BIS fintech report: More harmonised standards and less TPP reliance
The Bank for International Settlements (BIS) has published a cross-country review on the fintech regulatory landscape, in which “the lack of harmonised standards” and the new risks posed by increased third-party provider (TPP) reliance are addressed.
“A major challenge for authorities will be overcoming the lack of harmonised standards and interoperability in some enabling technologies,” the report reads, citing application programme interfaces (APIs) and distributed ledger technologies (DLTs) as two examples.
Whilst the lack of commonly accepted APIs in some regions will pose “potential inefficiencies for third parties or fragmentation of the digital financial ecosystem”, the report says on DLTs: “There is a worldwide need to develop international standards that will allow for interoperability and compatibility among multiple DLT protocols.”
The lack of a common standard for APIs is one of the main reasons cited by the fintech industry for the slow evolution of open banking across Europe. The time and cost to build and maintain APIs, as well as the economic cost for smaller banks to develop and adopt APIs, were also cited in BIS’s November 2019 report as reasons why open banking is still being stifled across the continent and more globally.
In alignment with BIS, a report by European Union agency eu-LISA last November found that “for technologies – whether blockchain, DLTs or any other – to be successfully integrated into an existing government IT service infrastructure, they must be interoperable with different ledgers as well as existing ecosystem structures, ensuring that data can be exchanged with partners outside one’s immediate ecosystem.”
The agency surmised that “despite some applications of blockchain and DLTs emerging in some domains, these technologies are yet to prove that they may be applied reliably, especially for cross-EU large-scale IT systems”.
The BIS report also touched on “increasing reliance on third-parties in services with a high concentration of providers”. The paper says this reliance could pose new risks to financial institutions, forcing them to depend on IT and third-party data providers.
“Operational failure, cyber incident or insolvency” are all risks cited in the report. Last year saw a whole host of operational failures – most commonly banks’ digital services experiencing downtime – and data breaches in financial institutions.
Most recently, Travelex – which uses a third party Pulse Secure VPN enterprise solution – was hacked and ordered to pay a $3 million ransom to release the hacker’s grip on its systems. The breach sent a ripple effect through all the banks which used its service, causing First Direct, Barclays, Sainsburys Bank and Virgin Money to all suspend their currency exchange.
As for downtime, last year the UK Treasury called on regulators to hold banks to account for “unacceptable” amounts of IT failures. But some major banks want their TPPs to take more responsibility too.
Lloyd’s head of IT risk & governance Ameet Jugnauth told FinTech Futures at CSConnect 2019 “technology firms are not getting the same level of scrutiny and heat” when it comes to banking app downtime as financial services organisations do.
Jugnauth had no doubt that “to have that [government] attention on it is the right thing”, but felt there is definitely a “quirk” in the way culpability is currently distributed.
BIS’s report also dubbed big technology companies as a competitive threat to financial institutions. “Given their wide customer base, high capitalisation, expertise in innovative technologies and ability to use customer-permissioned non-financial data, big tech firms may have some competitive advantages,” the report reads.
“This might reduce the resilience of financial institutions, either by affecting their profitability or by reducing the stability of their funding, with the potential to change the competitive dynamics in financial services.”
This report cited similar challenges with the emergence of global stablecoins, which it says “may pose challenges and risks to fair competition, financial stability, monetary policy and, in the extreme, the international monetary system”.