Douglas W. Arner, the Kerry Holdings Professor in Law, an RGC Senior Fellow, and Associate Dean (Taught Postgraduate) of the Faculty of Law at the University of Hong Kong, presented at Luohan Academy's Frontier Dialogue. Vikram Haksar, an Assistant Director in the IMF's Strategy Policy and Review department, discussed Catalini's presentation. The following texts features transcripted excerpts from. It has been lightly edited for clarity and length.
Speaker presentation by Douglas W. Arner
Thanks, Shang Jin, and thanks to Luohan for the invitation to be here today. We’ve already picked up on a number of these issues, but I want to try to give a little bit of a structured perspective here.
When we think about the big picture trends in financial regulation, if we look back over the past 10 years, really in the aftermath of the 2008 crisis, we can say that the crisis was really one of the defining points for financial regulation over the past decade. That’s something that I think we've seen just an absolute transformation in terms of volumes of regulation, cost of compliance, industry structure and the like.
But it's not just regulation in response to the crisis. Most importantly, we saw a number of other aspects, in particular, the LIBOR scandal which changed the way that we approached a lot of regulatory and market issues.Secondly, a pretty dramatic increase in approaches to market integrity around AML and terrorism financing. The third of course has been around technology. And I think if you're thinking about technology over the past 10 years, of course, the evolution of finance and technology have always been co-developmental.
We highlights tree points in 2007 to 2009, you have the launch of M-Pesa in 2007. You have the launch of the iPhone in 2007. You have the global financial crisis in 2008. And the Bitcoin white paper in 2008. That really signals a decade of new technological approaches to finance. When we think about regulatory issues, pre-2008, we had a very positive approach to innovation in finance. The year 2008, from a regulatory standpoint, fundamentally changed that approach from the standpoint of conservatism to innovation. Most of the last decade, from the standpoint of new technologies, really was about a very conservative approach from many regulators to those technologies.
Look at the beginning of last year, just before COVID. Looking at what if I were going to pick the big themes for regulation over the coming decade of the 2020s, I would focus on sustainability issues, technology and an ongoing tension between globalization and fragmentation. What we've seen is that in each of these cases, COVID has been accelerating that. I think we've seen a pretty dramatic intensification in the way that we are looking at sustainability from a regulatory standpoint. I'll come back to that.
Second, technology. In this chart, we highlight something that we call FinTech 4.0, which is really all about platforms. The idea here is similar with what Xavier has highlighted and what Christian highlighted as well, with 2019, the announcement of the plan to create Libra in its original format, highlighted that the technology that we're looking at over the next decade is much less about margins. New technologies are disrupting traditional finance, and fundamentally doing things in a different way.
We can look at this from a couple of different challenges from the standpoint of regulation.
One is, prior to 2008, we were looking at a pretty homogeneous population from a standpoint of regulation. Everyone in the industry, we all had pretty much the same viewpoint. Over the past 10 years, with the entry of an increasingly diverse range of new entrants, that has changed this approach. And so, we no longer necessarily have a sort of common language, a common sort of knowledge. This is a challenge for regulators.
The second, however, is really around speed of development. It’s something that we're all familiar with, particularly with platformization. That is the potential of things to move very, very quickly. From a regulatory standpoint, not just trying to differentiate between what we characterize as too small to care, too large to ignore, and too big to fail, but actually thinking about proportional risk-based approaches that differentiate from the standpoint of these different context. Now, if we're thinking about COVID, it's pretty dramatically accelerated these trends.
Probably the good news is from the standpoint of finance. So far, all of that effort that we put in over the past decade from the standpoint of regulation and infrastructure has worked out reasonably well. So far, in 2020 and 2021, we have not seen financial crises of the sort that we saw in 2008. That's a very positive starting point. However, of course, as we see increasing issues with asset prices and leverage in those markets, concerns are beginning to emerge. And it's something to continue watching going forward.
If we look at 2020, the big driver that we've all been picking up has been around digitization. In the context of finance, we've probably seen more digitization than in most other areas. If we're thinking about some of the big areas where we're seeing changes, we're actually, in some of these, seeing things that many of us would have expected to happen over three, five, 10 years, happening in a year. The pace of transformation is quite dramatic.
The first thing is something that we've already talked about, particularly between Christian and Darrell, at the very beginning, transformation of electronic payments, dramatic increases in electronic payments, but also the reality as highlighted by the initial Libra proposal to use technology to fundamentally redesign payments systems. Where we're seeing this highlighted most extensively is in the context of central bank digital currencies. Payments evolution has taken a long time to get to this point, really long-term developments, not only in decentralized structures, but also in centralized structures, allowing us to think about designing systems and infrastructure in fundamentally different ways than we've done before.
The second is around the use of technology for regulatory and supervisory purposes. This is something that's not new. If one thinks of something like EDGAR, the SEC's EDGAR system, that is reg tech. That is a form of digital regulatory reporting, which is then the basis of a variety of analytics, not only from the standpoint of monitoring of markets by the supervisors, but of course also by investors, academics and others.
This idea of using technology for a regulatory and supervisory purposes is not something new, but over the past 10 years with the thousands of new post-2008 regulations, we've seen a pretty dramatic increase. By the end of 2019, global financial services industry had spent something like a bit over $300 billion on fines for enforcement actions, was spending about $300 billion a year on compliance costs, and was spending about $300 billion a year on IT systems.
One could already see, from the standpoint of financial services, a great deal of focus, but the key thing, and if we think about something simple, is onsite supervision. Onsite supervision in much of the world over much of the past years has not been possible. And as a result of working from home, non-face-to-face interactions not only between financial institutions and their customers, financial institutions in and of themselves, traders’ compliance, risk management, financial institutions and their regulators, and of course, regulators amongst themselves, everyone working from home. This has pretty dramatically changed attitudes in the regulatory and supervisory community to the use of technology for supervisory purposes. In particular, we're seeing major drives around the world to increase digital regulatory reporting so that information that is being collected is easily digitized and more subjectable to analytics from the standpoint of regulatory and supervisory activities.
Third, it is really around the beginnings of rethinking how we approach market integrity. And if we think about market integrity, AML systems, it's fundamentally based around an analog system that largely evolved in the context of 1970's technological horizons. What does that essentially mean? It means that you have banks who are investigating their customers, and they are making reports to regulators when they subjectively think that they find a transaction which is suspicious.
It's a very expensive system. It's also one that is not very effective from the standpoint of achieving the market integrity objective. The market integrity objective, of course, is about reducing the criminal and terrorist use of the financial system in order to maintain confidence, as well as protect wider societal order objectives. If we look at the current system, it's pretty useless from an ex-ante preventative standpoint. It's pretty good from the standpoint of, once something happens, providing a paper trail to investigate, but it also comes with a range of negative impacts, particularly discussions around de-risking and the disinclination of financial institutions to do business with small businesses, developing countries, and the like.
So, we're beginning to see a rethinking about this. That essentially, if one thinks about a more data-driven approach, the data is actually being collected, in many cases, by supervisors, and they have a much more comprehensive set of data than is available to even the largest financial institution in a given economy. And combining this with a series of systems around digital ID, as well as electronic payments monitoring, we are seeing increasing discussions about, "How can we build better systems?"
Lastly, it is one that we've been discussing throughout today, and that is, issues around Big Tech and data. It's something that, I think we're seeing some very positive impacts, particularly from the standpoint of SME financing, but it's also bringing increasing concerns about concentration. Concentration both from the standpoint of potential systemic risks, but also concentration from the standpoint of potentially reducing competition and therefore, wider innovation.
If we are thinking of all of these pieces, we can draw out three bigger themes. The first is, what my colleagues and I categorize as TechRisk. Essentially, this is risks of technology and its cyber security. Cyber security, increasingly, you can see it as one of the biggest financial risks, one of the biggest financial stability risks, and one of the biggest national security concerns. This is something that, from the standpoint of regulation, is a huge focus. Second, around data. And I think when we're looking at data, we're looking at security, we're looking at protection, we're looking at privacy, but we're also looking at differential approaches between major jurisdictions across the US, EU and China in the context of both societal views of use of data, but also from the standpoint of how can we get the benefits of aggregation of data for training of AI, big data analytics, that can have a longer term beneficial impact from the standpoint of wider competitiveness and development.
A big driver that we've seen with the RegTech and SupTech movement is cloud. Now, if you think about any FinTech founded in the past five years, they're cloud native, but all of our globally systemically important financial institutions are still running on 1970s core IT systems. But the past year, because of the necessity of work from home systems, non-face-to-face customer interactions, has driven that dramatically forward with a lot of very important benefits, but it also highlights a range of potential new risks.
And I think where I want to close, is one last idea. A lot of the discussions around COVID are increasingly turning to, how can we build better systems? Digital finance has been a very important lifeline in many jurisdictions. It's provided an important element of response and resilience that is probably going to be important in future sustainability and other crises. But how can we think about, from the standpoint of a digital financial system, building better frameworks? And it really looks at widening digitization, building infrastructure, balanced activities based, proportional risk-based approaches and support for the ecosystem, particularly around innovation hubs.
Closing bit, is really on this infrastructure piece. There's an increasing consensus around the transformative power of sovereign digital identification frameworks, particularly combined with simplified account opening, to increase access to accounts. And this is something, that for the countries which have it, has been incredibly powerful in the context of lockdowns. But that really has to be combined with open access interoperable payment systems. It's this combination that allows digitization of government payments and services, which allows for, really, an infinite range of experiments in terms of delivering these. But it also reduces the cost of customer acquisition, which enables entry of new participants as well as new business models.
So, if we're looking at regulatory trends over the next 10 years, a big focus is going to be on sustainability, particularly around infrastructure. Secondly, lot of discussions around technology and particularly the fact that technology is transformative in a way that it was not 10 years ago. And much of our discussions will be about whether or not we should do something because the technology is there to do it. The last will be around tensions, I think, between localization versus globalization from the standpoint of regulatory approaches. Thanks very much.
Discussant presentation by Vikram Haksar
Thank you so much for having me here, it's a real pleasure and a real honor to be able to talk to all of you. So, I'm going to be reacting to Doug's presentation. But just to get the standard disclaimer out of the way, my views is my views and not necessarily those of the IMF wealth management. With that said, let me plunge on in. I think Doug’s presentation was really interesting. It covers a very wide canvas. I just pulled out a few things that struck me, in particular, from the discussion on the slide.
Some of the tensions for regulation are going to be, how do we deal with the range of new actors, causal proportional regulation? There're going to be needs for experimentations, sandboxes, that's certainly one approach. There are many questions about, how do we deal with new entrants who are not really financial intermediaries or want to become or behave like one. Would we have new licensing regimes? And Doug touched, also, upon some of the big themes, I think, going forward, about the need for new infrastructures, public private partnerships, digital ID... A lot has been talked about today, about the CBD's as well and new forms of money.
And I want to zero in, in the short time that I've got, on the data policy question. I find it's very big in Doug's presentation, but, frankly, listening to the entire conversation today, I think it's really... I think one of the big transformations in modern digital economy, but also particularly in finance, is the acquisition and processing of data and its role in these economies. The policy questions, the regulatory questions about how we're going to handle this, I think, is coming very much to the center right now. So, this is just a picture to show you the many features of the data economy.
Data is, of course, a big resource, but the question is whose value it is? Is it the individuals or the data processor's? There are questions about competition, there are questions about regulatory cooperation between different objectors or regulators, PSD2, GDPR being talked about... I think the important cross boarding issues as well. Privacy is a very big imperative for many regulators, but there are very different approaches to privacy across different jurisdictions as well. You can see issues with the privacy shield here as well. And I think there's a broader question about privacy, which is, where do we draw the line between the individual's needs for privacy and the social good that can be obtained by wider sharing of data, for example, in biomedical research and then protecting of data where the cyber security topic is it's quite central.
So let me just say a few words about our thinking about policy frameworks. And we have written a paper about this in 2019, let us do a bit of self-promotion, we are having a new IMF paper coming out that thinks about, what are some of the steps we need for a global approach to principles on data regulation? And so, the message of this slide basically, is we try to divide the different policy objectives into growth, productivity. You could think of it that way, equity, privacy type considerations and of course, the considerations from a financial stability perspective. And I would speak a little bit about each of these, but the key message here, is that there are multiple objectives when it comes to the management of data in the modern digital economy. And different pieces of these objectives are handled by different regulators who all have different mandates, actually.
We've always talked about policy coordination amongst regulators. I would argue that the policy coordination challenge of the digital economy, when it comes to data, is even larger because there are more interests, more objectives, and more regulators involved. Some mechanism for having discussion coordination is, I think, quite crucial. The PSD2, GDPR example is one particular example that comes to mind but there are others as well. And the basic question for data policy frameworks are going to be questions around, well, we do want world competition, so there are the topics that Xavier talked about, about data portability, interoperability, these kinds of questions come up. Also, there's a public interest in having data shared widely, certainly with some degree of anonymization as Rob Thompson spoke about as well. These are things that I think, there is a public interest in.
There's a question about, is there a road for public infrastructures in terms of providing data utilities? For example, you could think about credit bureaus as a model that's been used in finances as a mode for a larger data bureau, which handles individual data, suitably anonymized and protected. And then, you know, we can't regulate the data sector to such an extent that the incentives for collection and processing and storage of that data get significantly reduced. On the equity side, two points here. One is that, there's a lot of discussions about privacy. Privacy, of course, is a very important objective and there are, as I think Doug raised, very different approaches based upon national prerogatives and interests to the issue of privacy and different models across different jurisdictions. The point that one would like to emphasize, is that there are mechanisms for enforcing privacy rights.
You've got GDPR, it's a very rights-based, compliance-based approach. The question to our minds is, how do you actually give agency to individuals to effectively exercise control over their data? Not just checking a box saying, "Don't use my data." But how do I actually control it and manage it. And two things to stay out here, I think the experiment that Apple is doing right now, is certainly very interesting, but there are other models. There's a model, for example, in the India stack that was talked about by John, looking at the experience with the UPI in India. The Indian authorities have the concept of a data fiduciary, which would be a body that would basically manage the data of individuals and help give them effective control over consent management.
I think another big topic when it comes to equity and privacy, is the topic of protecting against exclusion. Manju, I think, made a presentation about a very cool paper about what you can do with all the data that is being gathered, now, by non-financial sector actors. But the flip side of that access to data, is that the modeling can result in some very adverse... I mean, depending upon your social preference functions and very adverse outcomes, exclusion of people based on race or other types of characteristics, that we may not think are appropriate. So that's the question of the data governance.
And then finally, on the finance piece, there's the big question about, given the inherent economies of platforms, would we see increased concentration, too-big-to-fail on steroids, and trade-offs therein. I think there's a big question on cyber security. We all know that private institutions have significant incentives to protect that data, to protect their image, but the question is, do the private incentives match with the social incentive given the externality, that you don't internalize the impact of your data breach on the rest of the system. And there are of course, big questions about the topics like operational risk, concentration as well, third party cloud data services providers and the whatnot. The point of this slide is coordination across an area which is very complex and very rich. And I think you saw elements of that, as well, in Xavier's presentation. Now we just close by making the case for global coordination out here.
Basically, the picture makes the point to you... It's a prop. It makes the point to you that cross border trade in a loosely defined concept of data-driven services has basically exploded. It's become very, very large. So, the global digital economy is very integrated, but given that there's increasing focus on the need to manage and regulate the digital data economy in different jurisdictions, there's an issue when different jurisdictions take different approaches to handling the question. So, we have the FSB, we have the whole positive project to ensure convergence or at least some coherence in terms of financial sector regulation. In the space of data, which I argue is a very important part of the need for regulatory framework going forward for finance the next decade, there is much less coordination. The question really is, can we think about developing common principles? There's a list of principles out there on different topics, these are all relevant to financial more broadly as well. They have been talked about in different contexts, I think the European Union is doing some very interesting stuff on data portability and interoperability question.
But I think from our perspective, we would make the case that this is a very important area, which needs a lot of thought. And we hope that forums like this, will stimulate further discussion of them. I'll stop there Shang Jin, thanks a lot.
For more information, please visit Luohan Academy's youtube channel: Luohan Academy