The financial system is undergoing a profound transformation with the inclusion of new - fast global technologies. ‘FinTech' can lead to new opportunities, including new financial inclusion opportunities, but it can also create new risks or increase existing ones. Regulators are doing their best to deal with all those challenges with various policies and laws in jurisdiction across the globe, but it is still not certain whether this will be enough to safely modernize the financial industry and address the risks that come with it. It comes as no surprise that regulation has emerged as the government’s number one concern and financial services becoming one of the most regulated sectors in the world.

The list of regulatory responses to FinTech-related risks continues to lengthen. It comes in many forms and covers areas such as:

Regulatory perimeter - some FinTech developments, such as the use of cryptocurrencies makes us wonder where the regulatory perimeter should be drawn. The regulatory network is expanding and some companies that are currently outside the area may be regulated in the future. As the regulatory net expands, the intensity of regulations may increase as well.

Data and AI (artificial intelligence) - EU General Data Protection Regulation (GDPR) and other data protection legislation already cover some of the data protection issues arising from FinTech. However, FinTech developments are constantly highlighting new areas where additional or renewed regulation may be needed, such as the use of artificial intelligence and distributed ledger technology, and in the general trend towards raising an increasing number of financial and non-financial issues data from and sharing across a wider set of parties. More intense debate in the future will probably be needed about appropriate frameworks for collecting, storing, sharing and the use of data, both domestically and across borders.

Accounting and regulatory treatments - FinTech can create new types of exposure, such as crypto assets, which require clarification or revision of accounting and regulatory (risk weight) treatments.

Retail conduct - regulations turn to well-known consumer protection approaches for the first time in the FinTech age, by using a mixture of:

  • transparency and disclosure to help raise consumer awareness of nature and risks of products and services
  • Prohibit and restrict certain products and services for retail customers and
  • Re-writing detailed business rules to accommodate them

Risk management - Although largely covered by existing regulatory requirements for risk management, some FinTech development plans generated regulatory responses that urge regulated companies to address specific emerging online risks in the context of risk management. This includes the risk of money laundering and market abuse in the use of crypto assets; risks arising from the use of distributed ledger technology in payment, clearing and settlement systems and in the storage and validation of transaction data in general.

Governance of regulated firms - regulators are increasingly setting rules or guidelines that focus on ensuring that boards and senior management have sufficient awareness and understanding of the FinTech applications that the company uses to effectively manage risks.

Open Banking - regulation has in part constituted a market in open banking by establishing the basis on which data can be shared between different parties, usually through an application programming interface (API).  

Cybersecurity - regulators generally focus on national implementation of international standards in the key areas of governance, workforce skills, identification (risk analysis and assessment), security and detection (access management, information security, security controls, expertise, training, monitoring and testing, and information sharing), and incident response (crisis management, recovery and learning lessons).

Financial stability - regulator’s first steps are likely to continue on focusing on data and information collection and analysis, but over time some regulatory interventions may emerge in response to the FinTech related risks to financial stability.