So we were having a conversation about rules-based versus principles-based regulation. The UK is an advocate of the latter, which some say caused the global financial crisis. I disagree. The global financial crisis was caused by not having a good view of the risk and connectivity between derivatives and their dependencies. The market and credit risk models were defeated by complex credit default SWAPS and the result was over-extension of credit as illustrated by the trillion dollar losses from Collateralised Mortgage Obligations (CMOs). Hey-ho. So we reignited the industry by bringing in the banning of proprietary trading, ring fencing and living wills, but what was interesting in this dialogue is the way markets mix their methods.
For example, the UK does have some rules-based regulations where safety counts. You must wear a seatbelt. You can’t smoke in public bars and restaurants. You can’t run around naked or go killing people. Those are all rules-based regulations. The reason why we don’t like them is that it turns your country into a nanny state if you have too many rules. Just look at Singapore …
… or ISIS if you want the total extreme.
Equally, you can’t let markets run riot however, so there have to be some rules. You can’t trade at the expense of the customers of the bank. You can’t maker profit using insider knowledge. You mustn’t help terrorists or criminals move money across borders. You can’t shelter money to avoid tax.
These rules are to be broken of course, which is why we see so many tax avoidance schemes assisted by offshore tax havens from the British Virgin Islands to the British Channel Islands. Just sayin’.
So where do we stand today? Should we make new rules, and what are the rules for Fintech?
These were the questions we were playing with. What are the rules for accessing customer data? How do we protect customer’s data if we open their content to APIs? Does the new PSD (Payment Services Directive 2 being implemented in late 2017) that allows approved third parties access to bank account information work in the customer’s favour, or will there be unintended consequences? Who is to blame and where is the fault if there are issues?
The European Commission claims the fault will lie firstly with the main account holder, the bank. If it can then be proven that the third party is in error, they may have their approved (‘trusted’) third party status removed. But it will be interesting to see this play out.
In the principles-based economy, you would purely say there is no rule to share data, but that the principle is that no unreasonable block should be made to enable open trading across networks and systems. Unfortunately, that leaves too much scope in the middle to create reasonable blocks. In fact, this blockage is the whole reason for most banks being able to keep their customers. They keep them because they’re locked in.
But even if you created a rule to say you can’t lock-in no more, you must open up, there are still challenges. I would point to the idea of forcing banks to allow accounts to be portable. Banks would love to make their accounts portable (not) but even if they were told they had to, it’s too darned difficult. This goes back to legacy systems and legacy structures. Many bank clients opened their accounts ten, twenty or even thirty years ago, and the systems they run on might be able to offer an account number that could be used by another bank, except that most banks don’t have standardised account numbers and formats. Or that’s the excuse from the banks anyway. Hence, when UK regulators floated the idea, there was a massive hoo-ha and claim that it would cost the banks billions in systems redevelopments to allow that to happen.
Maybe it’s another reason why people never change bank accounts.
Finally, you do have confusion. I saw this in my recent trip to the USA. At least in the UK we have arguments only with Brussels over who controls what in finance. In the USA, there’s arguments between everyone.
You have policymakers in government, but also in the Federal Reserve and supervisory bodies like the SEC and CME, as well as other interested parties like the FDIC and CFPB. These multiple entities all work together to agree the principles and rules that apply to the US markets and then the State regulators go and screw it all up. I saw that when discussing the BitLicense. Ben Lawsky managed to leave a legacy of a BitLicense in New York that may not be perfect, but it’s pretty good. Then California introduces a different version, followed by other States that also make amends and you end up with 49 State licenses that all have different requirements and processes. You may wonder why I say 49, and it’s because there seems to be at least one State that won’t even license you to trade in bitcoin for the foreseeable future.
A patchwork quilt of regulatory mandates in the USA means that there is far less clarity about blockchain, bitcoin, crowdfunding and peer-to-peer lending than in other Fintech developing markets. For example, at least in the UK we can find our government, lawmakers, regulators, banks, technologists, consultants and advisors all in one place. And maybe that is the ultimate advantage for the City and our attractiveness for innovation and potential long-term Fintech leadership.
After all, if my technologists are on the West Coast, bankers in New York and policymakers in Washington and the three constituencies rarely talk or meet, can they ever develop coherent policies and structures that will allow the US to take leadership in this space?