No De-Fi-ing the regulators

But again the challenge for government sand regulators is how to address that challenge without – as happened in the financial crisis – exposing the whole system to catastrophic failure. For which taxpayers then must foot the bill.

This debate is increasingly urgent as the realms from which potential innovation – and consequent risk – is emerging are becoming far more disparate, both in the quantity of new competition and the kind competitors.

During the last financial crisis, the major players, by and large, were known entities – banks, hedge funds, insurers, market makers. In recent history, non-bank competition – whether it has been from retailers, telcos, tech companies, industrial companies or wherever – has not been a systemic threat.

But with the emergence of huge technology companies – bigtech – revolutionary fintechs, neo-banks and non-traditional funding sources such as private capital (at least in terms of its current scale) systemic threats are possible.

Already in China so-called “everything apps”, notably WeChat, which enclose almost all of a customer’s activities from social networking to state interaction to commerce to financial services, have emerged. Elon Musk has tweeted that’s what he aspires to with his acquisition of Twitter which would be “an accelerant to creating X, the everything app."

Little wonder financial services regulators are sitting up. In a recent paper “Safeguarding Trust in Banking: An Update”, Michael Hsu, the US Acting Comptroller of the Currency, articulated the risk.

“The growth of the fintech industry, of banking-as-a-service (BaaS), and of big tech forays into payments and lending is changing banking, and its risk profile, in profound ways,” he argued.

“The ‘de-integration’ of banking services that is taking place now has its roots in technology, data, and operations and is affecting all banks, not just the large, money centre banks. My strong sense is that this process, if left to its own devices, is likely to accelerate and expand until there is a severe problem or even a crisis.”

According to the global banking regulator, the Bank for International Settlements (BIS), there are different dimensions to the systemic risks – including for central banks. For example, in a recent research paper, the BIS found “central banks deem the potential losses from a systemically relevant cyber attack in the financial sector to be large, especially if it targets a big tech providing critical cloud infrastructures.”

So who would be regulated in this case? The central bank or the big tech?

The growing universe of risks facing the financial system together with, and often amplified by, the networked nature of modern communication means not only is risk more complex but regulators are acting more precipitously.

Take big tech, for example. The BIS has just released an analysis which lays out its concerns comprehensively.

“In the case of big techs, most of the risks arise from their ability to leverage on a common infrastructure – notably large amounts of client data – that helps them gain a competitive advantage in a wide variety of non-financial and financial services and create substantial network externalities,” the paper said.

“Big tech business models entail complex interdependences between commercial and financial activities and can lead to an excessive concentration in the provision of both financial services to the public and technology services to financial institutions; consequently, big techs could pose a threat to financial stability in some situations.”

Then to the point: “The challenges that this specific business model pose for society cannot be fully addressed by the current (mostly sectoral) regulatory requirements.”

The BIS sees two specific regulatory approaches: “The first is segregation, which is a structural approach that seeks to minimise risks arising from group interdependencies between financial and non-financial activities by imposing specific ring-fencing rules.

“An alternative approach to segregation is inclusion, which consists in creating a new regulatory category for big tech groups with significant financial activities. Regulatory requirements would be imposed for the group as a whole, including the big tech parent.”

Other regulators, including in Australia, are seeking to understand the inter-related risks across regulated entities and the expanding universe of their non-regulated partners, suppliers and network providers.

In another example, the International Monetary Fund is considering what regulatory models might apply to the really non-traditional world of DeFi and crypto.

“Entities operating in financial markets are typically authorised to undertake specified activities under specified conditions and defined scope,” the IMF said in a paper on regulating crypto assets.

“But the associated governance, prudence, and fiduciary responsibilities do not easily carry over to participants who may be hard to identify because of the underlying technology or who may sometimes play a casual or voluntary role in the system.”

How these regulatory agendas will unfurl will, ironically, become one of the key risks participants in the financial system – traditional and non-traditional – will have to navigate. And the over-riding lesson from regulatory history is someone will pay for it – and if the risk takers don’t, we all will.

Andrew Cornell is Managing Editor of bluenotes