Denying reality never works. The reality now is that digital services provided by large digital platform companies – big techs – have become ubiquitous across the globe and have already gained a substantial foothold in some financial services.
Another reality is that strong interdependencies are an integral part of the business model of big techs. Intragroup dependencies arise from the common use by big tech entities of a general payment infrastructure, technological platforms and applications, and from internally sharing data and insights derived from those data across the services they provide. External interconnections arise from the partnerships between big-tech entities and financial institutions to provide financial services, and from the technological services – such as data analytics and cloud computing – they provide to the financial services industry.
These interdependencies come with specific risks; chief among them are operational, contagion, reputational, and consumer protection risks. It is not hard to imagine difficulties in one big-tech entity or activity spilling over to the entire group, or for operational incidents at third-party service providers – including other big techs – causing outages or data breaches with potential knock-on effects for big techs themselves and for their customers. What is hard, however, is to reach a satisfactory understanding of the extent of these potential risks. While big techs’ platforms are visible, the machinery that makes them work is largely removed from view, complicating efforts by outside parties to fully appreciate their organisational structure, activities, and the risks involved.
In a recent study, we have attempted to piece together a view of big-tech business models based on public information (Crisanto et al. 2022). By analysing six big techs (Table 1), our goal is to identify common features and emerging risks in the operations of big techs that are relevant from a public policy perspective, and to give a sense of the options available to financial authorities.
Table 1 Big techs under review
Source: Public sources; FSI.
Big-tech business models
Big techs follow a rather unique business model (see e.g. Boissay et al. 2021, Crisanto et al. 2021a, Feyen et al. 2021, and Frost et al. 2019). Their business model revolves around multi-sided digital platforms that enable direct interactions between a large number of users. These interactions generate data as an essential by-product.
Although big techs share a number of characteristics, no two are alike. Several have a privileged position in the retail e-commerce market; others are better known as successful developers of hardware; and some are key providers of technology services (e.g. cloud and artificial intelligence solutions).
Despite these differences, big-tech business models share several common features. First, big techs generally complement their core activities with a range of additional services in finance and technology (Table 2).
Table 2 Service offerings by big techs under analysis
Source: FSI staff.
Second, big techs typically integrate their services in the same digital platform by using ‘ecosystem binders’ (Table 3). These are applications and tools that encourage customer engagement and cross-usage of services; in doing so, they generate data from different business segments.
Table 3 Ecosystem binders
Source: FSI staff.
Third, big techs have the ability to harness the inherent network effects in digital services through the so-called ‘data-network-activities’ (DNA) loop.
Network effects also allow big techs to both scale up and broaden their services, and to attain dominant positions. What fuels this ability is client data, which big techs actively use to enhance their activities and create further user activity, thereby collecting even more data (Figure 1).
Figure 1 Big tech’s data cycle
Source: FSI staff.
Fourth, big techs commonly show a drive to grow and expand to new markets, generating big techs of different sizes and stages of growth. The different stages of their development allow big techs to be classified, in broad terms, as regional (i.e. Grab, Jumia, Mercado Libre, and Rakuten) or global (i.e. Alibaba and Amazon).
Figure 2 Regional versus global big techs
The intermingling of financial and non-financial operations creates strong interdependencies, which are a core feature of the big-tech business model. They come in two forms: intragroup dependencies and external interconnections (Figure 3).
Figure 3 Big-tech interdependencies
Source: FSI staff.
Intragroup dependencies arise from the following:
- Payment infrastructure. Easy-to-use payment systems enable users to interact with products and services across the entire big-tech ecosystem and are crucial instruments for connecting different business segments.
- Technological platforms and applications. Big techs’ ecosystems rely on common technological infrastructures such as cloud computing capabilities, computer applications, and analytical tools.
- Personal data. Big techs collect a wide range of information on their customers across their business segments. They commonly share that data, or insights derived from it, within the group without much friction.
- Proprietary credit risk assessment. Big techs can leverage alternative data and sophisticated artificial intelligence-based tools to develop their own credit scoring systems.
External interconnections arise from the following:
- Partnerships with financial institutions. These range from performing front-end functions to co-providing financial products and services. Big techs typically enter into partnerships with financial institutions to facilitate payments in their ecosystems; integrate financial services through white labelling or banking as-a-service arrangements; provide financial institutions with pre-screening insights and/or clients’ data; and originate and/or distribute lending and insurance products.
- Role as technology services providers. Financial institutions have come to heavily rely on technological services (e.g. cloud computing and data analytics) provided by a handful of big techs. But not all big techs provide these services, and as regional players, they too tend to rely on the services provided by global big techs (Figure 4).
Figure 4 Reliance on technology services provided by big techs
Source: FSI staff.
Locating the regulatory blind spot
Big tech interdependencies come with specific risks.
Intragroup dependencies weld together activities that are provided by different entities within big-tech groups and therefore increase the potential for difficulties originating in one part to spill over to the entire group. One relevant consideration for financial authorities in this context is the risk that regulated financial entities within a big-tech group may suffer a negative – reputational or financial – impact from problems (e.g. IT failures or data privacy violations) which may arise somewhere in the wider group but outside the regulatory perimeter.
External interconnections, especially between financial institutions and big techs, raise operational, reputational, and consumer-protection risks through the joint provision of financial services. There may also be moral-hazard issues when incentives are not aligned between a big tech and its partners. Also, the growing reliance by the financial industry on technology services provided by a small number of big techs forms single points of failure and creates new forms of concentration risk at the technology services level. In other words, it makes the continuity of those services systemically relevant.
The issue now is that the risks related to interdependencies are not fully captured under the current regulatory set-up.
No wonder – the regulatory instruments currently available under sectoral regulatory regimes were not designed to mitigate these risks, which arise from the combination of financial and non-financial activities (Figure 5).
Figure 5 Juxtaposition of sectoral regulations and big-tech risks
Source: FSI staff.
A regulatory re-think is warranted
As the current regulatory approach does not sufficiently address the risks arising from big-tech interdependencies, there is a need to complement existing activity-based rules under sectoral regulations with specific entity-based requirements for big-tech operations in the financial sector.
But such a new regulatory regime is not in sight, and financial authorities may wonder what they can do now to deal with big-tech challenges that fall within their mandate.
As an interim solution, they may start by focusing on regulated financial entities and use them as a lever to counter potential financial stability risks. In concrete terms, this means:
- For regulated financial entities that are members of big-tech groups, authorities could assess whether they have a clear picture of the risks stemming from interdependencies and use existing (or enhanced) policy tools to mitigate operational, prudential, or consumer protection issues.
- For all regulated financial entities that rely on critical third-party service providers, authorities could ramp up their monitoring efforts to identify concomitant risks, including concentration and contagion risks, and (at the macro level) systemic risks;
and assess whether there is a need to strengthen digital resilience through existing (enhanced) policy tools relating to operational risk/resilience, third-party service providers, and outsourcing.
But these measures are only a temporary solution to buy time for sound policymaking, which must start with a clear-eyed assessment of the risks and regulatory status quo.
As Jedi Knight Qui-Gon Jinn said, “your focus determines your reality”. The focus now should be on better understanding big tech risks and how to turn the status quo into a long-lasting solution.
Authors’ note: The views expressed in this column are those of the authors and do not necessarily represent the views of the Bank for International Settlements or the Basel-based standard setters.
Boissay, F, T Ehlers, L Gambacorta and H Song Shin (2021), “Big techs in finance: on the nexus between data privacy and competition”, BIS Working Papers, no 970, October.
Borio, C, S Claessens and N Tarashev (2022), “Entity-based vs activity-based regulation: a framework and applications to traditional financial firms and big techs”, FSI Occasional Papers, no 19, August.
Carstens, A, S Claessens, F Restoy and H S Shin (2021), “Regulating big techs in finance”, BIS Bulletin, no 45, August.
Crisanto, J C, J Ehrentraud and M Fabian (2021a), “Big techs in finance: regulatory approaches and policy options”, FSI Briefs, no 12, March.
Crisanto, J C, J Ehrentraud, A Lawson and F Restoy (2021b), “Big tech regulation: what is going on?”, FSI Insights on policy implementation, no 36, September.
Crisanto, J C, J Ehrentraud, M Fabian and A Monteil (2022), “Big tech interdependencies – a key policy blind spot”, FSI Insights on policy implementation, no 44, July.
Ehrentraud, J, J Evans, A Monteil and F Restoy (forthcoming), “Big tech regulation: in search of a new framework”, FSI Occasional Papers.
Feyen, E, J Frost, L Gambacorta, H Natarajan and M Saal (2021), “A policy triangle for Big Techs in finance”, VoxEU.org, 23 October.
Frost, J, L Gambacorta, Y Huang, H S Shin and P Zbinden (2019), “The emergence of Big Tech in financial intermediation”, VoxEU.org, 4 October.
Prenio, J and F Restoy (2022), “Safeguarding operational resilience: the macroprudential perspective”, FSI Briefs, no 17, August.
Restoy, F (2021), “Fintech regulation: how to achieve a level playing field”, FSI Occasional Papers, no 17, February.
Restoy F (2022), “The digital disruption: The role of regulation”, speech at the virtual conference by the Asia School of Business and the BIS, January.