In this Issue
Unpacking MEA Summit
Hello folks! I wanted to update you on a few things before we dive into headlines, global policy, and regulatory developments in the FinTech space.
First, we’re moving to a bi-weekly publication of FinTech in Focus. I do apologize for having to do this, but I’ve got to spend more time cranking out a few papers on several FinTech-related issues over the next two months.
Second, we’ve recently released an update to our US FinTech Policy in the 116th Congress report. As of the end of January, we are now tracking 108 FinTech-related bills, 56 percent of which carry bipartisan support. In addition, we are keeping an eye on 199 bills indirectly-related to FinTech, 57 percent of which carry bipartisan support. January was a bit slow given the shortened legislative calendar, and we will release an update in mid-March covering FinTech-related developments on Capitol Hill in February. Until then, enjoy this update!
Third, as promised from the last FinTech in Focus newsletter, I’ve provided a few highlights from the Milken Institute Middle East and Africa Summit 2020, based on the conversations we had during and on the sidelines of the Summit.
For those interested in the Middle East region in particular, the Milken Institute published a report, “The Rise of FinTech in the Middle East: An Analysis of the Emergence of Bahrain and the United Arab Emirates,” which examined the emergence of Bahrain and the UAE as FinTech hubs in the region.
In our conversations in early February, however, all eyes were on Saudi Arabia and developments out of the Saudi Arabian Monetary Authority and the Capital Market Authority that are shaping the Kingdom’s approach to FinTech. All of this is occurring under the overarching Strategic Vision 2030, announced in April 2016. As part of that vision, the Financial Sector Development Vision Realization Program is one of 13 Vision Realization Programs. That program is committed to: increasing the share of SME financing at banks from 2 percent in 2016 to 5 percent by 2020; increasing the share of non-cash transactions from 16 percent in 2016 to 28 percent by 2020; and opening the financial services sector to emerging players (i.e., FinTechs) to spur innovation and growth, among other 2020 commitments.
To support the Vision, Saudi Arabia, through its Public Investment Fund, is a prominent investor in SoftBank Group's first fund, the $100 billion SoftBank Vision Fund. (As of mid-February, it was reported that the PIF sovereign wealth fund had declined to commit funds to a SoftBank Vision Fund 2, though conversations were ongoing at that time).
Of course—as we heard from several individuals that we spoke with—this strategic vision won’t be implemented overnight and will take some time to transition into. Challenges include deal flow and scalability, the ability to exit, cultural norms, and processes, among other challenges. That said, expect to hear more FinTech-related developments out of the Kingdom and from the Kingdom’s current position as President of the G20.
From an investment perspective, we are just beginning to see local and international funds taking a closer look at FinTechs in the region. Of interest, outside investment in platforms headquartered in the region is putting pressure on local family office and sovereign wealth funds to rethink their strategies and concentrate more investment within the region.
Lastly, we heard a lot more about cross-border efforts within the region on FinTech-related matters. In particular, a lot of the discussion focused on the Arab Monetary Fund's efforts to launch a regional payment platform, Buna. The centralized multicurrency platform "aims to enable financial institutions, including commercial and central banks, to send and receive cross-border payments across the Arab region and beyond in Arab currencies, as well as key international currencies, in an efficient, cost-effective, risk-controlled and transparent environment,” according to an AMF press release. Separately, efforts are ongoing between the UAE Central Bank and SAMA towards the development of a common digital currency, called Aber, for use in interbank financial settlements through the utilization of distributed ledger technology. No launch date has been announced at present.
These are just a few of the many takeaways from our discussions with key stakeholders in the region. As such, we intend to put together a full paper covering FinTech developments in the region in the near future. Importantly, we’d like to thank all those who took some of their time to connect with us while in Abu Dhabi and Dubai in early February.
Cloud Service Providers: Google Cloud recently opened a new cloud region based in Salt Lake City, UT. This is the 22nd cloud region announced by Google Cloud. Importantly, Google Cloud also announced that PayPal "will migrate key portions of its payments infrastructure to the region.”
When you're 45 minutes away from the ski slopes, who doesn't want to locate there?
Funding Boom Continues: Anthemis—a leading venture capital firm—recently closed a $90 million InsurTech-focused fund, Anthemis Insurance Venture Growth Fund I. The fund is backed by Aflac Global Ventures, Sumitomo Life and Nürnberger Versicherung in partnership with Daido Life Insurance Company. Meanwhile, Singapore-based ridesharing company Grab raised nearly $900 million from Mitsubishi UFJ Financial Group and IT services firm TIS Inc, with Mitsubishi investing more than $700 million alone. Finally, UK-based FinTech startup Revolut is now tied with e-commerce payments startup Klarna as the most valuable FinTech startup in Europe after raising $500 million from venture capital firm TCV and existing investors. Revolut is now valued at $5.5 billion.
KPMG Speaks! First, KPMG released its Pulse of FinTech report covering FinTech investment trends in 2019. For 2019, roughly $136 billion was invested across nearly 2,700 deals. Of note, the $42.5 billion acquisition of Worldpay and the $22 billion acquisition of First Data made up roughly 48 percent of total dollars invested globally. Of interest to those of you focused on the BigTech space, the KPMG report now includes the acquisition and investment activity of large tech firms. In 2019, large tech platforms invested nearly $3.5 billion in FinTech firms across 46 deals. From a country standpoint, US FinTechs received nearly $60 billion in investment across 1,144 deals. In Europe, FinTech investment surpassed $58 billion across 753 deals, driven primarily by the $42.5 billion acquisition of Worldpay by FIS. In the Asia-Pacific region, FinTech investment reached $13 billion across 547 deals. While investment in China showed signs of softening, India, Singapore, and Australia showed robust investment trends.
Second, KPMG released a new report, Cracking Crypto Custody. As the report notes, there are "only a few established financial institutions currently offering institutional custody services to crypto investors and it remains to be seen if crypto custody offerings by dozens of specialized service providers are truly ready for institutional-grade investments."
The report finds that cryptoasset hacks have led to $9.8 billion in losses since 2017. To deter this, KPMG identifies four key building blocks businesses and technology leaders should focus on upon entering the crypto custody business:
Next-gen security and resilience (embracing leading cryptographic techniques and focus on building customer trust through efficient and timely transaction processing);
Comprehensive compliance (steep variation in the clarity and nature of different regulatory environments, and the evolution of those regulatory environments, requires custodians to keep a close eye on trends and engage with policymakers and regulators);
Third-party trust (instituting high standards and ability to meet third-party requirements, in addition to investments in new risk and governance talent);
Value-added custody (building out core capabilities for secure, compliant, and resilient custody capabilities, and keeping pace with rapid technological changes).
M&A: My, what a year it has been already—FinTech acquisitions continue apace! Intuit recently announced the acquisition of Credit Karma for $7.1 billion in cash and stock. "The combination brings together two technology leaders with a shared goal to help solve the personal finance problems that consumers face today, regardless of their financial situation—managing debt, maximizing savings, access to better credit cards and loans—with an aim to put more money in consumers’ pockets." The platform "will provide consumers with transparent access to their critical personal finance information - including their income, spending, and credit history - to help them better understand their complete financial picture and use it to their advantage, such as for obtaining better interest rates, all with security in mind." The announcement of the deal has already set off antitrust concerns due to the sheer amount of data at stake in this deal and Intuit further solidifying its competitive position in the tax preparation space.
RegTech: Thomson Reuters released its fourth FinTech, RegTech, and the Role of Compliance report. Of note, nearly two-thirds of firms reported their risk and compliance functions were fully engaged and consulted or had some involvement in the firm's approach to FinTech, RegTech, and InsurTech. More than 60 percent of firms reported their board was fully engaged and consulted or had some involvement.
From the report, Global Systemically-important Financial Institutions (G-SIFIs) “are leading the way on the implementation of regtech solutions. Some 14% of G-SIFIs have implemented a regtech solution, up from 9% in the prior year with 75% (52% in the prior year) reporting they have either fully or partially implemented a regtech solution to help manage compliance. In the wider population, 17% reported implementing a regtech solution, up from 8% in the prior year. The 2018 numbers overall showed a profound dip from 2017 when 29% of G-SIFIs and 30% of firms reported implementing a regtech solution, perhaps highlighting that early adoption of regtech solutions was less than smooth.”
Lastly, “[s]ome 14% of firms and 12% of G-SIFIs reported they had taken a deliberate strategic decision not to deploy fintech or regtech solutions yet.”
Virtual/Challenger/Digital/Neo/[Insert Your preferred name here] Banks: JPMorgan Chase & Co. is making headlines in the digital banking space. If you recall back in June 2019, reports surfaced that JPMorgan was working on a digital banking project based out of the UK. In late February, Sky News reported that the world's largest lender by market capitalization will launch the digital bank later this year: "Elements of the technology platform for JPMorgan's UK digital bank are understood to have been developed by 10x Future Technologies, the company set up by Antony Jenkins, the former Barclays chief executive." According to the Financial Times, JPMorgan has tapped Clive Adamson, a former senior official at the UK Financial Conduct Authority, to lead its digital bank effort. In other news, JPMorgan has hired Gill Haus, formerly with Capital One Financial, to lead its digital banking team.
WorldRemit announced it is now the preferred remittance provider for Varo Money. "The partnership will enable Varo customers direct access in the Varo app to the WorldRemit service, making it easy for Varo customers to send money abroad directly from their mobile phones."
Meanwhile, in the race to obtain a virtual bank license, Ping An Insurance's OneConnect, which reportedly pulled out of seeking to obtain a virtual bank charter, is now joining the digital bank consortium Beyond as a strategic technology partner. The consortium behind Beyond announced in early January that it submitted a bid to obtain a virtual bank license from the Monetary Authority of Singapore.
Australia: The Senate Select Committee on FinTech and RegTech held several hearings in late February covering several FinTech-related issues with a variety of stakeholders (transcripts from the hearings conducted from February 26-28 can be found here). In particular, both the Australian Securities and Investments Commission (ASIC) and the Australian Competition and Consumer Commission (ACCC) testified in front of the Select Committee on February 27.
During that hearing, ASIC and the ACCC discussed the roles and responsibilities of each agency, how regulators consider competition in making regulatory decisions, how to balance the need for competition with ensuring consumers remain protected, and how regulators deal with overlapping mandates and duties.
A few other highlights to point out from the hearing:
ASIC Innovation Hub (launched in March 2015): FinTech businesses that receive informal assistance prior to submitting an application for licensing approval receive their decision, on average, 20 percent to 30 percent faster than if they hadn’t received assistance.
Consumer Data Right: The ACCC plans to apply CDR to simple accounts from July 1 for major banks before extending into complex products by November 1. Non-major banks will follow in 2021. In regards to intermediaries, an ACCC presentative said during the hearing that the Commission is “working towards a subsequent set of rules, which would take effect after 1 July at some date to be determined, that would be able to expand the potential opportunities for intermediaries and outsourcing service providers to operate in a number of different ways.” While feedback on the role of intermediaries has closed, ACCC expects to make recommendations on how to proceed by the end of March.
ACCC also stated that by the end of 2021, “we would like substantially all consumers in Australia to have their banking data available, and we would like to have a vibrant selection of data recipients available.”
Also, there was interesting back and forth regarding the accreditation process and concerns that the process and cost of accreditation will be particularly burdensome for neobanks and non-bank FinTech players compared to larger authorized deposit-taking institutions. As stated by an ACCC representative during the hearing, “We feel that if we launch with something that isn’t trusted, that is insecure, and that people don’t understand, it will take a very long time to recover. We want to get it right first.”
Open Banking: In regards to concerns about delays to implementation, ACCC stated that, given the complexity of this effort, a revised launch date of July 1 “was necessary.”
Product Intervention Power: A significant amount of focus on ASIC’s newest power, which the agency is “treading very cautiously” on given the difficult balancing act between facilitating competition and maintaining or improving consumer protections. While the deadline to submit comments to the ASIC consultation regarding this power has closed, ASIC expects final guidance to be released near the end of this fiscal year or shortly thereafter. “The reason product intervention is so exciting, if you like, and newsworthy… is that it enables the regulator to get ahead of the curve where it satisfies the legal test of significant consumer detriment and prevents future harm from occurring. But we absolutely recognize the concerns of the committee and some of the submitters that it requires us to make a balancing judgment.”
RegTech: ASIC “has been open to observers of trials. Through the initiatives we’ve held, we’ve invited RegTech firms to come and present their applications to a wider audience. We see those as ways and means of trying to illustrate the benefits. These are ideas about whether additional data sets/other forms of initiatives should be considered. They are on our list for potential candidates in the future.”
Screen Scraping: Some back-and-forth on whether regulators need to intervene here given rising concerns from several large banks, despite findings from the Australian review into open banking, which suggested any open banking effort undertaken should neither endorse nor prohibit the practice. In response, a representative from ASIC stated, “We’re not planning to do anything drastic either. Our revised [Regulatory Guide 209 (responsible lending)] acknowledges that screen scraping and digital data capture can provide access to information to be utilised as part of a responsible lending assessment process. We're otherwise watching, but we haven't seen a need to act to date. It's also a live question as we review the ePayments Code.” According to another ASIC representative, screen scraping “and what we say about screen scraping is something that we will look at in the next iteration of the code consultation in July.” Lastly, in response to a question from the chairman of the Select Committee, Senator Andrew Bragg, on whether there is any consumer detriment currently happening in the marketplace related to screen scraping, ASIC said, “[T]here’s no evidence of which we’re aware of any consumer loss from screen scraping.”
Meanwhile, representatives from ACCC seemed to have a more pessimistic view of screen scraping, but admitted that in the current market it’s convenient and the agency is currently in a “difficult situation” in that screen scraping “is not a great solution, but it might be the best available.” ACCC representatives also stated that outlawing screen scraping early on before the Consumer Data Right matures (picking up more products and financial institutions) “would be disruptive… both to consumers and to the industry.”
Interestingly, the ACCC representatives stated that they have not received any formal complaints from neobanks about competitive concerns related to major banks warning their customers not to allow for screen scraping.
Brazil: The central bank is close to launching a nationwide instant payments system, the Brazilian Instant Payment Scheme (PIX). According to the press release, “PIX will be beneficial to end-users (payers and payees) given the 24/7/365 availability and immediate transfer of funds." PIX "will make it faster and easier to carry out transactions, which will be performed with a QR Code or by entering simple information such as cell phone number, email or taxpayer identification (technically called a key, nickname or proxy identifier)."
Brunei Darassalam: The monetary authority called for applications to enter its FinTech Regulatory Sandbox. According to the press release, the sandbox—which was first established in February 2017—has seen a number of companies test their financial products and services.
Bulgaria: Finance Minister Vladislav Goranov announced at a recent FinTech and InsurTech summit that the Ministry of Finance "will be directly involved in the development of financial technologies in Bulgaria by setting up a regulatory box (Sofia RegTech Sandbox) and participating in its management."
European Union: The European Data Portal, an initiative of the European Commission, published a report on the economic impact of open data. In 2019, the open data market in Europe was worth €184.45 billion, with 1.09 million employees focused on open data-related services/programs. The report also highlights the efficiency and cost savings resulting from open data. High potential sectors include agriculture, financial services and insurance, health, education, wholesale retail and trade, and real estate activities.
India: Karnataka, a state located in southwest India, will soon have a regulatory sandbox of its own open to any person who "carries on business or has a registered office or branch office in Karnataka." The Karnataka Innovation Authority Bill was recently tabled in the legislature.
International Orgs: At some point, the Bank for International Settlements (BIS) is going to stop publishing FinTech-related work, right? RIGHT?
The BIS released its Quarterly Review, March 2020, which takes an in-depth look at the fast-changing world of payments. It's 151 pages, so no, I have not found time to read through it. That said, the Quarterly Review explores several interesting topics, including innovations in payments, the global retreat of correspondent banks, the future of securities settlement, and retail central bank digital currency.
The Financial Action Task Force announced the outcomes from its Plenary session held in late February. According to the release, FATF's strategic priorities include understanding and leveraging the use of digital identity, and mitigating the money laundering and terrorist financing risks of virtual assets. The Plenary adopted a new guidance paper on digital identity, and the FATF plans to report to the G20 in July "on its analysis of ML/TF risks associated to so-called stablecoins and the application of the FATF Standards to them."
Malaysia: The International Monetary Fund (IMF) recently published a country report covering Malaysia, with a particular focus on FinTech-related developments within the country. In a blog post covering the country profile, the IMF notes there are more than 200 startups in Malaysia focused on a range of FinTech areas, with payments and e-wallets of particular interest. As a wave of local FinTechs and Chinese-based tech firms continue to expand within the country, local banks are having to increase their digitization efforts to compete. "Average technology-related spending as a share of overall expenses rose to 6.4 percent in 2018 from 4.1 percent in 2016. This was close to an estimated 6.5 percent average for ASEAN-5 but remained below levels by Singaporean banks, which spent an average of 13.2 percent of overall expenses on technology in 2018." For those of you focused on regulatory sandbox developments around the globe, the IMF states that as of December 2019, 83 applicants applied for the central bank’s sandbox, with seven approved for live-testing. Of those firms, one currently remains in the sandbox while the others have completed testing. Unfortunately, the IMF doesn't indicate what happened to the six firms that completed live-testing other than to say they could have obtained regulatory approval, ceased operations, or partnered with an existing financial institution.
Separately, the central bank announced an updated Exposure Draft on the Licensing Framework for Digital Banks. The updated draft aims "to reduce regulatory burden for new entrants that have strong value propositions for the development of the Malaysian economy, whilst safeguarding the integrity and stability of the financial system."
Saudi Arabia: At the Middle East FinTech and Payments Exhibition, Dr. Ahmad bin Abdul Karim Al-Kholifey, Governor of the Saudi Arabian Monetary Authority (SAMA), provided several highlights covering the Kingdom's efforts to become a leading center for innovation in the FinTech Sector. The remarks were delivered around the same time SAMA published Additional Licensing Guidelines and Criteria for Digital-Only Banks, announced the licensing of two more digital wallet companies—Bayan Payments (Bayanpay) and Halalah—and announced a successful test of two experiments undertaken within SAMA's regulatory sandbox to provide online opening of bank accounts and electronic wallets to individual institutions and resident companies.
Meanwhile, the officials in the Kingdom are preparing a legislative draft covering the digital economy. According to Asharq Al-Awsat, the proposed draft "aims at developing the Kingdom’s digital economy, informing the public and private sectors and the international community of its trends in all what is related to the digital economy and ensuring that the government agencies’ directions in this regard are integrated to achieve diversified and sustainable economic growth and create competitive advantages."
Spain: The government approved a draft of the Digital Transformation of the Financial Sector law, which includes the creation of a regulatory sandbox and a focus on blockchain and cryptocurrencies. The measure now goes to the General Courts of Spain, where it is expected to be written into law.
South Korea: The Financial Services Commission announced key policy plans for FinTech and digital finance. According to the press release, the policy plans will focus on: improvements to digital finance's infrastructure, industry, and market; maintaining an appropriate balance between innovation the potential risks emerging from new technologies; promoting a data-driven economy, including improvements to the personal credit evaluation system, developing infrastructure for safe and secure data protection, and establishing an open database for standardized financial information; creating an environment which facilitates a responsible peer-to-peer lending system, the adoption of AI in the financial sector, and the application of RegTech in the financial sector; easing regulatory burdens and barriers to entry, including further development and refinement of its regulatory sandbox program; and creating favorable conditions for fintech investment and expansion.
UAE: Several developments out of the Dubai International Financial Centre (DIFC). The DIFC FinTech Hive announced it has expanded its footprint in the financial center, providing additional room for three ongoing acceleration programs including, FinTech Accelerator program, FinTech Hive Scale Up, and Startupbootcamp. Separately, DIFC and Mashreq Bank launched "the region's first blockchain data sharing platform... to support licensed businesses and corporates opening digital bank accounts instantly." The KYC platform is open to all licensing authorities and financial institutions in the UAE. Lastly, DIFC signed a Memorandum of Understanding with Tride Accelerator—the first Singapore government-supported blockchain accelerator—"to collaborate on knowledge sharing and to partner during joint events."
US: At the federal level, a settlement agreement was filed with the US District Court for the Northern District of California which stipulates that the Consumer Financial Protection Bureau (CFPB) "will agree to concrete court-ordered deadlines for implementing Section 1071 of the Dodd-Frank Act, which requires the agency to collect and disclose data on discriminatory lending to America’s small businesses." According to the agreement, the CFPB will outline its proposal to implement Section 1071 by September 2020 and establish a Small Business Advocacy Review panel by October 2020 to provide input on the proposal. In addition to negotiating deadlines with the plaintiffs for each stage of the rulemaking process, the CFPB is also required to submit status reports every 90 days on progress towards implementing Section 1071.
Legal action aside, the CFPB held a day-long symposium focused on consumer access to financial records. At the event, FinRegLab announced its latest report, “The Use of Cash-Flow Data in Underwriting Credit: Market Context & Policy Analysis”. The report “finds that competition, coordination, and compliance issues are limiting the adoption of cash-flow underwriting and its potential to improve borrowers' access to credit. While industry efforts on some issues are already underway, deeper engagement by both private stakeholders and public policymakers is necessary for reaching scale.” Insights from the analysis “offer a useful case study at the intersection of two broader financial innovation trends:
The transformation of automated credit underwriting as firms experiment with new data and analytical techniques; and
The evolution of new data transfer systems to enhance customer control and spur greater competition and innovation in financial services markets.”
The Financial Crimes Enforcement Network (FinCEN) announced Michael Mosier as its new deputy director and digital innovation officer. "Mr. Mosier returns to FinCEN from the cryptocurrency analytics, compliance, and investigations firm Chainalysis, where he was Chief Technical Counsel. Previously, he served as FinCEN’s Chief of Strategic Advancement."
At the state level, the Conference of State Bank Supervisors has been quite active on the FinTech front recently. If you recall, CSBS launched its Vision 2020 initiative back in May 2017. In January, the CSBS published a Fintech accountability report to highlight the progress currently being made in implementing recommendations offered by the CSBS FinTech Industry Advisory Panel. The CSBS also released a comprehensive survey and policy paper covering consumer lending laws and regulations across the 50 states and Washington, DC. Among the highlights: 29 states manage consumer loan licensing through the Nationwide Multistate Licensing System & Registry (NMLS), and 13 states' laws have applicability to commercial small business lending. In addition, the CSBS announced the nationwide rollout of the State Examination System, "the first nationwide platform to bring state regulators and companies into the same technology space for supervision, fostering greater transparency and collaboration." And if those developments weren't enough already, the CSBS and several state financial services regulators met with counterparts in the UK "to understand our different regulatory structures, explore areas of commonality, share best supervisory practices and lay the foundation for transatlantic collaboration." Officials from California, Texas, Illinois, Georgia, and New York attended the meeting.
In Wyoming, Avanti Financial Group, in partnership with Blockstream, announced plans to launch a new bank focused on serving the digital asset industry. The company, which recently raised a $1 million seed round, is planning to open its doors in early 2021, pending approval on its application for a bank charter from the Wyoming Division of Banking. "Avanti’s charter would permit it to engage in a range of payment, custody, securities and commodities activities for institutional customers that use digital assets. For various regulatory reasons, certain of these activities are not currently available from US banks or trust companies." In a long Twitter thread, Avanti's founder and chief executive officer Caitlin Long provided additional information on the announcement. (For those not familiar, Caitlin Long has been very involved in working with Wyoming’s government and the state legislature to enact legislation favorable to the cryptoasset space over the past few years).
Meanwhile, states continue to push forward with legislation to strengthen data privacy and protection laws. New Jersey, Connecticut, California (CCPA modifications), Mississippi, among others, are moving forward.
Interestingly, in Utah, H.B. 158, Data Privacy Amendments, which is sponsored by Rep. Marc Roberts, is, according to Utahpolicy.com, “one of the first Data Privacy laws granting companies who are sued for data privacy breaches an affirmative defense, if they adopt a nationally-recognized security standard.” Similar legislation was introduced and signed into law in the State of Ohio. In Arizona, a Concurrent Resolution (CR 2013) was introduced that "would make it the Arizona government's position that internet privacy regulation is the purview of Congress, not individual states." The resolution, which prefers a comprehensive federal data privacy standard, takes aim at CCPA by opposing "the enactment of laws, the adoption of regulations or the imposition of out-of-state standards that would restrict or otherwise dictate standards related to consumer data privacy, absent a clear nexus with consumer