopoly power. From these elements, objectives such as investor protection, financial stability, and market integrity take shape. These likely can also provide appropriate guidance as to whether or not to regulate fintech.

In the early days of fintech, regulators in most jurisdictions chose ‘wait and see’. Some fintech companies felt hampered in their activities as they could not benefit from the legal certainty of regulation – a criticism that contrasts with the sometimes anti-governmental approach of at least some fintech activities. However, implementing new regulations or even licensing may be misinterpreted as endorsement by supervisory authorities, or even as an implicit guarantee. 

The aggregate market capitalisation of cryptoassets skyrocketed from $30 billion to peak at over $800 billion in early January 2018, before falling back to around $200 billion (Rauchs et al. 2018). With increased fintech-era volumes, levels of fraud, inappropriate market practices, and Ponzi schemes increased. Hesitant to over-regulate but increasingly seeing the need for a regulatory response to ensure investor protection and market integrity, several jurisdictions resorted to issuing warnings to the market. In detailing the case of initial coin offerings (ICOs), Zetzsche et al. (2018) document the issuance of warnings as the least interventionistic of all regulatory options.

In terms of financial stability, the Committee on the Global Financial System and the Financial Stability Board, among others, concluded that at this stage, the size of fintech-era credit in many jurisdictions was still small enough to limit any systemic impact (CGFS and FSB 2017). At the same time, a range of benefits and risks were identified in cases where fintech might grow further. If regulation seems appropriate, the fundamental question arises as to whether fintech’s risks and rewards can be integrated into the existing framework, or whether a new regulatory paradigm is required.

Duck type — ‘same risk, same rules’

The second option is to ‘duck type’ fintech rules into the existing regulation. Some fintech models are essentially digital or crypto representations of an instrument, an institution, or a platform. A straightforward approach to regulating these fintech models is to focus on their economic function or, more specifically, their underlying risk. This strategy refers to the famous Howey test, and is often simplified as the ‘duck test’ that says, “if it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.”

Duck typing regulation applies two widely used regulatory principles: it is ‘principles-based’ as it regulates the same risk with the same rule, and it is ‘technology-neutral’ as it focuses on the economic function. An example is the ICO guidelines by Swiss Financial Market Supervisory Authority: “In assessing ICOs, FINMA will focus on the economic function and purpose of the tokens (i.e., the blockchain-based units) issued by the ICO organizer” (FINMA 2018). Accordingly, ICOs are classified into payment, utility, and asset tokens. Compliance with respective existing regulations and in all cases with anti-money-laundering legislation is required. Duck-typing regulates the function rather than the instrument, institution, or platform. However, fintech innovations may also lead to new functionality. Regulators need to identify these new functions and, if need be, code them into new regulations that specifically address fintech issues.

Code – ‘new functionality, new rules’

The third option is to code fintech using regulations that are specifically tailored to new functionality made possible through technological innovation.  

Duck typing regulation works as long as fintech operates in the same way as traditional finance. Despite technological change, the underlying core risks in financial markets, such as market, credit, liquidity, and operational risks, have remained largely the same. However, with ongoing financial innovation, new combinations of risks might emerge. Alternatively, the core risks might show up in forms only made possible through using new technology. Both scenarios might need additional specific regulations. Similarly, new risks stemming from interconnected financial markets were brought to the forefront during the global financial crisis. While underlying risks would stay the same, it became clear that safeguarding individual financial institutions is insufficient and a separate additional macroprudential layer is necessary.

Indeed, current research suggests that fintech might lead to new functionality based, among other elements, on: (a) the specific features of blockchain technology, (b) the new combination of business models, and (c) new digital operational challenges. In the following we provide examples for each characteristic.

(a) Blockchain technology. Cong and He (2018) demonstrated that blockchains have profound economic implications on consensus generation, industrial organisation, smart contract design, and anti-trust policy. Specifically, in the traditional system – largely due to contract incompleteness – sellers cannot offer prices contingent on the success of delivering the goods. In contrast, blockchains, via decentralized consensus, enable agents to contract based on service outcomes and to automate contingent transfers. They conclude that this new functionality can deliver higher social welfare and consumer surplus through enhanced entry and competition, yet it may also lead to greater collusion. Consequently, they suggest an oft-neglected regulatory solution to separate usage and consensus generation on blockchains, so that sellers cannot use the consensus-generating information for the purpose of sustaining collusion.

Another example for functionality made possible through blockchain is the ‘fork’, as an either accidental or intentional change in protocol. Biais et al. (2017) illustrated that forks might be an integral part of blockchain applications, leading to orphaned blocks and persistent divergence between chains. Again, it is not straightforward to see a direct analogy to a fork in the non-digital world and therefore how to mirror it using current regulations, at least taking into consideration whether dedicated regulations are needed.

New functionality might also arise from decentralisation, which, for example, allows for greater ease in benefitting from regulatory arbitrage. Makarov and Schoar (2018) found that price movements in cryptocurrencies are largely driven not by transactions costs or differential governance risk, but rather by avoiding regulation.

(b) New combination (of business models and jurisdictions). Fintech is characterised by a strong and increasing cross-segment expansion instead of limiting itself to the value chain of a classic bank or insurance company. Rauchs et al. (2018) found that 57% of cryptoasset service providers were operating across at least two market segments to provide integrated services for their customers. This led some to declare fintech a new asset class. Findings by Hu et al. (2018) support this view, showing that cryptocurrencies are highly correlated among each other – likely driven by Bitcoin serving as vehicle currency in the cryptocurrency space – but are largely orthogonal to traditional assets. It is still too early to tell whether cryptocurrencies’ distinct behaviour is a testament to the rise of a new asset class justifying its own regulation. 

(c) New digital operational risks can appear across the digital financial services and market value chain. Digital technology also enables the generation and analysis of vast amounts of customer and transaction data (i.e. ‘big data’), which introduces its own set of benefits and risks that should be managed (G20 2018).

An additional need for dedicated regulation may arise from the fact that digital blockchain records must be enforced in the physical world. “While blockchains can keep track of transfer of ownership, proper enforcement of possession rights is still needed, except in the case of (fiat) cryptocurrencies” (Abadi and Brunnermeier 2019). The enforcement of rights and duties in fintech may differ from those found in traditional assets. Cohney et al. (2018)  found, for example, that ICO codes and ICO disclosures often do not match, opening a potential need for ensuring legal certainty by regulating the link between the legal framework and the code.


As with previous regulation, regulating fintech needs to be justified by either investor protection, market integrity, or safeguarding financial stability. Ignore or wait-and-see approaches – at least in the beginning— can therefore be prudent approaches to avoid stifling innovation. In cases where regulation seems appropriate, however, similar activities should be treated in similar ways in an attempt to limit incentives for regulatory arbitrage. At the same time, regulators would be well-advised to remain alert to the limits of duck typing. An open dialogue among regulators, the fintech industry and academia may help to identify early on new functionalities that may require conceptually distinct regulation of technology-enabled finance.

Authors’ note: Marlene Amstad serves as Vice Chair of the Board at Swiss Financial Market Supervisory Authority (FINMA). The views expressed in this column are those of the author and do not necessarily represent those of FINMA.


Abadi, J, and M K Brunnermeier (2019), “Blockchain Economics”, working paper.

Amstad, M (2019), “Regulating Fintech: Objectives, Principles and Practices”, forthcoming in M Amstad, B Huang, P Morgan, and S Shirai (eds), Fintech in Asia, ADBI press.

Biais, B, C Bisière, M Bouvard  and      C Casamatta (2018), “The blockchain fork theorem”, Toulouse School of Economics Working Paper No 17-817.

Committee on the Global Financial System and Financial Stability Board (CGFS and FSB) (2017), “FinTech credit: market structure, business models and financial stability implications”, CGFS Papers, May.

Claessens, S, J Frost, G Turner and F Zhu (2018), “Fintech credit markets around the world: size, drivers and policy issues”, BIS Quarterly Review, September.

Cohney,  S, D Hoffman, J Sklaroff and D Wishnick (2018), “Coin-Operated Capitalism”, Columbia Law Review (forthcoming).

Cong, W and Z He (2018), “Blockchain Disruption and Smart Contracts”, Review of Financial Studies (forthcoming).

FINMA (2018), “Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs)”. 

G20 (2016), “High-Level Principles for Digital Financial Inclusion”.

Hu, A S, C A Parlour and U Rajan (2018), “Cryptocurrencies: Stylized Facts on a New Investible Instrument”, working paper.

Kaal, W (2018), “Initial Coin Offerings: The Top 25 Jurisdictions and their Comparative Regulatory Responses”, working paper, University of St. Thomas School of Law.

Makarov, I and A Schoar (2018), “Trading and Arbitrage in Cryptocurrency Markets”, working paper.

Rauchs, M, A Blandin, K Klein, G Pieters, M Recanatini and B Zhang (2018), “2nd Global Cryptoassets benchmarking study”, Cambridge Centre for Alternative Finance, University of Cambridge.

Zetzsche, D A, R P Buckley, D W Arner and L Föhr (2018), “The ICO Gold Rush: It’s a scam, it’s a bubble, it’s a super challenge for regulators”, EBI Working Paper Series no. 18.


[1] I borrow the term "duck typing" from computer programming.

[2] It goes back to a case in the Supreme Court in 1946, which created a test that looks at an investment's substance, rather than its form, as the determining factor for whether it is a security

[3] They also show how forks can be generated by information delays and software upgrades.

1,680 Reads