Sound practices: fintech implications for banks and supervisors
The Basel Committee on Banking Supervision (BCBS) has published a research paper, “Sound practices: implications of fintech developments for banks and bank supervisors”, which identifies ten key implications and related considerations for the industry.
Implications and considerations:
The nature and scope of banking risks as traditionally understood may significantly change over time with the growing adoption of fintech, in the form of new technologies that can affect bank business models. While these developments may give rise to new and additional risks, they may also open up new opportunities for consumers and banks.
While bank supervisors must remain focused on ensuring the safety and soundness of the banking system, they should be vigilant for opportunities to enhance both safety and soundness and financial stability while monitoring for current practices that might unduly or unintentionally hamper beneficial innovations in the financial industry.
Key risks associated with the emergence of fintech include strategic risk, operational risk, cyber risk and compliance risk. These risks were identified for both incumbent banks and new fintech entrants into the financial industry.
Safety and soundness and financial stability can be enhanced by implementation of supervisory programmes to ensure that banks have effective governance structures and risk management processes that appropriately identify, manage and monitor risks arising from the use of fintech including associated new business models applications, processes or products.
These structures and processes may include:
- Robust strategic and business planning processes that allow banks to adapt their business strategies to take into account the potential impact new technologies and market entrants may have on their revenue.
- Staff development processes that ensure that bank personnel have the appropriate awareness and capability to manage fintech risks.
- Sound new product approval and change management processes to appropriately address changes not only in technology, but also in business activities.
- Risk management processes in line with the portions of the Basel Committee’s Principles for sound management of operational risk (PSMOR) that are relevant to fintech developments.
- Processes for monitoring and reviewing new products, services or delivery channels for compliance with applicable regulatory requirements, including, as appropriate, those related to consumer protection, data protection and anti-money laundering (AML) and countering the financing of terrorism (CFT).
Banks, service providers and other fintech firms are increasingly adopting and leveraging advanced technologies to deliver innovative financial products and services, such as artificial intelligence (AI), machine learning (ML), advanced data analytics, distributed ledger technology (DLT), cloud computing and application programming interfaces (APIs). While these innovative technologies present opportunities, they may also pose new sources of risks.
Banks relying on these innovative technologies should ensure they have effective IT and other risk management processes and control environments that effectively address new sources of risk. Bank supervisors, for their part, could enhance safety and soundness by ensuring that banks adopt such risk management processes and control environments.
Banks are increasingly relying on third-party service providers for operational support of technology-based financial services; as a result, the delivery of these services has become more modular and commoditised. The primary drivers of outsourcing are cost reduction, operational flexibility and increased security and operational resilience. While operations can be outsourced, the risks and liabilities associated with those operations remain with the banks.
Safety and soundness and financial stability can be enhanced by implementation of supervisory programmes to ensure that banks have appropriate risk management practices and processes over any operation outsourced to or supported by a third party, including fintech firms, and that controls over outsourced services are maintained to the same standard as those applied to operations that the bank itself conducts. Relevant practices and processes include due diligence, operational risk management, ongoing monitoring and appropriate execution of contracts with third-party service providers that set out the responsibilities of each party, agreed service levels and audit rights.
Fintech developments are expected to raise issues that go beyond the scope of prudential supervision, as other public policy objectives may also be at stake, such as safeguarding data privacy, cyber- security, consumer protection, fostering competition and compliance with AML/CFT.
Where appropriate, safety and soundness and financial stability can be enhanced by bank supervisors communicating and coordinating with relevant regulators and public authorities, such as those charged with data protection, consumer protection, fair competition and national security, to ensure that banks using innovative technologies are complying with the relevant laws and regulations.
Many fintech firms, in particular those focused on lending and investing activities, currently operate at the regional or national level. However, some fintech firms, especially those engaged in payments (in particular, wholesale payments) and cross-border remittances, already operate in multiple jurisdictions and have high potential to expand their cross-border operations.
Given the current and potential global growth of fintech firms, global safety and soundness can be enhanced by further supervisory coordination and information-sharing where appropriate for cross-border fintech that affects banks.
Fintech has the potential to change traditional banking business models, structures and operations, including the delivery of financial services. Such fintech-related changes may require bank supervisors to reassess their current supervisory models and resources in order to ensure continued effective oversight of the banking system.
Safety and soundness could be enhanced by bank supervisors assessing their current staffing and training programmes to ensure that the knowledge, skills and tools of their staff remain relevant and effective in supervising the risks of new technologies and innovative business models. Supervisors may need to consider the addition of staff with specialised skills to complement existing expertise.
The same technologies that offer efficiencies and opportunities for fintech firms and banks, such as AI/ML/advanced data analytics, DLT, cloud computing and APIs, may also have the potential to improve supervisory efficiency and effectiveness.
Safety and soundness and financial stability could be enhanced by supervisors investigating and exploring the potential of new technologies to improve their methods and processes, and they may wish to share with each other their practices and experiences.
Current bank regulatory, supervisory and licensing frameworks generally predate the emergence of technology-enabled innovation. In some jurisdictions, prudential authorities do not have a remit for firms that are not banks, and some services previously conducted by banks are now being provided by other firms that may not be regulated by bank supervisors.
Where appropriate, a review by bank supervisors of their current supervisory frameworks in the light of new and evolving fintech risks could uncover ways in which elements of these frameworks could evolve in a manner that ensures appropriate oversight of banking activities while not unduly or unintentionally hampering beneficial innovation.
Supervisors in some jurisdictions have put in place initiatives to improve interaction with innovative financial players that could facilitate innovative technologies and business models for financial services, for example innovation hubs, accelerators and regulatory sandboxes.
Supervisors could learn from each other’s approaches and practices, and consider whether it would be appropriate to implement similar approaches or practices.
Full paper can be accessed here (a PDF document), published on the Bank for International Settlements (BIS) website.