Is regulation enabling or hindering innovation in the financial services industry?

Share this post:

Anne Leslie, Cloud Risk & Controls Leader Europe, IBM Cloud for Financial Services

Europe’s financial services sector is in the throes of wide scale digital transformation – a transition being accelerated by the growing adoption of digital solutions and services to help keep up with the demands of digitally savvy consumers.

While there can be no doubt that digital transformation is spurring innovation across the financial services industry, the impact of regulation is still up for debate. Is regulation enabling or in fact, hindering innovation in the financial services industry?

I recently convened a panel of experts to discuss this important topic, including:

• Laëtitia Veverka, Director of Compliance and Permanent Control, Confédération Nationale du Crédit Mutuel
• Antonio Queiroz, Chief Digital Officer, Euroclear
• Jessica Ramos, Head of Regulatory and Financial Affairs, EBA Clearing
• Nicolas Vasse, Director Strategy & Compliance Consulting, IBM Promontory

We started our conversation by discussing the growth of regulation in our region, including the recent adoption of the Digital Operational Resilience Act (DORA).

“The landscape in digital transformation regulation is unprecedented. In the last 24 months, the [European] Commission has been extremely active.” said Nicolas Vasse, Director Strategy & Compliance Consulting, IBM Promontory.

The increase in laws and regulations to reduce risk and preserve privacy, security, safety, and ethical standards makes compliance a priority for financial services leaders as costly fines loom over the industry. With this in mind, it’s unsurprising that 50% of CEOs in IBM’s 2022 CEO Study identified regulation as a pressure point.

“Now regulation is everywhere in digital transformation and you need to take it into account from Day one of your project – not during your project or after” added Vasse.

The two waves of regulation

In general, new financial services regulation arrives in two waves. The first wave focuses on the financial services sector specifically and aims to create a framework for incorporating new technologies – such as AI, machine learning and cloud – into the services financial institutions are delivering to customers. The second wave focuses on technology more broadly, for example the AI Liability Directive which aims to explore and regulate the roll out of the technology on a wider scale. The two waves are simultaneous, with horizontal and vertical regulations interacting with one another to create a complex landscape to navigate.

However, despite the complexity, my panellists agreed that regulation is not a hinderance to innovation and speed. New regulation has the ability to drive forward innovation, with policymakers and regulators working closely with financial services providers to ensure efficient and effective digital transformation that is both secure and resilient.

Fraud and resilience

One of the biggest drivers of regulation is the rising threat of cyber-attacks and fraud. The cybercrime landscape is constantly evolving – propelled by new technologies and influenced by geopolitical events. The threat of cyberattacks and data breaches are so pivotal, it is a responsibility that now sits with the C-Suite.

“Financial services providers are the most attacked, but most resilient at the same time” argued Laëtitia Veverka, Director of Compliance and Permanent Control, Confédération Nationale du Crédit Mutuel.

Cybersecurity is a unique area where all of the involved parties – banks, services providers, governments and customers – have a vested interest in each other’s success, with collaboration taking priority over competition. Groups such as the Euro Cyber Resilience Board are just one example of this, as parties from across the ecosystem come together, share information and best practices to maximise protection from fraud and attacks.

“This is all in the interest of the ecosystem and it is not really in the competitive space which makes it a really nice area to collaborate on.” Jessica Ramos, Head of Regulatory and Financial Affairs EBA Clearing

Financial services organisations and regulators are driving forward solutions, helping each other understand the risk landscape, the requirements of effective implementation and how to build resilience in the face of the rapidly shifting circumstances.

“If you take the time to educate your regulators and take the time to explain the particularises of your system and threats, that can build a relationship based on trust and then actually accelerate the innovation” added Ramos.

The new major piece of policy coming from the European Commission, the Digital Operational Resilience Act (DORA), is built around this idea of resilience. DORA’s four pillars are focused on operational resilience and the idea that it is not enough to just have measures in place – you must be able to demonstrate they are operationally effective. From risk management to incident reporting across the chain, to approval of outsourcing and service providers, DORA is seeking to ensure a new level of resilience across the EU.

“DORA is about ensuring that financial services are ready for the day of the attack, and are ready to respond.” Nicolas Vasse, Director Strategy & Compliance Consulting, IBM Promontory.

New technologies and innovation

Innovation and modernisation is happening across the financial service ecosystem and, consequently, all areas of the sector are having to stay ahead of security and compliance challenges as regulatatory oversight grows to avoid introducing systemic risk into the industry.

Payments is one area where the balance between innovation and compliance is front of mind with institutions. Consumers have become increasingly demanding of their service providers, wanting frictionless, easy-to-use and instant payments. In addition, the European Commission recently published its proposal on instant payments, seeking to expand the available means of payments within the bloc from traditional money transfers, enabling citizens and businesses to send and receive euros within 10 seconds.

‘We are now looking at these complex situations whereby entities don’t have a very secure legal basis to share information about fraud outside their institutions because you have GDPR as a directive and the Bank Secrecy principles embedding into regulations across different jurisdictions” commented Jessica Ramos, Head of Regulatory and Financial Affairs EBA Clearing.

Service providers need to meet this demand whilst also ensuring due diligence, compliance and fraud protection are not sacrificed.

“You need on one hand to provide instant payment, and on the other hand to filter them at the same time” Laëtitia Veverka, Director of Compliance and Permanent Control, Confédération Nationale du Crédit Mutuel.

We agreed that a collaborative approach between regulators and providers will be essential for achieving this; creating an open dialogue where information and best practice can be openly shared to find solutions to key challenges.

The importance of collaboration

As we look back over the last year we have witnessed a more unified approach in the fintech sector, and specifically, in the collaboration between fintech and larger financial institutions. Whilst in the past, many incumbent banks and institutions took a competitive approach to the rise of fintech, the ecosystem is now far more collaborative, with many banks exploring the innovations and perspectives of these agile companies. We are increasingly seeing larger financial institutions work embedding fintechs in their ecosystems – working together in commercial partnerships, equity investment, or in some cases, an acquisition.

“We tend to leverage their expertise because they tend to be nimbler and more reactive than very large institutions” Antonio Queiroz, Chief Digital Officer, Euroclear.

Large fianancial institutions typically adhere to a wider set of regulation than a standard start-up especially across Europe where the regulatory landscape is still fragmentated. However when working together banks and fintechs must ensure any new applications or capabilities in AI, machine learning, or cloud remain in accordance with any industry regulation.

To achieve this transition, fintechs and larger institutions are creating a system of dialogue with regulators from the inception of new projects, updating regulators on new developments ahead of schedule and explaining the new capabilities and functions. Once both parties are confident it adheres to regulation, the next step can be taken, ensuring that trust between business and regulators stays buoyant and innovation can occur in an efficient way.

“We have a dialogue with regulators whereby we try to share the schedule we want to do, and how we want to do it, and how we want to do it relies on what technology we want to use, it can be cloud, AI. What we see what works for us is to discuss ahead of schedule” added Queiroz.

A bright future ahead

The opportunity for new technologies in the financial services sector is expansive, as long as innovation occurs in an outcome-oriented  and secure, compliant manner.  We are already seeing the potential for AI and machine learning in the sector, for example, in creating more accurate systems for alerting the institutions to AML violations and minimising false alerts.  These advances are co-existing alongside the development of stringent requirements to ensure the reliability of the framework and functioning, as well as ensuring the explanability of the AI.

“We have to meet high requirements to ensure the [AI models] reliability” added Laëtitia Veverka, Director of Compliance and Permanent Control, Confédération Nationale du Crédit Mutuel.

We are also seeing an important role for hybrid cloud capabilities and industry clouds with  built-in compliance and security controls. These specialised cloud platforms are vital to reducing risk throughout the industry, particularly to help facilitate secure and compliant collaboration between banks and ecosystem partners.

Ultimately, regulation was seen as a force for good – an enabler of innovation and progress. The collaborative relationship between policymakers, regulators and banking supervisors and the industry will continue to be of increasing importance over the next few years as technologies such as quantum computing come into the fold. Furthermore, with the introduction of the Digital Euro and Digital Identity Wallet, – both including a trusted third party – we can expect the landscape to shift even further, adding to this complex and critical regulatory paradigm.