By Michael J. Hsu, Acting Comptroller of the Currency
The digitalization of banking has been underway for some time, reshaping the financial-services industry. The COVID-19 pandemic has massively accelerated this trend and brought forward a host of new risks and opportunities, including the need to update the banking industry’s regulatory perimeter.
Integrating technology and banking can offer greater efficiencies to banks and their customers. Financial services, which used to be integrated and largely contained within the banking industry, have been compartmentalized and offered by a greater number of entities beyond traditional banks, including financial-technology firms (fintechs). In the early 2010s, while banks developed online services to complement their traditional brick-and-mortar offerings, fintechs unbundled payment activities, offering services aimed at improving customers’ payment experiences. By and large, such competition was healthy and beneficial for consumers and businesses. Bitcoin was launched in 2009 and steadily attracted users to different cryptocurrencies over the next decade. By the mid-2010s, fintechs expanded to adjacent areas, such as extending various forms of credit and offering interest on cash held, resulting in an increasingly de-integrated stack of banking services.
The digital growth of banking services and the need for digital adaptation increased rapidly during the first year of the pandemic. Today, fintechs provide a full suite of banking and investment services accompanied by the convenience of tech. The growth of the fintech industry, banking-as-a-service and big tech forays into payments and lending is profoundly changing banking and its risk profile. Fintechs are reassembling the three cornerstones of banking by taking deposits, making loans and facilitating payments synthetically outside the bank regulatory perimeter. While fintechs generally are subject to most of the same consumer-protection regulations if they offer covered products or services, some fintechs make technical—and questionable—arguments that their products or services fall outside the existing regulatory framework. These differences create an unfair business advantage for fintechs over banks.
Digitalization has put a premium on online and mobile engagement, customer acquisition, customization, big data, fraud detection, artificial intelligence, machine learning and cloud management. These activities require expertise and economies of scale that most banks do not have. Prophesies of fintechs disrupting banks out of existence have not come to fruition, with fintechs instead focusing on building partnerships with banks. By partnering, banks gain speed to market and access to technological innovation at lower cost, while fintechs seek to benefit from banks’ reputations for having trustworthy, long-standing customer bases and access to cheaper capital and funding sources. As a result, bank-fintech partnerships have grown exponentially and become more complicated.
These developments are creating an increasingly varied, complex set of arrangements, which are significantly more intricate than the standard bank-outsourcing relationships of yesteryear. If left to its own devices, this process will likely accelerate and expand until there is a severe problem or even a crisis. Like the globalization of manufacturing that started in the 1980s, the efficiency gains of these changes can be enjoyed immediately, while the main material risks do not manifest for some time. The benefit of those efficiencies, however, is lost if a bank does not have an effective risk-management framework, and the effects of substantial deficiencies can be devastating.
Banks have done a commendable job of rebuilding trust since the 2008 crisis. Their financial buffers and risk-management capabilities have improved dramatically. Notwithstanding, trust is sensitive to surprise. And the evolution of bank-fintech arrangements in the era of digitalization is giving rise to new opportunities for surprises or tail risks. Banks need to be safe and sound because a loss of trust and unexpected failure can infect healthy peers and affect the broader economy.
Fortunately, this risk can be mitigated through proactive risk management and an adaptive, open mindset. Actions taken today to defuse high-impact tail risks can temper the need to go full “risk-off” tomorrow, ensuring that the banking industry can remain a source of strength to the economy, as it has throughout the pandemic and recent market turbulence. In the United States, at the Office of the Comptroller of the Currency (OCC), we actively work to eliminate blind spots. We are working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes, mapping out the risks and risk-management expectations. Our recently released five-year strategic plan explicitly acknowledges the digitalization forces at play and the need for us to be agile and credible in addressing them. We have been building on the excellent work of staff over the past five years in the fintech/crypto space regarding policies and service providers related to information technology and operational-resilience supervision.
Additionally, important questions are being asked, including: At what point do fintech and crypto firms begin to function like banks? Are the risks the same? Would bringing them into the bank regulatory perimeter be the right solution? How should bank regulators and the regulatory perimeter adapt?
Historically, a crisis or unexpected failure would provide the impetus for updating the banking industry’s regulatory perimeter and bringing those that need regulation into it. Our collective experience with derivatives in the late 1990s and leading up to the 2008 financial crisis, however, suggests that proactive prevention may be a better path. If we can define synthetic banking, determine which crypto activities should be separated and identify the attributes of crypto firms warranting consolidated supervision, we may be able to temper the excesses of the boom-bust-reform cycle. The goal is not to stop business cycles but maintain trust.
The OCC works closely with interagency peers to help ensure we have a shared understanding of how the financial system is evolving so that regulatory arbitrage and races to the bottom are minimized. Modernizing the regulatory perimeter cannot be accomplished by simply defining banking activities but will also likely require determining what is acceptable in a bank-fintech relationship. To be effective, regulatory agencies, including state regulators, must learn to interact differently and define success differently. For example, there needs to be less regulatory competition and more cooperation, less parochialism and more teamwork, less go-it-alone independence and more interdependence. Coordination across regulatory agencies and functioning as one team can help address issues related to regulatory arbitrage or the lack of a single regulator with visibility across all of an entity’s affiliates. In a crisis, the regulatory community does an exemplary job of working together. To modernize the regulatory perimeter, we will need to do so on a business-as-usual basis. Working with our federal and state partner agencies, the OCC stands ready to help lead the way.
An important aspect of regulatory collaboration is the coordinated use of data across agencies. Agencies have different data-collection mandates, with the data each agency collects and has available focused on its specific mission and regulated entities. In a world of de-integrated traditional banking services, sharing data and analysis among agencies can help them identify gaps in supervision and regulation as well as assess and mitigate risks across the financial industry.
By expanding our aperture, engaging more substantively with nonbank technology firms and mapping out bank-fintech relationships and risks, we must stay true to the concept of safety and soundness, champion fairness and be agile and credible as we adapt to changing circumstances as the financial system evolves.