Digital financial services: what regulatory framework?
Financial Conduct Authority (FCA) , Director of Policy
European Commission , Director for Regulation and Prudential Supervision of Financial Institutions, DG for Financial Stability, Financial Services and Capital Markets Union
Banco Bilbao Vizcaya Argentaria (BBVA) , Chief Development Officer and General Manager of New Digital Businesses
Zurich Global Corporate , Chief Risk Office Global Corporate Business
|Greg Van Elsen|
The European Consumers Organisation (BEUC) , Senior Financial Services Officer
KPMG , Partner, Financial Services Regulatory Centre of Excellence, EMA region
European Commission , Head of Unit, Health and Well Being Member, FinTech Task Force, DG for Communications Networks, Content and Technology
EUROFI , President
Objectives of the sessionThe session depicted how the EU Digital Single Market Strategy (DSMS) was unfolding in financial services. It clarified the challenges specific to existing and incoming players, assessed actual achievements in the EU and the difficulties posed to the DSMS by cybercriminality. The session also outlined relevant regulatory approaches.
Key targets for an Appropriate European Policy
Making European policy was often about trade offs. Regarding notably the payment directive (PSD2) they had found a good trade off in terms of opening the market, and they also took into consideration the security of the system though it required consequently a great deal of monitoring and upgrading of expertise.
Attention to a level playing field was crucial for the framework that would be developed. However, it was not necessary right for regulators to just regulate things that overlapped with banking activities in the same way that they regulated banks. Flexibility and consistent implementation in particular across Member States, were important in regulation as well as standardisation. That could become an experimental area, possibly changing things afterward.
Finally, for both the innovating firms and the transformational experiments of established banks the regulatory sandbox would be crucial to enable innovation. However, building skyscrapers in a sandbox was not advisable.
Managing Digital Developments and Cybersecurity
There had been new efforts in the Digital Single Market in areas trying to stimulate fintech. Regtech and legaltech were also useful to respond to regulatory compliance duties. Organisations had also funded innovation in blockchain to investigate its development from the technological side. Associated publications had highlighted how data flow through cloud based standardisation could enable new approaches and simplify the regulators role in combating malpractice. Evidence gathering had been launched to look at what would happen if there were problems with the algorithm, application, or software.
Some thought that they already had a seamless Digital Single Market, with digital platforms that had the potential to help both SMEs and large companies to move funding across borders. It was noted that the Digital Single Market was one of the top 10 political priorities of the Juncker presidency of the European Commission. Some thought it should have ranked higher, and that the potential of the network benefits for Europe was enormous. Others agreed and said that in addition to a legal or paralegal solution they needed a framework for the development of the connection. In addition, two obvious developments to accompany that were instant payments and mobile payments.
One issue was the balance of responsibilities between the traditional financial services industry, new entrants, and consumers. It was acknowledged that consumers had to accept accountability for themselves; however, the industry also had to provide some of the protection that consumers wanted.
Cybersecurity was a significant issue. There was a dangerous presumption that technology was safe and secure. The industry had to ensure that sensitive information stored on digital platforms was secure. There was also the question on the extent to which the big data challenge for privacy would become more nightmarish than it already was. It was stated some consumers were not capable of making complex financial decisions, regardless of the level of education provided.
Thus interesting opportunities were arising around new risk pools. The internet had brought opportunities, risks and threats from the global connectedness it provided.
It was outlined that current cyber crime costed around $445 billion globally. A lot came from beyond individual regional boundaries, which was something that both regulators and the industry needed to be aware of; the insurance industry certainly was.
A further issue was how the market rewarded people that did well. Comparison and review sites had received very good consumer responses, which served to encourage certain behaviours; however, they were a form of self regulation and not standard regulation.
There was still an issue around resolving disputes, in which the market could not be relied upon to provide a solution. They recognised that technology and innovation always had positives and negatives, but they had no immediate response to the dispute resolution issue. One way to answer that question was to investigate what incentives there were for protecting people.
The industry was working with regulators and national security agencies to find a balance between privacy and security. They had to be aware that information had to be shared with national security agencies and that self protection involved recognition of the trade off between security and privacy. It was agreed that regulators needed to improve their coordination and cooperation on security and cyber crime. Regulators needed more sophisticated ways of stress testing. It was also agreed that, prior to regulation, they needed strategy.
It was clear that the panellists wanted an efficient Capital Markets Union and seamless flowing of markets. However, the panellists were talking about a moving target. The challenge was in knowing which tools could be utilised to achieve that end and allowing the best technology to win. Precautionary regulation would likely stifle innovation. Instead, some advocated an approach to wait and see. When required, regulators would be able to act swiftly. Regulators had also to distinguish between official standards and de facto standards as in current technology, the de facto usually won.
The regulators were rather far behind, and unless some innovative thought occurred in the Commission and other bodies, they would struggle to keep up.
Digital Developments in Retail Finance and Big Data
Retail finance was still bottom in terms of consumer satisfaction, and so changes were welcome. However, the impact of fintech on the average consumer was currently not large. Of the 315 million European internet users only 15% had completed any cross border trade, therefore there was opportunity for development. The panellists were also beginning to see the UK as frontrunner in digital innovation.
Some struggled to accept that robo advice and processes could model the challenges that people would face over a five to seven-year period. However, they accepted that perhaps they just did not understand the algorithms used.
Some trends were identified in the digital environment. First was the increasing number of products bought online; second was the movement towards 24/7 availability. However, it was highlighted that when buying financial products online it was easy to buy a toxic investment product, and redress then had to be considered.
In order to reap the benefits of digitalisation they needed a digital upgrade to financial consumer protection. It was thought that the majority of consumers had a generic profile and could have had more standardised products. However, they required safeguards; not all European countries had robust protection agencies and standards, which presented a danger of regulatory arbitrage.
One challenge was the volume of transactions in fintech; the question was how to ensure that the public authorities of the industry kept up with them. A second was how to ensure that there was a level playing field maintained between those who wanted to engage through digital and those that did not.
Transparency of costs was identified as one of the proficiencies of fintechs, and was something that was welcomed from new market entrants.
Big data was a concern for some. Consumers had the potential to profit from more aggregate information, but that came alongside privacy issues. It was highlighted that the big issues in the insurance industry regarding big data were on risk pricing, acquiring data, and developing products more appropriate for individuals’ risk needs. Big data also helped to inform customers and served to influence behaviour.
Big data was also mentioned in relation to credit, where it had helped those that did not have a credit footprint. Big data would allow firms to make more personalised risk assessments, which gave rise to questions around what information would be used to inform credit and insurance areas.
There was uncertainty over the extent to which big data would be replaced by having better access to micropayments, as well as the extent to which the big data challenge for privacy would become more challenging. The answer was unclear, but work needed to be completed in that area.
Used the wrong way, it was dangerous and so it was important that protections were available. However, it was also important that the protection was flexible. An ideal answer would have been one in which digital financial services contributed towards enhancing privacy.
Digital Trade and Consumer Confidence
Digitalisation also worked to break down national biases. It was plausible to have a platform, investor, and investment in three different regions. However, the key information for consumers in those cases was what protections they had and whose dispute resolution they could use if it went wrong.
There was uncertainty on whether the industry would need a cross border dispute settlement system, but they agreed that they needed to work on an answer before they started to build skyscrapers. It was agreed that confidence in the system needed to be developed. It was highlighted that the ombudsman service in the UK had worked well in the case of individual problems with individual products. A public authority intervention seemed to be a sensible response.
Few Europeans traded digitally across borders. That provided an opportunity, if executed well. There were also opportunities, particularly with long term products, to communicate more effectively with customers. However, those opportunities came with inbuilt challenges that needed to be overcome through technology.
There was a question around whether they wanted to move towards encouraging uptake of security investment, to improve consumer confidence. There was a general fear of the unknown. People tended to migrate towards things that they were familiar with, which was a behavioural pattern seen beyond the financial services.
It was noted that firms were not obliged to adhere to out of court complaint systems when it came to redress.
There were opportunities in Europe, if handled correctly. They wanted an open and innovative environment and to encourage attention on cross border issues. They also had to be aware of the security issues and monitoring by regulators and supervisors needed to be adapted to the digital world. Other important areas of focus included stress testing, creating a level playing field, and building consumer confidence.
Addressing those issues in the right way would result in huge potential dividends for Europe in financial services, digital technologies, retail, and across the wider economic frame.
The panellists were welcomed. A speaker outlined that areas to consider included: opportunities, threats, and risks; where they were in Europe; regulatory challenges; infrastructure; and whether the infrastructure was sufficiently linked to support the development of the digital financial services.
Key targets for European Policy
A public authority representative emphasised that Payments Services Directive 2 (PSD2) had been a challenging task as it was addressing the market of payments which was evolving quickly and the endpoint of this evolution was unclear.
He said that making European policy was often about trade offs. In case of PSD2, they had found a good equilibrium, particularly in terms of opening the payments market. He explained that the objective behind opening of the market was to bring more choice to consumers. He pointed out that when opening the market, they had to also taken into consideration the security of the system and ensured that it remained fully secure and did not restrict new entrants’ access, which did not only restrict new entrants’ security; that was the equilibrium they sought.
He had found market opening to be a good tactic but due to potential security risk, it required lots of monitoring and upgrading of expertise.
A speaker commented that attention to a level playing field was crucial for the framework that they would develop. On the demand – consumer - and supply side; the conditions were identical, otherwise the level playing field would have been forced in one direction.
A public authority spokesperson agreed that it was important to have a level playing field, but said that flexibility was also important. He did not think that it was right for regulators to regulate things that overlapped with banking activities in the same way that they regulated banks. It needed to be flexible to the activities that were being used. He felt that that the consumer benefit and opportunity was more important than letting the best technology win.
An industry representative agreed that banking- like services should be subdued to banking like rules in order to guarantee consumer protection. PSD2 and other things around electronic money arrangements had been successful in driving a suitable regulatory framework.
A regulatory body representative added that whilst it was important for regulation to be flexible, it also had to be consistent across all Member States. Rules needed to be implemented and supervised to an equal standard.
He thought that the framework was there. In UK’s Project Innovate they had asked firms what the blockages were and what they wanted. Firms had raised the need for legal certainty, and that they were looking for clarity from regulators and others in the regulatory space. They were also worried about how to become authorised, and regulation keeping pace with developments. That was something that everyone was worried about and trying to keep track of.
He said that in many cases the innovating firms were exploring new business models, needed help, and a safe environment for real market experimentation; that was why things like the regulatory sandbox were important.
A public authority representative shared the concern for consumer protection. He agreed that sandboxes were a good idea, but said that trying to build skyscrapers in a sandbox was not. Another speaker highlighted that there was a warning signal there. He agreed that they needed to be cautious and monitor carefully. Trade repositories were a good example in which aggregating data at a cross border basis on a global level had failed. There was no standardisation, and there were currently 29 of them. Consistent regulation and standardisation was essential.
Leveraging and Managing Digital Developments
A regulatory body representative said that consumers wanted online services, 24/7 access and protection of big data; that was what they needed. Two obvious developments to accompany that were instant payments and mobile payments.
He stated that in the Digital Single Market they had had new efforts in areas trying to stimulate fintech, as well as the relevant areas of regtech and legaltech. He thought that regtech was interesting in applying digital technologies to regulatory compliance and that it could also have helped to provide data for supervisory authorities from a range of areas.
They had also funded research and innovation in blockchain to see how it could be developed from the technological side. In their recent communication on digitising European industry they had underlined how the free flow of data through cloud based standardisation could enable new approaches. Real time access to data would also make life easier for regulators in combating fraud, preventing regulatory arbitrage, and ensuring financial stability.
He thought that they had a seamless Digital Single Market. He saw that digital platforms could help both SMEs wanting access to finance and large companies that wanted to raise capital, to get funding across borders rapidly and reach those that had not had as much access. He said that it could also access securitisation in a way in which the consumer, and financial stability, were protected and regulatory arbitrage was prevented.
He emphasised that the Digital Single Market was one of the top 10 political priorities of the Juncker presidency of the European Commission, and that that included cyber security. He said that the NISD had been agreed, and addressed infrastructural sectors including banking, health and transport. He emphasised that the Digital Single Market was taking a holistic, citizen centred point of view.
One speaker was disappointed to hear that that the issue was in the top 10, and not the top two. He thought that the potential of the network benefits for Europe was enormous. A regulatory body representative responded that he was not wrong. He said that the interesting thing was that that was what consumers wanted. He said that a typical scenario was when an individual tried to buy something but it was blocked. He said that in addition to finding a paralegal or legal solution, they also needed a framework for the development of the connection.
In terms of the approach to consumers, they were about to launch evidence gathering and would look at what would happen if there were problems with the algorithm, application, or software. That would go beyond financial services. A speaker on behalf of a regulatory body noted that it was important to consider that citizens took a holistic view of their needs, whether in financial, services or privacy, where they did not fit their regulatory framework.
One had to look at technologies like blockchain and that future regulation needed to be future proofed and not application, or technology, specific. Blockchain had to be looked at across sectors. An industry representative agreed that 18 months ago nobody had heard of blockchain, and that in one year’s time it would likely be outdated and replaced by something else.
One speaker wanted to know where they should be in Europe in one to five years’ time. A public authority spokesperson thought that it was clear that they wanted a Capital Markets Union and seamless flowing of markets. The difficulty was in knowing through which tools they could achieve that. He stated that the equilibrium was to have clear ambitions whilst upgrading the expertise, so that they could understand the means.
Regulatory Risk and Opportunity
A public authority spokesperson shared the observation that they were talking about a moving target. That reflected what they were pursuing in a report currently being prepared on blockchain technology, whereby they said that if they were to engage in precautionary regulation, they would likely get it wrong and stifle innovation. He expected to vote on the report in the following week. They were in favour of observing and waiting, under the precondition that observation was something active. He added that regulators needed full attentiveness and technical expertise to closely monitor what was happening.
That was why they had had the idea of a cross cutting task force on blockchain looking beyond the applications in the financial sector, to make observation more active. He said that when required, regulation would then be able to act swiftly. He therefore supported that approach, so long as the observation was active and strategic considerations were remembered.
A banking industry representative said that the private sector was both reassured by what he had heard and constrained in moving forward in their digital strategy. He outlined that the industry needed to work on blockchain and be allowed to do so in multiple ways. Work would then lead to regulation, but it was still at the stage of development whereby it was difficult to say which technology was the best. They had to ensure that the regulatory framework allowed the best technology to win.
He stated that the industry had selfish reasons for wanting that to be the case. Blockchain was not a financial services exclusive technology. Therefore, it was important that the framework allowed the best technologies to win. When discussing standardisation, one had to distinguish between official standards and de facto standards. In current technology, the de facto usually won. One speaker noted that other organisations were also working on that.
The other factor was that there was an important point around the balance of responsibilities. It was easy to say that they should help financial services businesses, fintech, and move forward with regulators. In terms of the businesses that had come into the Project Innovate, they had had over 400 requests in 16 minutes and helped over 200 firms. One of the criteria that they had used was to assess the benefit to the consumers; if it did something for them, then it was great.
An industry representative stated that the regulators were rather far behind, and that unless some innovative thought occurred in the Commission and other bodies, they could struggle to keep up.
Addressing Cybersecurity of Consumers
An industry representative stated that the main issue was the balance of responsibilities between the traditional financial services industry, the new entrants, and consumers. He explained that they did not want consumers left on their own, as they may have felt when looking at things on the internet. Equally however, people had to accept accountability. He outlined that there was a dangerous presumption that technology was safe and secure. They needed to find the right balance, whether through privacy threats, price and product performance.
A public authority representative said that cybersecurity was also important. They had to ensure that sensitive information stored on digital platforms was secure from attacks, and that they used eID to distinguish between customers and others.
A consumer representative said, on consumer responsibility, that the consumers always had to make a choice. In some markets, consumers were not capable of making complex financial decisions, particularly in pensions. He said that regardless of the financial education one gave to consumers, they would never be an actuary or be able to take into account the risk return trade offs. He mentioned that auto enrolment in the UK1 was a default option that 99% of workers had taken.
A speaker on behalf of a public body emphasised the importance of the consumer protection issue. He said that consumers wanted to be protected. In the context of digitising European industry, they were about to launch a public consultation on the safety of applications and non embedded software. That was based on the fact that the consumer product safety and liability did not apply to those downloadable at the European level and in most Member States’ legislation. They were currently gathering information, and wanted to hear from the finance communities, and others.
An industry representative stated that there were also interesting opportunities around new risk pools. The internet brought all sorts of interesting opportunities with regards to how they were connected with the world around them, as well as new risks. Consumers needed to know how to be protected in those areas, and needed new innovative products. There were further interesting opportunities and threats that came with that.
He outlined that current cyber crime costed around $445 billion globally. A lot of cyber crime came from hacktivists, but more was state sponsored. It was very sophisticated and outside of the boundaries of individual states and regions. He stated that regulators and the industry needed to be aware of that; and that the insurance industry certainly was.
A banking sector representative said that in the end it would be the consumer that decided who the winners were in technology. He said that, in technology, bad usability and experiences usually competed with security; the easier things were made, the larger the security risks. In some cases, it was possible to get the best of both; biometrics in the mobile world was easy to use and increased security. Big data was another. He stated that there were many good uses for big data, and asked how they could regulate it.
A speaker on behalf of a public authority thought that the benefits were potentially very significant. He said that the conceivable reduction in transaction costs with the technology was enormous. One issue where he was unsure was the extent to which big data would be replaced by having better access to mobile micropayments, where instead of paying with data, one paid with money. There was also the question on the extent to which the big data challenge for privacy would become more nightmarish than it already was. He did not know, but it was something that had occurred to him, and he thought that they should have been looking for an answer.
He suggested that an ideal answer would have been one in which digital financial services contributed towards enhancing privacy rather than endangering it more. He was curious to hear others’ views on that.
One panellist outlined that another issue was what the market mechanism was to reward the people and companies that did good things, such as when a comparison website informed a consumer of the prices of a competitor. He said that that received a very good consumer response. He stated that there were all kinds of reputation systems on the internet; they were good, and forced good behaviours. They were not regulation, but served as a self regulating mechanism.
One speaker noted that they were all encouraged by that, but said that things still went wrong; so, in terms of how they resolved disputes, they could not just rely on the market. An industry representative said that he would be surprised if PSD2 did not lead to more account takeovers. He thought that it was another tool for criminals to use. He said that he did not have a good answer. There was always a positive and a negative side in anything to do with technology and innovation, and both sides had to be understood.
He added that for the particular case of account takeovers they needed more big data in the background. He noted that people rarely used different passwords for different accounts, and so if a password was stolen from somewhere, it could potentially give the thief access to an individual’s banking or other services.
On the issue of cyber security and account takeovers a public authority spokesperson said that there was a question of what the incentives were around protecting people. Legislators had increased the requirements in confidentiality, integrity, and availability of data that had been present in previous directives. He added that when PSD2 came out it would add strong customer authentication.
Further coordination efforts beyond national borders
An industry representative said that they were working with both regulators and national security agencies to find the balance between privacy and security. He noted that everybody was concerned, and personal privacy differed in different countries; but there was a trade off with the security that they got against terrorism which was very real in both physical and cyber events. He agreed that that sounded extreme, but stated that 30 countries had published cyber warfare doctrines.
He said that they had to be aware that they had to share information with national security agencies that looked after individual system security. He said that they would soon be in a different regime in terms of publicising breaches on individual companies; the insurance industry would adapt to that and provide cover for the costs of significant breach notifications. He said that they had ways of protecting themselves, but there was a trade off between security and privacy.
One speaker agreed. He said that all regulators needed to improve their coordination efforts. In a pan European context they needed to have the accompanying measures; one of which was to ensure that they cooperated sufficiently on security and cyber crime. The old approach had been to keep weaknesses a secret, but that would not be sustainable moving forward.
A public authority spokesperson thought that they needed more sophisticated ways of stress testing their systems; they needed to think about stress testing in a broader sense. That was partly a regulatory issue, and also partly a question of developing the right kinds of concepts.
A regulatory body representative continued that when someone asked what type of regulation one needed, he said that they needed strategy before regulation. He was convinced that a sandbox beyond national borders would be more meaningful than within national borders, because most challenges were cross border rather than domestic.
Digital Developments in Retail Finance
A public authority spokesperson thought that they had a huge opportunity: some 315 million European consumers used the internet, but only 15% had completed any cross border trade. He stated that technology was not being fully utilised at present, so there was opportunity for development.
He outlined that in the UK 89% of households had internet access, and an EY report had suggested that 15% of digitally active consumers had engaged with at least one fintech product in the past six months. In the European comparison, they were considering the UK as frontrunner in digital innovation.
A key strength of the fintech businesses was that they were not constrained by legacy. He said that whether they were legacy systems or legacy governance structures, those firms were more fleet of foot, and they were seeing a lot of activity in small, new and challenger businesses coming in.
He emphasised that it was important to recognise that that was currently centred on a number of areas. Peer to peer lending was growing at an exponential rate in the UK, and there were plenty of other opportunities around things like regtech. They did not go to robo advice, but streamlined back office processes. He stated that that was important.
A consumer representative said that he was not reassured. He stated that to fully reap the benefits of digitalisation they also needed a digital upgrade to financial consumer protection. He stated that if one googled ‘fintech’ they would find promises of revolutionising management of personal finance, with online platforms that would cater for banking and insurance needs at a low and transparent cost, hassle free. He asked whether the ‘hassle free’ factor was too good to be true.
He agreed that some changes were welcome in retail finance, which was still bottom in terms of consumer satisfaction. Some new entrants would provide competition to the market, but the impact of fintech on the average consumer was currently not that large.
They were seeing major trends changing in the digital environment. The first was the increasing number of products being bought online. In the UK, 45% of banking products were bought online. He said that the lower distribution costs could give better choice and information to consumers; and consumers in front of a computer made better informed choices because they were less prone to sales pressure. However, he stated that when buying financial products online it was very easy to buy a toxic investment product. They had to consider redress in those situations.
The second trend was towards 24/7 availability. He stated that individuals checked their mobiles 150 times per day, which could empower consumers to more actively manage their financial lives. At the same time, applications that warned one not to overstretch their budget could lure them into costly credit.
One speaker noted that the problems had been raised from a consumer perspective. He said that if regulators were attentive, they would have a way of helping consumers to make better and unbiased choices. That seemed to be a good thing.
A consumer representative agreed, and noted that they welcomed change, peer to peer lenders, and robo advice. They believed that the majority of consumers had a generic profile and that they could have had more standardised products. In addition to having better deals to consumers also needed safeguards. He highlighted that the UK had a strong consumer protection agency, but that the Lithuanian and Hungarian markets did not have those standards. Therefore, there was a danger of regulatory arbitrage.
One speaker agreed that they would need stronger coordination by regulators and supervisors to ensure that they knew what was going on.
A representative of the consumers said that in terms of supervision, there were product intervention powers. MiFID had given powers to some national competent authorities to ban bad products, so those powers ought to have been used. He said that there should also have been supervisory convergence in that respect, and they welcomed the ESMA work on the suitability requirements.
An industry representative outlined that the challenge was that the volume of transactions going on in fintech as a substitute for the developments that were happening were very significant. The question was on how to ensure that they kept up with them.
The second point, from a consumer perspective, was how to ensure that they had a level playing field between those who wanted to engage through digital and those that did not. There were things that needed to be considered before the more detailed regulatory issues. The Single Market point was one of the most challenging things in terms of the room for mischief that had been alluded to.
He outlined that he would draw a distinction between protection products and investment, or long term credit, products. In terms of general insurance, he was not worried; but he was far more concerned with longer dated products. An industry representative wanted to add to the issue of awareness and transparency. He said that a great deal of their regulation was old style; they had a stack of paper called a product information document, which they had to digitalise and convert to video format where necessary. He said that it was also important that they made the distinction between advised and non advised sales. Some things were a straightforward purchase, but other things were more complicated and life changing. That went back to the earlier point on timescale of products and the overall implication for the consumer. There was also an opportunity, particularly with long term products, to communicate better with customers. He stated that financial services businesses in the UK tended to give people things to read which inevitably ended up unread and in the bin. Some larger firms had resorted to videos and interactive applications to communicate with people. In one example a firm had had either a leaflet of their communications, or a 30 second video that was much better. There were opportunities, but there were inbuilt challenges that needed to be overcome through technology.
They had to work out whether lots of people were homogeneous; he was not convinced that they were. He worried that people were at different stages of their lives. He struggled to accept whether robo advice or robo processes could model out the challenges that people were likely to face over a five to seven-year period. However, he accepted that he perhaps just did not understand the algorithms that they used.
A public authority representative noted that one challenge in retail services was that ultimately those contracts were governed by national private law. He asked what they could do at the European level to ensure that things did not go wrong when the new products came up.
A consumer representative outlined that on the transparency of costs a lot of fintechs were good at disclosing costs of bank accounts and robo advice upfront. That was something that they welcomed from the new players.
A consumer representative also thought that the regulatory disclosure rules would probably be obsolete already because they were not fit for the application disclosure rules that they had in place. He said that a more layered approach was possible with online disclosure, which was something that they needed to look at.
A consumer representative outlined that big data was a major concern. It could be said that consumers could profit from more aggregate information, but that came with privacy issues. Big data would allow firms to make more personalised risk assessments. There were major questions around what information would be used to inform credit and insurance areas, and they would also need a digital upgrade of the financial consumer protection framework.
An industry representative outlined that that was a changing area for those in the insurance industry. The big issues were around risk pricing and election, acquiring more data, and being able to develop products that were more appropriate for people’s individual risk needs. He noted that he did not believe that small groups became disenfranchised by technology, but rather they became enfranchised.
Another issue from an insurance industry perspective was in understanding the customer. He stated that big data helped inform the customer and was about influencing behaviour, and how people managed their own lives. He asked why people would not choose to utilise greater transparency of their own data than to buy a policy that may not address the fundamental risk that they were presenting to themselves.
A public authority representative noted that big data had been mentioned in relation to credit. They had seen people with no credit footprint that had been helped by it. He stated that, used the wrong way, it could be dangerous. It was important that the protection was there, but also that the protection was flexible, based on the complexity of what was sold and to who.
A consumer representative agreed that they had to be careful to not financialise their personal lives. He explained a case in which a dental insurer sold Bluetooth toothbrushes that tracked the way individuals brushed their teeth; the better they brushed their teeth, the lower their premium. He asked how far the technology was going.
Opportunities and Confidence in Cross Border Digital Trade
A speaker noted that few Europeans traded digitally across border. He asked if others saw opportunity in that space. A regulatory body representative thought that it was an opportunity if done well. He reflected that anything could be mis sold if they tried hard enough. It was about what the proposition to the customer was. A simple process to sell simple things to customers, regardless of whatever complex procedures went on under the surface, made sense.
A regulatory body representative said that one reasonable question was whether they wanted to take a step further towards imagining ways to encourage taking up security investment. If they did not, then they would lose the confidence of clients, because clients that had their accounts taken over typically blamed the banks in part. He stated that they could probably imagine ways to encourage uptake of security investment.
One speaker said that it had struck him that they needed to develop confidence in the system with confident consumers buying online, being taken through good advice channels, and being behaviourally sophisticated. He said that people also wanted to know that if they made mistakes there was a sort of insurance mechanism.
One speaker asked whether they would need a cross border dispute settlement system, or if they would fall back on national law. He did not know, but said that the answer was very important. A public authority spokesperson did not know either, but agreed that they needed to work on it before they started to build skyscrapers.
An industry representative said that, whilst there had been complaints, the ombudsman service in the UK had worked relatively well. Where individuals had had problems with individual products, there was a mechanism to deal with it. In the case of a system problem, it was not ideal. It had not been ideal in the case of PPI2, where many fraudulent claims had been submitted.
He said that the principle of a public body stepping in to make a correction if something went wrong with a product in aggregate, as opposed to having an institution in place, had been a successful way of doing it. Many complaints had happened as a result; but he maintained that a public authority intervention seemed the best response, and he had not seen it in other countries. He said that they had to trust the public authority to step in if there was a problem with a product and put things back into the correct state.
A banking representative agreed. He said that the systemic approach needed to be handled at that level. However, there would still be individual firms making individual errors, and the response they needed to develop was an extension of the professional indemnity type covers that were currently available.
A public authority spokesperson outlined that there was a fear of the unknown. They found that people tended to migrate towards the things that they were familiar with, and that that behavioural bias was seen beyond the financial services.
He continued that digitalisation changed national biases. He said that one could plausibly have a platform in Estonia, an investor in the UK and an investment in Poland. The key thing was that people expected to know what protections came with those, and whose dispute resolution they needed to use if it went wrong.
On redress, a consumer representative noted that firms were not obliged to adhere to an out of court complaints system. On the algorithms, he said that they had to look at supervision, which would also be important for getting the digital upgrade of financial consumer protection.
An industry representative said that the panel had been focused on sales and selling products to customers. He encouraged them not to forget that the large fintech investments would be around cost reduction in terms of the adage of saving costs by shutting buildings. He said that they should not overlook the implication of the whole debate in terms of profitability and the returns on equity that they had discussed the day prior.
A banking sector representative said that there were several topics that could have been discussed. One thing that they had not discussed was PSD2 and CRD IV. He said that in a converging world where lines between industries were being blurred, partially due to technology, the impacts that came from regulation for one industry may have had unexpected consequences. He said that he had recently received an email saying that the technology person he had tried to hire would not join him because of CRD IV; with three of the four people that he had lost for that positon, CRD IV had been the biggest issue. Nobody had anticipated that when it was written and so there had been surprising consequences.
A speaker thanked the panel. He wanted to conclude that they thought that there was an opportunity for Europe, if they got it right. They wanted an open and innovative environment, and to encourage the cross border issues that had been mentioned. They had to be attentive to the security issues and needed to have tough, responsible monitoring from regulators and supervisors.
There had also been points raised around stress testing systems, ensuring a level playing field, and building consumer confidence. He thought that the new technologies could do an educational job that no other system could, and added that in Indonesia they would provide education to 220 million through mobile applications.
He summarised that if they could do their jobs well and in a balanced way then there would be huge potential dividends for Europe, in financial services, digital technologies, retail, and across the economic framework.
1 It makes compulsory for employers in the UK, to automatically enrol their eligible workers into a pension scheme
2 Mis-sold payment protection insurance policies