Executive Summary

Following the approval of the Bali Fintech Agenda (BFA), staff conducted in-depth reviews of selected topics, of which one was the institutional arrangements for fintech supervision and regulation. This note summarizes the findings. It covers in some detail 10 jurisdictions, including both advanced economies, emerging market and developing economies. It concludes with some general observations.

The fintech institutional framework mostly mirrors the established responsibilities for financial sector policy, supervision, and development. Ministries of finance typically lead on high-level policy coordination and formulation. Unsurprisingly, financial supervisory authorities have an active, multifaceted role. Law enforcement agencies engage on fintech-related financial crimes, including money laundering and terrorist financing. Sometimes, other authorities such as those dealing with telecommunications, IT and industrial development, are involved in regulating fintech too.

Countries differ in the emphasis placed on promoting the development of fintech as opposed to regulating it. Some regulators prioritize traditional prudential and conduct objectives. Others give more weight to innovation, inclusion, competition and development. This can be a matter of statute or individual agencies can have the leeway to manage their priorities. Either way, this can affect internal structures such as the separation of reporting lines and the allocation of staff resources.

Most supervisors have set up a core fintech group and an expert network. The core group is usually full time and is supported by a network of experts across the agency which is available to help as needed on specific issues. Core groups vary greatly in size depending on their functions. They can: (a) act as point of contact for fintech firms; (b) run a sandbox; (c) coordinate domestically with other authorities; (d) coordinate internationally; (e) monitor fintech developments; (f) provide internal training; (g) assess fintech applications to supervision processes; and (h) in a few cases, supervise fintech firms. To staff their core groups, some authorities have relied more on newly hired technical experts while others depended on internal talent.

Domestic and international coordination takes various forms. Coordination amongst domestic agencies typically makes use of existing senior level structures; when fintech issues arise, they are referred to a sub-committee or result in the creation of a taskforce to develop proposals. International coordination arrangements range from bilateral agreements and initiatives (e.g., fintech Memoranda of Understanding) to multilateral ones coordinated by the standard-setting bodies. In addition, a new multilateral network, the Global Financial Innovation Network, has recently been set up to exchange learnings, develop a common sandbox and help firms navigate between different jurisdictions as they aim for scale internationally.

Fintech presents a challenge to existing institutional arrangements in three ways: clear mandates, effective coordination and flexibility. Regulators must rise to the challenge if fintech is to thrive without causing financial instability. To that end, agencies and internal structures they create should have clear mandates. Since fintech tends to cross regulatory boundaries, effective coordination is critical, both domestically and internationally. And, looking to the future, regulators need to be prepared to change their institutional arrangements quickly given the speed and ubiquity of fintech development.

Introduction

Rapid advances in financial technology (fintech)¹ are transforming the economic and financial landscape, offering wide-ranging opportunities while raising potential risks. Fintech can strengthen financial development, inclusion, and efficiency, but may pose risks to financial stability and integrity, and consumer and investor protection. To reap the benefits and mitigate possible risks, it is important that financial systems are resilient to technological change without impeding the process of transformation, innovation, and competition. The potential “disruptive” nature of fintech may pose new risks and challenges for regulators and, if left unhampered, may negatively impact financial stability and financial integrity. From a risk perspective, fintech can heighten operational risks, as well as risks associated with data privacy and consumer protection, in addition to the traditional risks pertaining to underlying products and institutions.

Fintech developments have challenged how existing institutional arrangements and regulations are established. Fintech has spurred new products and services, ranging from payments to financing, asset management, insurance, and financial advice. New participants, including nonfinancial companies, have entered the market. One example is the discussion between the approach to financial services regulation based on the activity (activity-based) or type of entity (entity-based). Usually, one needs to determine which type of activity or entity is covered by each part of the regulatory framework, and different activities and entities often involve different supervisors. In an entity-based approach, for instance, licensing contains associated conditionality that needs to be met to obtain and retain the license. Often, the type of activity will determine the type of license and reflect specific regulatory objectives and the responsible supervisor. For example, there are certain sector-specific risks which need to be addressed, such as business model risks in banks associated with maturity transformation or the calibration of net asset values for money market funds. On the other hand, one objective of regulation is to address distortions and potential stability risks brought about by specific activities, regardless of the entity which is conducting them. Both approaches have pros and cons and a mix of the two approaches can help reinforce the benefits of each. Fintech developments add a new dimension to these issues. Ultimately, the debate is less about which approach is best and more about ensuring the risks are appropriately identified and mitigated by effective regulation and supervision.

Given these developments, it is important that the regulatory framework—including institutional arrangements—continues to support financial sector agencies in meeting their statutory objectives and mandates.² Fintech cuts across many of the traditional topics that financial regulators deal with and there is a question about which regulator should be involved. In some instances, the entity may fall outside of the boundaries of any entity-based regulation. While this discussion is not new in financial sector regulation (for example, shadow banking), the pace of change and extent of disruption to traditional forms of intermediation has emphasized gaps in traditional regulatory perimeters. In this way, regulatory frameworks may not fully capture the new paradigm shift of fintech developments, placing pressure on public sector agencies to effectively supervise the financial sector and discharge their mandate. Effective financial regulation will also require broader cooperation domestically (for example, drawing on authorities with responsibilities for data protection, competition, telecommunications) and internationally, given the inherent cross-border nature of many innovations. In this way, established institutional arrangements may need to adapt to ensure the public policy objectives of financial sector supervision continue to meet expectations.

This note reviews the institutional arrangements for fintech in 10 jurisdictions, including both advanced economies and emerging market and developing economies. It was initially prepared as background for the June 17, 2019 IMF Executive Board discussion, Fintech: The Experience So Far. Based on a combination of interviews and research of publicly available documents, the note describes (i) the division of responsibilities among national authorities, (ii) the organization of supervisory authorities’ main fintech functions, and (iii) domestic and international coordination on fintech matters. Although the main objective of the paper is to describe the range of approaches taken in the selected jurisdictions, some considerations are suggested for further discussion.

Division of Fintech Responsibilities

Fintech responsibilities are normally divided among various authorities, and often the Ministries of Finance take an active interest. In every country in the sample, the Ministry of Finance takes an active interest in fintech by leading high-level policy coordination, policy formulation, and development of legislation. For example, the French Ministry of the Economy and Finance has led the development of the new French regime for crypto assets.³ The US Treasury published a review of financial innovation, containing policy recommendations for federal- and state-level financial regulatory agencies and legislative proposals for the US Congress.⁴ The United Kingdom’s HM Treasury launched their Fintech Sector Strategy in March 2018, which included a number of annoucements from both regulators and government, including a Cryptoassets Taskforce, a new Fintech Bridge, and regtech pilots.

Supervisory responsibilities for fintech tend to follow the framework and mandates already in place for financial sector supervision. This means that the division of responsibilities typically falls under one of the three common supervisory structures: (i) a twin peaks model with a prudential and conduct supervisor; (ii) a sectoral approach where responsibilities are divided along industry lines (for example, banking, insurance, and capital markets); or (iii) an approach based on a single, integrated supervisory authority. The countries included in the sample represent each of these models:

• The United Kingdom and France largely divide overall financial supervisory responsibilities between a prudential and a conduct supervisor. In the United Kingdom, the Bank of England’s (BoE) Fintech Hub considers how fintech impacts the BoE’s policies including the Prudential Regulatory Authority’s (PRA) objectives and how fintech could be used to support the BoE’s core functions, while the Financial Conduct Authority (FCA), whose mandate includes competition, has an Innovate Department that focuses on innovations of importance to consumers and investors. In France, the prudential supervisor’s (Autorité de Contrôle Prudentiel et de Résolution, ACPR) Fintech Innovation Unit is the interface between fintech project initiators and ACPR’s various departments while the conduct regulator’s (Autorité des Marchés Financiers, AMF) Fintech Innovation and Competitiveness Division focuses on the risks and opportunities to consumers and investors.

• The Hong Kong Special Administrative Region and Kenya divide responsibilities along industry lines as do the United States and the United Arab Emirates (UAE) at the federal level. In the Hong Kong SAR, the Hong Kong Monetary Authority (HKMA), which regulates banks, adopts a technology neutral and risk-based approach and focuses on the supervision and facilitation of fintech activities (such as virtual banking, artificial intelligence) for the banking system, while the Securities and Futures Commission (SFC) has set up its Fintech Contact Point to help fintech companies understand and navigate existing securities regulations. The Insurance Authority (IA) has also set up the Insurtech Facilitation Team to enhance the communication involved in the development and application of Insurtech. Apart from the financial regulators, the Financial Services and the Treasury Bureau of the Hong Kong SAR has also adopted a five-pronged approach to facilitate fintech development in Hong Kong SAR, covering promotion (including the annual flagship Hong Kong Fintech Week), facilitation measures, regulatory overview, talent development and funding. In the United States, the Office of the Comptroller of the Currency (OCC), has created a fintech unit specifically charged with outreach to fintech companies interested in either getting a special purpose banking license or working with nationally chartered banks. In the UAE, there are three separate federal regulators for banking, insurance, and securities.

• Japan, Malta, and the two financial free zones of Dubai and Abu Dhabi have single consolidated financial sector regulators. In Japan’s case, the consolidated regulator (Japan Financial Services Agency, JFSA) has clear leadership on all fintech matters. In Malta, however, a new authority—the Malta Digital Innovation Authority—seeks to promote and develop the innovative technology sector by providing formal recognition and regulation of relevant innovative technology arrangements and related services.⁵ In the UAE financial free zones, the Dubai Financial Services Authority (DFSA) and the Abu Dhabi Financial Services Regulatory Authority are responsible for the development and regulation of all aspects of fintech.

• The Monetary Authority of Singapore (MAS) acts as the central bank and is the integrated supervisor for the financial sector where responsibilities for supervision of fintech fall “under one roof.” This aligns with its mandate to develop Singapore as an international financial center. To this end, the Government of Singapore has an ambitious plan—the “Smart Nation Initiative”—to transform and digitize the economy and make Singapore a global technological innovation hub. In the financial services area, the MAS has for the past three years or so promoted fintech via innovative ideas such as regulatory sandboxes, training, and general encouragement (for example, with an annual fintech festival).

• In Switzerland, the Financial Market Supervisory Authority (FINMA) is the integrated authority responsible for both prudential and conduct regulation of financial services. The Financial Market Supervision Act mandates FINMA to protect individual financial market clients and to ensure that the Swiss financial markets function properly, which is FINMA’s contribution to sustaining the Swiss financial markets’ competitiveness. FINMA has established a Fintech Desk to help the industry understand the regulatory framework and clarify whether a particular business model requires any authorization. In addition, FINMA organized several educational roundtables for the industry. Non-binding FINMA guidance and guidelines establish and clarify FINMA’s application of financial regulation for the three types of tokens (payment tokens, utility tokens, and asset tokens), which have been utilized by many other regulators globally.

Law enforcement is also formally and closely engaged with financial regulators on fintech issues in respect of fraud, money laundering, terrorist financing, and other financial crimes. Other ministries, such as the industry, technology, and telecommunications ministries, are engaged in fintech to a lesser extent. The less intensive collaboration between telecommunications authorities and national financial regulators appears to happen even in countries where a good deal of financial innovation has been driven by telecom companies.

Experience across the sample reveals some different approaches adopted to support fintech policy objectives. Several jurisdictions in the sample view fintech promotion as important for future international competitiveness. Indeed, fintech is often seen as a means of accelerating development. In this way, jurisdictions see a need to support fintech innovation that can either challenge incumbents’ business models or provide technology enabling financial institutions to digitize their services and raise their efficiency. There is some variation in the approach to promoting fintech by authorities in larger countries. The difference in emphasis may impact institutional structures, including the allocation of staff resources.

Countries are continuously reassessing the appropriateness of their current structures and readjusting them as needed. As noted, the setting-up of new fintech agencies is rare. Instead, new responsibilities are allocated to existing institutions. Although the sample did not suggest widespread changes to institutional arrangements, there are examples that suggest regulators are questioning whether existing frameworks and approaches remain appropriate or whether adaptation and change is needed. One example is where fintech firms offer products and services that cut across traditional boundaries, raising the question of whether the approach to financial services regulation should be based on activity-based or entity-based regulation. Often, the type of activity will determine the type of license and reflect a specific regulatory objective and the responsible supervisor. In other circumstances, one objective of regulation is to address distortions and potential stability risks brought about by specific activities, regardless of the entity conducting them.

Jurisdictions typically use a combination of entity and activity-based regulation. Financial intermediation by nonbank firms is not a new phenomenon, but it is traditionally performed by institutions that are subject to regulatory oversight. In some jurisdictions, supervisory authorities face questions regarding whether and, indeed, which, financial regulation is applicable to fintech firms carrying out financial activities, and the degree to which such firms are bound by existing financial regulation. The presence of fintech firms in financial services may also highlight the need to complement an entity-based approach with an activity-based approach to ensure appropriate and consistent coverage of activities that have implications for financial stability. Appropriate regulatory treatment and response may be complicated in cases where fintech firms provide ancillary services to and distribute financial services supplied by existing traditional financial institutions. It may also be necessary to ensure that regulation is proportionate to the relative size and risk of both large and smaller fintech firms.

The divergence of approaches taken in the sample countries shows that different structures can be used to achieve fintech policy objectives. Experience across the sample reveals some different approaches adopted to support fintech policy objectives.

• Reporting line for the fintech unit. For example, in the UAE, the person responsible for fintech strategy reports directly to the central bank governor;

• The focus of recent government publications. For example, the US Treasury’s 2018 fintech recommendations were largely aimed at removing regulatory obstacles.

• Funding of fintech initiatives. In Singapore direct funding of fintech initiatives is undertaken by MAS, which has committed about US$170 million for this purpose.

• The engagement of the authority’s senior management. For example, the BoE’s governor has given numerous major speeches on fintech in the past several years.

Organization of Authorities’ Fintech Functions

Fintech touches many of the traditional topics that financial regulators deal with. As a result, fintech resources in the sample authorities are (or are planned to be) organized with a dedicated core team, plus a network of experts drawn from different parts of the institution, as needed, for dealing with particular issues. For example, in the United Kingdom, the Fintech Hub in the BoE is the center of a “hub and spoke” model, since the work crosses over prudential regulation, monetary policy, competition, and other parts of the BoE and PRA. Analysts inside the hub maintain relationships with other parts of the BoE and the PRA as well as their counterparts in the FCA Innovate Department and the fintech policy team at HM Treasury. In Singapore, an expert fintech team takes the lead on assessing sandbox applicants and is comprised of subject matter experts. By leveraging their technology expertise and experience, applicants can be quickly assessed. The fintech expert group also supports supervisors in their assessments of technology risks.

When establishing a fintech team (such as a fintech hub) different policy objectives will influence the organization of authorities’ fintech functions. Several of the established fintech teams have formal terms of reference describing their role and objective. For example, the terms of reference of the units in France, Japan, and the United Kingdom have been published on the authorities’ websites. Kenya’s Capital Markets Authority (CMA), and the UAE central bank are in the process of creating their fintech units and frameworks and have not yet published any mandate. The Malta Financial Services Authority (MFSA) established the FinTech and Innovation Function in 2019 which has two teams: one for virtual financial assets, which regulates issuers of crypto assets and service providers, and the FinTech Team, which is responsible for the implementation of the fintech strategy. However, the priorities of the MFSA unit are broadly outlined in the MFSA’s Fintech Strategy. The DFSA is unusual for having fintech as a high priority for the whole institution and has had a section on facilitating fintech innovation in its rulebook since August 2018. The picture is mixed in the United States where some agencies have published mandates, but others do not.

A dedicated fintech team within the supervisory agency might be either a single unit or split into two or more units along functional lines. Their main functions typically include (see Appendix I):

• Acting as point of contact on fintech issues (including outreach), which is the most common function assigned to a fintech unit;

• Monitoring fintech developments, which is often combined with the point of contact function (as in the HKMA, SFC, and IA in the Hong Kong Special Administrative Region, the FCA in the United Kingdom, and the OCC in the United States).

• Undertaking research and analysis and developing policy, which is commonly associated with a location in the strategy or planning department (Japan’s JFSA, Dubai’s DFSA, or Kenya’s CMA) or a position in the organization chart close to the chief executive (UK’s FCA, UAE central bank, or the ACPR in France);

• Providing training and education of staff across the agency, which is not something many fintech units have identified as a key function, but is one that is important to those that do so (the US OCC and the UAE’s central bank, prospectively);

• Looking for SupTech and other internal applications of fintech to operations, which is a function that appears to be given weight in some central banks (the Banque de France, the HKMA, and the BoE);

• Running a sandbox,⁶ which, after acting as a point of contact, is the second most common function assigned to a fintech unit. Not all of the sample countries have a sandbox;

• Supervising existing fintech firms, which is unique (or nearly unique) to the JFSA in Japan, where specialized attention has been given to the oversight of crypto assets and platforms;

• Coordinating internally and with other government departments, a function that almost all regulators assign to at least one fintech unit; and

• Coordinating internationally, a task which every regulator in the sample has assigned to one or more of its fintech units either directly or as support to an international affairs department.

The diversity of approaches demonstrates flexibility to adapt to meet the challenges of fintech. Some jurisdictions in this sample benefit from dedicated fintech teams/units as a way to respond to fintech developments. Dedicated teams can leverage technical expertise and streamline processes. In the highly technical and often dynamic environment characteristic of fintech, these arrangements may be efficient. However, the distribution of responsibilities for fintech among routine supervision units may help spread expertise across the agency and draw from a broader knowledge of the financial sector and risk management disciplines (for example, operational risk). Clarity of both the authorities’ and fintech units’ mandates is, however, essential in helping fintech units achieve their objectives.

Domestic and International Coordination

Coordination on issues such as competition, fraud, technology, and security may be affected by fintech, but countries typically have not established a structure for coordination beyond the main financial regulators. Coordination between financial sector authorities and the national ministry of finance is often quite formal at a senior level and covers many subjects. When fintech issues arise in that context, they are often referred to a subcommittee or result in the creation of a taskforce to develop proposals. The extent and manner of coordination across other ministries reflects how government is organized to deal with technological innovation.

Coordination is needed to uphold standards and avoid a race to the bottom. Experience shows that clear mandates and effective coordination can help harness fintech’s benefits. The multitude of laws and regulations is often a barrier for new entrants to the financial sector. In these instances, coordination among relevant agencies can help facilitate the provision of information and provide an easily accessible single point of contact for innovation. One common approach has been the establishment of regulatory sandboxes or innovation hubs which can help reduce uncertainty about financial regulation, such as licensing expectations. Most jurisdictions demonstrate that new legislation is not necessary with fintech, but interpretation of rules or policies is often what is needed. Maintaining clear mandates buttressed by strengthened coordination will help maintain standards and avoid inconsistency or regulatory arbitrage.

Leveraging preexisting agreements and protocols between financial sector agencies across different institutions and countries can lay the groundwork for effective coordination on fintech. Laws, regulations, or other arrangements typically provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors (such as home–host relationships for cross-border banking groups, such as supervisory colleges). Leveraging these relationships and communication channels can help facilitate information sharing between authorities—domestically and internationally—especially for financial sector participants that have cross-border and cross-sectoral activities. These relationships help to raise awareness of emerging issues and share best practices. An example of global coordination is the Global Financial Innovation Network (GFIN), which brings together regulators from more than 50 jurisdictions to discuss frameworks, practices, and emerging ideas on fintech, including sandboxes.⁷ The GFIN builds on many existing arrangements between supervisors and financial sector agencies.

Applying a cross-agency approach to fintech (involving relevant ministries and agencies) could help foster domestic coordination and reinforce the policy framework. Coordination across multiple arms of government and regulatory agencies (financial and nonfinancial), is needed in fintech, which often generates novel complexities from new firms, products, and activities that lie outside the current regulatory perimeter. Given the trade-offs between multiple policy goals, such coordination is likely to be more difficult than coordination between financial authorities. A “whole of government” approach might be most effective at aligning strategic priorities and simultaneously avoiding duplications or differences in rules, especially if regulatory frameworks and institutional arrangements need to be adapted to facilitate the entry of new products, activities, and intermediaries. Interoperability is a prime example of the need for a whole of government approach to create a conducive policy environment for fintech. Interoperability stands out as a critical component in building up the backbone of the fintech ecosystem and achieving it requires coordination of several foundational infrastructures (for example, telecommunications), along with digital and financial infrastructures (such as broadband internet, mobile data services, data repositories, and payment and settlement services).

Across the sample of countries, examples of domestic coordination, include:

• France. Coordination beyond financial regulators is the responsibility of broader structures within each agency. Coordination on issues like competition, fraud, technology, and security may be affected by fintech, but there is no formal structure as such for coordination on fintech issues beyond the main financial regulators. Among financial regulators, the AMF FIC division coordinates actions with ACPR FIU with respect to the authorization and regulation of innovative projects. They redirect firms to one another on a day-to-day basis, depending on the issue. The ACPR FIU is responsible for coordination with the Banque de France, particularly for projects regarding payment services. The FIU and FIC launched the Joint Fintech Forum with industry in 2016. It is a closed group with a three-year mandate. Attendees include industry associations, the Ministry of Finance, Central Bank, industry participants, and CNIL (responsible for data protection).

• Kenya. Among financial regulators there is a Joint Financial Services Forum comprising senior officers from the concerned ministries and financial sector authorities. One example where coordination is emphasized is in relation to cybersecurity being identified as a cross cutting issue. Although cybersecurity is currently an effort in individual authorities, there is a plan to bring together agencies to better coordinate efforts. The Communication Authority of Kenya, another authority under the ICT Ministry, is developing a proposal for an independent cybersecurity regulator. Coordination on data protection is a little more advanced. The ICT ministry resubmitted a 2016 bill to parliament in late 2017/ early 2018 that would license ICT practitioners.

• Hong Kong Special Administrative Region. The Hong Kong Special Administrative Region adopts a multiple agency approach. The multiple-agency approach creates coordination needs whereby a fintech firm can contact an agency (HKMA, SFC, and IA), which will then work with the other two on their behalf if necessary. The Financial Secretary established a Financial Leaders Forum (FLF) some time ago and chairs a number of cross sector committees looking at the intersection of financial stability and developmental issues. The FLF comprises top leaders from the finance community and its role is to advise on policy. There is also a Council of Financial Regulators (CFR), which is composed of senior financial regulators and focuses on safety and soundness issues. It is a forum in which confidential information can be shared and gaps and overlaps among financial regulators can be addressed.

• United States. Two formal coordination mechanisms are prominent among US federal financial regulators, the Financial Stability Oversight Council (FSOC) and the Federal Financial Institutions Examination Council (FFIEC). Both take up fintech issues from time to time and have set up working groups to deal with particular fintech issues. In addition, the Financial and Banking Information Infrastructure Committee (FBIIC) has a role to play in improving coordination and communication among financial regulators, promoting public– private partnerships within the financial sector.

• Japan. Currently BOJ is neither regulating nor supervising fintech firms, but it established the Fintech Center dedicated to being a catalyst for promoting the interaction among financial practices and innovative technologies, research and study, and the needs of economic society.

International coordination arrangements—both bilateral and multilateral—are emerging for fintech.

• Several countries have signed bilateral memoranda of understanding and letters of intent aimed at information sharing on emerging issues, including fintech. Beyond that, there are examples of tighter fintech-oriented coordination. For example, there is a recent initiative between the HKMA and the Monetary Authority of Singapore that explores a connection between a Hong Kong Special Administrative Region distributed ledger technology trade finance platform with a similar platform in Singapore that allows banks in one jurisdiction to transact with banks in the other and avoid fraudulent and multiple transactions.

• The leading example of multilateral coordination specifically targeting fintech is GFIN. The UK’s FCA was a driving force in GFIN’s creation. Other authorities covered in the sample include the HKMA, UAE’s DFSA and ADGM, Kenya’s CMA, Singapore’s MAS, and the US CFPB. The August 2018 consultation document outlined a vision for GFIN as: a network of regulators to collaborate, share experience and best practice, and communicate to firms; a forum for joint policy work; and an environment in which to trial cross-border technologies—a global sandbox.⁸

• Most, if not all, of the financial authorities covered in the sample countries are active to some degree in the financial sector standard-setting bodies (SSBs). During the ordinary course of business, fintech issues are discussed and, when deemed appropriate, working groups are set up to tackle specific issues. For example, the Basel Committee on Banking Supervision (BCBS) Supervision and Implementation Group has established a taskforce on Fintech. Examples of recent BCBS work include the publication of the sound practices on the implications of fintech developments for banks and bank supervisors in 2018⁹ and an agreement to publish a discussion paper on the prudential treatment of crypto assets. The International Organization of Securities Commissions has set up a fintech network and an initial coin offering network. In May 2019, the organization published a consultation report on crypto-asset trading platforms. In October 2018, the FATF adopted changes to its Recommendations and Glossary to explicitly clarify that the recommendations apply in the case of financial activities involving virtual assets.

• One area of potential continuing importance for fintech is cooperation between the SSBs. The JFSA is now chairing the Standing Committee on Supervisory and Regulatory Cooperation of the Financial Stability Board (FSB), which is considering this issue. In addition, the FSB’s Financial Innovation Network has been actively discussing fintech stability and regulatory aspects.¹⁰ Coordination is particularly important due to the cross-sectoral and cross-border nature of many fintech activities, and the fact that some activities currently fall outside the regulatory perimeter.

Prospects for Change

As with financial sector supervision, a varied landscape of approaches for fintech regulation and supervision is also possible. Financial sector supervisors across this sample are organized differently, often reflecting country-specific circumstances, mandates, and strategies. Furthermore, these jurisdictions have shown the flexibility to amend and adjust institutional arrangements to best meet the mandates of financial sector supervisory agencies. The flexibility to change and adapt is helping supervisors meet ever-evolving fintech challenges and the regulatory innovation process is ongoing. A review of planned changes to institutional fintech-related arrangements reveals the following:

• In France, the ACPR and AMF hubs were set up in 2016 with primary responsibility for fintech and work most closely with the Banque de France and the Ministry for the Economy and Finance on fintech issues. No changes to these arrangements are planned, but some larger projects and topics may require different approaches (for example, bigtech).

• In the Hong Kong Special Administrative Region, no new legislation is planned. HKMA’s organizational structure is relatively new. More formal coordination channels may emerge in due course, but no changes are in the pipeline for the mandates of the three agencies.

• Japan’s JFSA is not planning any significant institutional changes in the near term. Although it is considering how to monitor fintech other than crypto assets in the future, the market for fintech is nascent. JFSA recognizes the need to promote information-sharing and to address data protection and education, which may involve assigning more staff to fintech functions in due course.

• In Kenya, the CMA launched a sandbox in March 2019. It has already issued a policy guidance note for onboarding applications on which consultation ended in January 2019.They have plans to expand their core fintech group from three to six people, once the Fintech Guiding Framework that has been sent to their board is approved. Also, a legislative proposal is under development to expand the regulatory perimeter.

• In July 2019, Malta’s MFSA issued a consultation on the establishment of a regulatory sandbox. In the same month, it also issued a consultation document on security token offerings.

• In the United States, considerable effort has been put into establishing fintech units across the supervisory agencies (for example, the Operational Risk and Fintech Section at FRB, Office of Innovation at OCC, FinHub at the Securities and Exchange Commission, and the LabCFTC at the Commodity Futures Trading Commission). No major changes in structure are envisaged at the federal level. The 2018 US Treasury report made several recommendations that will affect federal financial regulators, but, by and large, their impact is not expected to be substantial on institutional structure or the organization of fintech functions. State-based regulations covering virtual currency and blockchain technologies are being developed and implemented. Arizona recently set up a fintech sandbox run by the Office of the Arizona Attorney General.¹⁰ A bill was introduced in the Illinois General Assembly to create a sandbox there too.

• In the United Kingdom, major institutional changes are not contemplated at either the FCA, PRA, or BoE. The FCA has recently reorganized to introduce the Innovative Department. For its part, the PRA Hub mandate is broad and flexible, and the two agencies are complementary to one another. They plan to assess how well the new FCA arrangements work before considering any further major institutional changes. However, there may well be changes at the margin. In particular, the Crypto-Asset Taskforce raised the possibility of extending the FCA’s regulatory mandate to cover crypto assets more effectively. The BoE’s Future of Finance Report published in June 2019 outlined changes and new risks to which the BoE has responded with a detailed action plan. The action plan includes establishing a public–private working group with the FCA and firms to further the dialogue on artificial intelligence, and explore whether principles and guidance could support safe adoption of these technologies.

• The UAE’s central bank is now preparing a Fintech Strategy and Roadmap. Although legislative change is not contemplated, plans for a new organizational unit, possibly with its own reporting path to the Executive Committee, are in place.

• In Switzerland, FINMA has recently amended fintech licensing circulars, but no institutional changes are planned to accommodate a potentially larger volume of applications.

• In Singapore, MAS revealed that it is developing a pilot program with the Singapore Academy of Law to connect fintech companies with legal service providers. The program, known as the Payments Regulatory Evaluation Program, launched in November of 2019, and targets fintech companies in payment services.

This brief review of cross-country institutional arrangements has demonstrated the importance of three factors to meet the fintech challenge: a clear mandate, flexibility, and effective coordination. The examples show that countries are continuously reassessing the appropriateness of their current structures and readjusting them as needed provided that the clarity of the mandate allows for effective organizational adjustments. This is important given the rapid changes that are taking place. Flexibility is crucial, but the strength of any framework will only be fully tested under stressed conditions. Nonetheless, agencies with demonstrated flexibility to adapt should be well-suited to meet the challenges of fintech.

Above all, effective coordination is essential to successfully meet the challenges of fintech and harness the potential benefits. Fintech activities will not be bound by the existing regulatory perimeter, and a cross-agency approach will be needed to support consistency, limit regulatory arbitrage, and contain new risks. Cooperation between different domestic and international authorities is key to ensure a holistic approach to regulation and thus to help solidify trust in the financial system.