Out-Law News 5 min. read
05 Nov 2015, 11:12 am
Financial services sector head John Salmon and the Pinsent Masons financial services sector team bring you insight and analysis on what really matters in the world of financial services.
Key figures voiced big predictions at yesterday's FT Banking Summit. Credit Suisse chief executive Tidjane Thiam's thoughts on why the global economy needs European investment banks to succeed grabbed the headlines, as did, the four point plan on how to boost the Eurozone through reforms to the European Central Bank outlined by former Greek finance minister Yanis Varoufakis.
But participants also had important thoughts on the future of regulation and technology.
Three points stood out for me. There is a pressing need for greater support for cyber threat intelligence sharing; there may be a need for a 'regulatory pause' to banking reform, and the hour has come for digital currencies, payments and identities to take online financial services to a new level.
Cyber and data sharing
TalkTalk was on the minds of all those involved in the cyber panel session. While it was acknowledged that TalkTalk's breach occurred in a non-financial services context, the reality is that all breaches of this scale also "happen to the banking sector" as one panellist highlighted. Banks are expected to spend time investigating the extent to which customers' financial interests have been affected and to respond to their queries whenever breaches of this size occur.
The Bank of England, for its part, is doing a lot of good work through its CBEST vulnerability testing framework, and encouraging banks to stress test security and engage in effective threat simulation exercises. But the sector as a whole can only be as strong as its weakest link – a particular concern where subsidiaries in other countries, perhaps mandated by regulation, are required to use local outsourcers that do not have adequate security measures in place.
The Bank of England is confident that CBEST has the potential to grow into an effective hub of the latest threat intelligence from market participants and GCHQ. But it can only be effective in keeping up with the pace of change to the cyber threat landscape if banks invest in contextualising cyber threat intelligence and share the output of their investments widely – with law enforcement authorities, each another and other financial services sector businesses.
In our view regulators must provide more clarity about the extent to which exemptions from privacy laws apply to private sector threat intelligence sharing activities. As one delegate put it "companies will not share if they think they run the risk of legal or regulatory hazard or reputational damage." More clarity around the scope of these exemptions is therefore urgently needed.
A regulatory pause
A number of participants called for a 'regulatory pause' in the banking reform agenda. One speaker described banking reform as a "never ending construction site" that has created "enormous uncertainty and made it difficult for banks to take necessary risks fundamental to banking."
There is, it was suggested, a pressing need to assess the impact of all of the regulatory changes that have taken place "over a full business cycle".
Another speaker suggested that banks need time to refocus on providing the best financial services that they can, as at the moment they are more focused on responding to the next regulatory challenge. But they also need time to implement regulatory change and there needs to be greater acknowledgment of the long lag time between recognising solutions and enabling them to happen at an operational level.
Others at the summit were more pessimistic about the future of the regulatory reform and suggested that a more concerning issue than allowing time to enable changes that have already been put forward to have effect is the nature of the changes themselves. Global regulators continue to regulate for the world of the past it was suggested. Regulators in many different countries, while trying to regulate a complicated system, "are focusing on the banking practices of the past and not those of the future", said one participant. This has meant that for banks the resources dedicated to regulation are far outweighing those given to innovation.
It was also suggested that despite the weight of compliance burden on banks particularly those with global operations, the key issue – getting the basics right – is not being addressed. More attention needs to be paid to conduct and governance.
I think the idea of taking a regulatory pause is really interesting. Two things seem to me to be certain. First, existing institutions would really benefit from some time without new regulation to focus on new innovation. Second, getting the basics right should be a priority and that comes through getting the culture right.
Digital currencies
Richard Brown of R3, the technology company behind an initiative to investigate the potential of blockchain technology that is backed by 25 global banks, discussed the relevance of blockchain technology to global financial markets as distinct from the general perception of the growing irrelevance of bitcoin. "Bitcoin tried to solve problems banks don't have," he said, adding that the blockchain addresses the cost and inefficiencies of reconciliation.
Richard Crook of RBS described this second problem as a "straightforward one", saying that in payments we "all have different versions of the truth". He said that if we can get to a single source of truth between big banks, regulators and others, the process changes this will enable will be ground-breaking.
But the future is not only about process changes that the blockchain will enable. Panellists in this session were firmly of the view that digital currencies themselves should not be dismissed. They made the bold prediction that central banks will begin issuing digital currencies as soon as early next year. As consumers would have a claim on the issuing central bank rather than their own banks, this development would mean that the role of retail banks will change at its core, unlike other developments where the change has been more around the edges.
Payments and digital IDs
I sat on the panel discussing payments, where predictions included that "payments should follow what consumers want"; "in five years no-one will use plastic but only mobile phones to pay", and "whether consumers will still use banks for payments is not certain."
I highlighted our recent YouGov research which questions whether the innovation enabled by recent changes to payments regulation are really what consumers want. Retailers telling their banks to authorise payments on their behalf rather than buying goods with a credit card, and apps that give you an overall view of your financial circumstances by accessing your account data through an API, are not developments which have the average consumer excited according to our YouGov research.
The research told us that the question of trust remains unresolved for both payments services and more generally in banking. In two years' time most people believe they will still bank with their current bank, but when it comes to initiating payments, they are more likely to use a business like PayPal. Banks still have the advantage as the trusted brand for financial services but while consumers seem to have little trust in big technology companies to provide general financial services, when they prove themselves in the sector, like PayPal has done, trust increases.
A central theme that was raised during the session was the connection between trust and digital identities. Until UK consumers have a real option to engage wholly with financial services through an online process, interest in other digital initiatives, like those proposed under the Payment Services Directive 2 and by the UK Treasury through its open banking initiative, may continue to be limited. It seemed that delegates were supportive of the idea of a digital ID for UK financial services which I raised in response to a question from the audience.
Over the coming months therefore banks have good reason to move forward quickly with this initiative while they still have some advantage in terms of being viewed as the most trusted type of entity to provide financial services.
