How to balance the benefits and risks of having big tech in the financial domain: RBI 

“Bigtechs are foraying into the financial domain bringing with them benefits of greater financial inclusion, more efficient operations and lower transaction costs. However, they also pose the risk of stifling competition, endangering data privacy issues, and constraining operational resilience for regulated entities, with ramifications for financial stability,” an article co-authored by members of the Department of Supervision of the Reserve Bank of India (RBI) states while recommending regulatory approaches that the government can take to a balance the benefits and costs of having big tech in the financial domain.

Why does this matter: RBI has time and again cautioned that big tech can affect competition and stability in the financial domain. This latest article sheds more light on why the central bank holds this view and the regulatory changes we can expect from the RBI to address the various concerns. 

FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.

What are the major risks and concerns?

The article lists the following risks and concerns that arise from having big tech in the financial domain: 

1. The limited scope of oversight: The article points out that big techs often have complex governance structures, which limits the scope for effective oversight. “Often, they provide financial services through their subsidiaries operating under different licenses for different services, such as payments, consumer loans, wealth management and insurance. They have an integrated business model with a holding company or parent company (group) at the top and other verticals offering a wide range of services. Also, these big techs offer services across jurisdictions, at times depending on the trade agreements/ host country regulations. The parent or holding company could be outside the regulatory/ supervisory perimeter and could be far removed from the financial-service activities of the subsidiaries,” the article elaborates.
2. Competition concerns: “The pervasiveness of big techs provides them with a large client base who are entrenched in using their platforms/ products with access to multiple facets of customers’ data, generating strong networks effects. The entry of big techs into finance also reflects strong complementarities between financial services and their core non-financial services. Given their entrenched clientele base using their non-financial services like search engine, e-commerce platforms, it is possible for big techs to create products and establish their footprint in the financial domain with greater ease vis-à-vis the nascent fintechs. This poses a serious barrier in terms of creating a level playing field to promote innovation in the fintech space. Besides the technological advantages, the big techs typically also have the financial muscle to withstand the competitive pressures,” the article explains. 
3. Operational risks: The collaboration between big tech and financial institutions are building new connections and dependencies in the financial eco-system that can expose the eco-system to new operational risk challenges, the article states. For example: 
   • As financial service providers, “big tech firms provide payment services to their customers and any service outage may result in disruption of financing activity.”
   • As Non-financial service providers, “big tech firms yield a greater threat to financial stability due to operational risk emanating from their non-financing services. Only a few big tech firms provide technology services and infrastructure (e.g., cloud computing and data analytics) to the global financial system. The failure of even one of these firms, or failure of a service offered by any big tech firm could create a significant event in financial services, with a negative impact on markets, consumers, and financial stability.”
4. Impact on financial stability: “Bigtechs can impact the risk and maturity transformation functions through their direct exposure to provision of financial services. At times this may also translate or lead to shadow banking activities, undermining financial stability,” the article states. To illustrate this concern, the article gives the example of China, where risk transformation across financial subsidiaries of a big tech group happened:
   • “An e-wallet provider subsidiary of the big tech group allowed its customers to automatically sweep the ‘leftover balances’ in their e-wallet to an MMF which was managed by another wealth management subsidiary of the big tech. These MMFs in turn invested in interbank CDs, commercial paper, repurchase agreements, etc. and hence, establishing linkages with the financial system. The ability of e-wallet customers to have the money in their e-wallet accounts invested into the money market fund, and seamlessly redeem the money from the money market fund through their e-wallet apps constituted a risk transformation of funds with the potential to threaten financial stability.”

What regulatory framework can be used to address risks from big tech?

Based on policy frameworks adopted in other countries, the article lays out the following approaches that can be taken to address the risks presented by big techs:

1. Regulations to ensure competition by limiting dominance: “The competition authorities are realizing that the traditional ex-post approach may prove ineffective in the case of big techs and are focusing on ex-ante entity-based rules, and thus, requiring the big techs to re-align their business models. Given the possible systemic risks that dominant big techs can pose, the focus has shifted to initiating proactive action to limit anti-competitive practices,” the article states.

“In key jurisdictions like the US, EU and China, the burden of proof that mergers would not create a dominant market position for the firm or result in loss of consumer welfare has shifted from the regulator to the firms. Further, the proposed regulations require interoperability between big techs and third parties, ensuring equal treatment of own and third-party apps, etc. Besides, most jurisdictions have intensified ex-post supervisory actions on big techs to closely monitor their market dominance,” the article adds.

2. Regulations to protect customer data 

The article points towards the EU’s General Data Protection Regulation (GDPR) as “a comprehensive regulatory framework, which addresses the data protection and data sharing aspects in general.”

Specific provisions of the GDPR that are relevant to the concerns laid out above include purpose specificity, data portability, and security requirements. “The purpose specificity requires the user’s data to be collected and utilized for the purpose consented by the respective user. This limits the big techs’ ability to use network effects to analyse customer data collected from other platforms. Further, the security requirement specifies that the big techs should put in place adequate organizational measures to protect the integrity, confidentiality, and availability of users’ data,” the article elaborates. Similarly, the data portability provision enables users “to choose their preferred service provider without loss of historical/ personal data and therefore, limiting the dominance of big techs.”

3. Regulations to ensure effective oversight

Across jurisdictions, “the regulatory response has been to create guidelines which are generic that have a broader applicability,” the article states, providing examples of EU’s Payment services (PSD-2) – Directive, which are the guidelines for authorization of payment, and e-money institutions. “These guidelines adopt a proportional approach based on the activity undertaken by the applicants in seeking information and specifying compliance,” the article adds.

In the UK, the Financial Conduct Authority (FCA)’s approach “clearly specifies the requirement to have unhindered supervisory outreach on the company (seeking license/ authorization) and requires a clear detailing on the corporate structure of the parent and subsidiary (if the company is part of conglomerate/ holding structure),” the article points out.

4. Regulations to ensure operational resilience 

“The criticality of these services means that big techs may be already ‘too-critical-to-fail’. Reckoning the same, the Central banks and regulatory agencies across jurisdictions are discussing regulations to address the operational risks and challenges emanating from the services provided by big tech firms,” the article states while giving the following examples:  

• European Union (EU): “The proposed Digital Operational Resilience Act (DORA) by EU is a comprehensive framework on digital operational resilience in the financial sector. By specifying the security requirements to be adhered, the DORA brings ‘critical ICT third party providers’ (CTPPs), including cloud service providers (CSPs), within the regulatory perimeter.”
• China: “In China, Financial Holding Companies (FHC) framework strengthens operational resilience by requiring all FHCs to establish a comprehensive risk management system based on both qualitative and quantitative methods that will monitor various risks, including operational, and IT risks.”
• United States: “In the United States, federal banking agencies have oversight powers to monitor bigtechs as significant third-party service providers to banks. The Significant Service Provider Program established under the Bank Services Company Act, oversees the operational resilience of bigtech companies as service providers to banks.”
• United Kingdom: “Bank of England in its Financial Stability Report (July 2021) called for additional regulatory measures to tackle the risks emanating from the increasing reliance of financial institutions on a small number of Cloud Service Providers (CSPs) and other critical third parties.”

5. Regulations to reinforce financial stability 

Central banks and policymakers across jurisdictions are “discussing the potential systemic implications of big tech financial activities and introducing regulations to maintain financial stability,” the article states, presenting the following two regulatory approaches that are  emerging to address the financial stability risks from the big tech companies:

• “Issue a digital-banking license to a big tech firm, where the holding company of the big tech is outside the purview of the financial regulator. This would consolidate legally separated subsidiaries of big tech offering different financial services.” 
• “Impose a holding company structure on financial-service subsidiaries of the big tech and subject that holding company to financial regulations. By structuring the subsidiaries into a holding company structure, the governance structure could be simplified, and financial regulators could assess risk and address various concerns holistically.”

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read

• RBI Governor Shaktikanta Das Flags Concentration Risk From Big Tech Among Major Concerns
• Wary Of Big Tech, RBI Pushes For Regulations That Are Focused On Fintech Entities
• RBI Concerned With Big Tech’s Involvement In Financial Services
• Summary: What Are RBI’s New Rules For Digital Lending Apps And Service Providers?