Transcript of Question & Answer Session Financial Technology and Payments Regulation

Michele Bullock

Thank you very much. What I'd do in my five minutes is expand a little bit on some of the themes that I talked about earlier in my speech, and that's really about the way regulators are approaching this attempt to balance innovation, security and safety for the economy.

So if I look around the world at various regulators that I'm in touch with, the general flavour as it is in Australia, and I think in China as well is, we're looking to encourage fintech and we're looking to encourage innovation, but we're all very conscious that there are important issues of safety, and therefore that this isn't actually a regulation-free area. So innovation can spring up under appropriate regulation, it doesn't need to be regulation free.

You've heard the term sandbox a number of times in this summit, and the idea of the sandbox is … I think in Singapore, there was a couple of versions of it, one was a regulator sandbox I think, and the other was an industry sandbox. I think the industry sandbox is a fairly common thing around the world, and that's where they're not regulation free but they're operating in a very constrained environment. They're working with proofs of concept, the fintechs are working the proofs of concept.

In order to get their business models up and running in a regulation-light way, as I said it's not regulation free, I think its regulation light. That's a very common theme. What this regulation is actually aiming at is customer protection in effect. So many of the sandboxes are being set up by consumer protection agencies and by securities regulators. The concerns here are about consumers. They don't want consumers to be victims of fraud, they don't want consumers to find that their savings have all flown out the door, so it's all about consumer protection.

The other angle, I think, on regulation of fintech at this stage is investor protection. The topic of ICOs came up earlier. ICOs are an interesting example of innovation for small companies who want to get something off the ground and it's in effect equity finance in a way. It's not quite the same obviously, but it's similar. They're looking for capital injections and technology is providing them with a way of being able to get that.

Again, this is where regulators come in because there are examples where they are just plain fraudulent. So regulators can't step back completely from this. They have to be active, they have to be watching, and they have to be monitoring to make sure that consumers and investors are protected.

This is an interesting contrast in a sense because most of the regulation that we see in financial institutions is aimed at the stability of financial institutions. It's aimed at prudential supervision, it's making sure that financial institutions don't fail and take people's money with them. That's not the concern of regulators at the moment with fintech. That's not to say that's not where it will go, because if some of these companies get big enough, there will be systemic issues, and that then raises the issue of what sort of standards do we impose on them?

My colleague here spoke a little bit about the international jurisdiction. Everyone does something a little bit differently. With financial institutions, the major world economies have gone to a great deal of effort to try and standardise regulation across economies. So I think it's going to be interesting to see whether or not regulation of fintech also ultimately moves in that direction, because it's increasingly across border, and whether or not regulators start to realise it, there needs to be some sort of cooperation in setting regulation.

The other point I'd like to make briefly is that regulation really needs to be functionally based. This came up in another session as well. If it looks like financial intermediation, even if it's not called a bank, then it probably needs to be regulated on a similar basis. Functional regulation is really important here, and in setting up legislation, and in setting up laws, we need to avoid tying requirements to particular types of institutions. We need to look at what functions they're performing, what risks they are taking, and what risks they are imposing on the economy, and regulate consistently across those, regardless of the institution that is doing it.

Finally, I mentioned in my speech the issue of cooperation and competition. Competition is what drives cost reductions, it drives efficiencies. But in the area of payments, in particular, cooperation is actually really important. Standards is one area where we need in fact, to cooperate. But we also might need to cooperate in providing utility infrastructure that all can access. The Singapore example of an EKYC, an industry utility that is for everyone, it's not a competitive space, is another good example of that.

I think they're sort of my three points: focus of regulators at the moment on consumer protection and investor protection. It should be basically functionally based, and principals based. And finally, we need to think about where we might need to cooperate.

Thank you.

[Audio paused]

Michele Bullock

Very quickly, I'm conscious of time, but just responding. In fact, our view is more similar to Singapore's, which is that the case is less for retail and more potentially for business or wholesale for some of the reasons you highlight.

Thank you.

[Audio paused]

Michele Bullock

I mentioned actually, in my speech this morning that we are embarking upon an open data process. And I think we're fairly lucky we're a little bit behind the curve here because often it's better not to be at the bleeding edge, it's better to be a fast follower and learning from other jurisdictions.

The way we're approaching it is to establish a consumer data right, and the way that's being done, that consumer data right, is actually going to rest with the competition regulator because, as you mentioned Connor, it's not just about financial data, it's about all sorts of data. Then we're in the process of establishing data standards which will apply for the sharing of data, the privacy of data, the security.

So I think in terms of the cart before the horse, which Europe seemed to embark upon, we're trying very hard to make sure that we've got the liability regime worked out before the data sharing. It will start with a small group of financial institutions with a small number of products, if you like. Work out that, and then move forward to other sorts of data sharing within the financial sector, outside the financial sector.

But the liability framework is really important because you've got to make sure that the incentives are right for people to share, and that the incentives are on those who are receiving the data. The incentives are on them to treat the data with just as much respect of those who've given it up. Because we all know that in this world of cyber and security and IT, that everything is only as safe as the weakest link. So it doesn't matter how good the banks' security and the way they treat their data is. If they give it to someone and someone else is a weak link, then that just wrecks the whole thing.

So I'm not saying it's going to be an easy task, but I think we're very conscious of those issues, particularly the liabilities.