Financial regulators are relying on education and financial literacy to try to save consumers from the growing risks related to digital finance.
They are resorting to tried, true, and all too tested methods. Tried time and again, with the same results.
This is not to say that educating consumers about risks is counterproductive. It is very necessary. But it clearly isn’t enough. And risks are growing as more financial activities move to mobile.
A better way to combat cybersecurity threats, scams, and hacks, is to fight fire with fire: that is, with automated, data-fueled systems that can surveille markets and transactions, spot unusual patterns, and hoist red flags. Using the same kind of stuff that fintechs rely on, such as artificial intelligence, behavior-generated data, and big-data analytics.
The World Bank, in a newly published survey of global financial regulators, that they are starting to adopt “suptech” (the application of technology and data-analysis solutions to enhance a financial authority’s financial market oversight capabilities). But they have a long way to go.
The journey began with the COVID-19 pandemic in 2020, which catalyzed regulators in emerging markets to prioritize fintech-related work to promote financial inclusion and remote access. But as they supported digitalization, they also grew alarmed at the risks to consumers, particularly with regard to crypto, but also to embedded banking and other models where sensitive data is shared.
According to the World Bank’s Third Global Fintech Regulator Survey, 78 percent of authorities consider cybersecurity the top risk in fintech, followed by frauds and scams.
- Read more:
- Authorities pushing banks to adopt regtech solutions
- The BIS agenda: Asia CBDCs and tokenization
- What is the India Stack? Nandan Nilekani explains
Yet there is a disconnect between what authorities cite as threats, and how they are actually deploying regtech solutions. The World Bank finds their preferred use is for monitoring competition practices, policymaking, and coordinating with other regulators.
They are also interested in tech solutions to monitor open banking, digital identity/KYC checks, and digital asset supervision.
Only 18 percent of authorities surveyed say they have suptech applications in place for consumer protection. That is low, but it is especially low considering 40 percent of regulators already have one or more suptech applications in operation. They’re just not using them to protect consumers, except in the area of payments, where suptech is most advanced.
Roadblocks to adoption
There are various reasons for this sluggishness. Authorities lack the skills or the budget. They run on legacy IT systems that make it difficult to integrate newer technologies. They may lack a protocol for sharing data with the private sector or with other regulators.
Broadly speaking, suptech solutions do not exist in a vacuum. They require a broader digital infrastructure to be effective. The World Bank cited India as the standout leader: its “India Stack” including Aadhaar for digital identity, UPI for digital payments, and its account aggregator function to share data has allowed its regulators to deploy suptech more effectively.
The study also highlighted the Philippines for introducing legal frameworks for digital assets, bringing much-needed clarity so that regulators can do their job.
Among regions, the most advanced emerging markets are those in Eastern Europe, perhaps thanks to their membership in the European Union: about 40 percent of those authorities say they have begun to deploy suptech. South Asia is in second, at 20 percent, buoyed by the India Stack.
East Asia is a laggard, with only 5 percent of regulators in emerging markets having deployed a suptech solution. That’s below the 7 percent reported in Africa.
Worldwide, most regulators are using suptech to improve risk-based supervision. Their priority is prudential supervision at the macro level and market conduct.
Although they are not using these tools for purposes of consumer protection, the World Bank noted that once authorities get started, they find it easier to integrate suptech solutions. They gain access to granular and timely data, and learn how to use it.
To the extent that suptech has been adopted for consumer protection, it was done in the frenzy of dealing with the Covid crisis. The World Bank encouraged regulators to now take a more strategic look at what these technologies can offer.
Indeed, one reason for poor consumer protection and the spread of scams and hacks is that, until recently, authorities in emerging markets lacked data. That is quickly changing.