In this issue:
Hello readers! It’s been quite a while since I last sent our newsletter out, so there is A LOT to catch up on. (We do try to publish this newsletter on a weekly basis, but we’ve been up to quite a bit (as have all of you!)).
First, just a quick update from our end. In mid-January, we published an update to our monthly review of US FinTech policy. We are now tracking 105 FinTech-related bills (55 percent bipartisan) and 186 bills indirectly related to FinTech (58 percent bipartisan), all introduced since January 2019.
As we enter the second half of the 116th Congress, the Institute will highlight several FinTech policy areas we believe lawmakers can (and should) focus on given the limited legislative window before all eyes turn toward elections in November.
Second, we submitted a response to the Office of the Comptroller of the Currency and Federal Deposit Insurance Corporation on the separate notices of proposed rulemaking published by the two agencies that seek to address the Second Circuit Court of Appeals decision in Madden.
As we state in our response, “While regulatory action to address the uncertainty caused by Madden is welcome, we are concerned that even if the OCC and FDIC adopt the rules as proposed, legal uncertainty will remain because the Madden decision still stands. Unless the Second Circuit Court of Appeals reverses its decision in Madden, or the Supreme Court of the United States gets involved, we remain convinced that congressional action is the only way to address the negative consequences of the Madden decision.”
Third, we are gearing up for our upcoming Middle East and Africa (MEA) Summit in Abu Dhabi (February 11-12). Yours truly has scheduled a number of meetings both during the Summit and on the sidelines, and I will be in Abu Dhabi and Dubai from February 8–13. Feel free to reach out to me if interested in connecting!
In this edition of FinTech in Focus, we highlight developments related to central bank digital currencies, data privacy, and the virtual bank licensing craze in Asia, as well as regulatory and policy developments from regulators and government agencies across the globe.
CBDC: Six central banks have joined together to assess potential use cases for central bank digital currencies (CBDC). According to the press release, the group will be co-chaired by Benoît Cœuré, head of the BIS Innovation Hub, and Jon Cunliffe, deputy governor of the Bank of England and chair of the Committee on Payments and Market Infrastructures.
Separately, the Hong Kong Monetary Authority and the Bank of Thailand announced the outcomes of the joint CBDC research project, Project Inthanon-LionRock. According to the press release, the project "was completed in December 2019 and a distributed ledger technology based proof-of-concept (PoC) prototype was developed successfully together with ten participating banks from both places." The findings from the research project can be viewed here.
In the US, former chairman of the Commodity Futures Trading Commission Chris Giancarlo, former head of LabCFTC Daniel Gorfine, and Charles Giancarlo, Chief Executive Officer of Pure Storage, have partnered with Accenture to launch the Digital Dollar Project. "The purpose of the Project is to encourage research and public discussion on the potential advantages of a digital dollar, convene private sector thought leaders and actors, and propose possible models to support the public sector. The Project will develop a framework for potential, practical steps that can be taken to establish a dollar CBDC."
Credit Scoring: FICO announced the FICO Score 10, which will be available this summer. According to the press release, with FICO Score 10, "a lender could reduce the number of defaults in their portfolio by as much as ten percent among newly originated bankcards and nine percent among newly originated auto loans, compared to using FICO® Score 9. The reduction in defaults is even higher for newly originated mortgage loans, at 17 percent compared to the version of the FICO Score used in that industry." According to The Wall Street Journal, the new score "will assess how consumers’ debt levels have changed during the past two or so years. FICO scores so far have reflected consumers’ balances during roughly the most recent month tracked. This change will place more weight on rising debt levels." In addition, FICO 10 "will place more weight on personal loans in a way that penalizes some borrowers. For example, consumers who transfer credit-card debt to a personal loan but continue to rack up credit-card balances will likely experience a bigger drop in their credit scores." In an interview with PYMNTS CEO Karen Webster, Steve Allocca, president of Lending Club, said the FICO model "is increasingly antiquated in a world where financial life is digitized" and that the scores were never really intended to anticipate future changes to an individual’s ability to repay.
Data Access and Privacy: The Financial Data Exchange welcomed 25 new members, bringing the total membership to 82 organizations. “In October 2019, members reported over 5.26 million U.S. customers on the standard and were expecting to have it rolled out to 8 million customers by late 2019 and approximately 12 million by April 2020.”
According to the Financial Times, JPMorgan is planning to ban third-party applications from using customer passwords to access their financial accounts. "Chase has not set a target date for eradicating password-based access, but [Bill Wallace, Chase’s head of digital] said the bank was in the ‘first half of the soccer match’. He did not think the decision would result in some apps not being able to engage with Chase customers, and insisted it was not aimed at deterring customers from moving to new platforms.”
Meanwhile, Google has started charging US law enforcement agencies for access to certain user data. The company is charging $45 for a subpoena, $60 for a wiretap, and $245 for a search warrant, according to the New York Times.
Here's an interesting read for those focused on the impact of Europe's General Data Protection Regulation. A working paper from Harvard Business School investigates the impact of the GDPR on the interconnection behavior of network operators in the European Economic Area (EEA) compared to network operators in non-EEA OECD countries. "All evidence estimates precisely zero effects across multiple measures: the number of observed agreements per network, the inferred agreement types, and the number of observed IP-address-level interconnection points per agreement. We also find economically small effects of the GDPR on the entry and the observed number of network customers. We conclude that the short-run costs for GDPR are concentrated at the application layer."
Speaking of GDPR, DLA Piper published its GDPR Data Breach Survey 2020. The survey finds that more than 160,000 data breach notifications have been reported across the European Union since GDPR requirements came into force in May 2018. In all, $126 million worth of fines has been levied on companies for a wide range of infringements. As stated in the survey, “It would be unwise to assume that low and infrequent fines will be the norm going forward. Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime. It takes time to build a robust case to justify higher fines. We expect to see more multi-million Euro fines in the coming year.”
Digital Currencies: In late January, the World Economic Forum announced the first global consortium focused on designing a governance framework for digital currencies. "A set of guiding principles will be co-designed to support public and private actors exploring the opportunities that digital currencies present."
Separately, Gemini Trust Company launched its own captive insurance company, Nakamoto, Ltd. The company is "the world's first captive to insure crypto custody" and is licensed by the Bermuda Monetary Authority. "This insurance solution gives Gemini Custody $200 million in insurance coverage — the largest limit of insurance coverage purchased by any crypto custodian in the world."
Payments: In late January, Deutsche Bank released a three-part series on the Future of Payments, covering the use of cash, digital wallets, and digital currencies. The analysis is from a proprietary survey of 3,600 customers from the US, UK, China, Germany, France, and Italy. While I haven’t gone through the reports, what I can tell you is that my six-year-old would like to play with the three dinosaurs included in the cover of each report.
British telecom giant Vodafone became the first company to pull out of the Libra Association after it was formed back in October.
US-based online money transfer service Remitly announced a partnership with Alipay. According to the press release, Remitly "is the first major online remittance service to launch transfers to Alipay from the United States, as well as offering the service internationally."
Regulatory Sandbox Developments: The sandbox craze continues! In Brazil, the Securities and Exchange Commission announced the launch of a regulatory sandbox specifically focused on cryptocurrency and digital token issuance. As reported in Yahoo! Finance, the initiative "is 'a response to the changes that are happening in the capital market that have driven the emergence of new business models with technologies such as DLT and blockchain.'"
In a press release, the Insurance Regulatory and Development Authority of India (IRDAI) announced it had received 173 proposals for its regulatory sandbox, 33 of which were approved by the Authority. The proposals cover health, non-life, and distribution development.
In Pakistan, the Securities & Exchange Commission announced the opening of its first cohort under its regulatory sandbox. The sandbox "is available for Insurance sector, Non-Banking Finance Sector, Capital Markets, and overall corporate sector."
In Tunisia, the central bank announced the official launch of its regulatory sandbox. According to Governor Marouane Abassi, the objective "is to ensure inclusion and financial innovation and change the banking model by moving towards the restructuring and digitalisation of banks, to change the ecosystem quickly."
In the US, several states continue to move forward on launching their own sandboxes. In Nevada, for instance, regulations implementing SB161, which would create a regulatory sandbox for the state, were approved. The Department of Business & Industry recently made available application forms for interested firms wishing to partake in the sandbox program. In the FAQs, the department states the following:
"The law creating the Nevada Sandbox Program allows the Director to enter into agreements with other jurisdictions to form cooperative arrangements regarding each jurisdictions' sandbox program. If any such agreements are made, the Director will announce them and provide information as necessary. At this time, we are working with the federal Consumer Financial Protection Bureau's Office of Innovation as Nevada's representative to the American Consumer Financial Innovation Network, which is focused on coordinating state and federal activities on consumer financial products, including regulatory sandbox initiatives."
Small Business: Square, together with the Wharton School's Stevens Center for Innovation in Finance, published The Capital Report. The analysis finds that while a small business's eligibility to obtain financing was relatively high—a score of 79 on the Creditworthiness Index—access to credit remains a challenge. Nearly half of the 1,000 small businesses surveyed did not receive the funding they originally requested. The top reason for being denied credit: Lack of business history.
New analysis from small business finance platform Iwoca found that high street banks in Scotland have slashed funding to SMEs by nearly £500 million between 2014 to 2018. The analysis "found that of 16 Scottish local authorities which had the largest drop in lending for SMEs, 11 saw at least one in five of their bank branches shut between 2014 and 2018. Conversely, in the 16 local authorities which had the smallest fall in lending - or where funding for SMEs rose - only five saw 20% or more of their branches close," according to The Herald.
Venture Capital (US): An interesting read in Axios on venture capital investment trends in the US. Once dominated by Silicon Valley, the data suggests venture capital investment is moving further east, especially in 2019. Of note, “The Bay Area's proportion of overall US venture capital investment fell to the lowest point since 2013," and the proportion of West Coast deal value "also slipped to around 50% of the country's total, down from 62.3% in 2018."
Virtual Banking: My oh my, what a crazy few weeks it has been for those of you focused on virtual bank licensing in Asia. In late December, the central bank of Malaysia issued an Exposure Draft on Licensing Framework for Digital Banks. Companies such as Grab, Razer, AirAsia, Axiata, and CIMB are among several companies looking to apply. However, such a proposal, according to Fitch Ratings, could negatively affect smaller banks operating in Malaysia due to further pressure on margins.
In the Philippines, Representative Jose Maria Clemente S. Salceda has introduced a bill that would provide for a regulatory framework for virtual banks. According to Salceda, passage of the bill would mean the Philippines "will become one of the first in Asia to provide a basic framework for virtual banking...Based on the proponent's estimates, this bill may increase the share of virtual-only banking assets to between 2.83 and 4.34 percent of total assets in universal and commercial banks."
China is also making moves in this space. Officials are working to finalize rules applicable to online-only banks. According to Reuters, roughly a dozen groups, including foreign firms, are in talks with Chinese regulators. Officials also stated the rules would allow banks to partner with tech firms to establish independent digital banking platforms.
In early January, the Monetary Authority of Singapore announced it had received 21 applications for digital bank licenses (seven applications for the digital full bank license, and 14 applications for the digital wholesale bank license). Successful applicants will be announced in June 2020. Several Chinese tech giants have reportedly submitted applications, including Zall Smart Commerce Group.
Lastly, Bank of Thailand deputy governor for financial institutions stability, Ronadol Numnonda, said the central bank is studying licensing for digital banks. According to Numnonda, as highlighted in the Bankok Post, "…the central bank needs to consider the overall banking landscape in the long term, and digital banks are an option. Whether digital bank licenses will be issued needs a comprehensive study of all dimensions."
Australia: The commencement of Australia's free trade deal with Hong Kong could give a boost to FinTech firms operating in both countries. The Financial Services section, in particular, contains several provisions that will likely benefit FinTech firms. The Department of Foreign Affairs and Trade also highlighted several other engagements underway with Hong Kong beyond the free trade agreement. DFAT discussed its work on FinTech, including support through trade agreements, in a submission to Australia’s Select Committee on Financial and Regulatory Technology.
Meanwhile, in comments submitted to the Select Committee on Financial and Regulatory Technology, several FinTech firms and advocacy groups have accused incumbent financial institutions of stifling competition, according to several reports. The concerns include the accreditation process managed by the Australian Competition and Consumer Commission. The calls come at a time when Australia’s digital banks continue to attract customers to the detriment of established institutions. Despite the accusations, there are some areas where FinTechs and traditional institutions are in agreement.
Of course, it wasn’t just industry and trade groups that responded to the Select Committee’s request. The Australian Prudential Regulatory Authority (APRA), among others, submitted comments.
Separately, the Australian Securities & Investments Commission (ASIC) published findings from the 2018-2019 RegTech Initiative Series. The report covers the findings and outcomes from four initiatives coordinated by ASIC last year. In 2020, ASIC's RegTech focus "…will include exploring opportunities for machine learning (ML) to monitor compliance with regard to responsible lending; a report on the state of digital record keeping within the financial services industry; and a showcase on the publication of structured financial information in public companies."
Lastly, the second inquiry into Australia's Consumer Data Right (CDR) will examine how the CDR can be: 1) expanded beyond its current “read” access to include “write” access to enable customers to apply for and manage products (including, for Open Banking, by initiating payments); 2) leveraged with other frameworks to enhance security, efficiency, and the consumer experience, including the New Payments Platform; 3) further used to overcome behavioral and regulatory barriers to allow consumers to conveniently and efficiently switch between products and providers; and 4) enhanced by considering global developments with respect to similar reforms. An issues paper will likely be published early this year with a report expected by September 2020.
Canada: The British Columbia Securities Commission announced in late January that it will launch a FinTech Advisory Forum. Members of the forum "will advise BCSC staff about FinTech trends and developments, including opportunities and risks, and provide input on FinTech issues in the securities industry and securities law issues affecting FinTech. They will serve two-year renewable terms as volunteers, meeting on an ad-hoc basis with additional consultations by phone or email." The Advisory Forum will be led by the BCSC's FinTech & Innovation Team.
In mid-January, the Canadian Securities Administrators published guidance on the application of securities legislation to entities facilitating the trading of crypto assets. "The notice describes situations where securities legislation will and will not apply. For example, securities legislation may apply to platforms that facilitate the buying and selling of crypto assets that are commodities, because the user’s contractual right to the crypto asset may itself constitute a derivative, a security or both." The CSA anticipates publishing a summary of the comments and responses to its proposed framework for crypto-asset trading platforms and guidance on the regulatory framework later this year.
Europe: AI developers, prepare yourselves. A draft white paper expected to be published in mid-February includes tougher requirements on developers of artificial intelligence. According to the South China Morning Post, the draft defines "high-risk applications" as “applications of artificial intelligence which can produce legal effects for the individual or the legal entity or pose risk of injury, death or significant material damage for the individual or the legal entity”. The document also proposes a temporary ban on facial recognition technologies.
Hong Kong: The Constitutional and Mainland Affairs Bureau released a discussion paper covering proposed changes to the Personal Data (Privacy) Ordinance. The paper focuses on six proposed amendments, including: 1) the introduction of a mandatory breach notification mechanism; 2) clarity around data retention periods; 3) changes to the Commissioner's authorities; 4) regulation of data processors; 5) amending the definition of personal data; and 6) regulation of disclosure of personal data of other data subjects.
India: The National Institute for Smart Government published a proposed national strategy on blockchain. The mission of the National Strategy on Blockchain “…is to provide a set of policy frameworks and incentives in consultation with stakeholders to proactively facilitate integration of the blockchain technology with existing economic ecosystem by implementing appropriate legal as well as regulatory architecture, creating incentive structure for academia and industry to promote research and teaching, and formulating policies leading to rapid innovation, adoption and growth of blockchain technology applications in public sector including government as well as private sector.” Page 37 is particularly interesting as it discusses India's strengths and weaknesses in adopting blockchain technology.
Indonesia: Singapore-based CredoLab—a smartphone-based credit-scoring platform—has received approval from the Financial Services Authority (OJK), becoming the first credit-scoring FinTech firm in the country. According to The Jakarta Post, the company fulfilled all of the OJK's requirements in the regulatory sandbox program in late December and will now proceed to official registration and licensure. Recently, CredoLab published a blog post covering the FinTech market in Indonesia, the company's largest market.
International Orgs: The Global Partnership for Financial Inclusion (GPFI) held its inaugural meeting in Saudi Arabia in late January. The meeting focused on digital financial inclusion and promoting SME financing, among other topics. The GPFI also released its 2020 Priorities Paper. In particular, GPFI work will focus on empowering people by creating conditions in which all people, especially women and youth, can live, work, and thrive, and shaping new frontiers by adapting long-term and bold strategies to utilize and share benefits of innovations.
Separately, the Global Financial Innovation Network (GFIN) announced the launch of a new website. The group also released a new report, Cross-Border Testing: Lessons Learned. As stated in the report, “At this time, we are unable to take forward any of the eight firms to begin testing as the firms did not develop a testing plan that satisfies each jurisdiction’s criteria (e.g. the firm’s business is still in development and not ready to test; lacking formal partnerships). GFIN is exploring how we might be able to assist these firms in other ways, either outside the GFIN framework or inviting them to re-engage with the Network when they are closer to being ready to test.” GFIN also plans to launch a single application form for interested parties that "…will remove the requirement for firms to duplicate information across multiple forms and ensure regulators have all the information necessary to assess applications."
Israel: The Israel Securities Authority (ISA) published a request for information on developing digital capital markets in the country. "Based on the Committee’s extensive review and meetings, we believe that [Distributed Ledger Technology (DLT)] has the potential to promote the Israeli capital market.... In view of the technology’s ability to verify and update information that is simultaneously accessible by multiple parties in a rapid, efficient, and reliable manner, the Committee members believe that the greatest added value that might be generated by adopting DLT in financial markets lies in the fields of infrastructure, issuance, and trading (i.e., in registries, settlements, and custodial services).”
As stated further by ISA Chairwoman Anat Guetta, “We are not waiting for the results of the upcoming elections – we have already set out on our course. Together with the Innovation Authority and the TASE, we created the data sandbox project. Fintech firms participating in this project receive our support and access to the information systems of the TASE and the ISA, and to information issued by regulated entities that wish to do so.”
Japan: Lawmakers from the Liberal Democratic Party are looking into whether Japan should move forward on a digital yen. The proposal is expected to be submitted in February. The move comes after the Bank of Japan joined several other central banks to study CBDCs.
Jordan: FinTech Consortium announced the launch of Jordan FinTech Bay, which has already established strategic partnerships with the Ministry of Digital Economy and Entrepreneurship, the Crown Prince Foundation, the Innovation Start-ups and SMEs Fund, and the Jordan Payments and Clearing Company.
Korea: The Financial Supervisory Service will reorganize its consumer protection department. The changes will include the creation of a SupTech innovation team.
Singapore: New Zealand, Chile, and Singapore are inching closer to a Digital Economy Partnership Agreement (DEPA). From the press release: "In addition to establishing rules for digital trade, the DEPA fosters cooperation in emerging digital areas. It promotes interoperability between different regimes by aligning standards and addressing new issues brought about by digitalisation. Some of these novel elements include e-invoicing, digital identities, Fintech, artificial intelligence, data flows and data innovation, trade and investment opportunities for SMEs, and digital inclusivity."
South Africa: We certainly missed this, so my apologies, but the Intergovernmental FinTech Working Group published a report on the FinTech ecosystem in South Africa in late October. "While South African FinTechs are world-class – three being listed in the ‘FinTech 100’ list in 2016, incumbents continue to dominate the financial sector making it challenging for FinTechs to find scale. This is further exacerbated by a risk-averse funding environment, a shortage of entrepreneurial skills and South Africa’s complex regulatory environment."
UK: The UK's Open Banking Implementation Entity (OBIE) published 2019 highlights. According to OBIE, there are now more than 200 regulated providers in the country, and Open Banking in the UK has surpassed one million users for the first time. In all, there were more than 1.25 billion API calls within the ecosystem.
Lord Holmes of Richmond, co-chair of the All-Party Parliamentary Group on FinTech stated: “While I’m pleased that open banking adoption has surpassed one million customers, my hope is that 2020 will be the year that open banking helps drive financial inclusion. There is great potential for open banking to provide banking services for those currently excluded and I look forward to greater adoption of services that, for example, offer greater access to credit, enable better budgeting, manage debt, automate savings, and make it easier to compare products.”
Despite the positive growth, small business owners remain suspicious of open banking. Figures from the Federation of Small Businesses show a "lack of appetite" for financial data sharing. Of the 1,000 members surveyed, less than 15 percent of small firms are currently sharing their business bank account data with third parties, while nearly two-thirds of respondents say they would not consider sharing their banking data with other financial service providers electronically.
Lastly, the Peer to Peer Finance Association (P2PFA)–the self-regulatory trade body–formally disbanded with members forming a sub-group under Innovate Finance. Of interest, the new subgroup will not publish regular member loanbook data each quarter, as was previously released under the P2PFA.
US: In a letter to the chairman of the Federal Trade Commission, Sens. Ron Wyden, Anna Eshoo, and Sherrod Brown urged the agency to investigate Evestnet, operator of Yodlee. “Though privacy protections should be much stronger, the FTC already has the authority under Section 6(b) of the FTC Act to conduct broad industry reviews. It should do so here in order to determine whether Evestnet's sale of consumers' personal data to third parties without their knowledge or consent is unfair, deceptive, or abusive act or practice. We also urge the FTC to investigate whether Evestnet and the companies to which it has sold consumer data have the required technical controls in place to protect Americans' sensitive financial data...”
In what I believe is a first for the recently launched American Consumer Financial Network, the Consumer Financial Protection Bureau and the Office of the Utah Attorney General announced joint office hours to "provide innovators with the opportunity to discuss issues such as financial technology, innovative products or services, regulatory sandboxes, no action letters, and other matters related to financial innovation with officials from the CFPB and state partners."
In Washington, Rep. Norma Smith introduced a package of data privacy bills in early January. “So much of what we've seen in Washington state is corporate centric. The consumer needs to be the focus of meaningful data privacy bills. We need to provide consumers real rights and access to justice to exercise their rights. The bills I have introduced are built on consumer empowerment, corporate responsibility and strong enforcement.” Smith adds herself to a list of state lawmakers that have introduced legislation related to data privacy.
Speaking of data privacy bills, Illinois Senator Thomas Cullerton introduced the Illinois Data Transparency and Privacy Act (SB2330). Last year, similar legislation passed the House but failed to make it out of the Senate for several reasons.
In Hawaii, a bill has been introduced (SB2594) that, according to Coindesk, "…would make it legal for Hawaiian banks to hold ‘digital securities,’ ‘virtual currencies,’ ‘digital consumer assets’ and other ‘open blockchain tokens’ for their customers. It would further authorize Hawaiian courts to hear digital asset claims.”