Complaining about regulators must be part of the day job for banks and fintechs. Whether worrying about keeping in line with wave after wave of changes, or paying out fines for when things have gone wrong, it is surprising there is any time or money left for banking or developing software. Phone calls and chats at conferences inevitably turn into talk about what the regulator is doing next to make daily operations even more difficult.
For example, the impending arrival of Payment Services Directive II (PSD2) has been on the radar for banks for some time. They know it will mean third-party providers will be able to eat up some of their business through the ability to directly access accounts. What adds an additional layer of complexity is the decision by the EU to impose the general data protection regulation (GDPR) laws in the same year.
While telling banks they have to open up the accounts of their customers to third parties, regulators are also insisting they need to closely guard that precious data, or face an expensive penalty: a 4% of all turnover penalty, to be exact. While it could be argued the banks need to start working towards protecting themselves against any mistakes now, the problem lies in the typically vague wording of the regulator: what, exactly, is sensitive data?
There is the risk banks are going to tip-toe around implementing PSD2 until they know for certain what is going to come to pass under GDPR. The European banks are left wondering how to work simultaneously with two apparently contradictory regulations and still make a profit.
But it is not all doom and gloom. What happens when the regulators (gasp) do something helpful? The fintech sandbox established by the UK’s Financial Conduct Authority (FCA) is a prime example of how regulators, working well, can actually foster an environment of modernization.
Despite some reservations that the sandbox could unintentionally wind up being a dream marketing tool, providing an unofficial FCA endorsement, overall it has been welcomed by all sides. Offering a safe place for fintechs and banks to play, without the worry of finding businesses or products subject to a ban, seems so simple you wonder why no one has thought of it before.
The FCA has been internationally praised for being so proactive and innovative in its actions. Yes, the regulator has it written into its founding legislation that it is supposed to be innovative (section 2 paragraph 3 of the Financial Services and Markets Act 2000, if you are interested), but even so it feels like the move is unprecedented in its possible impact. It is as if the FCA has realized this new technology is not going to go away, so it may as well have some say over how it is developed.
Creating the sandbox has a two-fold benefit for the regulator: it can keep an eye on what is happening in the industry and take steps to curtail certain actions before they spread. Rather than reacting to what has already been implemented, leaving banks and fintechs to carefully unpick what has already been integrated, they can work together along the same lines.
The move throws down a gauntlet to other regulators. The rules of the sandbox dictate that it needs to have a benefit to the UK, but it is not limited to only being used in the country. When looking at past innovations, such as Faster Payments, and how they have influenced developments as far away as Singapore and Australia, moving to London to develop software might suddenly seem very tempting to overseas companies.
It also has the benefit of meaning that anything that is developed will be implemented in the UK first, keeping the country at the forefront of fintech innovation – not to mention creating a new export industry for the country as it faces trade questions post-Brexit. All the parts fit together so well it is almost like some people got together and planned it.
The real worry is this will set a precedent: more national regulators and central banks may look at how they can innovate to help their banks step into the 21st century. And what will everyone have to talk about then?