The paper finds that while there are important regional and national differences, countries are broadly embracing the opportunities of fintech to boost economic growth and inclusion, while balancing risks to stability and integrity.
The paper finds that while there are important regional and national differences, countries are broadly embracing the opportunities of fintech to boost economic growth and inclusion, while balancing risks to stability and integrity.
1. The IMF and the World Bank Group launched at the 2018 Annual Meetings the Bali Fintech Agenda (BFA), a framework of high-level issues that countries should consider in their own domestic fintech policy discussions.1 The BFA is organized around a set of 12 elements (Box 1) aimed at helping member countries to harness the benefits and opportunities of rapid advances in financial technology that are transforming the provision of financial services, while, at the same time, managing its risks. The BFA elements cover topics relating broadly to enabling fintech; ensuring financial sector resilience; addressing risks; and promoting international cooperation. This paper is a follow up to the BFA and takes stock of country fintech experiences and identifies key emerging trends and policy issues confronting member countries and the international community, in light of the rapid transformation brought about by fintech and the rising engagements of the IMF and the World Bank regarding fintech-related issues and within their respective mandates.
BFA Elements: Balancing Opportunities and Risks
I. Embrace the opportunities of Fintech
II. Enable New Technologies to Enhance Financial Service Provision
III. Reinforce Competition and Commitment to Open, Free, and Contestable Markets
IV. Foster Fintech to Promote Financial Inclusion and Develop Financial Markets
V. Monitor Developments Closely to Deepen Understanding of Evolving Financial Systems
VI. Adapt Regulatory Framework and Supervisory Practices for Orderly Development and Stability of the Financial System
VII. Safeguard the Integrity of Financial Systems
VIII. Modernize Legal Frameworks to Provide an Enabling Legal Landscape
IX. Ensure the Stability of Monetary and Financial Systems
X. Develop Robust Financial and Data Infrastructure to Sustain Fintech Benefits
XI. Encourage International Coordination and Cooperation, and Information Sharing
XII. Enhance Collective Surveillance and Assessment of the Financial Sector
2. The BFA is motivated by the need to deepen understanding of how technological innovation is changing financial services provision and the implications for efficiency, financial stability, integrity and inclusion. Previous staff analysis has emphasized that financial services arise to meet user needs—to make payments, to save, to borrow to finance consumption and investment, to manage risks including around all these activities, and to get advice on how best to handle all these needs for services—and that technological innovations have offered improvements in service provision. Figure 1 below provides a stylized road map on how user needs for financial services have traditionally been provided, the key gaps that have been issues for finance, and the new fintech solutions on offer to potentially address these problems.
3. Technologies, ranging from artificial intelligence (AI) to mobile applications are providing new solutions that seek to increase the efficiency, accessibility and security of financial services provision (Annex I). For example, payments needs have in many jurisdictions been met by cash or for remittances by money transfer operators (MTO) and other payment service providers (PSP). These services have faced a range of problems, being slow, costly, hard to track and not always secure. New solutions, built on cloud, digital platforms and distributed ledger technologies (DLT), spanning mobile payments and peer-to-peer (P2P) applications, have arisen seeking to fill gaps. There has been a boom in Initial Coin Offerings (ICO) and surging interest in Securities Token Offerings (STOs), based on DLT and asset tokenization, enabling new investment products that offer a claim on potential earnings streams of new businesses. Borrowing services are impacted by new algorithms, such as smart contracts or AI/ML applied to large volumes of data collected by services providers, especially in payments and from e-commerce providers. This improves credit risk modelling and allows lending to new borrowers including MSMEs. Likewise, advances in AI, digital identification and cyber-security are enabling new models for managing risk for individuals, financial institutions, and regulators.
4. While fintech firms currently represent a small share of overall revenue of the financial services industry, their growth and contribution to innovation is apparent. Figures 2 and 3 below show the distinction, in terms of key attributes between fintech and non-fintech firms within the financial services industry.2 The share of revenues generated by fintech companies in the overall financial sector is relatively small but over one-third of global fintech revenues are being earned in Asia. Moreover, the fintech share of patenting activity in the financial sector is twice that of their revenue share, suggestive of their disproportionate role in innovation in the sector. The bulk of patents filed so far have been in the payments area, with the overwhelming majority registered in the United States.
5. Fintech firms have received a quarter of the financial service industry’s venture and startup funding (per latest estimates of these companies’ funding history since inception) and account for almost 20 percent of the total US$90 billion valuation of new IPO’s (at launch) by global financial sector firms. Venture funding appears to be quite diversified geographically, with the main recipients including crowd-funding and payments services providers. The United States has accounted for about one-half of global venture capital fund-raising, followed by Asia and Europe roughly splitting the rest of the global total of about US$85 billion in such financing for the fintech sector. Fintech IPOs on the other hand have been largely concentrated in the United States, which accounts for over three quarters of the global fund-raising total. The bottom line pattern that emerges is of rising investments and financing of fintech, especially in payments, but increasingly diversified going forward across sectors and regions.
6. Discussions on fintech topics are taking place within a growing number of IMF Article IV consultations (Figure 4). Discussions have focused on the case for fintech to spur digital payments and financial inclusion and setting up the appropriate frameworks and safeguards to develop crypto-assets, including digital currencies projects in small states (the Republic of Marshall Islands (RMI) and Sint Maarten). Fintech has featured in bilateral surveillance reports on Asian and Latin American economies, reflecting China’s booming fintech industry triggered by well-developed infrastructure and soaring demand for financial services, the drive of financial centers to become fintech hubs (e.g., Hong Kong SAR (China) and Singapore), and the centrality of issues such as the desire to promote financial inclusion (e.g., Cambodia, Peru, Tuvalu), and the potential role of fintech in mitigating pressures on correspondent banking relationships, particularly in small islands.
7. A number of issues have emerged from these fintech discussions, although the main concerns relate to AML/CFT. The latter arise, in particular, against the background of crypto-assets or DLT (e.g., Malta and Mexico). Other topics discussed include the similarity of risks faced by fintech firms and traditional financial intermediaries (e.g., Mexico), the potential game changing nature of fintech for banking and asset management sectors (e.g., Luxembourg) and cyber risk (e.g., Chile). The descriptions of fintech risks have often been derived from the IMF global risk assessment matrix (G-RAM); 13 reports refer to fintech risk through the “risk assessment matrix annex”, either as pressures on traditional banking, or as disruptions generated by cyber-attacks. Two country-specific risks featuring in a risk assessment matrix (RAM) are for China (upside risk of a more dynamic private sector) and for RMI in the context of issuing cryptocurrency as legal tender.
8. The staff’s approach to policy recommendations has been principles based. Fintech developments are explicitly mentioned in eight Article IV Consultation “staff appraisals” and seven IMF Executive Board assessments. Policy recommendations are tilted towards risk mitigation, encouraging the authorities to develop a healthy fintech sector with adequate regulation and oversight (e.g., Chile, Japan, Mexico, Qatar, Singapore) or cautioning against the issuance of a digital currency as legal tender that would entail potential costs arising from economic, reputational, and governance risks, and that require strengthening AML/CFT frameworks (e.g., Palau and RMI).
9. In-depth fintech discussions have been undertaken on a pilot basis in recent Financial Sector Assessment Programs (FSAPs). The Malta FSAP that concluded in February 2019 reviewed the Virtual Financial Asset Act and recommended careful and gradual implementation to enable the regulator’s resource development and balance between embracing fintech benefits and risk mitigation. The Switzerland FSAP conducted a review of crypto-asset and blockchain related legislation, regulation, supervision and qualitative risk analysis. It identified significant data gaps and recommended a more active supervision and data collection.3 The Singapore FSAP examined the implications of fintech for the regulation and supervision of the Singaporean financial services sector. All three countries had taken legislative steps to address some aspects of fintech, with focus on crypto-assets and blockchain in Malta and Switzerland and implemented AML/CFT measures on some crypto-asset service providers.
10. IMF capacity development (CD) efforts have mainly focused on facilitating peer-to-peer information exchange and workshops discussing emerging trends and practices. To some extent, this reflects the lack of international standards and consensus on regulatory approaches and the very dynamic nature of developments. The Annual Fintech Roundtable held in IMF’s headquarters brings together practitioners to share country experience; high level regional conferences are being organized with senior policymakers to discuss the BFA, and senior management participate frequently in speaking engagements on the need to preserve balance between risks and opportunities in fintech. In addition, technical assistance and training courses focused on risk-based supervision, emerging issues in financial regulation and supervision, and risk management, e.g., training courses focused on fintech for Chinese officials in 2019, a three-day fintech seminar in South Africa sponsored by AFRITAC East and AFRITAC South, and the fintech workshop for Arab central bank governors organized jointly with the Arab Monetary Fund in 2018. In-house expertise on the topics is being built supported by monthly seminars from policymakers and industry experts and has been aided by the creation of the IMF’s Information Technology Department (ITD) Digital Advisory Service Unit and the Innovation Unit of the Office of the Managing Director.
11. Fintech is increasingly integrated into the World Bank’s operations, country policy dialogues, global knowledge activities, and diagnostic work. More broadly, the fintech work is closely linked to the World Bank’s broader agenda on disruptive technologies and the digital economy. The World Bank undertakes global and regional studies on fintech trends and thematic analytical reports, and directly supports country authorities in adopting fintech through technical assistance and lending projects. The World Bank is also increasingly incorporating an analysis of fintech developments in FSAPs (e.g., India, Indonesia, and Thailand). More broadly, access to digital financial services is seen as pivotal to advance broader development objectives such as improving the efficiency of government services delivery; access to services like water4 and electricity; strengthening human capital in terms of health, education and work; and addressing cross-cutting priority areas like climate change and gender. World Bank Group activities include:
a. ID for Development: This is a cross-sectoral program to support the development of safe, reliable and efficient ID systems many of which also include specific financial sector applications such as eKYC (e.g., Economic Community of West African States (ECOWAS) countries, Morocco, and Philippines).
b. The Digital Economy for Africa Moonshot aims, by 2030, to digitally connect every individual, business and government and ensure they thrive in the digital economy.
c. Govtech seeks to intensify usage of digitization to advance public service delivery, reduce corruption, provide user-friendly services to companies, and engage citizens; modernizing core government systems; and creating public data platform for use by government, citizens and the private sector. The World Bank is aiding (e.g., Cote d’Ivoire, Lebanon) in digitizing government-to person (G2P) payments and payments to Governments (e.g., tax payments, conditional cash transfers).
d. The International Finance Corporation is investing in fintech companies; working with existing banks and clients to help them adopt digital financial services into traditional banking platforms; and working with donors and development partners to accelerate the adoption of fintech and achieve responsible financial inclusion.
12. The World Bank works with client countries on fintech issues in five key thematic areas:
a. Legal and regulatory framework: This work reviews existing frameworks to identify potential reforms that would provide a more conducive environment for fintech innovation and adoption whilst mitigating risks, including support for and design of regulatory sandboxes and other approaches (e.g., India, Jordan, Rwanda, Saudi Arabia, Sri Lanka, and Vietnam), and reforms of legal and regulatory framework for fintech (e.g., Colombia, Kenya, Mexico, Peru, and Philippines).
b. Financial infrastructure: Work in this area covers legal and regulatory aspects, institutional arrangements, and the design of financial infrastructure. In this context fintech approaches like digital identification, faster payments, the use of application programming interface (API) and the use of alternative data for credit decisioning are being incorporated. Examples include, application of data and analytics to improve access to finance (e.g., Ethiopia, Uzbekistan, and Zambia); and modernization of financial infrastructure (e.g., Guyana, Lao, Madagascar, Mozambique, Pacific Islands, Pakistan).
c. Enhancing access to transaction accounts: Transaction accounts are a gateway to financial inclusion and broader use of financial services. Under the Universal Financial Access 2020 agenda, the World Bank is supporting countries to harness the potential of fintech to achieve universal access to transaction accounts. Examples of interventions include support to developing interoperability arrangements for mobile money and e-money systems (e.g., Afghanistan, Madagascar, Pakistan); development of acceptance infrastructure (e.g., Mozambique, Sierra Leone); and digitization of G2P payment services to enhance access to payment services for individuals (e.g., Bangladesh, Ethiopia).
d. Enhancing access to finance for individuals and MSMEs: This is a core part of World Bank operations in countries where fintech plays a critical role. Examples include: use of API models and supporting adoption of innovative approaches by apex development banks (India); usage of DLT in agricultural value chains to bring more transparency and efficiency leading to better price realization for the end farmer (Haiti); usage of platform models for agricultural finance (e.g., Kenya, India, Myanmar, Rwanda, and Tanzania); and crowdfunding and other capital market approaches (e.g., Colombia, Mexico).
e. Institutional strengthening: The World Bank supports capacity building for financial sector regulators and other authorities such as through supporting the establishment of dedicated fintech units and functions and the strengthening of internal systems and processes to support the adoption of regtech and suptech solutions. Examples include: capacity building and fostering dialogue through focused roundtables (e.g., Bangladesh, Colombia, Georgia, India, Peru, Saudi Arabia); modernization of core central bank and financial sector regulatory functions through extensive use of technology (e.g., Afghanistan, Burundi, Vietnam); and supporting greater adoption of technology by commercial banks, microfinance institutions and credit unions (e.g., Afghanistan, Mozambique, Sierra Leone).
13. Against this background, the rest of the paper is organized as follows: The next section documents fintech experiences in member countries, followed by an in-depth review of selected fintech topics. The analysis of the two sections are used to distill emerging trends and the policy issues facing member countries. The concluding section identifies the key priority areas for actions.
Global Fintech Landscape
14. This section provides a comprehensive review of fintech country responses in member countries, based on the information available to IMF and World Bank staff from their engagements with member countries, organized regionally, and from country responses to the 2019 IMF-World Bank global fintech survey (GFS).
15. The Africa sub-Saharan region has become a leader in mobile money resulting in a radical change in the delivery of financial services and significant gains in financial inclusion. However, initial differences in regulatory approaches to new mobile money services offered by mobile network operators led to noticeable regional differences, which have narrowed over time. East Africa has maintained an overall lead including in attracting fintech investments. Southern and Central Africa have seen increases in delivery of financial services through digital channels, but there is significant room for further gains. Despite their varied starting points, priorities, and capabilities, countries in West Africa are ready to take advantage of digital technologies. Regulatory responses in many countries have been more reactive to the rapid pace of change in the sector and much work remains to be done with regards to adjusting their legislation, as needed, to facilitate orderly digital payments and to adjust to the new challenges coming with digital finance including for competition, AML/CFT, cybersecurity, consumer protection and data privacy issues.
16. Asia has made significant advances in nearly every aspect of fintech, although there is heterogeneity within the region. Fintech use has expanded beyond payments to include lending, insurance, and investment; adopting a wide range of technologies based on consumer needs, level of development, regulatory stance, and existing financial and technological infrastructure. Asian tech giants (e.g., in Bangladesh, China, Indonesia) have become important providers of financial services, putting competitive pressures on traditional financial institutions. Policymakers are trying to catch up with the rapid pace of fintech development, while ensuring that fintech risks are well understood and mitigated. Some fintech products have raised significant consumer and investment protection issues, as well as financial stability and integrity concerns (particularly in crypto-assets and P2P lending). Regulators are using mechanisms such as fintech units and regulatory sandboxes, and some regulators have been testing RegTech/SupTech applications (e.g., Malaysia and the Philippines). Some countries have issued regulations on digital lending (e.g., Indonesia, Malaysia, the Philippines, Singapore, and Thailand) and equity crowdfunding (e.g., Malaysia, Singapore, and Thailand). Similarly, the government of India via India Stack and the Jan Dhan-Aadhaar-Mobile Trinity, is supporting the digitization of payments, amending KYC requirements, and customers digital onboarding, and enabling automated access to data from various digitized government systems in the country.
17. The fintech market in Europe is growing but is unevenly distributed, with non-EU countries trailing European Union peers in fintech adoption. European authorities (such as France, Lithuania, Luxemburg, Malta, Switzerland, and the United Kingdom) have been proactively encouraging fintech innovation and exploring regulatory responses. The European Union has introduced two key regulations in the form of the General Data Privacy Regulation (GDPR) and the Payments Services Directive 2 (PSD2), both of which came into effect in 2018. The full implications of these significant policy developments will take some time to become clear. Nonetheless, Europe is already among the most financially-developed and inclusive regions in the world. Therefore, unlike some other regions, fintech would mainly affect the intensive margin of financial services provision. While lagging somewhat in investment in Fintech startups, existing financial institutions are actively adopting new financial technologies, as manifested, for example, in the fact that Europe is the leading region for digital payments.
18. The MENAP and CCA regions had a slow start in adopting fintech and activities are concentrated in few countries and sectors, although the industry is now growing rapidly. In MENAP, four countries (Egypt, Jordan, Lebanon, and UAE) account for 75 percent of fintech startups and, in the CCA, fintech activities are still concentrated in Kazakhstan. Innovations have mostly focused on payments and to some degree lending. Nonetheless, driven by broad recognition that fintech presents important opportunities to deepen financial institutions and promote financial inclusion, the industry is now growing rapidly, and new growth centers have emerged in Bahrain, Iran, and Saudi Arabia. The growth of fintech in the two regions reflects government support and market dynamics but has been modest, including in addressing gender and income-based gaps. Policy priorities include addressing the gaps in digital infrastructures, prudential regulations (mobile money, cryptocurrencies, outsourcing), consumer protection, cybersecurity, supervision including cross-sector and cross-border collaboration as well as AML/CFT.
19. In LAC region, fintech startups are growing, albeit from a low base and still behind Canada and the United States. Adoption of mobile money services in LAC countries remains low, despite relatively high mobile and internet penetration rates. In terms of alternative financing, the United States accounts for 97 percent of the Western Hemisphere market. Most of the alternative financing in LAC is done through lending activities, rather than crowdfunding, and benefits equally consumers and businesses. To foster financial development and reduce transaction costs of cash, several central banks (e.g., Bahamas, the ECCU, and Uruguay) are exploring the possibility of issuing Central Bank Digital Currency (CBDC). The regulatory response varies widely across the region, depending on the size and structure of their respective financial and fintech markets, and the flexibility of the existing regulatory and legal frameworks. For example, while Mexico introduced new and comprehensive fintech-specific legislation, Brazil integrated fintech issues into the existing regulatory and legal framework. In Canada, the new oversight framework will seek to introduce measures associated with end-user funds safeguarding in the event of insolvency, operational standards, disclosures, dispute resolution, liability, registration, and personal information protection.
20. This paper is informed by the results of the GFS conducted with the membership. This survey is structured along the 12 elements of the BFA. All IMF and World Bank member countries were invited to participate.7 The results are based on the 96 responses received. The response rate varies both regionally and by the income level, with fewer responses from less developed economies. The more advanced economies are better equipped to document a broader range of experiences and emerging practices. Consistent with this observation, the highest response rates come from European authorities. Elements relative to national fintech developments and strategies (I), the modalities of surveillance of fintech advances (V), the adaptation of regulatory frameworks and supervisory practices (VI), as well as the modernization of legal frameworks (VIII) received higher rates of response.
21. Countries are broadly embracing fintech and working on building up an enabling environment. Two-thirds of all surveyed jurisdictions recognize the potential of fintech and either are working on or have a national strategy in place, which often focuses on improving consumer awareness and education, reviewing and amending the policy framework and improving institutional capacity to enable fintech investment, innovation, and adoption. Most jurisdictions, irrespective of income level, aim at achieving universal coverage with open and affordable access to core digital infrastructure services. Compared to other jurisdictions, lower- and middle-income countries (LICs and MIs) are significantly behind in terms of the usage of digital payments to governments, the ability to access information from government sources, and the adoption of faster and innovative payment services.
22. Jurisdictions broadly expect fintech to increase competition in the financial sector. Nearly all jurisdictions are expecting fintech to increase competition most in the area of payments, clearing, and settlement services, and to a lesser degree in credit and deposit taking services. Most jurisdictions already require fair, transparent and risk-based access criteria to key infrastructures relevant to fintech or are expected to within the next two years (e.g., payment systems, credit reporting, collateral registry, depositories, securities market clearing houses, central counterparties and KYC utilities).
23. There are high expectations of the potential of fintech to expand financial inclusion for households (84 percent), MSMEs (73 percent) and reduce the urban-rural gap. However, there is only a modest expectation on the potential of fintech to address the gender gap. Over 60 percent of jurisdictions reported having incorporated fintech in a National Financial Inclusion Strategy (NFIS), mostly in middle income countries. The focus of NFIS, centered around fostering adoption of fintech (41 percent), encouraging digitization of government processes (41 percent) and establishing a forum for public-private dialogue (33 percent). In addition, a majority of jurisdictions (80 percent) reported differentiated compliance requirements for fintech products and services targeted at the unbanked and underserved populations, the top five of which are: entry of nonbank providers to offer payment services, creating a new category of basic bank accounts, simplified requirements for specific products targeted at the unbanked and underserved segments, eKYC, and agent-based models.
24. Systematic monitoring of fintech developments is largely confined to the regulated perimeter. Most jurisdictions (65 percent) conduct some form of fintech surveillance, although most (60 percent) have focused on their regulatory perimeter. The scope of surveillance covers a wide range of sectors and activities led by payment systems (51 percent), money transfer systems (42 percent), and lending activities (36 percent). The predominant focus on regulated entities suggests that the collected information might not be granular enough to capture the risks associated with new fintech developments. Furthermore, the survey suggests significant room for improving information sharing, as only about half of the responding countries have set up a consultation group with private stakeholders and less than a quarter of jurisdictions have established protocols for information sharing with foreign authorities.
25. A majority of respondents (76 percent) have made some modifications to their regulatory approach to facilitate the development of fintech and supervisory capacity. These were made mostly in response to a perception in most countries of rising risks, but also to achieve objectives other than financial stability (e.g., financial inclusion), and covered mostly mobile money/payment services and crypto-assets, and to a lesser extent P2P lending. Fourty-five percent of respondents indicate that they are actively promoting the use of technology for regulatory compliance (regtech) purposes, and about half of the respondents have frameworks in place for registration and/or licensing of fintech service providers. Most respondents (87 percent) indicated that they have undertaken measures to increase their capacity to keep up with fintech developments.
26. Most countries (63 percent) have observed increased fintech-related money laundering and terrorist financing (ML/TF) risks and have adapted their AML/CFT frameworks; although fewer countries have put in place risk assessment mechanisms. Most countries appear to have taken or be taking legislative measures to mitigate fintech-related financial integrity risks. However, fewer countries have taken AML/CFT regulatory action with respect to crypto-assets. In addition, less than half of respondents (43 percent) have formal mechanisms to assess ML/TF risks associated with fintech (mostly in advanced economies), notwithstanding the stronger perception of risk. This variance could reflect some reputational bias against fintech products and services. It may also indicate that authorities’ appreciation of risks is informed by sources other than formal risk assessment mechanisms.
27. Nearly two-thirds of the countries responding to the survey identified gaps in which fintech issues are not adequately addressed by their existing legal frameworks. This is particularly the case with the legal framework for financial sector related to crypto-assets, peer-to-peer lending, mobile money, robo-advisory services, algorithmic/automated trading, and lending activities using AI and ML. In the field of private law, most respondent countries recognize the need to amend their legal frameworks to address technological innovation in the financial sector but comparatively few have done so at this stage. Almost half of all respondents believe their existing legal frameworks to be broadly adequate to address innovation in the areas of payments, electronic signatures, dematerialized securities and crypto-assets.
28. The survey reveals wide-ranging views of members countries on CBDC. About 20 percent of respondents indicated that they are exploring the possibility of issuing retail CBDC. Even then, work is in early stages; only four pilots were reported. The main reasons to consider CBDC are lowering costs, increasing efficiency of monetary policy implementation, countering competition from cryptocurrencies, ensuring contestability of the payment market, and offering a risk-free payment instrument to the public.
29. About one-third of the respondents stated that they are experimenting with, or researching, DLT for use in financial market infrastructures (FMIs). Potential benefits include heightened efficiency by improving end-to-end processing speed and enhancing network resilience through distributed data management. However, few respondents consider DLT as a viable alternative to replace outdated payment and settlement systems technology. Nevertheless, a few countries have carried out pilot projects, though they are still assessing results.
30. There is considerable awareness of the need to establish modern data frameworks that support a robust financial system. A majority of responding jurisdictions report having a robust data framework (73 percent) to protect the resilience of the financial system. This includes about two-thirds of jurisdictions outside Europe—where the GDPR has been in effect since 2018. However, half the survey respondents cite long-standing bank secrecy and personal privacy laws may only partially address the full breadth of implications from modern financial applications with respect to data ownership, privacy, integrity, protection, and ethical use. In those cases, modernization of data frameworks is becoming an increasingly salient policy challenge.
31. While awareness of cybersecurity risks is high across the membership and most jurisdictions have frameworks in place to protect the resilience of the financial system, gaps in mapping cyber risks are common, particularly among emerging markets and developing economies (EMDE). Cyber risks in fintech have been publicly identified and acknowledged as an emerging risk to the financial sector in a majority of jurisdictions, particularly among high income economies (79 percent). Evidence from the survey suggests that only a third of jurisdictions have analyzed IT interdependencies within the financial sector, or of concentration risks among big technology providers that could threaten infrastructure. While a high proportion (83 percent) of high-income respondents report some monitoring of cyber risks related to third-party service providers, only half of lower-income jurisdictions have specified minimum requirements.
32. International cooperation efforts are already underway. About half the respondents note that they have shared information about specific policy responses to fintech developments. Country authorities’ have shared such information mostly with international financial institutions (IMF, WB, the Bank for International Settlements (BIS), etc.) or with other country authorities through international training and peer-learning programs. In terms of sharing with other country authorities, much of the cooperation within the African, Middle Eastern, and Western Hemisphere regions is intra-regional (83 percent intra-regional) whereas countries in Asia-Pacific and European regions have noted more collaborations with countries outside the region (72 percent interregional).
33. The survey identifies key areas for greater international cooperation on fintech. Respondents listed cybersecurity (84 percent), AML/CFT (68 percent), legal and regulatory frameworks (63 percent), payments and securities settlement systems (41 percent), cross-border payments (40 percent) and supervisory frameworks (39 percent) as the top priorities for greater international cooperation. Significantly, they also listed these as well as technological know-how areas in which they would seek the help of the IMF and World Bank in policy advice and capacity building.
34. The survey responses also suggest that there is a need to revise or develop international standards by SSBs. Sixty-eight percent of responses indicated that there is a need for international standards for crypto-assets, especially among high income countries. Authorities also highlighted that the largest data gaps in cross-border activities relate to crypto-assets (38 percent), which also suggests the need for enhanced international coordination. The responses also suggested a need for international standards in mobile money payment services (34 percent) and P2P lending (29 percent).
35. Views on implications of fintech for the International Monetary System (IMS), including capital flows and asset holdings, are split. Roughly half the members responding viewed the implications as significant while the others did not. Fintech is expected to matter most for international payments for goods and services, followed by remittances. Fewer authorities at this stage see significant implications for the organization of the Global Financial Safety Net (GFSN).
Review of Selected Fintech Topics
36. Staff conducted an in-depth review of selected fintech topics. The selection of topics was based on a survey of country desks and staff judgment on the relative importance of specific fintech challenges confronting the membership. The review covered seven areas, including with input from external experts: sandboxes, aspects of crypto-assets, payments and settlement systems (large value and retail), data frameworks, selected legal issues, institutional arrangements, and CBDC. Given the breadth of fintech issues, including in the above selected areas, it is important to note that the review is not exhaustive; rather, the review focuses on the most important and cross-cutting issues at present while acknowledging that other aspects of fintech are also important. The results of the review are used to augment the findings from the previous section review of country experiences.
37. A number of authorities have created regulatory sandboxes to enhance consumer protection, market integrity and stability while advancing responsible innovation.8 Sandboxes are used in advanced economies (AEs) and EMDEs alike to allow testing of innovations. Strikingly, half of the sandboxes are located in high-income countries suggesting that market conditions and supervisory resources may be important considerations for their establishment. Some countries, like Indonesia and Poland, have created multiple sandboxes reflecting the different mandates of jurisdictional authorities. Multi-jurisdictional sandboxes are used to promote cross-border regulatory harmonization, foster exchange of information, and enable innovators to safely scale on a regional or global basis.9
38. The objectives of a sandbox vary. Most sandboxes adopt functional or activity-based regulatory approach rather than an institution-based approach. Commonly stated objectives are: to stimulate competition and innovation (e.g., the United Kingdom), to ensure the regulatory framework is fit-for-purpose (e.g., Singapore), to identify gaps in the availability of necessary market products (e.g., Malaysia),10 to promote financial inclusion (e.g., Bahrain and Indonesia), and to explore a particular theme. However, several sandboxes have a more general objective of supporting innovation in financial technologies.
39. Sandboxes are providing valuable insights to policymakers but cannot be relied upon to be a comprehensive solution for harnessing innovation and regulating fintech. There is a growing consensus that it is too early to determine their success. Sandboxes have not yet proven to automatically unlock financial innovation, and they are not substituted for a well-defined regulatory framework. In particular, sandboxes require careful consideration of and compatibility with the existing legal and regulatory framework and underlying market conditions. Early common experiences have raised the following aspects:
a. Clear results and impacts of regulatory sandboxes are yet to be distilled. Sandboxes have only been in operation since 2016 and the benefits are still being extracted. More broadly, supervisory capacity and institutional constraints may make sandboxes challenging to operate and may potentially divert scarce resources from core supervisory activities, particularly in EMDEs. This raises the question of whether the benefits of a sandbox outweigh the cost and complexity of setting up and running a sandbox.
b. Coordination is essential since fintech innovations often fall within the scope of several authorities. In some jurisdictions, various regulators have set up their own separate regulatory sandboxes,11 which make effective coordination, information sharing, and the application of consistent overall approach more challenging.
c. One of the most important roles of a sandbox has been the continuous dialogue between the market and the regulators.12 This provides more regulatory clarity for fintech investment and innovation. However, the close interaction between regulators and sandbox companies could generate perceptions of regulatory capture.
d. Country experiences suggest that it is essential that the objectives and design be appropriately considered such as eligibility and exit criteria and measurement of outcomes. Moreover, sandboxes often provide exemptions or waivers to reduce initial compliance costs and lower barriers to market entry. As such, safeguards are required to ensure that the effects of failure do not jeopardize regulatory objectives.
40. Other types of “innovation facilitators,” such as fintech accelerators and innovation hubs, may exist as a “light-touch” alternative or complement to sandboxes. Like sandboxes, they require a careful cost-benefit analysis.
a. Accelerators (e.g., Singapore and the United Kingdom) enable partnership between innovators/fintech firms and authorities or established companies to “accelerate” growth, innovate on shared technologies, or develop use cases. They can also include funding support.
b. Innovation hubs (e.g., Australia) provide support, advice, guidance and—in some cases—physical space, to either regulated or unregulated firms to help them innovate; identify opportunities for growth; and navigate the regulatory, supervisory, policy or legal environment. Support can be direct or aimed at multiple recipients and does not have to include testing of products or services.
41. Most jurisdictions agree that crypto-assets present risks to investors but are not yet a threat to financial stability. While AML/CFT legislation has been applicable to certain crypto-asset activities for some time, financial sector regulators have more recently started discussing other potential risks. In particular, there seems to be a broad view that crypto-assets may pose risks to investors and many regulators have issued public warnings about their potential risks. Securities regulators have increasingly become involved given the similarities of some types of crypto-assets with securities.
42. A growing number of jurisdictions are classifying crypto-assets according to their characteristics, although these classifications vary across jurisdictions.14 Some jurisdictions classify crypto-assets as securities, utility and payment tokens. Others simply distinguish between assets that qualify as securities according to their national legislation and other assets. Many recognize that the categories are not mutually exclusive, leaving room for hybrid assets. For these categories, some jurisdictions are developing special guidance, and others have opted to leave these assets outside the scope of regulation, at least temporarily. Only AML/CFT regulation seems to be applicable to entities and persons dealing in financial activities related to most types of crypto-assets.
43. Many securities regulators have issued public guidelines identifying those types of assets that would be regulated as securities. For those assets, regulators have warned that persons or entities dealing in, providing trading services and offering the assets publicly should comply with securities regulation and would need to consider whether they may require a license.
44. Some regulators have created special regulatory frameworks for crypto-assets while most are taking a case-by-case approach. Only a few jurisdictions have provided specific guidance as to the types of licenses that are required, and the parts of the regulatory framework that are triggered by different types of activities with crypto-assets. For most jurisdictions that have stated that securities legislation would apply to securities-like assets, the practicalities remain unclear and many questions unanswered (i.e., how and to what extent securities regulation will be applied to each of the aspects of crypto-assets issuance, offer, trading and intermediation is generally not discussed).
45. Most jurisdictions are aware of the features of crypto-assets that make them potentially attractive to criminals and terrorists and have taken varied approaches in response. Some jurisdictions have taken measures to regulate and supervise crypto-asset service providers while others are in the process of consulting with stakeholders or weighing their policy options. Among those jurisdictions that have recognized the importance of regulating and supervising crypto-asset activities, some apply their existing AML/CFT framework to crypto-asset service providers including crypto-exchanges and custodian wallet providers, requiring such providers to apply AML/CFT controls including customer due diligence (CDD) and suspicious transaction reporting. Other jurisdictions have chosen to prohibit certain activities that they consider to present higher risks. The varied approaches currently adopted should converge in the future, as jurisdictions implement the recently introduced AML/CFT standard of the Financial Action Task Force (FATF) related to crypto-asset activities.
C. Payments and Settlement Systems
Large-Value Payments and Securities Settlement Systems15
46. The potential of distributed computing technologies for large-value payments and securities settlement systems have been explored in several countries. Many have included prototypes that use distributed ledger technology (DLT). Others involved projects that examined the potential benefits and risks. Based on an in-depth analysis of 14 projects—including 4 large-value payments systems, 6 securities settlement systems, and 4 cross-border payment arrangements—this section summarizes the main issues and experiences so far.
47. Recent developments suggest a move towards real-time settlement, flatter structures, continuous operations, and global reach. DLT experimentations in large-value payments and securities settlement systems have partly demonstrated their technical feasibility for this new environment. The projects examined issues associated with operational capacity, resiliency, liquidity savings, settlement finality, and privacy. DLT also holds the potential to facilitate the delivery-versus-payment of securities, payment-versus-payment of foreign exchange transactions, and cross-border payments.
48. The analysis points to key issues that could require further attention. Most experimentations have been completed under controlled and technology-focused environments. All projects concluded that DLT is, at least to some extent, feasible as the basis for a large value-payments system (LVPS) infrastructure, but there were some views warning against the immaturity of this technology. Very few projects have explicitly assessed risks against well-established international standards for large-value payments and securities settlement systems. Almost none of the projects involved a cost-benefit analysis and no conclusions can be made on whether DLT-based or improved legacy systems would be the more efficient alternative in future. Key issues of a practical and forward-looking nature include:
a. Market practices. Major changes to the current payments, clearing, and settlements arrangements could have an impact on users, participants, and markets. The evolution towards new infrastructures would require stakeholder consultations and a review of rules, market conventions, transaction reconciliation for synchronized distributed ledgers, and impacts from continuous operations (based on 24/7/365).
b. Risk assessments. Future experimentations or actual implementations would benefit from the explicit and rigorous analysis of potential risks against the CPSS/IOSCO Principles for Financial Market Infrastructures and the analytical framework for DLT in payment, clearing and settlement.
c. Cost-benefit analysis. Investment and operational costs would need to be determined and recouped through a transparent pricing policy, which could be established through annual, monthly or transaction fees, or their combination.
49. Fintech innovations in retail payments now combine features of mobile money with APIs and Quick Response (QR) codes with underlying changes to payment systems. This unbundles payment services from underlying accounts, makes them faster, more cost effective, available around the clock, and—as a result—more user friendly. Incumbents and new players alike are harnessing payments data to customize products and reach new customer segments.
50. Mobile money has allowed for payment services that are delinked from a bank account and can be offered by nonbanks, requiring new regulations regarding, inter alia, safeguarding customer funds and AML/CFT. APIs and the wide spread usage of mobile applications are now leading to different approaches by directly initiating payments using APIs from a third-party app against an existing bank and prepaid account held with a different provider. The regulatory implications of such third-party initiated payments differ from the case of mobile money, since the third-party does not handle customer funds and is merely initiating transactions. There is however need for new regulations that require banks to provide access to accounts and ensuring strong customer authentication (e.g., PSD2 in Europe, Mexico fintech law).
51. Tokenization is a parallel trend to open APIs, championed by global payment card providers. It allows for payment card credentials to be embedded in, for example, mobile phones to make payments. This enables third-party mobile applications to initiate payments against the underlying payment card account (e.g., Apple Pay, Samsung Pay).
52. The trend of third-party apps getting access to bank accounts and payment card accounts has brought more attention to the issue of authenticating customers reliably. This is leading to more direct application of digital ID services for payment services (e.g., Aadhar in India) and the creation of new digital ID services for payments (e.g., Bank ID in Sweden).
53. “Faster Payments” enable real-time clearing and (guaranteed) settlement of payments across different payment service providers. Several countries have implemented Faster Payments across both advanced economies and EMDEs (e.g., TIPS in Canada, the Euro Area, India, Malaysia, Mexico, Sweden, Thailand, United Kingdom). Such systems enable mobile money providers, banks and third-party applications to provide real-time payment services to individuals, businesses and Governments on a 24 hours a day/7 days a week basis.
54. The continued proliferation of data as an input in commercial applications has underscored its value and implications for efficiency, stability, inclusion, and other public policy objectives. Access to data affects the ability of new entrants to challenge incumbents and develop new products, with implications for innovation, competition and growth. Leveraging data allows for increased inclusion but could also lead to exclusion. Concentration of data and cyber risks raise potential challenges for financial stability. A wide range of issues also arise with regards privacy, control and appropriate usage of data.
55. Data frameworks have often focused on consumer protection and are being modernized in many jurisdictions. These frameworks usually recognize four key stakeholders: data subjects (who the data is about), the state (sovereigns which enact and enforce laws); controllers (who have an interest in using the data); and processors (who would collect, store, transfer, and analyze the data on behalf of the controllers). Frameworks typically include rules to protect data subjects related to the collection, access, and portability of their personal information as well as principles related to data quality and rectification, lawful processing, and purpose specification.
56. Properly defining the rights and obligations of each stakeholder is crucial to building trust and meeting wider public interests (e.g., in financial stability, avoiding financial exclusion, and preserving sovereignty). Broadly speaking, this would allow for a full consideration of policy trade-offs, adjusted for national considerations, raised by use of data, including with regard efficiency, stability, inclusion, and privacy among others. Many jurisdictions have or are in the process of preparing revisions to their data frameworks, with a view to ensuring that privacy and consumer protection are adequately addressed throughout the economy, including in finance. International implications of national frameworks would merit consideration and discussion.
57. Recent data breaches have drawn renewed attention to cybersecurity risks facing the financial sector. Cyber incidents at credit bureaus, commercial and central banks, companies as well as infrastructures, have caused large financial losses and compromised personal information for millions of data subjects. Enabling the robust growth of fintech applications will require building public trust in the ability of data controllers and processors to maintain adequate security standards when handling their personal information to prevent data loss, data corruption, unauthorized access, and misuse. This has implications for the oversight of these entities including their IT systems, risk management practices, and cybersecurity policies.
58. There is substantial interest across the membership in analyzing the need for modernization of national data frameworks with several taking steps. In the European Union, the 2018 General Data Protection Regulation (GDPR) sets up a framework specifying the rights of individuals who are the subject of data—including rights on erasure, informed consent and portability among others—and the obligations of the companies that collect, store, process and analyze it. The GDPR allows for sizable penalties on companies for non-compliance and has significant extra-territorial reach. In the United States, California is considering legislation that would require data controllers to pay data subjects for the use of their data while the Congress is discussing the adoption of a privacy law at Federal level. India issued a Personal Data Protection Bill in 2018 that clarified some rights and obligations of data subjects and fiduciaries. In Brazil, new legislation was approved granting data subjects a series of rights, including to data access and portability. The Asia-Pacific Economic Cooperation (APEC) is working towards the adoption of a cross-border privacy rules mechanism that provides for harmonization within the APEC economies while also compatible with the EU binding corporate rules and finally the European Union and the United States are working towards the refining of the Privacy Shield for its adequacy to GDPR.
59. Some countries have required storage of sensitive data within their borders, on national security and sovereignty grounds, with data localization an increasing issue. China, India, Russia, and Switzerland have imposed relatively strict provisions limiting the cross-border transfer of sensitive information. In a few jurisdictions, localization requirements are narrowly limited to particular sectors (such as health or financial records). Some recent trade agreements, such as the United States-Mexico-Canada Trade Agreement, specifically prevent (subject to certain exceptions) their signatories from adopting data localization measures.
E. Legal Issues
60. Recent initiatives by authorities reflect the need for the law to grow with and adapt to market developments. A legal framework that is consistent, comprehensive, and predictable is key to fintech innovation and adoption. As such, there are important aspects to be considered regarding the legal framework for financial regulation related to, for example, crypto-assets, P2P lending, mobile money, access to payment infrastructures for nonbanks, robo-advisory services, algorithmic/automated trading, and lending activities using AI and ML. Amendments to existing financial sector law may thus be called for. Indeed, there are many areas where gaps remain (e.g., digital signatures and digital records of ownership) in the legal framework and where further progress will be needed. Key questions have arisen as to the private law recognition and treatment of certain aspects of fintech activities:
a. The legal status of novel concepts introduced by technological change (e.g., crypto-asset, stablecoins or other balances recorded on DLT, automated processes such as “smart contracts,” and claims on nonbank entities such as telecom companies used for mobile-initiated value-transfer services).
b. The legal basis for activities relating to technological change (e.g., the holding and disposition of crypto-assets or balances recorded on DLT, the treatment of crypto-asset balances in a custody service provider’s bankruptcy, transactions relying on escrow-like arrangements).
c. The allocation of risk of loss under applicable law (e.g., treatment of operational vulnerabilities in the underlying technology, fraud, theft, erroneous transfers, and the law of mistake).
61. Against this background, national authorities are taking different approaches to address these challenges. Three types of responses are generally taking shape:
a. Many jurisdictions are taking early active steps to consider whether financial sector private law is sufficiently certain and flexible to apply in the modern digital context. Some may not legislate if they conclude that existing legal frameworks provide sufficient clarity and certainty.
b. Some national authorities (e.g., France, Luxembourg, and Switzerland), have undertaken law reform initiatives, in consultation with private sector stakeholders and experts, to enact or announce amendments to ensure legal principles attract and nurture fintech industries in their countries. These initiatives aim to, among other things, legally recognize the use of DLT in the recording and transfer of certain securities, although different legal approaches are used to adapt existing law.
c. Other authorities (e.g., Japan, Hong Kong SAR (China), and South Africa), have also actively engaged with the private sector, including launching proofs of concept (PoC), to rigorously explore legal issues arising from fintech developments. In contrast to enacting legislation, they have published reports and papers seeking to educate the market as to common legal issues and legal risks that need to be managed.
62. These developments underscore a fundamentally new phenomenon in today’s fintech innovation. They illustrate a deepening interest in law reform approaches that keep up with the rapid development of new technology. Financial sector private law, in particular payment and securities transfer law requires a high degree of legal certainty to be effective. However, in contrast to past private law modernization efforts (e.g., in response to greater computing power and highspeed telecommunications), a challenge in today’s initiatives is the on-going need to better understand a still-evolving future in real time. These initiatives illustrate that key to crafting legal rules that provide legal clarity—without inadvertently introducing legal rigidity—is effective and ongoing dialogue between national authorities and a diversity of stakeholders (e.g., legal professionals, technology companies, financial sector users of fintech, and other financial sector stakeholders impacted by such innovations and law reform under consideration).
63. The fintech institutional framework mostly mirrors the established responsibilities for financial sector policy, supervision, and development. The setup of new fintech agencies is rare. Instead, responsibilities are allocated to existing agencies. The ministries of finance typically have a high-level policy coordination and formulation role, whereas other ministries may be less involved. Financial supervisory authorities have an active, multifaceted role in fintech. Law enforcement agencies engage with supervisory authorities for fintech-related financial crimes, including ML and TF.
64. Countries differ in the emphasis placed on promoting the development of fintech as opposed to regulating it. This tends to reflect the degree of emphasis put on development and competition. Some countries see fintech as a means of accelerating development and spurring financial inclusion. Others may support fintech innovation that can either challenge incumbents’ business models or provide technology enabling financial institutions to digitalize their services. This difference in emphasis may impact institutional structures, including the allocation of staff resources.
65. The allocation of supervisory responsibilities for fintech tends to follow the framework adopted for financial sector supervision. Fintech supervision is organized differently depending on the country’s institutional structure for supervision reflecting either separate prudential and conduct authorities; separate authorities for each part of the financial sector (e.g., banking, insurance, and capital markets); or one integrated authority. Some supervisory authorities are also responsible for supporting innovation. The conflicts of interest arising from the dual roles are managed in various manners, including through legally established prioritization of objectives or establishment of separate internal reporting lines for supervision and development.
66. Supervisory authorities have normally organized their internal fintech functions in a new, dedicated core group and a network of experts drawn from elsewhere in the organization. The core groups often have a formal mandate and their main functions include a combination of the following: (a) acting as point of contact for fintech firms; (b) running a sandbox; (c) coordinating internally and with other authorities; (d) coordinating internationally; (e) monitoring fintech developments; (f) providing internal training; (g) considering the internal use cases for SupTech; and (h) in few cases, supervising existing fintech firms. Some authorities hire professionals with expertise in fintech to strengthen their capacity.
67. Domestic and international coordination takes various forms. Domestic coordination typically relies on the existing senior level structures; when fintech issues arise, they are referred to a sub-committee or result in the creation of a taskforce to develop proposals. International coordination arrangements are emerging for fintech. These range from bilateral agreements and initiatives (e.g., fintech Memoranda of Understanding) to multilateral ones coordinated by the SSBs, as well as by informal networks such as the Global Financial Innovation Network (GFIN), with varying degree of involvement by national authorities.
68. Several central banks, in both advanced economies and emerging and developing countries, are exploring CBDC.19 Several central banks have published research on the potential implications of CBDC on financial stability, the structure of the banking sector, entry of nonbank financial institutions, and monetary policy transmission. Implications are shown to vary with the design of CBDC. A few central banks (e.g., Uruguay) have issued CBDC as limited-scale pilots and others are on the verge of doing so (the Bahamas, China, Eastern Caribbean Currency Union, Sweden and Ukraine).
69. Central banks are considering the issuance of CBDC for a variety of reasons. In some advanced economies, the falling use of cash is motivating the study of CBDC as an alternative, robust, and convenient payment method, as well as the potential to have negative interest rates. The CBDC could also facilitate contestability of the payment market and reduce the chances of a few large providers dominating the system. In developing countries, the focus is more on improving operational and cost efficiency. In some countries with underdeveloped financial systems and many unbanked citizens, the CBDC is seen as means to improve financial inclusion and support digitalization. Other reasons for considering CBDC include enhancing financial integrity. A non-anonymous CBDC could facilitate the monitoring of transactions.
70. Most central banks are considering non-anonymous CBDC. Almost all seem to be favoring a hybrid approach that allows the relevant authorities to trace transactions. Several are focusing research on a two-pronged approach with anonymous tokens for small holdings/transactions, and traceable currency for large ones.
71. Some central banks are supporting private sector digital fiat currency (DFC) in regulatory sandboxes (Barbados and Philippines). The DFC are digital tokens backed by sovereign currency held in trust at regulated financial institutions. These are like tradeable versions of stored value facilities, such as AliPay and MPesa, that provide private e-money against funds received and placed in custodian accounts. However, unlike DFC tokens, stored value facilities limit transactions to users in the same network.
72. The overall case for CBDC adoption depends on country specific circumstances. From the perspective of end user needs, alternative forms of money and payments may preclude the need for CBDC. From a central bank perspective, the case for CBDC is likely to differ from country to country and on the effectiveness of regulation. CBDC may reduce the costs associated with the use of cash and may improve financial inclusion in cases of unsuccessful public or private sector solutions and policy efforts. It could also help central banks bolster the security of, and trust in, the payment system and protect consumers where regulation does not adequately contain private monopolies.
Emerging Trends and Policy Issues
73. Drawing on the review of experiences in the paper, staff have flagged select emerging issues for further consideration by the membership, including on financial inclusion; regulatory, legal, and data frameworks; digital currencies; and the international dimension.
74. Financial inclusion is one of the areas where fintech solutions have been identified as potentially transformative because they address several financial frictions. These include: (a) cost barriers for delivering financial services—especially severe in remote rural locations and among marginalized groups such as women, the urban poor and migrants; (b) information asymmetries between service providers and consumers, especially among the unbanked who lack information needed to adequately assess risk; (c) lack of verifiable ID and difficulty in meeting CDD requirements; and (d) lack of suitable financial products for lower income segments. Fintech approaches can bring in more efficient and inclusive business models and expand the pool of suppliers of financial services (Box 2).
Lending Platforms and Financial Inclusion
Mobile or online credit, P2P lending and crowdfunding are examples of inclusive fintech targeting individuals. These approaches seek to address the issue faced by excluded segments of lack of credit histories or collateral by using new data sources and decision tools (e.g., data gleaned from apps on users’ mobile phones or from e-commerce transactions). Many of these platforms have developed outside the financial sector, including from technology companies and new investor groups.
Various types of fintech firms providing access to MSMEs are emerging, addressing the obstacles that traditionally hamper access including: a lack of credit histories and accounting data on (informal) MSMEs; financial or business capability; access to markets (e-commerce, supply chain, market data/pricing); and traditional collateral. Fintech companies can offer specialized cloud-based business services to MSMEs that reduces costs. Moreover, the collected data could serve as a basis for cross-selling financial products. Fintech platforms can also provide a gateway to markets and supply chains. Tapping into traditional capital markets to raise longer-term finance is usually not a realistic option for MSMEs, so development of alternative retail-based market-place lending (crowdfunding) platforms could provide viable alternatives. Moreover, there are platform-based models for reverse factoring which create a market place for receivables which expands access and improves efficiencies. For very small firms or newly established enterprises lacking a track record, donation and reward crowdfunding may be a valuable and unique source of early capital.1,2
75. The widespread uptake of mobile and smart phones and applications suggests that basic physical infrastructure exists for increasing financial access through fintech solutions, but risks need to be managed. Mobile network coverage and internet access in developing economies have expanded rapidly in recent years, serving even remote geographical locations. However, there is a need for better awareness of the new risks to consumers posed by digital finance, particularly for the previously underserved populations (Box 3) and strengthen consumer protection measures. These risks arise from the high speed of transactions, remote interactions, automated decision-making, extensive use of data, limited written records of accounts and transactions, and the involvement of unregulated or nonfinancial entities and intermediaries.
Fintech’s Opportunities Come with New Risks to Financial Inclusion
The opportunities created by fintech come with important risks to financial inclusion:
Exclusion—unequal access to technology limits the fintech potential and increases the digital divide. In particular, lack of basic infrastructure; access to smartphones, which permit more sophisticated analytics and improved customer experiences; affordable data-plans to access the Internet and emerging fintech services; and financial literacy, disproportionally disadvantages women and the poor.1
Discrimination—while the promise of many “arms-length” analytical decision-making tools was to remove bias, experiences to date suggest that the record is at best mixed. These tools often reflect the biases in the underlying data, the people designing them, existing preferences (e.g., discrimination against minority borrowers).2
Consumer protection—include risks related to transparency and electronic disclosure; product suitability and over-indebtedness; agent liability; data privacy; effective recourse mechanisms; safety of funds; cybersecurity, and digital illiteracy.
Data-protection related risks. The potential for these risks (such as the compromise of privacy, identity theft and fraud) to cause harm is greater where consumers have low levels of financial and digital capability and lack of alternatives, as is the case in many EMDEs.
76. Financial technology has always been used extensively in capital markets, however its applications have expanded in the last five years and have given rise to several policy challenges. There are three main areas in which fintech is bringing material changes that can impact capital markets development:
a. Alternative financing applications (e.g., crowdfunding and ICOs) are increasingly used to expand financing options for MSMEs and start-ups. However, they have raised important policy questions with regards to disclosure requirements, the applicability of securities regulation, and investor protection.
b. Product distribution platforms, in particular in connection with fund distribution, enable investors, financial advisers or wealth managers to select from a broader range of third-party products potentially impacting capital market development. They can also reduce product costs and allow for better informed decision making. Most platforms for the distribution of funds have been developed in advanced economies but are making inroads in larger emerging markets (e.g., India, Korea, and Mexico).
c. Investment advice (robo-advisers) offer automated portfolio construction and management services (mostly on low-cost index funds and exchange traded funds). This reduces costs and makes portfolio management services available to smaller investors. These applications mostly exist in many AEs (mainly the United States) and larger EMEs (e.g., Brazil, China, and India), but interest is rising in lower income countries (e.g., Kenya).
77. The adoption of technology in the insurance sector has accelerated in recent years (Box 4). It can fundamentally impact business processes along the value chain such as product development, marketing and distribution, underwriting, and policy and claims management. The availability of large datasets and AI/ML can facilitate more accurate risk classification and pricing, thus improving product development and underwriting, and improve customer satisfaction through speedy, accurate and personalized service.
Insurtech—Disruptive Technologies in the Insurance Industry
Use of telematics data for motor insurance has increased, as well as health and life insurance utilizing data from wearable devices. Technical developments for connectivity in vehicles, increasing use of more sophisticated smartphones and low cost of networking have enabled the market to grow rapidly especially in Canada, Italy, Japan, the United Kingdom, and the United States. As for health and life insurance utilizing data from wearable devices, those products have been offered for some time in South Africa and United Kingdom and are now available in developing countries such as India.
Although insurtech has significant potential to benefit both insurance companies and policyholders, its transformative power also holds challenges. Emerging challenges include excessive personalisation and granularity of data which may erode the solidarity principle, and vulnerability to increased amount and types of personal data to breaches of privacy resulting from cyberattacks. There is also a risk of AI perpetuating existing biases. Regulators will need to carefully judge how much individualization of insurance and what kind of data use can be accepted in consideration of an inherent social role of insurance and policyholders’ privacy.
78. Fintech innovations offer significant opportunities for Islamic finance to contribute to financial development and inclusion:
a. The Global Findex Database shows that 40 out of the 56 member countries of Organization of Islamic Conference (OIC) have formal account penetration rates that were less than the world average of 50 percent. Expanding financial services that are Islamic finance compliant through fintech could lessen this gap.20 While about 6 percent of the unbanked adults around the world reported religious reasons for not having an account,21 these concerns weren’t significant in many countries with majority Muslim population and well-developed Islamic financial sectors.22
b. The modus operandi of some fintech models are highly congruent with Islamic finance principles, with the latter focusing on asset-backed transactions and risk sharing. Fintech can make screening transactions quicker and easier, improve traceability and security, expand Islamic finance penetration and strengthen governance (Box 5). Recent industry reports indicate that about 70 percent of current Islamic fintech companies are focused on facilitating business and consumer financing through equity crowdfunding ECF and P2P lending.23 The potential of DLT to reduce asymmetric information, fraud, and distrust between counterparties could enable better efficiencies and transparency in areas such as trade finance and Islamic social finance institutions.24
Fintech in Islamic Finance
Fintech applications for Islamic finance cover broad areas. Innovations include: P2P lending and investment platforms that provide Islamic financial services to retail investors and MSMEs. Islamic ECFs are offering opportunities for financers and investors who are looking for products and services compliant with the Islamic principles. Advances in fintech have also created a conducive environment to scale up the offering of these products, and to deepen the social and ethical impacts of financial services.
The use of DLT holds promise in enabling secured trading of sukuks and establishing a new class of assets that promotes and deepens Islamic capital markets. In 2018, blockchain was used in the resale and settlement of Islamic sukuk by a private Islamic bank in the United Arab Emirates that was worth US$500 million and will mature in September 2023. Another initiative leveraged blockchain technology to enable retail investors to invest in the sukuk, which will then use the proceeds to provide Islamic microfinance under a new initiative in Indonesia.
79. Many jurisdictions have set up a framework to monitor the emerging risks, but additional enhancements are desirable. New fintech services and players have emerged and incumbents are adopting fintech applications quickly, while the entry of large technology companies could have a major impact on the financial landscape. These developments point to the need to strengthen monitoring beyond the present regulatory perimeter, and further enhance information sharing and coordination domestically and internationally.
80. The initial regulatory response has largely been proportional, but countries face multiple challenges in implementing an effective and balanced approach.25 Key emerging issues include:
a. Continued limited experience in regulating fintech activities and products. Newer areas of regulation with few country experiences include the regulation of crypto-assets and related services, P2P lending, and algorithmic trading. Experience with the regulation of insurtech, robo-advisory, and lending activities using artificial intelligence (AI) is even more limited.
b. Resource constraints are challenging the efforts to provide adequate regulatory response and build up capacity. Lower-income countries are particularly vulnerable, as they might be forced to choose between risking financial stability or missing out on fintech opportunities.26
c. There is broad concern about the potential for cross-border regulatory arbitrage. Regulators have emphasized the need for international standards for the regulation and supervision of fintech activities and providers, but these remain at an early stage, including for more mature industries such as mobile money operators.27
d. Increasing dependence on technology heightens the importance of addressing cyber risk. Operational (including third-party risk) and cyber risk is identified as one of the most important risks types. However, the apparent large gap between high- and lower-income countries in terms of addressing cyber risk, may indicate the need for capacity building to support the development of stronger frameworks.
81. Countries are taking different approaches in adapting their legal frameworks to business models using new technologies, and trends are emerging. These include, in particular:
a. Countries are taking a cautious approach to the reform of private (i.e., civil or commercial) law. A few countries have been more forward in their approach, but most will generally rely on the inherent flexibility in private law concepts. Modifications will be made only when the specific features of new technologies and products are not well-suited to existing law (e.g., when is a payment on a distributed ledger using consensus-based validation processes “final”?). This approach recognizes that placing undue emphasis on a specific technology may quickly become outdated or predict a future that will never be.
b. There are close linkages between public and private law. The rapidly-emerging focus of policymakers on legal frameworks governing the control, use, and handling of personal data is a case in point. Developing these frameworks inevitably involves important public policy issues requiring a regulatory response, but these frameworks are fundamentally based on the delineation of the legal rights and obligations of private firms and their individual customers.
c. Legal solutions are also being driven by the private sector although there are limits on the clarity and certainty this approach can provide. Lawyers representing private clients are addressing the specific features of new technologies every day and are employing contractual solutions to novel legal problems (e.g., the development of standardized documentation for smart derivatives contracts). Private-sector industry groups have developed common approaches to emerging legal challenges confronting market participants. Private-sector systems and operating rules may play an important role in the development of legal frameworks governing fintech. While such rules can help ensure that the legal foundations of fintech applications are sound, they are not a complete substitute for a regulatory response.
82. How data shapes fintech’s implications for economic efficiency, equity, financial stability and privacy, will depend on the rights and obligations accorded to different agents. Effective data frameworks reflect a balancing of different policy goals including:
a. Developing a clear framework for the acquisition, processing, and storage of individual data, that also manages risks related to consumer protection, privacy, cybersecurity, and financial stability. While the balance will vary according to national priorities, clarifying rights, obligations, and implicit benefits received by individuals, would help hence complete markets.
b. Facilitating individuals control over their own data has implications for contestability that could be significant. Giving individuals greater control in sharing their own data with different services providers—including in the case of platform models—could increase contestability in these markets that tend to be concentrated with implications for efficiency and stability. However, other policy goals (e.g., consumer protection, privacy, cybersecurity, and financial integrity) should also be weighed alongside such considerations.
c. A global dialogue is needed to help support effective data frameworks.28 How jurisdictions treat data governance and protection is increasingly relevant for global financial services. Data localization has emerged as an early focal point of tensions, with some large technology incumbents and some jurisdictions arguing that such laws could potentially constitute non-tariff barriers, while others argue that national security interests and the ability to ensure adequate oversight require direct control over data within national borders. Incompatibility of data frameworks and the compliance costs may engender some market fragmentation
d. Need to ensure appropriate incentives to manage cyber risk. Regulation and supervision must ensure that financial firms and their service providers adequately manage cybersecurity risks. Clarity is needed on responsibilities for losses to ensure adequate investment in security. Since data breaches can damage public trust in the broader financial system—with implications for growth and financial stability—incentives based on reputation effects are unlikely to lead to adequate investment in cybersecurity by individual institutions. Major challenges for supervisors are developing monitoring and surveillance systems, re-designing supervisory and enforcement tools, and building expertise, including for oversight of third-party technology service providers, which are increasingly involved in the handling of data on behalf of financial firms.
83. As interest in issuing CBDC rises, a closer look is warranted at its impact on the stability of monetary and financial systems. This includes, in particular, the impact of the CBDC on: the structure of the banking system; the effectiveness of the monetary transmission channels; and the potential risk of financial disintermediation, particularly in times of systemic financial stress. In addition, the cross-border implications of CBDC raise new questions that merit investigation (including for example the impact of CBDC issued in a reserve currency on currencies and market functioning in smaller jurisdictions). Finally, central banks should be aware of the potential ML/FT risks that could arise from issuing CBDC.
84. Digital currencies currently pose little challenge to fiat currencies at present as they are too volatile, risky, and not yet scalable. However, technological advancements may overcome such impediments and unlock potential benefits—including to cross-border payments—and, if their use grows substantially and their links to the core financial system increase they may pose a threat to global financial stability by raising exposure to cyber-security risks. Finally, if the usage of crypto-assets as money becomes more widespread, monetary policy effectiveness could be undermined.
85. Fintech has made it possible for nonbanks to provide payment services, often bypassing regulated financial institutions. Since ultimate settlement still take place in the traditional banking system, there have been only minor impacts on monetary policy transmission through the bank-lending channel. In some jurisdictions, these new services have become the dominant payment service providers, raising concerns about the contestability of the payment market, its costs, and the stability of the payments system. However, regulatory barriers in some jurisdictions inhibit nonbank entities from offering payment services (e.g., by not allowing them to offer services or impeding access to payment and settlement infrastructures). Moreover, in many jurisdictions, enhancements to national payments systems have enabled incumbents and nonbank entities alike to adopt new fintech models in payment services.
86. The DLT that underlies crypto-assets facilitates the trading of crypto-assets on decentralized trading platforms, with potential implications for financial stability. In such markets, liquidity is denominated in those crypto-assets, over which existing central banks and financial market infrastructures would not have any control or backstopping capacity. In the event of a liquidity crisis on the exchange, there may be no official institution to supply emergency liquidity, with important financial stability implications if such exchanges grow to become systemically important.
87. Fintech could potentially lead to new forms of cross-border financial flows. New instruments are arising for transactions in capital markets, including across borders, such as tokenized securities, and blockchain bonds, and it is possible that crowd-funding may take place cross-border. These developments could gradually impact the role of traditional centralized intermediaries with implications for the global financial systems:
a. Fintech solutions could change the nature of cross-border capital flows. Fintech could reduce information asymmetries, enabled by more granular information on borrowers and better matching and pooling of savings and investment, leading to a more diversified and decentralized model of international finance.
b. Managing capital flows and enforcing macroprudential measures could become more challenging. Peer-to-peer transactions may prove difficult to monitor or limit. An increase in channels for cross-border capital flows could raise regulatory arbitrage and amplify the impact of shocks such as those arising from liquidity, spillovers and contagion risks.
c. The issuance and use of digital currencies—if they become wide-spread in the future—may change the pattern of trade and financial network effects which are key factors that help support the reserve currency status. Depending on their liquidity and credibility, these new currencies and more decentralized monetary transactions may affect the need for buffers of liquid assets—i.e., reserves—or support the emergence of new reserve currencies, with implications for reserve holdings, the choice of exchange rate regimes and the size and configuration of the global financial safety net (GFSN).
d. Close international cooperation is needed to balance the efficiency and risk effects of new forms of global financial flows and avoid unnecessary frictions in international transactions. International collaboration can be used, for example, to improve interactions between private fintech firms and domestic regulators, such as facilitating the entry of fintech firms into other jurisdictions’ regulatory sandboxes and hence benefiting both private firms and regulatory authorities.
88. The configuration and size of the GFSN will need to be regularly reviewed, in light of the uncertainty as to how much fintech would change the volume or composition of capital flows and how volatility may evolve, depending on the degree of decentralization at which global finance settles, as well as the potential emergence of new reserve assets. The need for new mechanisms for data and information sharing and regulatory cooperation is likely to increase.
89. Fintech is making inroads globally and changing the way in which financial transactions are conducted. Many advances have taken place in mobile payments with major positive impact on financial inclusion. Technology companies are increasingly offering or considering providing financial services alongside commercial products and services and challenging incumbents, albeit with significant variation across countries. Traditional financial institutions are also adapting and increasing their digital footprint, often in partnership with smaller technology companies, or setting up consortia among incumbents. Adapting legal and regulatory frameworks to fintech is progressing; although novel questions are emerging in the field of private law. Supervisory agencies are themselves increasingly exploring fintech applications. Finally, the fintech impact on monetary systems and financial stability is limited at present.
90. Notwithstanding the progress there remains significant uncertainty and several key issues that need to be addressed. While fintech applications and companies are having an impact on incumbent financial institutions (e.g., reduced revenues from payments services), they do not seem to have reached disruptive critical mass and incumbents are adapting their business models and are absorbing fintech advances. It is not yet clear also how competition (or lack of it) is shaping the development of the fintech sector, though large technology firms are expected to play an increasingly greater role in the provision of financial services. Furthermore, rapidly evolving new technologies could quickly and unexpectedly reshape the digital and fintech. Notwithstanding these longer-term concerns, there are urgent issues needing attention, including:
a. Balancing competing policy priorities. The regulators and public authorities are broadly convinced of the need to harness the potential of fintech to address many longstanding barriers to financial sector deepening, inclusion and development. There is broad desire to sustain and strengthen financial stability and integrity, while avoiding arbitrage opportunities (e.g. differing regulatory requirements or tax treatment for same activity based on type of institution providing the service) and promoting competition, entrepreneurship and developing the digital economy ecosystem. These policy priorities could at times be seemingly at odds and balancing them is an issue with which several countries are grappling, requiring broader national dialogue.
b. Addressing foundational infrastructure constraints. Public authorities, particularly in EMDEs recognize the need to address these constraints to fully harness the potential of fintech. These include gaps in the legal framework restricting payment services only for banking institutions; physical infrastructure gaps like limited penetration of broadband and mobile telephony; financial infrastructure gaps like gaps in credit reporting and payment systems; and gaps in overall levels of digitization of government systems like identity, tax records and land records.
c. Developing legal and regulatory approaches to the products, processes and services. The development of international standards or good practices by SSBs will help many countries adapt their legal and regulatory frameworks to the new entrants that are increasingly becoming part of the intermediation and financial service delivery chain, and to ensuring their entry and exit from the financial system in a manner that would not disrupt the availability of services or broader financial stability.
d. Impact on monetary systems and financial stability is limited at present but could change quickly. Many central banks are actively examining the possibility of issuing CBDCs. However, several policy and technical hurdles need to be addressed, and a clear case for issuing CBDC has not yet emerged. Digital-currencies remain volatile and unlikely to be considered, at least at present, as stable monies. Implications for IMS may arise over the longer term and need further study.
e. Data frameworks are emerging as a priority issue, with diverse international approaches that are shaping fintech developments and their efficiency, equity, stability and individual rights impacts. While the approach will vary according to national priorities, it seems important for orderly digital developments that the rights and obligations of various stakeholders are clarified. A global dialogue is important to support effective data frameworks and the cross-border fintech benefits.
f. Cybersecurity is widely considered as a key risk facing financial systems and fintech applications. The rising capabilities of cyber-attacks is creating a sense of urgency amongst public authorities to institute effective measures for cybersecurity risk management and operational resiliency.
Issues for Discussion
a. Do Directors agree with staff analysis of the emerging policy issues identified in the paper?
b. Do Directors agree with the areas identified as urgent issues needing attention by national authorities and international bodies (paras. 89 and 90)?
c. How do Directors view staff’s approach on fintech so far, and where do they see a need for staff to do further analytical work on fintech?