To gaze into the crystal ball of future technology regulation is to peer into the busy workings of global regulatory influencers. And they have certainly been busy.

In the past few weeks alone, the Financial Stability Board (FSB), Bank of International Settlements (BIS), International Organization of Securities Commissions (IOSCO), Financial Action Task Force (FATF), G20 and numerous others, have weighed into the future of tech. Even more recently, BIS released its “Green swan” paper focussing on climate change and financial stability. This will ultimately require strong tech development for systems, data, product development, analytics and supervision.

This alert provides a summary of three key papers issued by the FSB, as well as summarising developments from other influential global policy-makers.

FSB – a focus on BigTechs,[1] cloud and stablecoins

The FSB is an international body focussed on financial stability headquartered in Switzerland. It has released three papers[2] on the disruptions and risks arising from three very topical areas:

BigTechs in finance

Recently, BigTechs have gained much media attention by their announcements of new financial products (for example, Google’s checking account, Apple Card, and Facebook Pay). Earlier this year, the “Chinese dual”, Tencent and Alibaba, through various joint ventures obtained virtual banking licences from the Hong Kong Monetary Authority. A review of the virtual bank licensees and their shareholders reveals interesting partnerships between BigTechs, technology companies and incumbent financial service providers. The presence of BigTech in finance is hard to ignore, and it is not surprising that the FSB has released its report on Bigtech in finance.

Key messages from the report

The FSB’s key observations in its paper are as follows:

  • BigTechs have been able to penetrate financial markets – Furthermore, in advanced economies, the FSB observed that BigTechs’ activities are more focussed (eg payments-related functions), while in emerging markets and developing economies, they generally tap into a broader market covering areas such as credit extension, asset management and insurance.
  • BigTechs’ comparative advantages – Advantages may include established customer networks, brand recognition, and a wide range of customer data and state-of-the-art technology. In the new data economy, BigTechs are well placed – they are able to create momentum by utilising their wealth of customer data from their core businesses and can achieve more tailored products and precise pricing.

  • BigTechs are at the same time competing and partnering with incumbent FIs – Some BigTechs directly compete with existing FIs in certain areas (eg by setting up their own virtual banks). Others partner with FIs in various forms (eg by providing FIs with various tech-related services such as cloud, data analytics, or by interfacing with customers to facilitate distribution of bank products). In some instances, BigTechs are seeking to utilise incumbent FIs’ licences, compliance framework and controls, while they focus on the non-regulated activities. In many instances, there are upsides to both the incumbent FIs and BigTechs.
  • There are upsides and risks associated with BigTechs’ involve in financial services – On the one hand, BigTechs promote innovation, competition and financial inclusion by introducing cheaper and more diversified products with improved efficiencies. On the other hand, BigTechs’ activities could potentially pose certain risks, such as:
    • directing funds away from the banking system may reduce the profitability as well as resilience of FIs, affecting stability of FIs’ funding and reducing transparency in ownership and governance;
    • interlinkages and interdependencies between BigTechs and FIs may trigger domino effects, which seriously disrupt the market in case any BigTech fails; and
    • in relation to credit provision, new forms of credit assessment may lack rigorous testing, and BigTechs’ ability to maintain credit supply in a downturn may also be uncertain.
  • Ensuring a sufficiently diverse market is also important – BigTechs, with their vast access to customer data, are likely to become crucial market players as direct financial service providers. The FSB has recognised that currently, there is no evidence that BigTechs are hindering competition in financial markets, but nonetheless stresses the importance of future market diversity. The FSB also noted that as BigTechs become increasingly important in the financial system, their failure may cause wide disruption to the broader economy. This risk is more prominent in emerging markets and developing areas than in advanced economies.

How should regulators respond? The FSB emphasised the importance of cooperation among policymakers and regulators across banking and non-banking sectors, and also via international fora. Given the sizes of and risks associated with the BigTechs’ financial activities, the FSB suggested that BigTechs should be subject to financial regulations as FIs. The FSB also commented that regulators may consider imposing reciprocal data-sharing obligations on big techs to mirror open banking initiatives such as PDS2, such that there is a level playing field for competition. In our view, this remark is consistent with the growing trend of domestic regulators to promote data sharing and open banking, for example the regulatory regimes being implemented in Australia, Hong Kong SAR* and United Kingdom.

Cloud - third-party dependencies

As financial institutions often use and increasingly depend on the cloud services provided by the same BigTechs that may start moving into their competitive territory, there is an extra layer of complexity around the interlinkage between the two, which regulators are vigilantly monitoring. This subject was considered in the FSB’s report on Third-Party dependencies in cloud services.

Key messages from the report

The FSB’s key findings demonstrated the strong benefits of cloud, but also signalled flags that merit regulatory attention:

  • Cloud usage is growing – Responses from a global survey of FIs indicated that global and regional cloud service providers are highly concentrated, and that although FIs are reportedly still at an initial stage in their deployment of cloud technology, there is a trend of moving core systems to cloud.
  • Cloud services have both cost-saving and technical benefits for the industry – Utilising third party cloud services frees up capital by avoiding the need to establish and maintain expensive IT infrastructure. Moreover, FIs may leverage the tech-knowhow and geographical locations of large cloud providers to achieve geographic diversity and risk-resilience.
  • Regulators face access difficulties – Knowledge asymmetries, contractual, cross-border and/or legal restraints mean that it may be difficult both for FIs to oversee the cloud services and for regulators to exercise access rights. It is also uncertain to which extent FIs are prepared for possible unexpected outages. Market domination by a small concentrated group of service providers amplifies the risks of systemic failure.

For businesses which engage third parties in cloud services as well as cloud service providers, it is worth monitoring global developments on the subject. For example, the Securities and Futures Commission (SFC) has had regard to a number of the abovementioned factors as part of its recent Circular regarding the “Use of external electronic data storage”, which is very much focussed on providing a framework for cloud data storage, and ensuring that the SFC retains prompt and appropriate access rights as needed. See our alert here for more information on this circular.

Regulatory issues of stablecoins

In this brief report, the FSB expressed its view that global stablecoins (GSCs) may become “a source of systemic risk”, although due to their novelty, very limited information is currently available for solid assessment. Amidst all the uncertainties and speculations, the FSB warned of financial stability risks GSCs may introduce. This is particularly because of their potential to establish a global user base, infiltrate domestic financial systems, and substitute fiat currencies. There was also the potential for GSCs to open up a pandora’s box and cause serious erosions in market competition, data protection and financial crime activities given privacy and pseudonymity related features of some virtual assets.

The FSB suggested that regulators should build a thorough understanding of the individual components of stablecoin arrangements. Based on this understanding, regulators should then identify how the current domestic legal framework applies to and addresses the risks under stablecoin arrangements. The FSB also emphasised the importance of cross-jurisdictional co-operation in ensuring that national regulations are compatible.

Recent discussions on GSCs across the international regulatory fora (as we summarise in the next section) echo with the FSB’s wariness about the potential systemic risks surrounding GSCs, and demand suitable risk-management to be undertaken by both stablecoin developers and global regulators. For example, the G7 Working Group on Stablecoins (Working Group) published a report in which it identified a range of risks and challenges associated GSCs, and expressed its belief that GSC projects should not commence operation unless the risks and challenges identified are adequately addressed. The Working Group also stressed the importance of cross-border collaboration, and suggested that national regulators adhere to principles established by standard-setting bodies to ensure international consistency. IOSCO and the European Central Bank (ECB) also published statements and notes expressing similar views.

At the same time, innovation is still highly prized. On that note, the Hong Kong Monetary Authority and Bank of Thailand have just issued their report on their collaborative “Project Inthanon-LionRock” effort to explore a potential Hong Kong Dollar-Thai Baht blockchain-based cross-border payment arrangement, and several other projects are on foot internationally.”

What are other global trend-setters saying?

Multiple regulators are looking at technology, new asset classes like virtual assets, and regulation. The following table summarises a number of key developments you should know about.

Key takeaways

Pulling together the wealth of global regulatory developments, we give our final take on the current state of play on BigTechs and global regulatory trends:

  1. BigTechs’ engagement in financial activities is not new, but regulators are now taking a greater interest in how to best regulate BigTechs. Multiple research institutions and international bodies have published articles with similar observations as the FSB. For example, in June 2019, the BIS published its take on the BigTech phenomenon, suggesting a new regulatory compass to facilitate policy-making and cross-sector cooperation among regulators in finance, competition and data protection. The legal landscape is changing rapidly to catch up with the market trend. Some have already expressed worries that FinTech start-ups may also get drowned in this new wave of regulating BigTechs, and innovation will be stifled. The FSB’s acknowledgement that “regulation [should be] proportionate to the relative size and risk of both large BigTech and smaller FinTech firms” offers comfort and sensible view in this regard.
  1. Utilisation and monetisation of data is a tricky issue. The FSB’s seriousness in monitoring data use by BigTechs shows that data not only increases competitiveness in businesses, but also brings responsibilities and burdens in compliance. FinTech firms with less market share and less prominent presence will presumably attract less regulatory oversight than BigTechs do. Nonetheless, FinTech firms should be mindful to ensure that their use of data accords with legal requirements. Both legal challenges and exciting opportunities lay ahead.
  1. Cloud service providers continue to be under the spotlight. As more FIs use cloud services, there is an increased regulatory effort in dealing with such risks. Clear local guidance from regulators on the subject is welcome to ensure clarity for both service providers and regulated entities. However, seeing how requirements such as those recently imposed in Hong Kong play out in practice will undoubtedly influence others on issues such as data access and localisation.
  1. Global regulatory bodies consider stablecoins a systemic potential risk. As we have briefly summarised in the regulatory update table, many global standard-setting organisations have expressed their concern regarding stablecoins and the associated risks to the existing central banking framework. The future of stablecoins is still full of uncertainties, but we expect to see an uptick in their regulation to mitigate the above-mentioned risks. We recommend that anyone dealing with stablecoins stay abreast of regulatory developments, and also obtain advice about the regulatory nature of the particular stablecoins they deal in.
  1. Novel products, asset classes (like virtual assets) and distribution channels lead to new money laundering and terrorist financing typologies, which in turn results in new controls and guidance.
  1. Innovation remains a priority.