In this issue:
US FinTech Legislative Update
Hello everyone! Earlier this week, we released another update covering US FinTech policy in the 116th Congress. As of the end of October, we are now covering 96 FinTech-related bills (57 percent bipartisan) and 164 bills indirectly related to FinTech (56 percent bipartisan).
The policy update also covers several developments on Capitol Hill in the month of October. The 260 bills are profiled in the slide deck and organized according to legislative category.
As always, if you have any questions on the update, please let me know. For those of you who cannot download the policy update through the provided link, I’m also happy to send you the PDF version.
Basel Speaks: The Basel Committee for Banking Supervision (BCBS) published a report titled Report on open banking and application programming interfaces. The report includes information obtained from 25 committee members from 17 jurisdictions and focuses on customer-permissioned data sharing, in particular. Some findings from the report worth repeating:
- BCBS details three different regulatory approaches to open banking: Prescriptive, Facilitative, and Market-driven.
- We’re still very early on in developing these frameworks. BCBS says “it is unclear whether these open banking frameworks were driven by, or will drive, consumer demand and market developments.”
- Greater coordination is needed given the multi-disciplinary features of open banking and different API standards evolving around the world. Since there is no globally adopted API standard, third-party firms “may need to use different API standards in order to communicate with banks in different jurisdictions. This could lead to potential challenges, such as inefficiencies for third parties or fragmentation of the digital financial ecosystem.”
- As it relates to third party risk management, the BCBS notes that bank supervisors “have limited authority over third parties, especially over those without contractual agreements with the banks that they supervise and over those that are not registered with a separate authority.” As such, “a regulatory gap could exist where a third party has a customer’s consent to access its banking data but does not have contractual obligations with the bank and is not required to be authorized by a particular authority (eg third parties that practice screen scraping).”
- As it relates to building APIs, the BCBS states that building and maintaining public APIs “can be time consuming and expensive for banks…. This can be particularly challenging for smaller banks that lack the economies of scale of larger institutions. The lack of commonly accepted API standards in some jurisdictions is an additional challenge.”
The BCBS also took a survey of committee members on their efforts at this point. Among the findings:
- Half of committee jurisdictions have existing or planned laws or regulations addressing customer liability with respect to data access by third parties.
- Half of committee jurisdictions have existing or planned complaint handling or alternative dispute resolution mechanisms that cover open banking issues.
- Two-thirds of committee jurisdictions believe open banking and the expanded use of APIs will have an impact on banking services.
- Half of committee jurisdictions believe that non-banking services will be facilitated by the sharing of customer-permissioned data.
- A majority of committee jurisdictions have or are in the process of developing rules requiring disclosure and/or customer consent.
- A few jurisdictions have developed or are developing limitations on screen scraping.
- “Many” jurisdictions do not have regulatory restrictions on a banks’ ability to charge fees to third parties for sharing customer-permissioned data or other remuneration arrangements.
- Half of committee jurisdictions require banks to obtain customer consent to share a customer’s data with third parties. The other half allow banks to accept customer consent via confirmation provided by the third party.
- “Most” jurisdictions indicated that third parties could provide data to fourth parties as long as this is specified in contractual arrangements.
Brokerages on Steroids?: Startup firm Alpaca recently raised $6 million in new funding to enable developers around the world to build brokerage apps, like Robinhood, on top of Alpaca's API. According to TechCrunch, the company "works with clearing broker NTC, and then marks up margin trading while earning interest and payment for order flow. It also offers products like AlpacaForecast, with short-term predictions of stock prices, AlpacaRadar for detecting price swings and its MarketStore financial database server."
It's in the Cloud: Amazon recently announced the launch of AWS Data Exchange: "Starting today, AWS customers can subscribe to a diverse selection of third-party data in AWS Marketplace." Qualified third-party data providers include Reuters, Change Healthcare, Dun & Bradstreet, Foursquare, and more.
Data Access: Big news out of The Clearing House (TCH) after the association unveiled a data model agreement to act as a “common foundation” for data-access deals. The Model Agreement is part of TCH's Connected Banking initiative. "The Model Agreement is meant to provide a common foundation of generally accepted terms as a starting point to facilitate data-access agreements between banks and fintechs, reducing the need to negotiate the same terms each time they enter into an agreement. Use of the agreement is voluntary and parties can independently negotiate any elements they feel are appropriate."
The Clearing House also released a consumer survey on financial apps and data privacy. Among the findings: 54 percent of US banking consumers use financial applications "to engage in personal financial management, investing, borrowing, and person-to-person payments." And while 70 percent of respondents are confident that their information is protected and secure, the vast majority (nearly 80 percent) have not read an app's terms and conditions. Of note, the survey also finds that “less than 20% of users are aware that the apps may use third parties to access consumers’ personal and financial information.” The survey also finds that 80 percent of users "are not fully aware that the apps or third parties may store their bank account username and password. Once they realize this, more than two-thirds of users (68 percent) are uncomfortable with the apps' level of access.”
The survey sample was 3,967 US banking consumers, including 1,999 financial app users and 1,968 non-financial app users. Lastly, as to the question of who should be responsible for education and awareness about financial apps' data use and access, nearly 60 percent of respondents said banks should be responsible, while 54 percent of respondents believed non-bank financial applications are responsible.
Digital Banking: Banco Bradesco SA, Brazil's second largest private sector lender, will spin off its digital bank, Next, early next year. According to Reuters, Next is expected to surpass 2 million clients by the end of this year.
As competition heats up in the digital banking space in the UK, HSBC and RBS are set to launch new digital banking platforms, HSBC Kinetic and Bo, respectively.
Separately, an Australian-based challenger bank unveiled the country's first-ever digital home loan through brokers. According to Savings.com, the digital bank “has partnered with an array of companies to speed up the mortgage application process, including CoreLogic, Equifax, MaxID, FMS, Loanworks, Simpology and Mogoplus."
Lastly, Zopa is hoping to raise £100 million before December 3; otherwise, the peer-to-peer lending platform will likely lose its banking license for failure to meet regulatory requirements.
InsurTech: UK-based InsurTech platform Zego became the first UK InsurTech to be awarded its own insurance license.
IPO: Ping An-backed OneConnect Financial Technology has filed with the SEC for an initial public offering to raise up to $100 million.
Partnerships: Unless you had your head stuck in the sand for the past week you probably heard of Google's recent partnership with Citi and Stanford Federal Credit Union (SFCU) to offer checking accounts to users. Consumers would be able to access the accounts through Google Pay, which is reportedly on track to surpass 100 million users in 2020. Google is offering the checking accounts in the names of Citigroup and Stanford Federal Credit Union, not under its own brand. Of course, what is of interest to me, anyway, is what data Google will be able to see, access, and utilize in this arrangement. Will Google only be able to view transactions going into and out of the account initiated via Google Pay or any and all transactions going into and out of the account? American Banker dug a bit further into this, but I’d be interested if anyone had further insights into the data sharing between SFCU, Citi, and Google.
Meanwhile, JPMorgan Chase has reportedly spent the last year developing an e-wallet tailored for online marketplaces and companies operating in the gig economy. According to American Banker, the product “would give tech companies the ability to provide millions of customers virtual bank accounts and to offer perks such as car loans or discounts on home rentals to those who keep money stashed there. The more customers use their virtual accounts to pay for services, the less the companies would have to spend on payment-processing fees to third parties such as JPMorgan.”
Payments: BHIM app is going international. The QR-code-based system originally developed in India was demoed at the Singapore FinTech Festival 2019. According to Business Standard, the project “is being jointly developed by the National Payments Corporation of India (NPCI) and Network for Electronic Transfers (NETS) of Singapore. It is targeted to go live by February 2020.”
Lastly, Jumia, Africa's largest e-commerce platform, continues to struggle and has increasingly turned to Jumia Pay to change its fortunes. In a conference call last week, Jumia CEO Sacha Poignonnec said e-commerce marketplaces "are very powerful engines to drive payments. Everywhere in the world some of the leading payment companies were born out of and grown by marketplaces. We are following the same path…to ultimately create the leading payments system in Africa." Jumia Pay is now live in six countries and continues to report massive growth in transactions and payments volume.
Tencent’s Tentacles Grow Further: The Hong Kong Monetary Authority reportedly approved Tencent's blockchain-enabled virtual bank, the first such virtual bank to have announced the utilization of blockchain technology, according to Crowdfund Insider. Meanwhile, Tencent also acquired a minority stake in Policybazaar for $150 million. The deal values the Indian InsurTech aggregator at $1.5 billion.
ASEAN: The GSMA launched a Regulatory Pilot Space (RPS) initiative designed to ensure businesses transferring personal data across borders to two or more ASEAN countries are secure and compliant under the ASEAN Framework on Personal Data Protection. The RPS "provides a safe test environment in which businesses can assess services without harming consumers’ data privacy or facing regulatory sanctions. The goal is to allow data to flow freely between the 10 ASEAN countries." The RPS also forms a part of larger developments towards an ASEAN Cross-Border Data Flow Mechanism, which was given the go-ahead at the 19th ASEAN Telecommunications and Information Technology Ministers (TELMIN) Meeting in late October.
Australia: The Australian Competition and Consumer Commission Chair Rod Sims gave prepared remarks on consumer welfare and growth in the digital economy. “In an ideal world of efficient, data-driven markets, the digital platforms would innovate and compete for well-informed consumers who could choose between services based on a range of price and quality considerations as well as different levels of privacy protections and data security. We are, however, far from an ideal world. We are concerned that protections for consumers need to match the new digital age as the existing regulatory frameworks for the collection and use of data has not held up well to the challenges of digitalisation. The scale and complexity of the problems identified by our Inquiry highlight the need for decisive action. The government’s response to the [Digital Platforms Inquiry] is coming by year end.”
Hong Kong: Depositors with less than $1 million in deposits are the "sweet spot" for Hong Kong's virtual banks. According to the South China Morning Post, this underserved market "works out to US$1.88 billion on average for each of the eight licensed virtual banks, which goes some way to explain why they may yet find footholds in a city where 7.5 million residents are served by 164 licensed banks."
Even if you don't receive a virtual banking license from HKMA, others, such as UK-based Tandem bank, are moving in through partnerships with existing banking license holders.
The University of Hong Kong unveiled the inaugural HKU FinTech Growth Index (FGI) and FinTech Buzz Index (slide deck). The FGI has four sub-indices: Business Environment, Business Performance, Investment on R&D, and Demand on Talent. The FinTech Buzz Index can be used to gauge “local FinTech companies' outlook on the industry and the general sentiment on the sector as reported by local press." Notably, in the first half of 2019, FinTech companies in Hong Kong raised $152 million, up 561 percent from the same period last year.
In particular, FGI’s Business Environment index performed the worst out of the four sub-indices. “Although there is a positive effect of the internal factors by the companies in terms of funding and other capital allocations, it has been cancelled off by the relatively lower average rating on external factors such as investment environment, government policy and regulations.”
Separately, the Securities and Futures Commission (SFC) unveiled a position paper setting out the regulatory framework for virtual asset trading platforms. While the standards adopted are "robust" and comparable to rules applicable to licensed securities brokers and automated trading venues, the SFC did state that it has "no power to grant a licence to or supervise a platform that only trades non-security virtual assets or tokens. Virtual assets of this type are not ‘securities’ or ‘futures contracts’ under the Securities and Futures Ordinance (SFO). The consequence of this is that the business carried out by these platforms does not constitute ‘regulated activities’ under the SFO. This is why, under the current regulatory regime, only those platforms which enable clients to trade security virtual assets or tokens fall within the SFC’s regulatory remit."
India: The Reserve Bank of India (RBI) announced several proposals to further digital payments use in the country. According to the press release, RBI proposes to take several steps including: mandate banks not to charge savings bank account customers for online transactions in the National Electronic Fund Transfer (NEFT) system with effect from January 2020; constitute a committee to assess the need for plurality of QR codes and merits of their co-existence or convergence from both systemic and consumer viewpoints; and enable processing of e-mandates for transactions through UPI, among other proposals.
International Orgs: In an interview with Bloomberg Daybreak: Asia, Garcia Mora, global director of finance, competitiveness, and innovation at World Bank, summed up regulators’ challenges in regulating the FinTech space today:
“At the end of the day financial sector regulation is based on industries. There's financial regulation for banks, another one for insurance, another one for capital markets, but there is no regulation by activity. And FinTechs are not banks, they're not insurance companies, they're not asset managers, but they can actually play this function from a completely different corporate standpoint. Therefore, what we need is a completely different regulatory approach. We need a regulatory approach that can be implemented to any player that is providing this type of activity. And this is the challenge that we have these days, that we don't have an international benchmark. We don't have an international standard that can actually be followed. And this is why all the regulators, the central banks, but also securities and exchange commissions—they are trying to find out what is the best way that we can use to regulate these activities assuming that they are not any of the incumbents or any of the players that we're used to.”
When pressed, given the lack of an international benchmark and no consensus among central banks, Mora stated:
"When you regulate one of these industries to provide one activity—crowdfunding—how do you regulate crowdfunding? It is a regulation that should be applied to banks, should be applied to capital markets players? Should it be applied to a certain sector? It is important to actually make this a new regulation for activity applied to different industries. And this is not easy...The role that we play at the World Bank is precisely trying to make all these international best practices known to other countries."
On stablecoins, Mora stated:
"Stablecoins open many important avenues, new avenues, and very important opportunities related to financial inclusion, and cross-border payments and remittances...But I think that we're still learning.... There are many risks that are associated with stablecoins that need to be thought of very carefully before thinking that we are ready to use [stablecoins]."
Israel: The Innovation Authority and the Securities Authority have launched a FinTech program that will provide startups "with access to the Securities Authority's databases and the Tel Aviv Stock Exchange's (TASE) trading data," according to a Globes report.
Kenya: President Uhuru Kenyatta approved a data protection law that complies with the standards set by the EU's General Data Protection Regulations.
Russia: Elvira Nabiullina, the head of the country's central bank, reiterated that the central bank "would oppose the issuance and circulation of money substitutes in any form," according to FXStreet.
Singapore: A number of announcements from the Monetary Authority of Singapore (MAS) were made alongside the Singapore FinTech Festival. First, MAS announced a partnership with financial services firms to create a framework for financial institutions to promote the responsible adoptions of Artificial Intelligence and Data Analytics (AIDA). The framework, known as Veritas, “will enable financial institutions to evaluate their AIDA-driven solutions against the principles of fairness, ethics, accountability and transparency (FEAT) that MAS co-created with the financial industry last year to strengthen internal governance around the application of AI and the management and use of data." The consortium is currently made up of 17 members, including 14 financial institutions. Findings from the work are expected to be published in the second half of next year.
Second, MAS joined with the Bank for International Settlements (BIS) to launch the BIS Innovation Hub Centre in Singapore—marking the BIS's first major expansion in 17 years. The Hub Centre in Singapore will initially focus on two projects: “The first project is to establish a framework for public digital infrastructures on identity, consent and data sharing. Trusted digital identities for individuals and corporates is a foundational public good that supports the development of inclusive digital financial services including payments as well as other transactions in the broader digital economy. The second project is to create a digital platform connecting regulators and supervisors with digital and technology solution providers. Through the platform, central banks can put up regulatory problems and challenges to source solutions from the FinTech community. This will help central banks develop innovative solutions and policies for cost-effective regulation and supervision.”
Fourth, MAS, in collaboration with JPMorgan and Temasek, announced the successful development of a blockchain-based prototype for multi-currency payments. This development "marks the latest milestone for Project Ubin which is into its fifth phase," and "will provide interfaces for other blockchain networks to connect and integrate seamlessly."
Fifth, MAS and Infocomm Media Development Authority announced the successful completion of its Business sans Borders (BSB) Phase One Proof-of-Concept. "BSB is a ‘meta-hub’ or connector of several SME-centric platforms. By connecting these different platforms, BSB helps SMEs seamlessly access a much larger ecosystem of buyers, sellers, logistics service providers, financing, and digital solution providers. BSB utilises artificial intelligence (AI) to enable SMEs to discover prices and sales opportunities in a larger global marketplace, access various supply chains, and easily source for and utilise relevant digital and financial solutions."
As it relates to the MAS FinTech Regulatory Sandbox, Singapore startup PROPINE has received conditional approval from MAS to provide distributed ledger-based digital securities.
Speaking of MAS, Chief FinTech Officer Sopnendu Mohanty penned an op-ed recently titled “The Future of FinTech: Public and Private Partnerships.” According to Mohanty, "Public digital infrastructure, from a national identity system to national consent architecture, is the essential foundation for all countries in the digital age. This allows governments, businesses, startups and citizens to transact financial (e.g. mobile payments, opening banking accounts), and non-financial information (e.g. healthcare) in a seamless and efficient way." He adds, "For countries that have taken this digital infrastructure approach, the opportunities to connect respective systems are vast. Singapore and India have recently collaborated to explore services for consumers and businesses to transact seamlessly across borders through a public and private sector partnership."
Lastly, MAS is considering extending FinTech funding beyond 2020 as the current five-year S$225 million program comes to an end in March.
Taiwan: The Fair Trade Commission will begin review of three internet-based banks—Next Bank, Line Bank, and Rakuten International Commercial Bank—that received licenses from the Financial Supervisory Commission in July. All three lenders said they would begin operations in the first quarter of 2020, but that could be delayed depending on how long the review takes from the antitrust watchdog, according to the Taipei Times.
UAE: Abu Dhabi Global Market and the Croatian Financial Services Supervisory Agency signed two Memorandums of Understanding to enhance regulatory cooperation in the areas of FinTech and investment management.
UK: Modulr, a Payments as a Service API platform, has become a direct participant in the Bank of England's Real-Time Gross Settlement system, BusinessCloud reported. The non-bank service provider "will now process payments without going through a commercial bank, a move designed to provide greater clarity on the location and protection of the funds."
UK anti-money laundering authorities reportedly received more Suspicious Activity Reports (SARs) than ever before, according to the UK Financial Intelligence Unit annual report. "The UK Financial Intelligence Unit (UKFIU) continued to perform strongly in 2018-19, receiving and processing another record number of SARs (478,437), with a 52.72% increase in requests for a Defence Against Money Laundering (DAML) (34,543)."
Lastly, Sheldon Mills, director of competition at the Financial Conduct Authority, delivered prepared remarks covering "open finance." According to Mills, "We need to ensure that consent management tools are properly applied across sectors to ensure that consumers’ expectations on how their data are used and handled are met. An inconsistent approach in this regard could undermine the benefits of data-sharing. Consumers should not have to track through multiple dashboards to understand where their data has been shared, while we simultaneously promise them simplified access to their financial data.... Not just for consumers to be reassured that their data is protected to the same degree with every Open Finance application they use. But also for firms, for third party developers, who have a clear framework within which to develop their applications, safe in the knowledge that their product will be universally compatible with a robust set of standards for security and data management."
US: New legislation introduced recently would seek to put an end to Industrial Loan Charters (ILCs). While ILCs have been a significant topic of debate in financial policy circles in and around Capitol Hill for some time, the recent effort by Japanese-based e-commerce firm Rakuten Inc. to obtain an ILC has elicited strong reactions from both sides of the aisle. The Eliminating Corporate Shadow Banking Act of 2019 was introduced by Sen. John Kennedy (R-LA). In a press release, the Independent Community Bankers of America expressed strong support for the legislation. “Any company that wishes to own a full-service bank should be subject to the same restrictions and supervision that apply to any other bank holding company.”
Makan Delrahim, assistant attorney general of the US Department of Justice, gave prepared remarks on the "Challenges to Antitrust in a Changing Economy." According to Delrahim, antitrust enforcers "must examine carefully whether greater competitive harms are threatened given today’s market realities. For example, enforcers might consider whether the scale of the data collected has increased by several magnitudes; the type of data collected; and what it means when companies collect usage data, which cannot be easily replicated, in addition to user data. Most notably, enforcers must confront the reality that data insights in the digital economy are combined across the ecosystem of the internet sometimes in ways that transcend product improvement and impact consumer choice altogether." He also made two observations: 1) Be wary of arguments that oversimplify how bargaining, transaction costs, and competition principles apply with respect to businesses that rely on data collection, aggregation, and analysis; and 2) The acquisition of data, as opposed to dollars, may create new analytical challenges. Namely, the traditional analytical test applied by enforcers to define relevant markets does not translate directly to a zero-price market. Delrahim also stated that while the Antitrust division is willing to engage with Congress, "it bears repeating that our existing framework is flexible enough to detect and to address harms in old industries and emerging ones alike."
At the state level, California Attorney General Xavier Becerra is seeking a court order to force Facebook to give up information related to how the company handles user data.
Vietnam: Validus Capital—Singapore's largest SME business financing platform that is currently in talks for a virtual bank license—is expanding operations to Vietnam.