It’s possible that, as you read this, I.T. personnel at Bank of Shanghai are experimenting with trading and splitting tokenized coins with regulatory counterparts at the People’s Bank of China.
Coins that contain inherent identities and conditions.
Coins that could be strings of ones and zeros that define them as, say, comprised of 50% renminbi and 50% U.S. dollars, values that can then be divided and swapped solely, all with a single identifier tracking those movements.
Coins that could be exchanged peer-to-peer across mobile phones, with no need of an internet connection; or, if the telecom network fell, could be represented as printed-out QR codes that phones could read. And the values would be transacted immediately because the electronic message in those QR graphics is the equivalent of money itself.
Coins that could be used not just to hail a taxi, but to buy a car with your phone. Coins that don’t rely on a server or a cloud of servers to be exchanged, but on tiny amounts of power in a distributed world of mobile phones.
Coins whose identity is developed not by an algorithm but by “quantum randomness”, reflecting “pure” randomness that leaves no pattern, so that not even a quantum computer could ever use brute force to crack it – unlike crypto-currencies.
Coins that could be traded over a blockchain, if you wished, but are generated and authenticated by a central issuer, be it a bank, or a company, or a government.
Coins that could let China’s commercial banks compete today against Alibaba and Tencent, and global banks tomorrow.
Rethinking digital payments
Those are the possibilities that Bank of Shanghai is hoping to pioneer. It is in alpha test mode of a payments service it calls “pay like cash”, and which its foreign technology partner, Israel’s BitMint, calls Q-Pay, given its reliance on authentication that can resist the threat to encryption posed by quantum computers.
What makes Bank of Shanghai, a modestly sized commercial bank, think it can stop hemorrhaging customers to internet companies?
Amnon Samid, CEO of BitMint, can respond with a roster of product features, but these are ultimately underpinned by two guiding principles of the company’s. First, digital cash is about assigning identity, not just value. Secondly, it must be secure, which means there cannot be any pattern in how identities are assigned. (See here for our profile of BitMint from two years ago.)
Those principles have been applied to Q-Pay. Whereas internet competitors execute payments in the cloud, Bank of Shanghai customers can move money from their accounts to a mobile wallet, in which the tokens are represented digitally in much the same way that a serial number identifies a cash bank note. This is unlike most crypto-currencies, where the sequence of bits (ones and zeroes) only represents value, and the blockchain is required for authentication.
“BitMint payment applies to peer-to-peer, to business-to-business, and to government payment,” Samid said. “It’s a unified payment platform that applies equally to credit management and financial instruments of any kind.”
A different kind of security
Samid argues this makes it safer and easier to transact payments via mobile phones than, say, Bitcoin. And the ability to either split tokens or assign them conditions (similar to smart contracts) means Q-Pay is far more versatile than physical cash.
Moreover, these tokens are not generated on a blockchain. They need a central authority to mint them and assign IDs. This can still protect user identities in the way that WeChat users see one another’s chosen IDs without knowing their phone number or account name.
Of course, this is not the same as end-to-end encryption: the Chinese government can look at WeChat’s underlying customer data, while a Q-Pay system could also involve a central authority, depending on how it’s designed. But this also means that there’s no need for smart contracts relying on consensus; conditionality is embedded in the coin itself, so there are no issues around scale.
Samid argues, moreover, that Q-Pay is more secure than AliPay or WeChat Pay – or Bitcoin – because it is designed with “quantum randomness”. In these other systems, identities and passwords are generated by algorithms. In today’s world, these are secure, but passwords and private keys are cumbersome: they can get lost or hacked.
Q-Pay’s security is firstly embedded in the tokens themselves – there is no password or private key. Secondly, identities are derived through “pure” randomness that not even a quantum computer could hack.
“If you have pure randomness, not even the smartest computer can find something that doesn’t exist,” Samid said.
Generating a password that leaves zero pattern to find can only be done by tying it to physical phenomena that are beyond the ability of humans, or computers, to ever predict.
A physical solution to pure randomness relies on tiny, specialist nano-chips being designed to power the Internet of Things, which BitMint have configured for its own technology. Because the firm can’t embed chips in users’ smartphones, it has designed a software proxy that Samid says is almost just as impossible to crack.
This starting point allows BitMint to embed identities in the coins themselves, which means they can be traded among smartphones without ever traveling to a server.
For users in rural areas with spotty cellphone coverage, or in the event of a disaster like an earthquake that interrupts telecom networks, Q-Pay can still allow people to transact within a phone’s own signal range.
“The future is putting digital payments on the mobile itself, with quantum-grade security on top,” Samid said.
He says there will be purely commercial advantages to this approach that will become more apparent.
The future of “free” payments
Because Q-Pay transactions take place on a P2P basis (phone to phone), the energy consumption is distributed among users’ phones. That is a huge cost saving to the company running the network. Alibaba and Tencent have to finance servers and lots of functions to enable their payment systems, such as messages to confirm account balances and to settle.
Today, these companies have not charged users for payments, because they have used payments as gateways to other services. But they are no longer able to rely on spectacular growth to justify free payments: everyone in China uses them now. So unless they somehow find a way to grow overseas at a similar rate, Samid argues, they will start to charge users for payments, or they will see their profitability erode. But banks using Q-Pay will not face this problem. (See our story on what Ripple’s Brad Garlinghouse told DigFin about pricing payments.)
Samid makes a fascinating argument for BitMint’s technology and the direction of mobile payments, identity, and security. But will consumers actually use it? Bank of Shanghai, by itself, is too small to make such a change happen.
The question is whether the big-four state-owned lenders decide to adopt it, and then whether the PBoC – and the government – decides to use it to issue a digital renminbi.
These are both medium-term prospects. Bank of Shanghai is still in the alpha phase of testing it, although Samid says it is in talks with retailers and other companies about beginning beta tests this spring. The entire project could always be scuppered if the PBoC or the government gets cold feet.
But Samid is optimistic that the project is going to make its way into production. Bank of Shanghai has allowed the project to be publicly known, which suggests the PBoC is comfortable with it so far. (Bank of Shanghai executives declined to be interviewed.) And if it works, bigger banks will adopt “pay-like-cash” technology.
“Commercial banks urgently need to improve their offerings to customers,” Amnon said. He argues that the banker’s playbook, in China and around the world, has so far been to partner with third-party fintechs to attack niche products or issues around user interface. But he says this isn’t enough if banks want to compete against Alibaba and Tencent for cashless mobile payments.
Is digital money next?
Then there’s the question of whether the government will adopt his company’s technology to mint its own digital money (see our story suggesting they will wait).
He says BitMint has spent years discussing sovereign digital currency with many central banks, and the PBoC is the most advanced.
“They have the smartest, deepest understanding of the technical issues,” he said. Most other central banks view it in the context of cyber-security or monetary policy, but haven’t invested the time to learn the tech itself.
Besides: “The government is aware of what quantum can do, because they’re also developing those computers.”
Given its confidence in the project, BitMint is now boosting its commercial activities. It is setting up a China business. A Beijing investment firm, Joseph Investments, has taken an undisclosed minority stake in the onshore entity.
The firm’s portfolio companies include Taikang Life Insurance, Xiaomi Group, and names in other industries.
BitMint is also in talks with partners in Hong Kong about setting up an office there to take advantage of its new Faster Payments System, Samid said.
In 2004, he and his brother Gideon (the company’s CTO) set up the security foundation that today underpins Q-Pay. In 2008, they filed a patent for BitMint digital money, a few months before Satoshi Nakamoto published his groundbreaking white paper.
This month represents the 10thanniversary of the creation of Bitcoin’s genesis block. Could it also mark the beginning of the next big innovation in digital finance?
Busting six myths about China’s e-RMB (part 1)
There’s a lot we assume about the PBoC’s digital yuan – and we’re often wrong.
While politicians and central bankers in the U.S. and Europe wrangle over Facebook’s proposed Libra coin, one government is moving to seize the initiative: China.
The People’s Bank of China has been studying central bank digital currencies (CBDCs) for several years and probably has the greatest technical understanding of any public institution. Introduction of a digital yuan could come any day now.
There are a lot of unknowns and misconceptions about this, however. Here are the first three out of six myths about the digital yuan that tend to crop up in media, conferences (shout out to NexChange), and cocktail conversation (DigFin drinks at nerdy bars).
China will be the first to issue a central bank digital currency.
Nope. The first digital currency has already come and gone: for six months, from November 2017 to April 2018, the Central Bank of Uruguay deployed a live e-Peso, using mobile phones to enable payments and transfers. Hats off to Mario Bergara, the CBU’s governor, for making history.
The pilot program saw the CBU issue 20 million pesos’ worth of digital notes to 10,000 users of local telecoms operator Antel.
The central bank wanted to see whether digital money would be easier to trace for tax purposes, if it would encourage the unbanked to enter the formal financial system, if it would help CBU save money on minting banknotes, and prove safer to use.
The authorities also wanted to see if digital cash might compete against banks’ high-fee credit cards, with a view to nudging those rates down.
CBU also enabled, but didn’t activate, its e-peso to bear interest – something that physical cash can’t do. Enabling currency to charge interest is a way central banks can encourage its adoption; similarly, they could charge users to hold digital cash, if they wanted to take it out of circulation.
The experiment suggested digital cash works well among the already-banked and digitally connected. There was some evidence it began to seep its way into the more remote parts of the country. Uruguyans very quickly found ways to arbitrage transactions across platforms for the best deals.
The short period of circulation meant other questions were not answered, such as its impact on tax evasion or how people would respond to interest-bearing cash.
CBDCs are based on blockchain.
No! Libra is based on blockchain, and of course a central bank could use similar technology. But Uruguay didn’t use blockchain, and China won’t either.
The PBoC will mint these tokens and assign them an identity on its own servers. Conditions such as whether coins bear interest can be baked into the coins themselves, with no need for smart contracts.
It will disseminate these among select wholesale banks, but to the extent that banks pass these on to individuals or businesses, they can do so via banks’ phone apps (Uruguay issued e-pesos directly to Antel).
In fact, banks in China have developed the technology to allow people to exchange digital tokens using near-field communications tech – which is to say, phones in proximity can transfer money without even needing the mobile network to be operating.
There are scenarios, however, in which distributed-ledger technology could come into the picture, but centralized. In particular, the PBoC could opt to issue “synthetic CBDCs”…for that discussion, see Myth 5.
This is some seriously cool stuff that DigFin covered at the beginning of the year, which you can check out here.
China’s capital controls will make a digital yuan a domestic event.
Setting aside the exciting talk about using digital renminbi for payments in China’s Belt and Road Initiative, a digital yuan could have a big impact on monetary policy in countries with extensive ties to China.
Central banks the world over enjoy seigniorage when they print money – that’s like the fee they charge users for the privilege of accepting freshly minted cash. And when your citizens go abroad and spend, or foreign banks accumulate your currency, the issuer still keeps the benefits of that seigniorage. The Federal Reserve gets indirectly paid by all the non-Americans holding or spending greenbacks.
The renminbi does not do this today for China, because it’s not used for trade settlement. When Chinese tourists go abroad, they turn their renminbi into local currency, and (essentially) pay the local central bank for the pleasure.
A digital yuan could help internationalize the use of crossborder renminbi for payments, by allowing Chinese citizens to pay for local goods with Chinese money – assuming local merchants accept it (and that the local central bank allows them to).
Today, Chinese tourists may pay for things overseas with WeChat Pay or AliPay, but the final settlement is in the local currency. But the nature of CBDCs is that, if a Chinese tourist uses her Xiaomi phone to pay for dinner in Bangkok using digital RMB, the final settlement takes place in renminbi: the transaction ends up being more like if a Thai restaurant sold a dinner to someone in Shanghai.
For countries like Thailand that receive vast numbers of Chinese tourists, the prospect of tens of millions of people de-facto paying for everything in their own currency is a threat to the Thai monetary base: baht won’t circulate as much.
Moreover, customs will no longer be able to control the amounts of cash that enter the country. It’s risky and difficult for people to smuggle loads of cash through airports, but easy to move digital currency (as Bitcoiners know). Now consider the spending binges that Chinese visitors could go on, using their own cash, in Bangkok or Paris.
The French government might be prepared to ban digital renminbi from circulating in France. But would the Thai government be prepared to make the same call?
Just as Libra has emerging-market central banks running scared (because in a local financial crisis, their people would flee to Libra, potentially bankrupting the domestic monetary system), the idea of big economies – China, the European Union, India – issuing CBDCs and insisting these be allowed to circulate with their citizens and businesses means that smaller countries could see their monetary sovereignty at risk. This isn’t new: in Latin America it’s called dollarization.
We’ll be back later with three more myths!
Three questions for incoming virtual banks
CEOs from three licensed startups in Hong Kong highlight issues they are still working through.
Many Hongkongers are eager to sample services from among the eight virtual banks that have been licensed. That’s according to a survey by KPMG of over 2,000 residents, most of whom express readiness to give virtual banks a try, says the consultancy’s head of fintech, Avril Rae.
The promise is new banks that solve real pain points, not just serving up a snazzy mobile app: fast and easy account opening, services to help people organize their finances, and blending banking in with lifestyle activities, among other things. They are doing so by leveraging artificial intelligence, big data analytics, cloud computing, and open APIs, to ensure a widely accessible, 24/7 business.
But there remain plenty of questions as to how to actually implement a virtual bank – which is probably why several V.B.s have been reportedly warning their launches will be delayed well into 2020. The noise around this is acute enough to prompt a statement yesterday from Arthur Yuen, deputy CEO at Hong Kong Monetary Authority. He told the audience of the Hong Kong Institute of Bankers – gathered for HKIB’s annual conference – that there never was a launch period mandated by the regulator.
“Our objective is to ensure that virtual banks are prepared,” he said, adding that he expects a few will soft-launch basic services before the end of 2019.
Question 1: regulation
On paper, there should be no question marks about regulation. The law is clear: virtual banks have the same capital requirements and the same legal obligations as convention ones, with the single exception that they must be branchless.
The HKMA is keen to see these new players provide better tailored services to retail customers and small businesses, to better drive competition and keep Hong Kong’s banking industry relevant. Its supervisory stance is “risk based and technology neutral”, which sounds the same as how it treats conventional banks.
But it’s clear already that regulating V.B.s is not at all like regulating conventional banks. There is a greater focus on technology risk management and data privacy, as well as ensuring anti-money laundering and other compliance checks.
Customer protection is an even greater challenge for virtual banksArthur Yuen, HKMA
“Customer protection is an even greater challenge for virtual banks,” Yuen said, “as they use behavior data analytics as they design and market products and services. That raises very different protection challenges,” notably data privacy.
Yuen sited the government’s Privacy Commission as a font of ethics and best practices. Those are indeed fairly well developed. But they are also voluntary, and the Privacy Commission lacks enforcement powers.
Question 2: compliance
The flip side to HKMA’s concerns about supervising virtual banks is how they themselves approach issues around compliance.
Frederick Lau, CEO of Airstar Bank – owned 90% by Xiaomi and 10% by AMTD, where Lau also works – says meeting regulatory standards is not straightforward.
“Doing implementation with our vendors, we encounter a big number of [projects] that are not up to our [banking] standards or up to the regulator’s standards,” he told the HKIB forum. “We have to go back and forth to keep improving the final products.”
He says this is not unique to Airstar. Miscommunication stems from differing expectations. Virtual banks are new, for the industry and for the HKMA, which hasn’t issued a big banking license for decades. These may be “virtual” banks but they still must submit small mountains worth of paper documentation.
Moreover, with eight V.B.s on the drawing board, there is fierce competition for hiring in I.T., risk management, and compliance. Hiring bottlenecks impact the pace of other aspects of building the bank.
Running a technology company is different from running a bankFrederick Lau, Airstar Bank
But the biggest challenge, at least internally, is that most of the leading shareholders of V.B.s are not banks. Of the eight, only two have major bank owners (Bank of China and Standard Chartered), while local fintech WeLab has been operating electronic marketplaces for several years.
“Running a technology company is different from running a bank,” Lau said. “When Apple launches a new version of the iPhone, it’s not perfect. There may be bugs. But they want to launch their product fast and grab market-share. In banking we cannot do that. We have to do everything 100 percent perfectly, to reach our standard and the HKMA’s standard.”
Which is a way of saying the tech shareholders in V.B.s still need time to better understand what is expected of a bank in Hong Kong – in a way that doesn’t compromise the innovation that’s at the heart of these new businesses.
Question 3: metrics
Tat Lee, alternate CEO at WeLab, says the newness of virtual banks means equipping the bank’s teams, including its bankers, with a tech mindset.
“When we build a virtual bank, we want to change the traditional way to build a bank,” he said. “It’s not a business-driven bank. Business is important, but technology is a key success factor. Everyone needs that mindset.”
Internally that means moving away from traditional decision-making processes (such as waterfalls, that is, sequential and hierarchical decisions) and more inclusive formats that encourage innovation.
“Compliance and risk-management people need to be trained, to combine their traditional wisdom with the technology,” he said.
We want to change the traditional way to build a bankTat Lee, WeLab
But where does the business side – revenues – come in? And if it’s not the main driver (at least not for the next few years), how do banks intend to benchmark their progress?
Deniz Güven, CEO of Standard Chartered’s virtual bank, says traditional metrics won’t work. Everyone gives lip service to the “customer-first” proposition but he doubts that’s how banks actually operate. But customers will really be the first priority among virtual banks (aside from necessities such as security).
“I tell the board and our shareholders, our first KPI is heartshare, not marketshare.”
Which makes for a great soundbite, but what does it mean? When Anthony Thompson launched Metrobank in the U.K., he too had a single KPI for all of his staff, which was customer satisfaction, as measured by net promoter scores. If Güven is implementing metrics for happiness, he isn’t sharing what those are.
“Of course we can talk profits and customer numbers,” Güven said, but then declined to do so.
To be fair to Güven, the other V.B.s aren’t talking such numbers either – and it may be a while before this becomes relevant. All the newcomers share the goal of making their customers happy and winning their trust, and that is going to take a few years.
But that doesn’t mean metrics go out the window. There will still need to be business models against which these banks are judged – and it’s not clear what any of those will be.
APIs are about to get real in Hong Kong
October marks a key deadline for open banking, and the issues are mounting.
Open banking, which regulators around the world are pushing, is about sharing customer and product data among banks, fintechs and merchants.
It’s a move that banks have resisted, but those in Hong Kong are meant to meet an escalating schedule of openness as laid out by the Hong Kong Monetary Authority, which wants data shared via API (application programming interfaces – software that connects other software).
October is something of a “crossing the Rubicon” moment for the industry. Instead of simply listing bank-product information, banks must now have to actually begin to share sensitive data.
“Open banking is revolutionary,” said Bi Mingqiang, president and CEO at China CITIC Bank International, speaking at the annual conference of the Hong Kong Institute of Bankers.
Sharing code will make banks transparent – which means at some point they may be hard to distinguish among a variety of intermediaries and vendors, with customers free to cherry pick products and services.
“We need to further segment the market and customize our services,” Bi said. “In the future we may not keep strong relationships with our clients. Our only strength with be offering the best products…open API is a game-changer to the banking society.”
What’s the hurry?
In theory. The HKMA’s “Phase 1” implementation, which seems simple enough, is a listing of bank product information for the public to see. Although a handful of banks such as Citi have been proactive, many banks are simply uploading links to their corporate websites. This is legal, as the HKMA simply urges banks to make a “best effort”.
Hardly any banks are likely to meet the October deadline for Phase 2, to let fintechs onboard customers using their data that exists on bank records (meant to be mandatory upon customer request).
Fintechs are predictably annoyed. But the HKMA has been clear from the outset that it is not going to follow the U.K. and European examples of mandating open APIs.
Instead the authorities believe it is up to the industry to come up with the use cases, set standards, and drive this. The HKMA sees its role as spurring competition, but not dictating how everything should work.
In July it said it would set up a technical working group to hash out such matters, including representatives from the banking, fintech and merchant worlds.
Could be messy
This is crucial for the simple reason that right now there are no standards for APIs, which means a customer of Bank A asking for her data to be released to a third party might have to go through the same rigmarole if she also asks Bank B for the same service.
Worse, Hong Kong has 154 licensed banks, plus another eight virtual banks coming online. If APIs aren’t standardized, fintechs would go insane trying to connect to them all.
“We need to create a common base line of what to communicate,” said Mary Huen, Hong Kong CEO at Standard Chartered Bank, speaking at HKIB.
There are some market-based solutions to this. Jetco, an ATM consortium of banks (basically everyone ex-HSBC), has launched its APIX (API Exchange), with a number of smaller banks participating. It is a “many-to-many” network, so banks, fintechs and merchants uploading data can connect easily with multiple players. But so long as banks can drag their feet – or the extent to which third-party service providers don’t see the benefit of such integration – then this will remain an incomplete solution.
And there is even less clarity about the HKMA’s phases 3 and 4, which should jump from sharing information to enabling transactions via API.
SWIFT is one player hoping to leverage this uncertainty to its advantage.
SWIFT handles messaging for crossborder payments among correspondent banks. It manages the identity and security around those messages, which are formatted according to ISO 20022 rules (ISO, International Standards Organization, is a global organization that designs such things for many industries).
“Open banking needs a stable baseline for development, and innovation can come on top of that,” said Lisa O’Conner, SWIFT’s head of capital markets and standards for Asia Pacific. SWIFT has applied its functionality to an API gateway to enable exchange of data (instead of payments information) across its network.
“It’s like a global version of Jetco,” she said when asked to compare the two platforms.
Some banks might want to share data in one locale, others might want a systematic way to do so worldwide, but she says the goal is interoperability, so that an API exchange here can be replicated seamlessly there.
As open banking gets more complex and burrows more deeply to banks’ core I.T. systems, such alignment will be important to avoid huge costs and fix-its – as is happening in Europe today.
(She also says that regulators and banks looking for models for open API shouldn’t look to Europe: it’s India that has had the best rollout, where banks have long since been trained to focus on end-user experience, and where the government’s API Stack clearly defines APIs.)
More uses cases
Angus Choi, CEO at Jetco, is optimistic more third-party service providers like merchants and fintechs will use Jetco to connect with member banks, and with each other. “APIX will become a venue for more use cases,” he said.
For example, local insurtech CoverGo has recently joined the platform, hoping to market itself to anyone in the market for using its tech to digitalize their services.
Today, Choi says banks don’t see connecting to third parties as core to their business. But digitalization is changing this. “What other industries can they reach, what new customers can they find, what channels can they use to promote their products?” Choi said. “My priority is more use cases.”
That cuts to the heart of open banking: what’s in it for banks? If the HKMA isn’t going to crack the whip to enforce adherence to its four-step outline, then the industry needs to come up with incentives.
The first obvious argument is that it will open new sales channels. But for many banks, that’s not a happy tradeoff if they have to open up information about customer account balances to fintechs or merchants (which is phase 3).
Another challenge is around standards for data – sharing it, embedding instructions around its use, ultimately letting customers transact in third-party environments with their bank data.
That also implies common legal agreements so consumers have recourse if something goes wrong. Banks are almost surely going to own responsibility, just as they do in the case of credit-card fraud. This is another reason why they’re reluctant to embrace open APIs.
A third challenge is getting the balance right between opening up data, and abusing it. Aside from the obvious cyber threats, will protocols be set up so that customers have a clear idea of what data they are sharing? How to prevent banks, fintechs or merchants from collecting more data than they need? Should that data come with expiration dates? What’s the procedure should a customer wish to limit data sharing?
A final challenge is how banks and others deal with the unknowns. StanChart’s Huen said, “With new things there are always new risks you can’t anticipate. We need the ability to detect abnormal trends or identify what’s gone wrong.” Just as banks have “fire drills” for conventional breaches and crises, they need to develop playbooks to react to issues arising from open APIs, Huen says.
Ultimately in Hong Kong’s case, this is an experiment in allowing commercial forces to determine the outcomes to these questions. India’s experience involved a much stronger government hand in setting the ground rules, and a culture in which banks were mentally prepared for the change. Europe has been very government-driven, with banks mostly reluctant compliers, but with many unsettled arguments.
Hong Kong is taking an even more free-market approach, and no doubt when October has come and gone, there will be little sign of customer onboarding made easy via APIs. But banks can’t ignore this, either. If there’s no progress, the HKMA could ask the government to legislate stricter rules – an outcome banks would surely regret.
On the other hand, fintechs and merchants should not assume the onus is on the banks. When it comes to inventing use cases, it’s in their interest to invent ideas that will make money for the banks. Data exchange will fail if it’s a blind ally. Better to make it a three-way street.