In this issue:
Hello readers! Yours truly is finally back in the office after spending some time in Abu Dhabi and Dubai to attend the Milken Institute MEA Summit 2020. I had a fantastic time, and it was great to be able to connect and reconnect with so many of you in the UAE, Bahrain, Saudi Arabia, and the larger MENA region. There’s a lot to unpack from the trip—I’ll include a few highlights in the next release of FinTech in Focus.
In this edition, we focus on the unveiling of the European Union’s digital strategy, tax compliance regarding the use of virtual currencies, industry efforts regarding data access, open banking developments in Asia, and the Federal Reserve’s decision to speak on multiple FinTech-related issues, among other topics.
The European Commission announced the EU’s digital strategy last week. The unveiling also included two documents covering artificial intelligence and Europe's data strategy. "The White Paper on Artificial Intelligence and the European data strategy are the first pillars of the new digital strategy of the Commission. They are fully aligned with the need to put people first in developing technology, as well as with the need to defend and promote European values and rights in how we design, make and deploy technology in the real economy and how we improve the services of the public sector towards the citizens."
On its data strategy, a few highlights from the policy paper:
The European Commission states that "a small number of Big Tech firms hold a large part of the world’s data. This could reduce the incentives for data-driven businesses to emerge, grow and innovate in the EU today, but numerous opportunities lie ahead."
“The infrastructures should support the creation of European data pools enabling Big Data analytics and machine learning, in a manner compliant with data protection legislation and competition law, allowing the emergence of data-driven ecosystems. These pools may be organised in a centralised or a distributed way. The organisations contributing data would get a return in the form of increased access to data of other contributors, analytical results from the data pool, services such as predictive maintenance services, or license fees.”
“In the exercise of its merger control powers, the Commission will look closely at the possible effects on competition of large-scale data accumulation through acquisitions and at the utility of data-access or data-sharing remedies to resolve any concerns.” In addition, “The review of the current self-regulatory approach for cloud provider switching could lead to further action, depending on the progress made by market players.”
“[T]he Commission will explore the need for legislative action on issues that affect relations between actors in the data-agile economy to provide incentives for horizontal data sharing across sectors.... [O]nly where specific circumstances so dictate, access to data should be made compulsory, where appropriate under fair, transparent, reasonable, proportionate and/or nondiscriminatory conditions.”
On jurisdictional issues related to data, the EU “should not compromise on its principles: all companies which sell goods or provide services related to the data-agile economy in the EU must respect EU legislation and this should not be compromised by jurisdictional claims from outside the EU.”
“The Commission will foster synergies between the work on European cloud federation and Member States’ initiatives such as Gaia-X. This is necessary to avoid multiplication of fragmented cloud federation and data-sharing initiatives, as the success of such an initiative would depend on pan-European participation and capacity to scale. For this reason, the Commission will facilitate Memoranda of Understanding with Member States by Q3 2020, starting with those having existing cloud federation and data-sharing initiatives.”
[T]he Commission will bring together by Q2 2022 a coherent framework around the different applicable rules (including self-regulation) for cloud services, in the form of a ‘cloud rulebook’. In a first instance, the cloud rulebook will offer a compendium of existing cloud codes of conduct and certification on security, energy efficiency, quality of service, data protection and data portability.”
“Additionally, and without prejudice to the EU’s framework for the protection of personal data, free and safe flow of data should be ensured with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations. This would allow the EU to have an open but assertive international data approach based on its values and strategic interests.”
On artificial intelligence, a few highlights from the policy paper:
The plan builds on the EU strategy and coordinated plan of action on AI adopted in 2018. In addition, the current AI plan “proposes some 70 joint actions for closer and more efficient cooperation between Member States, and the Commission in key areas, such as research, investment, market uptake, skills and talent, data and international cooperation. The plan is scheduled to run until 2027, with regular monitoring and review.”
“Member States are pointing at the current absence of a common European framework. The German Data Ethics Commission has called for a five-level risk-based system of regulation that would go from no regulation for the most innocuous AI systems to a complete ban for the most dangerous ones. Denmark has just launched the prototype of a Data Ethics Seal. Malta has introduced a voluntary certification system for AI. If the EU fails to provide an EU-wide approach, there is a real risk of fragmentation in the internal market, which would undermine the objectives of trust, legal certainty and market uptake.”
“The characteristics of emerging digital technologies like AI, the IoT and robotics may challenge aspects of the liability frameworks and could reduce their effectiveness. Some of these characteristics could make it hard to trace the damage back to a person, which would be necessary for a fault-based claim in accordance with most national rules. This could significantly increase the costs for victims and means that liability claims against others than producers may be difficult to make or prove.”
“[A]n AI application should be considered high-risk where it meets the following two cumulative criteria: First, the AI application is employed in a sector where, given the characteristics of the activities typically undertaken, significant risks can be expected to occur; Second, the AI application in the sector in question is, in addition, used in such a manner that significant risks are likely to arise.”
On biometric data: “In accordance with the current EU data protection rules and the Charter of Fundamental Rights, AI can only be used for remote biometric identification purposes where such use is duly justified, proportionate and subject to adequate safeguards. In order to address possible societal concerns relating to the use of AI for such purposes in public places, and to avoid fragmentation in the internal market, the Commission will launch a broad European debate on the specific circumstances, if any, which might justify such use, and on common safeguards.”
On geographic scope: "In the view of the Commission, it is paramount that the requirements are applicable to all relevant economic operators providing AI-enabled products or services in the EU, regardless of whether they are established in the EU or not. Otherwise, the objectives of the legislative intervention, mentioned earlier, could not fully be achieved."
“The conformity assessments for high-risk AI applications should be part of the conformity assessment mechanisms that already exist for a large number of products being placed on the EU’s internal market. Where no such existing mechanisms can be relied on, similar mechanisms may need to be established, drawing on best practice and possible input of stakeholders and European standards organizations.”
Bank Charter—An Alternative Route: Early last week, LendingClub agreed to buy US digital lender Radius Bank for $185 million. The press release includes a list of potential benefits from the transaction, including, the ability to deliver regulatory clarity through a direct relationship with a primary regulator. As Reuters pointed out, the acquisition “comes as other fintech companies, such as payments processor Square Inc, seek to secure national bank licenses, a lengthy and cumbersome process. Online banking startup Varo Money, last week said it had secured approval from the Federal Deposit Insurance Corporation, the latest step in a multi-year endeavor.”
CryptoTaxation: Several developments as it relates to tax compliance for users of “virtual currencies.” First, confusion erupted recently over whether millions of video game users who use various in-game currencies may have to answer to the IRS. Several individuals, including Jerry Brito, executive director of Coin Center, a nonprofit research and advocacy center focused on cryptocurrencies and decentralized computing technologies, raised concerns about the IRS’ inclusion of V-bucks—the in-game currency of Fortnite—among other listed currencies under the agency’s definition of virtual currency. After receiving questions from reporters, the IRS issued a clarification in response, writing, “The IRS recognizes that the language on our page potentially caused concern for some taxpayers. We have changed the language in order to lessen any confusion. Transacting in virtual currencies as part of a game that do not leave the game environment (virtual currencies that are not convertible) would not require a taxpayer to indicate this on their tax return.”
Now, if only there is some way the IRS could stop my kids from doing “The Floss” that would be great.
On the subject of tax compliance, the US Government Accountability Office (GAO) recently released a report titled “Virtual Currencies: Additional Information Reporting and Clarified Guidance Could Improve Tax Compliance.” The report focuses largely on IRS guidance published in 2014 and 2019, as well as efforts underway at the IRS to determine whether taxpayers are in compliance. According to the GAO, in response to concerns expressed by several stakeholders concerning the 2019 guidance, IRS officials stated that the 2019 guidance “[was] limited to the most common issues that would be applicable to most individual taxpayers.” Focus on taxpayers involved in virtual currency businesses or exchanges—or like-kind exchanges—would have taken additional time and, as such, those topics were left unaddressed. In addition, the GAO states that because the 2019 FAQs were not published in the Internal Revenue Bulletin, the FAQs “are not binding on IRS, are subject to change, and cannot be relied upon by taxpayers as authoritative or as precedent for their individual facts and circumstances.” The GAO also found limited third-party information reporting to the IRS on potentially taxable transactions involving virtual currencies. In fact, of the nine major US-based virtual currency exchanges reviewed by the GAO as of November 2019, less than a handful indicated on their websites that they report certain transactions to the IRS. According to the GAO, IRS officials “…told us that they are studying the issue of third-party information reporting, and it is included in the IRS’s priority guidance plan as of October 2019.” Lastly, the GAO found that the IRS and the Financial Crimes Enforcement Network (FinCEN) have not clarified whether foreign account reporting requirements (FATCA and FBAR, for instance) apply to virtual currency.
Data Access: According to an article by Reuters, FinTechs interested in accessing customer account data at JPMorgan will need to sign data access agreements with the bank that include plans to transition away from current reliance on customer passwords to access account data. “Through JPMorgan’s new method, fintechs will not be able to use customers’ passwords to access their entire financial data, but will instead connect to a set of bank programming code known as an API, that grants access only to limited account information authorized by the consumer,” according to Reuters.
What’s unclear to me is whether JPMorgan intends to use its own secure APIs or those currently being developed by the Financial Data Exchange, an industry consortium.
That question may have been answered as of late last week. The parent company of Fidelity Investments announced a spin-off of Akoya into "…an independent company that will be jointly owned by Fidelity, The Clearing House Payments Co. and 11 of its member banks."
According to the press release, “Akoya provides a network-based option for sharing financial data between financial institutions and data recipients in a way that can improve transparency and reduce cybersecurity, privacy, and financial risks compared to data-sharing methods that rely on consumer-provided online credentials. This network-based approach will provide consumers greater control and enable informed consent when they choose to share their data with data recipients."
The Financial Data and Technology Association (FDATA) North America was quick to issue a response on the announcement: "If the new entity is allowed to consolidate and control consumer financial data, it will potentially prevent other third parties from accessing that data even if individuals and small businesses permission that access, by giving their consent for their data to be shared."
Developments at Santander: Tandem Bank's Chief Product Officer Matt Ford has joined Santander InnoVentures—the second high-level departure from Tandem Bank within the past month. Santander also announced the hiring of Trish Burgess as its new head of peer-to-peer payments. Burgess was a former executive with Apple and was involved in the launch of Apple Card.
Distributed Ledger Technology: The Depository Trust and Clearing Corporation (DTCC) published a white paper titled “Security of DLT Networks: A Distributed Ledger Technology Security Framework for the Financial Services Industry.” The paper "…recommends establishing a comprehensive industry-wide DLT Security Framework to review existing security guidelines, gaps in the approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an Industry Consortium to spearhead this topic." In the white paper, the DTCC highlights frequently mentioned DLT security and general IT-security categories but also notes three areas that have received "less collective thought," including: incident management, transactions, and business continuity related to DLT. The DTCC notes the need "…for a coordinated strategy for the development of a principle's-based framework to identify and address DLT specific security risks." Such a strategy "should be a cross-sector effort beginning with a conversation between the financial services sector, DLT providers and consumers. As a first step, we will leverage our unique role within the financial services sector to begin the conversation, and we encourage interested parties to contact one of the individuals in the Contacts section of this white paper to participate."
Open Banking: A report released by the Emerging Payments Association Asia finds the region to be “highly active” when it comes to the development of open banking regimes. The study finds “significant diversity across the Asia-Pacific, with Singapore and Korea having more market-driven approaches, while India and Australia have seen governments and central banks playing a highly active role in defining the Open Banking ecosystem.” “Good progress” on open banking is being made in Singapore, Hong Kong, and Australia, in particular, according to the study. Interestingly, only 10 percent of survey respondents “think Open Banking should be completely left to market forces, and one-third (33 percent) of… respondents think that Open Banking should be completely regulator driven. Over half (53 percent) think Open Banking should be partially regulator driven; and over half (51 percent) think regulators are doing just enough to implement Open Banking in the region.”
Payments: Fiserv, together with Visa, Samsung, and PayCore, recently completed "the first PIN on mobile payment via the app-based solution." The effort is being piloted in Poland, with plans to expand in the EMEA and APAC regions. The solution "simplifies payment acceptance by allowing merchants to accept PIN-based contactless transactions without the need for a separate card reader or PIN-entry device, opening new market opportunities for merchants and allowing even micro-businesses to accept non-cash payments."
Sweden-based global payments provider Klarna recently announced the launch of its Consumer Council with inaugural meet-ups scheduled in mid-March. According to the press release, the global initiative “sees Klarna invite consumers to a meet-up and share their thoughts on different themes related to their experiences using Klarna. The meet-ups will take place in all main markets, three times per year.”
Africa: As part of Agenda 2063, the African Union announced a high-level dialogue is taking place on March 12 under the name “Realizing Africa's Digital Transformation through Improved and Integrated Digital Financial and Payment Systems.” The dialogue presents "an opportunity to further explore the potential of the Digital Financial services sector and determine how to use the success of this sector to provide greater opportunities for African Women and Youth Entrepreneurs.” In particular, the objectives of this side event will focus extensively on FinTech-related issues and policy developments in the region.
Australia: Lawmakers passed several amendments that would expand the Australian Securities & Investments Commission's (ASIC) regulatory sandbox. According to the Explanatory Memorandum, the amendments "allows more businesses to test a wider range of new financial and credit products and services without a license from ASIC, for a longer time." Further, "Extending the regulation-making powers and prescribing the conditions in the regulations will let the regulatory sandbox evolve with the market to ensure that it stays fit for purpose, allowing for the innovation and growth of the FinTech sector over time, while providing consumer protections for investors. This flexible approach sets Australia’s regulatory sandbox apart from its international equivalents. As the regulations are subject to disallowance, there will be appropriate Parliamentary scrutiny of the eligible products and services and conditions for businesses testing in the regulatory sandbox." FinTechs will now have 24 months to operate within the regulatory sandbox. Efforts were made to amend the sandbox even further by several lawmakers who are concerned about heightened risks to the consumer.
Bahamas: Central Bank Governor John Rolle recently stated that the digital Bahamian dollar will be launched in the second half of this year. Rolle is quoted in The Tribune as saying, "We're looking at a digital representation of our currency. It's not a different currency; it's the same currency. In law, it will never be different. It can't differ in value in any way or the other so Sand Dollars can never be priced different from Bahamian dollars."
Bank for International Settlements: Literally cranking out FinTech-related papers left and right these days. Incredible, really. Two things in particular to highlight. First, the Financial Stability Institute released a paper titled “Policy Responses to FinTech: A Cross-Country Overview.” The paper is based on survey responses from roughly 30 jurisdictions and “proposes a conceptual framework through which to analyse policy responses to FinTech, referred to as the ‘FinTech tree’. The fintech tree identifies three categories: fintech activities, enabling technologies and policy enablers.” Of note—and there is much more in this report, so please do read through it—the BIS finds some technologies have received more attention than others based on market adoption. “Regulators have been particularly active on application programming interfaces (APIs), cloud computing and biometric-based identification and authentication. In contrast, for artificial intelligence, machine learning and, to some extent, distributed ledger technology, authorities have not gone beyond conducting risk assessments and issuing general guidance.”
Second, a paper authored by Jon Frost focuses on the economic forces driving FinTech adoption across countries. In particular, and not too surprisingly, Frost finds an uneven adoption of FinTech around the globe. "While fintech activities are generally small compared to the overall financial system, there are some economies where fintech is growing to an economically important scale. And while fintech is a niche activity confined to certain business lines in some countries, in others it is moving into the mainstream of financial services. This pattern of fintech adoption is puzzling, as it does not reflect either economic development or political boundaries. This paper addresses the question: what explains the wider adoption of fintech innovations in some economies and markets, but not in others?"
China: In a report by the Chamber of Digital Commerce, the People's Bank of China has filed more than 80 patent applications on its central bank-controlled digital currency, otherwise known as Digital Currency Electronic Payment (DC/EP). The report "contains unofficial, English translations of key patent information and are provided for reference only."
Czech Republic: The Ministry of Finance announced a public consultation on financial innovation. According to the press release, "The goal of this consultation is to identify best ways to support the competitiveness of Czech and European innovative businesses, encourage growth of FinTech start-ups and also ensure that there is an adequate level of consumer protection."
Europe: The European Insurance and Occupational Pensions Authority (EIOPA) published two documents covering cyber underwriting and supervisory technology (SupTech). According to the EIOPA, SupTech “is the use of technology by supervisors to deliver innovative and efficient supervisory solutions that will support a more effective, flexible and responsive supervisory system.” The paper also states that the EIPOA's InsurTech Task Force will work on RegTech issues this year. EIOPA's SupTech Strategy is focused on two aspects in particular: 1) implementing a platform for on-going exchange of knowledge and experience to promote a culture of innovation and initiative between supervisors, and 2) organizing and endorsing the analysis of potential development tools that meet supervisory objectives and criteria and implementing them after a positive decision following the analysis phase. "To implement the process on analysing and the development of potential tools, the selection of ideas will start in the SupTech Forum, while their implementation will be performed by dedicated project teams that should involve the relevant Committees in the work under development. These teams should have knowledge from different areas: technical/business, data science and IT. The mandate of these teams will be to develop a proof of concept for each idea."
The European Securities and Markets Authority (ESMA) published the first Trends, Risks and Vulnerabilities (TRV) report of 2020. The report includes a section covering BigTech's implications for the financial sector (pg. 48). The benefits BigTechs could potentially offer include reduced costs and greater efficiencies in certain sectors, enabling financial inclusion, greater diversification of household investments, greater transparency in the provision of financial services, and forcing incumbents to hasten the pace of digital adoption and offerings. BigTech's risks include sitting outside the existing regulatory sphere, the interconnectedness between BigTechs and financial markets, market structure issues including pressure on profitability and cybersecurity risks, increased market concentration, and heightened risk of financial exclusion.
India: The Securities and Exchange Board of India (SEBI) announced several decisions following its Board Meeting. SEBI focused on the regulatory sandbox framework and changes to investment advisor regulations, among other issues. According to the press release, "all entities registered with SEBI under Section 12 of the SEBI Act 1992, shall be eligible for testing within the Regulatory Sandbox. An entity can participate on its own or use the services of a FinTech firm. The registered entity shall be treated as the principal applicant, even if it uses the services of a FinTech firm, and shall be solely responsible for testing of the solution in the sandbox."
Russia: The Central Bank announced a successful pilot of a blockchain platform for the issuance and circulation of digital rights as part of its regulatory sandbox. A key feature of the platform "is the possibility of issuing hybrid tokens backed by different assets simultaneously." The platform can also "be launched after the adoption and entry into force of the draft federal law 'On Digital Financial Assets', which was amended in the follow-up to the pilot project."
Saudi Arabia: Saudi Payments, a state-owned payments company that handles the country's payments infrastructure, has partnered with Saudi-based stc pay. "Under this agreement, the Saudi Payments Company will enable stc pay to make partnerships with various technical financial sector entities, to contribute to the transformation towards a digital society in line with the goals of the Kingdom's 2030 vision," according to the press release.
UK: Innovate Finance, the UK-based trade body representing FinTech firms, released the 2019 FinTech Investment Landscape. According to the report, global investment in FinTech fell to roughly $36 billion in 2019, despite the fact that nearly all global regions report an increase in investment. In Asia, investment dropped 73 percent from $28.8 billion to $7.8 billion "due to a significant drop in large deals in China." In 2019, North America received nearly half of all global FinTech investment. In the UK, of the $4.9 billion in FinTech investment in 2019, nearly one-quarter of total UK funding came from Softbank's Vision Fund.
US: Several governors on the Board of Governors of the Federal Reserve System recently opined upon innovation in community banking, the digitization of payments and currency, and focus areas for the Financial Stability Board's work for the Saudi Arabian G20.
Governor Michelle Bowman focused her remarks on the interaction between innovation and regulation for community banks. In her remarks, Bowman recognized the difficulties community banks face in evaluating third-party providers and the amount of time and capital it takes to develop viable partnerships with FinTech firms. Of note, the Federal Reserve "is in the process of working with the other banking agencies to update our third-party guidance. I believe that the banking agencies should all have consistent expectations for third-party relationships, and that the Federal Reserve should, as a starting point, move toward adopting the Office of the Comptroller of the Currency's (OCC) guidance."
Governor Lael Brainard, in remarks, asked whether a reassessment needs to be made on regulatory parameters to payments infrastructure in light of ongoing innovations in the payments space. Particular attention was paid to the Fed’s oversight—or lack thereof—of certain payment systems, the development of real-time payments infrastructure, inherent risks from and considerations regarding the use of cryptocurrencies or stablecoins, and what needs to be addressed before the Fed decides to issue central bank digital currencies (CBDCs). On CBDCs, Brainard noted it is important to understand how the existing provisions of the Federal Reserve Act with regard to currency issuance apply to the CBDC, whether the CBDC would have legal tender status, and the rights and protections afforded to users of CBDCs. In her remarks, Brainard dismissed several motivations for CBDC issuance from other jurisdictions, saying, “Some of the motivations for a CBDC cited by other jurisdictions, such as rapidly declining cash use, weak financial institutions, and underdeveloped payment systems, are not shared by the United States.” Further, “the public sector needs to engage actively with the private sector and the research community to consider whether new guardrails need to be established, whether existing regulatory perimeters need to be withdrawn, and whether a CBDC would deliver important benefits on net.”
Separately, as chair of the Financial Stability Board, Fed Governor Randal Quarles published a letter to the G20 finance ministers and central bank governors covering upcoming work by the FSB ahead of several meetings later this month in Riyadh, Saudi Arabia. On technology, in particular, the FSB intends to present the G20 with a follow-up to last year's report on BigTech in July and hold a workshop "on possible regulatory approaches to the growing entry of BigTech in finance." A report on RegTech and SupTech will also be presented in July. On stablecoins and cross-border payment systems, the FSB will present drafts to the G20 on regulatory issues concerning stablecoins and put together a roadmap for improving cross-border payment systems. Drafts are expected to be presented during the April meeting. By October, the FSB will deliver a final roadmap covering practical steps to improve cross-border payments.