The report (PDF 0.98 MB) highlighting ten issues that merit the attention of supervisors and regulators, of which the first three are put forward as priority areas for international cooperation.
- Managing operational risks from third-party service providers. Existing oversight frameworks for important third-party service providers (for example cloud computing and data services) to financial institutions may need to be enhanced, in particular where financial institutions rely on the same third-party service providers.
- Mitigating cyber risks. Recent reports of significant and successful cyber-attacks reinforce this concern. The report recommends greater efforts on contingency plans for cyber attacks, information sharing, monitoring, and a focus on incorporating cyber-security in the early design of IT systems.
- Monitoring macro-financial risks. Systemic risks and procyclicality could emerge from a number of sources, including greater concentration in some market segments and if funding flows on fintech lending platforms were to become large and unstable. The report notes that available data on these risks are limited.
- Cross-border legal issues and regulatory arrangements. Innovations in cross-border lending, trading and payment transactions raise questions about the cross-jurisdictional compatibility of national legal frameworks. The legal validity and enforceability of smart contracts and other applications of distributed ledger technology are in some cases uncertain.
- Governance and disclosure frameworks for big data analytics. Similar to the use of algorithms in other domains, such as securities trading, the complexity and opacity of some big data analytics models makes it difficult for the authorities to assess the robustness of the models or new unforeseen risks in market behaviour, and to determine whether market participants are fully in control of their systems.
- Assessing the regulatory perimeter and updating it on a timely basis. Regulators should be agile in responding to rapid changes in the fintech space, and should review the regulatory perimeter regularly.
- Shared learning with a diverse set of private sector parties. The authorities should continue to improve communication channels with the private sector and to share their experiences with regulatory sandboxes, accelerators and innovation hubs.
- Further developing open lines of communication across relevant authorities.
- Building staff capacity in new areas of required expertise. Supervisors and regulators may not have adequate resources and skill-sets to deal with fintech.
- Studying alternative configurations of digital currencies. Relevant authorities should analyse the potential implications of digital currencies for monetary policy, financial stability and the global monetary system.
Financial institutions can therefore expect at least a growing supervisory interest in their use of fintech innovations, even if some of the underlying themes are already familiar from earlier supervisory initiatives on outsourcing, cyber security and risk governance.
In addition, this FSB report adds to an ever-growing series of papers from international standard-setters and national regulators that point clearly towards new regulatory measures in response to fintech, even if the precise nature of such measures remains to be determined.
For more on how this will affect the asset management industry, read our technology chapter in Evolving Investment Management Regulation.