Will financial regulation catch up with big tech?

As big tech companies expand into financial services, bank bosses have been calling for them to be regulated more robustly
by Paul Bryant

big-tech_1920
In February 2018, the executive chairman of Spanish bank BBVA bemoaned the lack of regulation imposed on big tech. He cautioned that firms such as Facebook, Amazon and Alibaba will take the place of many banks, and in light of this, authorities should do something to stop any potential threat to financial stability. 

These and other recent comments from bank CEOs have prompted a slew of articles on the subject, with Bloomberg running a headline in March 2018: ‘Big tech firms are behaving like big banks – all that remains is for regulators to treat them like it.

In some cases, the evidence to back up the headlines is flimsy. The above Bloomberg article argues that Apple’s practice of investing large sums into company securities – as seen in its financial statements – is akin to behaving like a bank. But this argument doesn’t hold water. Although the amount invested into corporate securities by Apple is large – US$130bn as at 30 June 2018 – it simply invests its own cash, generated from profits, as do many other companies.

In other cases, the evidence is spot on. Chinese tech giants have moved into financial services so aggressively that the Chinese government has been prompted to enact far-reaching regulatory reform, mandating relevant authorities to develop new, detailed rules in many areas of digital finance. (See our article on China’s tech takeover.)

The ‘grey area’ arises from large US tech companies’ slow but sure moves into traditional financial services. They haven’t been as aggressive as their Chinese peers and have mostly structured their affairs to steer clear of financial regulation. But their potential to dominate some financial segments is feared.
Recognised risks In a 2017 report on fintech’s implications for financial stability, the Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, highlights a number of risks in the areas of digital wallets (pre-funded ‘emoney’ accounts, often provided by non-banks) and payment services, the most common entry points of large technology companies into financial services. These are: 
 
  1. The FSB fears that payments systems could be exposed to a greater risk of cyber attack as new payment providers, including unregulated or lightly regulated non-bank companies, now link to these globally connected systems.
  2. In some jurisdictions, customer funds deposited into digital wallets could be invested into risky assets by wallet providers, exposing them to bank-like risks such as liquidity mismatch, without the corresponding prudential regulation.
  3. Digital wallets could be subject to ‘contagion’, should confidence in the sector be rocked by a distressed provider. The FSB says: “This could be particularly concerning if digital wallets came to replace traditional bank-based payment services.”
  4. Digital wallet providers could become systemically important. The FSB says that a small number of providers, such as Apple Pay, dominate the market. Such dominance could increase concentration and operational risk of the payments system and potentially affect the provision of critical services.
But the FSB is not suggesting a stringent clampdown on fintech initiatives. It stresses the need to draft regulatory changes so that the benefits can also be realised. Some of the benefits highlighted include the potential of new fintech developments to diversify and decentralise financial services and dampen the effects of financial shocks; improve the efficiency of the financial system and the real economy; and improve access to, and the convenience of, financial services (particularly to the less affluent). 
Big tech ‘creeping’ into financial servicesPayments have been the entry point into financial services for Apple, Amazon, Google and Facebook. By offering payments, technology companies gain access to valuable customer spending data and also encroach on banks’ customer relationships as they start to be viewed as financial services companies (customers can often execute a ‘tech branded’ payment without an obvious sign that their bank is still involved).

Payment services such as Apple Pay and Google’s ‘first generation’ product, Android Pay, avoid financial regulation. They are simply technology interfaces that allow customers to use their phone to trigger contactless payments to merchants from linked credit or debit cards. No money ‘touches’ an Apple or Google bank account.

Tim Dolan, a London-based financial services regulation specialist at Reed Smith solicitors, says: “In Europe, in theory they could be caught by the Payment Services Directive, but there are exemptions for IT firms and firms that act as technical service providers subject to payments being within certain limits. Apple Pay falls within those exemptions.”

But as big tech expands from consumer-to-merchant payments, it starts to get drawn into a regulated environment. 
The emoney environment Facebook now offers peer-to-peer payments through Facebook Messenger. Users link a payment card to their Facebook account, and can tap a payment icon to specify an amount to send to their Facebook friend (who will also need to link a payment card). Google has also added peer-to-peer payments, as part of its rebranded and extended Google Pay service that replaced Android Pay.

In Europe, they need ‘emoney’ licenses for this. Facebook has its licence in Ireland, Google in the UK. Customers still link a payment card to the service, but funds pass through a Facebook or Google bank account before being transferred to the recipient, one of the main triggers of financial regulation. 
While big tech companies are without doubt extending their financial services offerings, they are still nowhere close to being regulated like banks However, a company with an emoney licence is not regulated like a bank. The minimum capital requirements are much smaller, operational oversight is lighter, and while the rules to ensure client money is safeguarded are much stricter, they are simpler. They have no freedom to use clients’ funds for things like lending, as a bank would. 

It could also be argued that with some of these payments products, tech companies are getting a free ride from banks’ compliance functions. Their payments services have been constructed knowing that when a customer links a debit or credit card, a bank has already gone through a ‘know your client’ and due diligence process. 

In one of the few moves outside of payments, Amazon has now pushed into the small business loan market through ‘Amazon Lending’. But the intention appears to be more of a drive to help existing Amazon merchants sell even more through the platform, rather than a head-to-head competition with banks. According to LendGenius, a US loan comparison site and broker, loans can only be used to fund inventory to be sold through Amazon.

So, while big tech companies are without doubt extending their financial services offerings, they are still nowhere close to being regulated like banks. 

But this could change if they accelerate their moves. Precedents from China indicate that this can prove lucrative. And there is growing speculation that new regulation in Europe – Payment Services Directive 2 (PSD2) in the EU and ‘open banking’ in the UK – could be the trigger. (See our article on open banking.) 
China’s bold moves In China, ecommerce giant Alibaba also started its financial services offering in payments, initially developing Alipay to facilitate online and mobile payments on its own ecommerce platforms. In 2011, Alipay was spun off into a separate company, later renamed Ant Financial Services, and an aggressive expansion into other areas of financial services followed.

Today, Alipay has over 500 million active users. In addition to the payments service, they can invest ‘spare cash’ into Ant Financial’s Yu’e Bao fund (translated as ‘leftover treasure’), which has grown to become the largest money market fund in the world, with more than 300 million users and US$230bn of assets under management. Ant Financial also has 400 million insurance customers, 100 million loan customers, and a credit-scoring agency with over 250 million active users.

Chinese regulators have recognised that these massive moves by technology companies demand updated regulation. On 27 April 2018, the People’s Bank of China, the China Banking and Insurance Regulatory Commission and the China Security Regulatory Commission jointly issued the Guiding opinions on strengthening the management of investment into financial institutions by non-financial entities (summarised here). This proposes to introduce regulatory oversight of parent technology companies, including their capital strength and governance.

Ant Financial remains a private company but raised additional capital in 2018, which, according to Reuters, valued it at US$150bn – significant even for US tech giants Facebook, Amazon and Apple, which have market capitalisations of between US$420bn and US$1045bn as at 26 October 2018. 
New European regulation could spur big tech into actionPSD2 and open banking regulations require payment services providers, such as banks and credit card companies, to allow authorised third parties with customers’ permission to access account data or initiate payments. 

In a 2017 paper on open banking, How to flourish in an uncertain future –  which can be downloaded here – Deloitte suggests that ‘marketplace banking’ might be on its way, where a range of financial products, from multiple providers, are distributed and serviced through a single digital interface. And this interface might not be a bank. 

The report states: “In an extreme scenario, some banks could be relegated to the background as infrastructure providers while other entities – fintechs, tech giants and price-comparison websites, for example – could come to own the customer relationship. As a result, these could potentially become the leading brands in banking – without ever taking customer deposits or lending onto their own balance sheets.”
It’s easy to see how this current customer data imbalance, skewed heavily in favour of technology giants, could fuel an acceleration of their financial services initiatives Deloitte says a key factor in winning this customer interface could be the use of banking and non-banking data to gain insights into customer behaviour. This might play into the hands of tech giants as they already hold vast amounts of non-banking data, inaccessible by banks, are building up extensive payments data from their own offerings, and are now able to access transactional banking data (wide of their own payments products) as well. 

A 2017 European Banking Institute (EBI) paper on the regulatory challenges of data-driven finance provides a practical example: “Techfins (large tech companies) moving further into financial services, the way analogous Chinese corporations (Baidu, Tencent, Alibaba) have done, can relatively quickly assemble much of the information the customer’s bank or asset manager possesses, and supplement it with their very detailed knowledge of many other aspects of the customer’s choices and preferences.”

It’s easy to see how this current customer data imbalance, skewed heavily in favour of technology giants, could fuel an acceleration of their financial services initiatives. 
Wide-ranging calls for more regulationBank executives are claiming that current regulations – mostly written prior to the emergence of big tech as financial product providers – inadvertently favour big tech. The arguments generally call for common regulatory standards to apply to common activities, regardless of what ‘type’ of company the provider is – so that all payments providers, deposit takers or loan providers are regulated the same way, be they tech companies or banks.

Some of the arguments ring true. Tech companies can access banking data in some markets, potentially increasing the risk of fraud and cyber crime, but are not subject to the same operational scrutiny as banks (such as minimum cyber and data protection measures and business continuity requirements). Some of their products, such as ewallets, are on the fringes of deposit taking, but financial protection rules are much lighter. And while tech companies can access banking data, the reciprocal is not true. 
Remedial measures In the UK, a 2016 report by the Competition and Markets Authority, Retail banking market investigation – final report, states: “Essentially, the older and larger banks, which still account for the large majority of the retail banking market, do not have to work hard enough to win and retain customers and it is difficult for new and smaller providers to attract customers.” 

It proposes ‘remedial measures’ to try and make things easier for new entrants. And while these measures (such as the move to open banking) were primarily aimed to benefit smaller ‘attackers’, they have benefited big tech companies as well.

However, a 2018 report by the US Department of the Treasury on nonbank financials, fintech and innovation shows that regulatory imbalances are now starting to be recognised and acted upon. While still stressing the need to not stifle innovation in financial services, the report proposes a raft of measures that will change the regulatory environment for big tech companies – such as enacting a federal data security and breach notification law, applicable to all types of companies, financial or not.

The regulatory dilemma is probably best summed up by the EBI. It describes how big tech companies tend to move into financial services in stages, building from an initial ‘light’ financial offering until, armed with superior data, they provide very stiff competition to incumbent banks and other regulated entities. “The core issue from a regulator’s perspective is when the tech firm turns into a regulated financial institution.” 
 
Seen a blog, news story or discussion online that you think might interest CISI members? Email bethan.rees@wardour.co.uk.
Published: 29 Oct 2018
Categories:
  • Compliance, Regulation & Risk
  • The Review
Tags:
  • Regulation
  • fintech
  • cyber security
  • Banking
  • Amazon

No Comments

Sign in to leave a comment

Leave a comment