The topic of digital transformation is important to me because I am confronted with it frequently and in many areas as part of my work at the Bundesbank. Not least in banking supervision, for which I have been responsible since 2018. Here it is important to understand what digitalization means for banks and what effects it can have on the entire financial system. Like every other institution, we are required to perform our tasks as efficiently and with high quality as possible. We should therefore use digitization ourselves to perform our tasks even better.
1 Chances of digitization for the financial sector
Dear Sirs and Madames,
As you can see, I do not consider digitization to be a distant vision, but rather I believe that we are in the middle of the development towards a digital financial sector.
The digital transformation of the financial sector is already having an impact on our everyday lives. Tourists from the USA and China can already pay conveniently with their domestic mobile payment methods in Europe without a comparable European offer. Digitization is changing the markets and, above all, countries like the USA and China are playing a key role in shaping this development. We in Europe are asked what role we want to play in this.
There are still critical voices who question the economic benefits of digitization, for example because this is not clearly shown in productivity statistics. From my point of view, however, we see the opportunities for the economy and society very clearly in the financial sector.
The efficiency in the markets can increase further because information can be exchanged faster and faster. Think, for example, of the overseas cable that was laid between New York and London. This sends data back and forth in 60 milliseconds. Just for comparison: it takes around 100 milliseconds to turn an eyelash. But for high-frequency trading on the stock exchange, 100 milliseconds are an eternity and the investment in the overseas cable seems to be paying off for those involved.
Markets can also become more international as a result of digitization: Thanks to transnational regulations, Europe in particular is an excellent example of how different markets are growing together. Today it makes no difference whether you transfer a sum of money to your neighbor or to a friend in Portugal. Securities can now also be transferred quickly and flexibly between all countries in the euro area. The Eurosystem’s financial market infrastructures such as Target2 and Target2 Securities also make an important contribution to this integration.
Competition on the financial markets is also increasing as a result of digitization. Many new players are entering the market with innovative ideas and services. For the end customer, i.e. for consumers and companies, higher quality at lower prices is promised.
The opportunities of digitization are not only evident in the markets, but also in individual decisions. With the help of algorithms, sources of error in decision-making processes can be better controlled. For example, banks then have to rely less on the subjective assessment of an individual bank employee when deciding whether to grant a customer a loan. You can incorporate more information into the decision and evaluate it more objectively. The same goes for investment decisions: people, no matter how well trained, are subject to systematic psychological biases. Well-programmed algorithms can solve this problem and help
2 risks of digitization
But I’m not telling you anything new when I say that the risks associated with digitization have increased significantly in recent years.
Errors in the software are in themselves serious risks, but employees can also cause errors. People always have an influence on IT systems and they therefore only work as reliably as the people who operate them. Internal control systems should help to rule out human errors as far as possible.
The risks of digitization will remain a challenge in 2019 and beyond. As long as digital offers, hardware and software are constantly developing and the complexity of processes and software increases, there will be people who exploit these weak points and technology that is prone to failure. IT risks will therefore remain an ongoing issue.
In recent years, the supervisory authority has reacted to the increased importance of IT-related risks and further specified its IT security requirements. However, every specification has its limits. Ultimately, the requirements must be applicable to all supervised institutions with their very different IT landscapes and should not stand in the way of further developments, for example by setting too specific requirements. In the future, too, there will be no simple regulations, but rather principle-oriented requirements that can be applied to different technologies and IT landscapes.
In addition, the fundamental question arises: Is the regulation overall still adequate for the digital age?
As desirable as innovations are, they can also be accompanied by new risks or changes in the entire risk landscape. We are already observing changes in the market today.
New companies have entered the market – we’re mostly talking about fintechs and big-techs – that often offer individual process steps in a banking service or technical support in cooperation with banks. In addition, innovative technologies are changing the way banking is done.
Banking transactions are becoming more mobile, convenient, and faster. Is the legal framework still appropriate in the future in view of these changes? Ultimately, the risks to the financial system could change and shift as well.
The historical experience of banking regulation should at least make us sit up and take notice. After all, innovations in the history of the financial system have repeatedly led to upheavals and financial crises. And it has been shown that the regulation only reacted to the new problem areas after a crisis and was adapted and tightened accordingly. So regulation tends to lag behind the actual risk shifts.
Fortunately, in view of the digital dynamics, the regulatory framework has proven to be very robust so far. This is due in large part to the regulatory approach that applies in Germany and also in Europe: Certain types of financial services are regulated, regardless of which company they are offered by. Because the specific financial transactions contain the risks that the financial supervisory authority is concerned with. It is therefore rightly irrelevant whether a company bears the label “Fintech”, “Bigtech” or “Classic Bank” – and which technologies it uses. The specific business model and the associated risks for the financial system are decisive. With this approach, we have created a clear and proven framework.
And with the increased cooperation between banks and external providers, we have had just as good experience with the regulatory approach, because it clearly regulates the responsibility for risks.
However, there are still unanswered questions about the appropriate regulatory framework for innovations in the financial sector. For example what knowledge about the new technologies and external cooperation partners supervisors will need in the future or how a sufficient overview of the new IT risks can be guaranteed. I currently see little reason to sit back and relax with these questions.
3 European perspective
The challenge is to find a good balance between the opportunities and risks of digitization. It is clear to me that digitization is an opportunity for Europe, so we should also think European when it comes to risks.
In Europe there are already regulatory innovations that are blurring the boundaries between banks and new providers such as fintechs and big tech. PSD2, the amendment to the Payment Services Directive, obliges banks to open an interface for third-party providers of financial services. For example, fintechs with innovative payment methods have the opportunity to put their business idea between the customer and the bank.
For customers, that means more competition. From the point of view of the banks, there is a certain amount of frustration in the face of these developments; after all, as lavishly regulated companies, they are now competing with companies that seem to play by completely different rules of the game.
As a bank supervisor, I have to correct this a little: As I just mentioned, the supervisory rules treat every company equally. So one cannot speak of a regulatory advantage for certain companies. Seen in this way, this also applies to PSD2: Banks, like the new third-party providers, can make use of the interfaces and develop corresponding services.
Another topic that concerns us in addition to the banking supervisory rules is data protection. Bank and payment data is very sensitive information that is particularly worth protecting.
From the banks’ point of view, competition with new providers is no longer just about banking supervisory regulations, but also about other framework conditions that have become part of the competition. If we impose requirements on European banks on how they should handle this data, we must also ensure that other companies are just as responsible when handling this data.
In the next few years we will probably have to deal more and more with competition issues that affect the interfaces between different sectors. However, it should be clear to us what the goal of the individual regulatory areas is and which interests are worth protecting.