Courtesy of Fernando Zunzunegui
Technology has made financial services more accessible, faster, and cheaper. Payment services, in particular, are a testing ground for fintech innovation. Cryptocurrencies, payment initiation, and information management services associated with bank accounts have recently emerged as significant disruptions in the payments industry. As data has become essential to economic success, the financial economy has given way to the data economy. Banks must adapt accordingly, or risk losing control over customer relationships.
In my recent article, I discuss how the payment system is at the vanguard of financial market transformation. These changes are being driven, in part, by regulatory requirements, such as opening banking-related customer data to third parties – a structural change that allows digital businesses to emerge, contributes to disintermediation of payment services, and removes the barrier to tech companies entering the payments business. Fintech firms can choose the services they provide, while cutting costs and regulatory compliance risk. However, these developments also bring regulatory challenges and emerging risks.
Customer Data and the Changing Purpose of Banks
The purpose of banks is changing. While banks have always innovated in payment services, they have not previously considered customer data a primary asset. Instead, they have focused on credit intermediation and ancillary services, with customer data treated more like a liability – something they had to protect. Tech companies, however, see customer data as the focus of their business. These companies monetize data in two ways: having data usage as a primary income source and turning data into a bargaining chip. Services that are apparently free, such as search engines, are paid for by selling data.
In responding to this new competition, banks are starting to look a lot like fintech companies, leading to a convergence in bank and fintech business models. Tech companies are adopting the regulatory compliance culture of banks, and financial institutions are learning to exploit their databases just as tech companies have.
The competitive advantage offered by technology is only relevant in the short term, therefore banks are rapidly acquiring or partnering with tech companies. These innovations and partnerships are transforming banks into platforms for the distribution of financial products and services. To develop these new services, banks must create secure infrastructure so that tech companies can work with their customers’ data. This collaboration allows them to cut the cost of integrating systems, which previously accounted for the largest cost of technological change in the payment system.
We are moving towards a confluence of banks that are becoming tech companies capable of exploiting their customers’ data through big data, artificial intelligence, machine learning and deep learning, and tech companies that control massive amounts of data with a desire to provide financial services. After this transition, a new banking model will arise based on data technology from banks running as platforms (“data banks”). Just as e-mail coexisted with the postal service until it nearly replaced its predecessor, digital banking will be transformed into the new data-reliant banking in a few years, regardless of whether it is conducted by traditional banks or tech companies.
The financial market and the data market are both based on trust and grounded in fiduciary relationships. Without trust, users will stop providing the raw material, whether money or data. They are also dematerialized markets, as cash is now rarely used in developed countries and currency is recorded as a data entry on a bank’s ledger. The difference between currency and data lies in their value. Account balances have a monetary value – banking money. Data does not have the liquidity of an account balance. However, the monetization of data makes the value of data more similar to that of an account balance.
The European Union allows bank customers to access their data just as they can access the money in their accounts. Directive 2015/2366 on payment services (PSD2) gives customers power over their data, similar to what they have over the funds in their account. Under this directive, customers can authorize third-party providers to access their data, and the bank cannot refuse to assign the data—apart from specific exceptions (this concept is commonly referred to as open-banking). Customers can thus make use of the value provided by data and access new services in exchange for their data.
Open Banking and the Digitization of Payment Services
Open banking allows customers to control their data and access new, more efficient, third-party services under better conditions. It is a new paradigm, and it changes the structure of retail banking. The payment system is where this transformation is most clearly seen. There is consensus that digitalization of payments is socially beneficial (Rogoff, Stiglitz) and the immediacy of payments may have an effect on GDP similar to that of the ATM in the last century.
The first country to offer a government program for the transition towards open banking was the United Kingdom, where it was promoted by the competition authority. Other countries outside the EU have also considered open banking, like Australia, but the US has not entertained the idea, most likely due to the multitude of financial regulators that have overlapping jurisdiction over the payments system.
The Challenge of Regulating Digital Payments
Supervisors are monitoring digital payment services and their impact on the current payment system in order to redefine the perimeter of regulated financial institutions. Cyber security, data protection, the systemic risk of payment platforms, and user protection are all being analyzed. Best practices are identified in order to maintain strong consumer protections, and there is undoubtedly room for self-regulation of financial technology.
Globally, the fintech industry has developed in an unregulated environment, without standardized rules, regulations, and compliance requirements. This has led to regulatory arbitrage and an uneven playing field across jurisdictions.
Good regulation seeks to facilitate innovation in a market open to competition, while preserving the market’s integrity. The European Parliament and Commission uphold the principle of technological neutrality, provided financial stability and investor protection are maintained. Across Europe, innovation hubs and incubators are being created, and experimentation is facilitated through regulatory sandboxes. These facilities must be compatible with financial stability and consumer protection. Because payment services are provided online and are based on trust, a payments disruption could bring down multiple platforms with harmful spill-over effects.
PSD2 opens up the payment market to third parties other than banks. The directive recognizes two fintech services based on access for third-party providers to bank account data: information services and payment initiation services. These providers are not authorized to capture savings from the public nor open current accounts; in order to do this, they would need a bank license. They also cannot transfer funds between bank accounts. Instead, banks must provide information service providers with all available data about the customer’s account, unless it is considered sensitive.
Technological neutrality requires bank supervisors to take a functional approach; they must apply the same rules, and the same approach must be taken, to similar activities. Technological neutrality is applied based on the principle of proportionality, which provides a degree of flexibility for new entrants. For instance, regulatory sandboxes allow supervisors to familiarize themselves with new technologies and services, and determine what changes, if any, should be made to existing regulations. The ultimate objective of technological neutrality is to reconcile innovation with financial stability and consumer protection.
Emerging Risks in Digital Payments
Growing technical complexity increases security risks in payment systems. In addition, operational risk is rising because of third-party database access and artificial intelligence is threatening to convert algorithms into black boxes that are impossible to understand. These risks require ongoing vigilance and expertise from relevant authorities, and these authorities must be informed immediately about any incident that affects payment systems.
In the European Union, payment service providers, including payment initiators and information aggregators, must use enhanced identification systems in their relations with customers. In turn, users must be aware of the consequences of consenting to the transfer of their data. They must be equipped and trained to use these communication channels.
Finally, with banking opening up to third parties, it is possible for large banks and tech companies to restrict competition in the payments sphere. This requires regulators and competition authorities to pay close attention to market developments and intervene aggressively should they witness anti-competitive behavior.