 So, we're going to start our next panel and our next moderator is one of Mittler's very own. He is currently an assistant clinical professor of law at Vanderbilt University, my alma mater. Prior to that, he was a clinical fellow right here at the University of Michigan Law School where he ran the school's entrepreneurship clinic and focused on intellectual property. Professor Hans joined the Vanderbilt University faculty in the summer of 2018 helping to launch a First Amendment Clinic. His work focuses more broadly on the intersection of technology and civil liberties issues. Professor Hans has played an instrumental role in Mittler's history. He was editor-in-chief of volume 17 of Mittler. And when Sophie and I took a hold of the wheel in 2018, we were very sad to see him go. We are thrilled to have him back and I'll let him take it from here. Great. Thank you so much, Andre. I'm really pleased to be moderating this panel of experts who will be briefly presenting some slides and talking about their particular areas of interest. Having reviewed the slides, I am really just blown away by the level of expertise we have on this panel, which you can read in the program. So, I won't go into detailed bios, but I will introduce from the far left. Let me see if we can get more names, right? Richard Burner from NYU, then we have Marvin and Maury, then Sharon O'Halloran, and Wasakwati. So, I think, well, as I mentioned, do brief discussions of slides, all sort of moderate a conversation amongst the panelists, and then turn it over to questions. And we will, as a former editor-in-chief of MTLR and having done our symposium, we will finish this panel at 2.45 and be on time. But I will make sure that we have plenty of time for questions as well. Great. So, I think we'll begin. Thank you. So, I have more slides that I can get through today, but I will try to frame some of the issues that I think are important for this topic, which is designing responsible FinTech data practices and regulations. That's actually two topics co-joined, but certainly related to one another. And I'm going to argue, and maybe somewhat controversially, that FinTech isn't so special. It obviously has special characteristics, but we need to pay attention to sort of back-to-basic principles when we think about regulation and we think about data practices because they apply across the board. Question is, what are the best practices for data management? I think Christie's talk was a great setup for that and talking about data hygiene. We're going to talk a little bit about that. We're going to talk about why financial regulation. Maybe that's obvious to everybody here, so I can skip through it pretty quickly. Challenges for regulating FinTech. Again, I can't get to all of those, but I'll hit some of the highlights. And last but not least, I'll give you a list of hot topics, and if you want more, come see me. Obviously, the promise of big data as Christie's talk amply illustrated and combined with new technology is huge. The question is, will that promise be kept? And so one of my favorite papers in this regard is Andy Hall-Dames. Here's a quote from Andy. Data, as everybody knows, has become the new oil. Data companies have become the new oil giants, but two big caveats. One from the chair of the CFTC, the Commodity Futures Trading Commission. Big data, however, is of little use to anybody unless it can be cleaned, organized, standardized, and made sense of. In other words, if you don't have hygiene across the board, you have nothing basically. And another from my former colleague at the Treasury, Mya Scarity, who is now in fintech startup land, which is that, you know, we tend to focus in fintech a lot on shiny objects. Instead, we ought to solve, we ought to think about what problems are we trying to solve and not just apply innovative technology. So the questions come first. The technology and picking the right tool for the job is obviously important. It's very important, I think implicit in what Christie said, to think about data as an asset. And what do we mean by that? Well, data are foundational assets for all, not just for the consumer, not just for the business, but also for society and for the people who regulate and set standards for us in society. Therefore, data standards, management, and governance are essential. And I think Sharon's question is really critical in that regard, and I'll get to that in a bit. Three aspects of this, I think, matter. The first is quality. We implicitly have been talking about that. I think there's a narrative in the big tech community that we don't really need standards, because after all, these wonderful tools can just go in and parse through the data and find all the things that we need. I think nothing that the opposite is actually true. The use of technology and big data actually require more standardization, more governance, and more structure. That's not to say we can't observe patterns from unstructured data. We can. But ultimately, when we're trying to be accountable and transparent, we're going to need standards to do that. We need to decide what data we need in order to answer the questions, the business problems, the consumer problems that are out there, and make sure that the data that we have are fit for purpose. And by the way, that also means that we shouldn't be collecting or using data that we don't actually need. And we need to figure out, and we've been talking about this, how to make data more accessible, how to do it securely, how to do it with privacy. There are financial data exchange standards that are being set up. These all sound good, and I think some of them are very good. But that accessibility problem is a huge problem. You might be surprised to learn that it's a huge problem within government. Government agencies do not share data among themselves. And that's partly because they don't know how to do it securely. But we're trying to figure that out and trying to do it so that we reduce duplication and collecting data that aren't needed. And that brings me to the last point, which is we need to streamline and standardize regulatory reporting and to stop unneeded collection. That's going to be a win-win for the regulators and for business. And if we focus on the things that we really need, we're going to have a better regulatory and supervisory process. Business models will be more efficient. And all those compliance burdens that are mounting on companies like Christie's and others in this room, I think will be reduced. So I'll quickly run through some of the ideas behind data management and governance, which I think are critical for any enterprise. You have to have a data management strategy. You have to have a data governance program. I can talk about what the details of that look like. You have to have clear boundaries of roles, but strong collaboration and communication channels. In other words, you have to weave data hygiene across the enterprise. You have to have an end-to-end process for establishing data lineage. Where did the data come from? What are they going to be used for? Where do they go? Do we actually get rid of the data? When a consumer says, I want to opt out, I want to have the right to be forgotten, what does that mean? Do you keep the data? Do you actually forget them? How does that work? We need to develop maintenance of drill down data catalogs. Metadata, that's a jargon word for data about data, are essential in thinking about data management. You need to have the characteristics of the data. You need to understand where they are, they need to be made accessible, and they need to relate to one another. That's the purpose of metadata. You need to have ease of accessibility and search in those metadata and detail data element dictionaries for data and users. Data have no use if I can't find them, if I don't know what they stand for, they don't know what they describe. So that's important. And then last, in an enterprise, you need to have a culture of a need to share data. There are some principles, we can talk more about that. But that's really it in a nutshell. Now Sharon raised the question of standardization. And I spent seven years working on this or more. One kind of standardization relates to identification of entities. In other words, how do you identify a business? Is it JPMorgan and company? Is it JPMorgan Inc? Is it something else? Is it Morgan Garry Trust Company of New York, which I used to work for, the old identifier for that entity? Is it one of the 3200 legal entities that exist within JPMorgan? The answer is all of the above. And so having an entity identification system is pretty important. The legal entity is a good place to start, and the LEI, or legal entity identifier, is a data standards building block, which is important. Remember when Lehman failed? People didn't know they're exposed to Lehman Brothers because they didn't know how to identify the subs as being affiliated with Lehman. The LEI is a unique ID, we think of it like a barcode, to precisely identify parties to a financial transaction. It's now in use. We started it. Now there are more than a million and a half of them. We probably need 3 million or more of them around the world. And that's just really scratching the surface. But this is a good start to be able to precisely identify people. And they need to be maintained. The good thing about the LEI is when two companies merge with each other, the LEI doesn't die, but characteristics associated with it get added on to the LEI so you can figure out, okay, this is now a part of a different company because it got merged. It helps financial regulators and it helps firms really understand what the exposures are from firm to firm and the risk transmission across the financial system. And very importantly, industry has long maintained and believed that use of these identifiers will reduce their costs, both for reporting, for risk management, for compliance, collecting, cleaning, aggregating and reporting data. This sounds like a win-win, right? Everybody should want one, or more than one. In fact, we have to cajole people. We have to remind people. We have to persuade them. ISDO, which governs derivatives regulation, immediate attention. It's time to obtain a legal entity identifier. This thing's been around for almost 10 years. Well, why hasn't it happened? It's because people want to do things in the way that they have done it. It sounds like a no-brainer to do this, but solving this collective action problem is really hard because it means retooling your systems. It means really redoing what you have. The good news is you can map these things one into the other. You don't need to replace them. If you want to read more about this, Kate Judge at Columbia and I have written a paper called the Data Standardization Challenge. It's an SSRN paper out there. Take a look. Happy to answer questions about that. All right, switching gears. What about financial regulation? There are a bunch of lawyers in the room. It may seem obvious why we need financial regulation, but let's start with the basics. We have market failure. We get a divergence between private and social costs and benefits. We need to protect some people. We need to protect consumers. We need to protect investors. We need to assure that markets are fair and effective where trust can be built and acted upon, and we need to safeguard financial stability. So those are all important things. Now, there are many types of financial regulation. The first bucket protects or attends to markets, investors and consumers. Well functioning efficient markets, integrity, transparency, competitiveness, resilience, all those things we've heard about a little bit in this session. And we need to protect investors, including how things are represented to them and what the security of their information is and their privacy. But there's also very important regulation that protects our financial institutions and make sure that they are safety and sound. We call that microprudential, and that reduces their chance of failure, which means that you can trust that they're going to be around. And the last is macroprudential, which is relatively new, and that's to safeguard the financial system as a whole. There we want to try to identify, monitor and act on or mitigate threats to financial stability. We want to limit the adverse effects on the system from a shock and therefore on the economy if a crisis occurs. And we need to promote market discipline. What that means is we need to reduce too big to fail. We need to use it market incentives and harness them in order to get people to do the right thing. We want to end the burden, the potential burden on the taxpayer if a large complex financial institution fails. So now what's so special about FinTech? Well, there are some special things we need to pay attention to. For one thing, it's fast. For another thing, it's footloose. It knows no borders. Implicitly, that's been woven into our discussion today. It's also or can be opaque. That's very important. Now, Christie talked about transparency. But opacity is sometimes the friend of FinTech companies. The article that she pointed out in a Wall Street Journal that appeared yesterday is just a great example of that. But there are more. There are dozens and dozens of where people benefit from opacity, but maybe to the detriment of others. And frankly, some FinTech practices are aimed at circumventing regulation. So there are clearly benefits and costs to FinTech. The benefits you all know about reduces information costs. And I'll flip through that quickly. Reduces transaction costs. And I'll flip through that quickly. It improves speed and efficiency. And I'll flip through that quickly. Because I want to get to the costs. Well, the opacity can result in flim flam. It can result in risks moving into the shadows. And that's just that's not just important for regulators. If I'm running a business, I need to know who I'm transacting with. I need to know what my exposure to them is. I need to know whether they're going to make good on the promises that they've made to me. Those are all really important. And risks may become concentrated. Think about the size of Ant Financial. I mean, we don't think about this here in the United States that much, but the four largest banks in the world are Chinese. Ant Financial is a huge financial company, much bigger than most of ours. And so that concentration means there might be a lot of risk in that company. So what should be our goals for a FinTech regulatory framework? Well, we should have what I call and what Tom Curry, ex-controller of the currency calls, when he put this out, responsible innovation. Because we want to promote innovation. So he helped put out a white paper at the OCC, which basically said, look, we want to meet the evolving needs of customers, of consumers, businesses and companies in a way that meets those needs. But it's consistent with sound risk management. In other words, the microprudential goal. And it's also aligned with the bank's overall business strategy. And I would add to that. And sustaining market and financial system resilience. Those things are really important. So there are a number of challenges out there to do that. We need flexibility in doing this. And we need continuous updating. Innovation is constant. Change is day to day. We need to constantly calibrate whether or not our regulations and whether the way we look at FinTech is commensurate with those changes. We do unfortunately have a static legal regulatory framework. But the industry is constantly changing. Then we need to think about what and how to regulate. Those are pretty important questions. Do we regulate existing institutions? Or do we regulate financial instruments? Or both? I think we need to do both. We need to detect, to monitor, to assess. To designate, perhaps, to regulate and to supervise. That's traditional financial regulation. One way of thinking about this is to treat FinTech startups like we do pharmaceutical companies. So we need to have probably limited use and control test environment. I'm sure you have all heard about clinical trials. There's a way to do that. We might have a broader expanse. Restricted use by licensed experts. Right? And so that makes some sense because we have sophisticated people who know what they're doing and what they're getting into and the risk they're taking. And then unlimited use by the public for the things that have the lowest bucket of risk. That's one way to maybe parse the kinds of things that we're worried about here. Importantly, we need to have accountability when we think about regulation as well. Who's going to be in charge? In the United States, we have a very fragmented regulatory framework with overlapping responsibilities and some of them extend to global jurisdictions. The question I asked at Michael Barr earlier related to that. How do we deal with these with this global overlap? This is not my chart. This is from the GAO, the Government Accountability Office, which basically graphically describes what our regulatory structure looks like in the United States. Across the top you can see all the regulators and there are many. And along the bottom you can see those buckets of industry that are regulated and they are overlapping. And they need to be. Now does that mean we should rip it up and start over and have one regulator? We're not going to do that. What we need to do is to have better coordination and collaboration and communication among the regulatory agencies so that they can pursue common goals. I'll leave you with just some hot topics to think about and there are a few. How do we regulate digital assets? How do we regulate mobile payments? How do we think about operational and cyber security risks? How do we think about compliance and mitigating and dealing with financial crime? How do we think about the application of new technologies for these processes and what we're calling reg tech, soup tech, risk tech, and insure tech and on and on. What should we do and why should we do it and how should we do it with the promotion of those clinical trials and what we call regulatory sandboxes? How do we think about guarding against some of the things that Christie talked about? The biases and artificial intelligence and what I would broadly call model risk. How do we coordinate across borders? Those are all big questions that maybe we can talk about in the Q&A. So a couple of takeaways. Regulation is needed. Fintech does pose some special challenges. Many of those are just old wine and new bottles. But some are genuinely new and require control testing. Thanks. So I'm going to take it just a little bit different and I want to just think about how we can actually understand the impact that using these different technologies, sort of the different tools, AI, data science and so forth, what does that mean for different types of regulations that we can have? And what does that mean for regulating fintech in particular? So I always want to start off with because people get confused, like what is fintech? And I think it just, once you state it, we'll understand that there is a difference and it has different properties and that it's just to improve the automation and delivery of financial services. And now there's reg tech and there's lots of other techs that fall within similar types of buckets, but you can just see there. Now, why does this matter? Why should we be spending a lot of time on this? This is just a notion of how much money is going into that and you can just see this nice upward trend. But most important, it's a growing part of the financial intermediation infrastructure. That is, people are moving their money there, they're doing basic types of business decisions there, banking decisions, payment decisions. I love PayPal, thank you, which I use quite often, and that it's becoming an important part of the infrastructure for financial sector. Why is finance or Vintec different? Well, really this is three issues here. It has heterogeneous entities that are in disparate locations that own the data. There's a low trust environment and there's a lack of transparency, makes verification and maintaining an audit trail difficult. So those are the issues that it faces and so the questions are, can we impose the same types of regulations then that we have in normal financial institutions and services into this space? Now the regulations that we usually see, especially those after the crisis, really imposed a series of, I would say, mostly micro-prudential regulations with some implications for macro-prudential regulations that focused on issues of transparency and flexible analysis with imposing capital requirements, leverage requirements, and so on. The question is, can we impose those too on these Vintec type firms? Now this is what the structure that was being talked about here where you have, say, just take a normal bank structure and you have a bank that's regulated at the micro-prudential level, that is again the capital requirements, leverage ratios, and so on. And then that gets fed up to looking at the macro-prudential level, which would be notions of systemic risk. And the question is, to what extent can we think about the regulations and the relationship between those too? And how can data science in particular, or artificial intelligence, how can they help us in thinking about the regulation in this area in a space like Vintec that doesn't necessarily follow this type of structure, of organizational structure? And here, what we're looking at then is the notion that you can use a number of different types of things. You can use sampling data, right, from derived from real distributions, that's right. You can see simulations, you can use computational analytics, and use data visualization tools. These then become the tools of the work courses for us to be able to use the data from what we can derive from these Vintec firms and then apply them to understand and apply different types of regulations and to see what regulations work and what their effects are. So these new AI technologies provide new tools in which we can start regulating. Now these new tools actually are slightly different than the way we've previously regulated. They tend to be more transparent, they tend to be collaborative, and they actually have really worked out and been functioning within the space where academics, industry, and regulators come together. So it's a different set of tools than you usually see. And these tools include machine learning, NLP, deep learning, neural nets. So this is not an app or something that you can build in your garage. So this is something distinct. And so the approach that we've been taking, and this is out of the Vintec lab at Columbia University, has been through development of a risk dashboard and using open source risk analytics. And this is going to allow you to test the implications of different regulations in different type of financial spaces. It's cloud-based, it enables risk analytics across different portfolios, asset classes, and so forth. It features, again, open source collaborative with a shared set of standards. Now, I don't want to go through too much of the risk analytics stuff, but given that basic model, you can see how you can build a basic workhorse of a firm or any types of aggregations, again, from the micro level aggregating all the way up and then building out a system and the way in which there's interactions between that. The benefits of this, that once you do this, it provides independent benchmarking, improved transparency, connectivity, and so forth. And just so that you could see where regulation would come into this is that this would be where your data inputs take place, where there'd be different types of form of calibration of a particular model, where you'd then have simulations that would take place, where you'd have an aggregations of those, and then you'd have a set of outputs. Each of those points of those arrows becomes points where you would actually introduce regulation. You could introduce regulation on what types of the structure of the data they are, how those model calibrations go, so that's model risk, right? What are the simulations that you need? This is a stress testing. What the outputs are, these are all the different types of reporting requirements that are needed and then how they get interacted and pushed out to your regulators, okay? So all of a sudden what you have when you look at something like this is a tool in which businesses that don't usually have a means in which to interact with regulators or meet the standards of regulators can do so in a standardized way that meets a set of regulations that are predefined, okay? Now, again, I'm not going to go through all the gory detail, but if anybody wants to go into the bowels of this, I'm happy to spend hours, but what it does, it'll put out a series of simulations so it's called synthetic data of which they're built off of real distributions of any financial institution and then you can go ahead and simulate off of that. This then provides us with a way to go ahead and do, so this is there in, it's our nice visual analytics. You can do drill downs. You can do all of these into netting sets. I just was for a bank. You can do all the counterparties. You can go ahead and find where you're breaching. So I'm going to tell you if you want to go to the fintech lab, everything is there. It's all open source. So if you want, go ahead. You can click on the GitHub link, knock yourself out, download your 400,000 lines of C++ code and knock yourself out. Go ahead and what you can see is that this enables you to do scenario testing on the impact of alternative regulations. So either, like in this case, we're looking at systemic risk or a particular regulation of collateralization. Now, you can do in your, this is like, this is different than a sandbox because this allows you actually to have the structure of a model or a firm already that's doing its business, if you will. We build out the interactions, how it interacts with its party so you can build out, in this case, we're building out a financial firm of banks, but you could have PayPal interacting with its B2Bs or PayPal interacting with a set of customers and you can look at the types of risk analytics that it comes out and the risk that it pushes out, the risk that it gets in and then you could do an intervention. Suppose that you had to, if you enter into a contract, you had to collateralize, you had to put money aside and that's the regulation. Well, what would that mean for aggregate risk for the system as the whole, the market as a whole and then for the individual counterparties or entities within that transaction? And then you can come up and I'm not, this I have papers on, I'm not gonna show the results here, but you come up with those types of results. Now you can do this for any type of regulation or any type of intervention and that you're interested in and the beauty of it is, is that you get to see the impact of a regulation or a different type of standard encoding or a different type of requirement or whether you allow only sophisticated investors or only certain types or certain type of instruments to be allowed to happen before you actually implement that regulation. Now, that's actually amazing because if you look at Janet Yellen when she was talking about whether we should introduce the notion of clearing houses, she went through a very lovely speech, she showed all this information about why clearing houses might be good, she showed a nice actually figure of why this, she thinks it might be good and very honestly as in her beautiful way of doing it says, well we don't have all of the information to show that in fact it will improve the system but we think it does and so it's worth trying. Now, having gone now since this is something that we're working on right now if you actually build out a model, a graph, that mathematical model and you do this right now and you look at the difference between if you allow counterparty so I'm giving you my early research ahead of time and I'm going to give you my why you should actually want to do this and then you actually allow all the hedges to go into it and you ask are there benefits to the netting and that's always the question right and the answer is, well yes under some very obvious situations but moreover you're winding up doubling the risk in the system by having the potential of the clear by forcing the clearing. So we're not talking minor differences we're talking major differences and so I can estimate that I can show it mathematically and I can estimate that and I can simulate that and that's the kind of work you really want to do before you say everyone has to go on to clearing. That's all and on the collateralization regulation which we have published what we show there is that yes by imposing collateralization as you might anticipate you reduce the cost of resolution that would be true. But you don't necessarily reduce the risk in the system right you've just moved it around and that's it and so have you made the system safer? Well that's a question so those are the those are the types of things that you have to really think about hard and you have to ask yourself and this was your point is that regulation fit for purpose and you can't answer that question unless you've done something like this and have a tool for that and if we're talking about a FinTech space where has all of those different types of problems that needs as you're quite a fast regulatory response that can understand the impact that with changing partners and entities with different types of response functions to markets correct that you need to you won't have a lot of data market data you'll have some market data so you need to simulate or impute what you think is going to happen and then you want to understand I intervene this way what would be the effect the predicted effect that you need something like this to make good estimates about what a regulation what regulations are best under what conditions that's the punchline okay so that's it it allows you to do that I you know I think it's something that we should be doing it's absolutely necessary doing FinTech makes it even more important the consequences of big and the costs are even bigger there okay that's my thank you wow we've gone big big global lots of data we've gone narrow somewhat in the U.S. we've gone markets relevance of data and how we regulate in the market space and now we're going to go really small again but I hope you'll find this relatable and useful so I'm Melissa Coity I have to figure out if I put my glasses on to see the screen or not I probably do yep I am here to talk to you about a what we like to call a startup although we're a year old now but we are a startup research organization Finreg Lab and it's probably helpful and maybe somewhat interesting to hear a little bit of the context of the creation of this startup research organization I sat in the U.S. Treasury Department not quite down the hall from Dick but in the Obama administration and I led the Office of Consumer Policy and part of that office's responsibility was really trying to get our heads and our insights around the burgeoning growing use of data in the financial system especially on the retail side of financial services for consumers and small businesses and also these emerging technology applications virtual currency is what we referred to crypto blockchain different types of not only the currency but actually the technology underneath but that was hitting our desk in 2011 and so my office's responsibility was trying to get our heads around what are these technologies what are these data applications how do they work and really importantly what does that mean for policy positions that we the Treasury Department would be taking with our colleagues who are the regulators but also with legislative offices and staffs we made a couple of trips out to California sat on Google's nice warm toilet seats you know it was quite the fun learning experiences but some really interesting conversations at PayPal too about data so I left Treasury at the end of the Obama administration and realized that while sitting at Treasury for four and a half years there was one thing that we desperately needed when it came to thinking about how are we contemplating evolution of laws evolution of policy so that we make sure consumers are protected that our financial institutions are safe that our financial system is safe overall what we desperately needed was not just to hear from the hundreds upon hundreds of advocates not just the consumer advocates but the merchants the large banks the incumbents who would come in the door and tell us about you know the use of data is going to be the end of the world when it comes to privacy or the next best thing next to sliced bread when it comes to financial services what we really needed were some fact-based insights where there was real analysis and testing of the use of data and these new technologies by an independent organization that could do the research and frankly that could do the research in a timely fashion and could do it in a way that had some understanding of what was really the heart of the questions that we needed to answer as policy makers and regulators so anyway that's the background but so you have a context of what you're about to hear that we're doing now so Finreg Lab Lab was stood up a year ago we are a non-profit organization and we are setting out to very ambitiously but also very intentionally identify what are those pressing questions as it relates to the use of data in financial services and how can we build tests and research that ultimately are going to answer those questions but not just for the regulators but frankly for the broader financial ecosystem because when it comes to new legislation you better believe all those hundreds of advocates are going to have a point of view and a perspective on this so that's the context now let me figure out how I work this thing probably just talk you through so this is what we do we engage directly with regulators and policy makers as well as the broader community to identify these areas of research that we will undertake we function as this honest broker intermediary between industry who frankly when they're using data in new ways or technologies really want to get close to the regulators to help the regulators understand how that technology works but there are some spaces where there is regulatory uncertainty or there are anxieties about competitive implications of sharing really nuanced data and information at the same time the regulators also would love to get closer but frankly there's also a little bit of an anxiety among regulators if we bring these entities that may be doing something that doesn't quite work with the laws that we have in place do we regulators end up sitting in a position where we have some responsibility for something that actually may not that may create some harm for consumers or customers and so we're able to be this honest broker that sits in between and can put together these types of experiments to generate the insights and then present the insights to the broader community and to facilitate a conversation about then what do these implications of the data use or the technology use what do they mean for policy and really push a conversation facilitate a discussion so that we're coming up with policy options and so that's what this largely reflects so I'm going to keep going I know we're running a little late on time so I want to get to what are we actually looking at right now so let me ask you this question just to kick us off and to get you all moving a little bit stay seated if you well stand up if you would be willing to allow a lender to look at your bank account data and it may generate a better price or you may actually get access to credit where you otherwise would not have would you just stand up so you just get yourself moving for a minute would you be willing to have a lender look at what's in your account I have no idea by the way what you all are going to do I'm this is the first time I've done this but it's helpful so it was almost like half right a little bit so in the U.S. we actually have almost 50 million people who either lack a sufficient credit history or lack any credit history at all and thus they are challenged to get access to credit lots of different types of credit but they're highly challenged we also have another 23 million sole proprietors small businesses in this country who would like to get access to credit but who struggle to get it because they're new to the business building a business there is a theory that cash flow data information that's in that bank account could actually be quite predictive and enabling lenders to assess those individuals and those small businesses to determine if they actually can take on credit and pay it back to get to the punch line a little bit and what you see here is actually a variety of different type of data sort of the here and the now then the potential data that's frankly on the horizon I would argue some of this is actually in some fashion making its way into who's getting credit already somewhat on the marketing side but what we're talking about now is actually what are the data that are making their way into the underwriting decisions what we decided to do because it has implications not just for fintech frankly fintechs are a small portion yes the investment dollars are vast and growing but this also has implications for banks and our system is by and large built on a banking system our access to credit and these questions of cash flow data may have real relevance not just for the ability of fintechs to lend to consumers and small businesses but also banks it's also one of the less scary types of data that may actually be useful for predicting credit risk and so what we are doing right now is we are engaged with a number of lenders who are sharing with us loan level information these are lenders that are using cash flow data in their underwriting process but they're allowing us to take that data in on a firm by firm basis and evaluate borrowers that they're lending to with performance data in comparing borrowers who are underwritten with cash flow in it compared to similarly situated borrowers where you don't use cash flow where we're using a more traditional FICO or FICO like score here are the companies who are participating with us there are actually two more that aren't up there yet and so to bring this back to the policy question what are the implications of this well first of all guess what our rules regarding and our law regarding what data is used in underwriting are focused on credit history data so the idea of even using new data like cash flow it's not prohibited but we don't have a law an ecosystem that thinks about how are we making sure that when new types of data like cash flow are brought into underwriting that consumers are protected that there are privacy expectations that there's clarity around transparency and that data is accurate because what we're talking about and I don't have this map up there but is a very different ecosystem where data is sitting with the banks it's ultimately flowing to the lenders it is required or requested by consumers but the method by which that data flows is typically through new intermediaries called data aggregators which we've talked about a little bit but we have a lot of important questions around what are those protections how do we think about the laws and the regulations evolving so that consumers do have those protections and then there are a host of other very important laws and I would say societal expectations around using new data so the core questions we're seeking to answer through this experiment that we're doing as well as the policy process discussion is how does that data actually does it accurately enable a lender to separate risk goods from bats how do those consumers and those small businesses form that tells us was the data effective do those underwritten with it do they perform better and then a really important question that we're not diving into today but it was alluded to or spoken to somewhat by Michael this morning and it's on everybody's minds and the credit underwriting space do we see differences in outcomes between protected classes and white men so the work that we're doing actually has built out two months of working group to actually probe what are the policy options when it comes to fair lending expectations and those ecosystem protections and importantly there are questions that practically need to be resolved because we have expectations that when there is information that results in an adverse action meaning I thought I was going to get credit at a certain price and the price is different or I was denied when I thought I was going to get it that actually has to be communicated to that potential borrower and so they're just practicalities and how do you explain to somebody well it was what was in your bank account and you didn't have enough of an average balance over the past six months those are new types of information that lenders would say are challenging to explain under the norms by which that information is shared today and then importantly how are we really making sure that consumers it's where we've been spending a lot of time today that they know what they're consenting to in terms of the use of this data and it's used by these lenders as it flows through these intermediaries these data aggregators so I am going to leave you with these are some of the subtopics under each of these areas I'm going to skip this too because we really are almost out of time these are data flows data maps to actually look at and understand how the data is making its way through the system I'm happy to make these slides available to everybody we are about to release the report in April and it is going to actually provide those fact-based insights or answers to is the data predictive and also identify what are the policy and the regulatory options because if this data is we hypothesize is predictive and useful this could be a really valuable data source for extending credit to borrowers who otherwise may not get it or who might be priced differently but that will require the policy makers and all the advocates that I talked about at the start really understand what the implications of the data are and are bought into the idea that we are bringing in new type of data into financial decisioning in this case underwriting so I will make sure the report gets to Michael and others and out the door but I look forward to your questions okay thank you such an honor to be on a panel like this I've already learned a lot and it's always great to be back at Michigan where I did my undergrad as did four of my siblings so it's home the problem I was sort of thinking of to talk about is one we read about it all the time where some giant company has your data and it got stolen so now your social security number and a bunch of other data is in the hands of some Russian or Chinese hackers because you trusted some central entity to control your data and this happens all the time you have to do a credit freeze that happens to me occasionally with these giant companies I think it's Marriott, TJ Maxx there's just been a string of them who have your data because you trust them with it to get your services and then they get hacked or lose it the similarly I mean we're having a where a lot of my data is a lot of my data is on Facebook for example and I know that I can go around the internet and log in with Facebook are you guys do this occasionally where instead of creating a new login you just log in with Facebook or log in with Google or log in with Twitter and what's going on there is that website might not want to manage your identity information and Facebook has it and Facebook can authorize them to access certain information they need like your age if you're over 18 your name some photos out of the Facebook database into this new website's database and then when later you want to deauthorize that access you can deauthorize that access and it would no longer be available to that company and if you want to create a competitor to Facebook or some other one of these giants pretty hard to do it because all my data is on Facebook all my friends data is on Facebook if I want to go move it somewhere else it's it's a giant pain and when you think about the future of financial technology a lot of it will be based on data as we know and if all of my banking and transactional data is in with one bank and they're giving me all these awesome insights about how to like shop and save money or get things that I didn't realize I even needed I might stick with them because it might be too hard to move that data in that history to a new competitor that might have better services because they don't have that data so a question of data portability and the question of just like hacking and so I want to talk a little bit about potential technological solution the industry I work in is like cryptocurrency and blockchain I will do my best not to use a bunch of buzzwords for those of you who don't know much about blockchain just just think of it as an excel document it's like all the buzzwords think of it as an excel document that a group of people kind of collectively maintains and trusts right so you guys probably have heard of bitcoin how many of you own a little bit of bitcoin yes we got at least one hand two hands okay great so when bitcoin was invented some guy was like gee I hate the banks and governments I want to invent new money and he was like what is money money isn't just like green paper that you carry around right if you were to buy a house you would you wouldn't carry around bags of green paper money is nowadays pretty much electronic it's an entry on a spreadsheet that says you have a certain amount of money I'm moving some money to Melissa her spreadsheet on her bank will the number will change she'll get more I'll get less there's some magic in between some bank financial magic I don't understand that updates those those spreadsheets that now means I have less money and she has more money and think of blockchain as just some non-bank computer cryptography magic in between to make sure that the spreadsheet is accurate that now I have less bitcoin and she has more not bitcoin and it could even be used for dollars or anything else just think of it as a spreadsheet that everyone can trust without relying on banks or governments now I spend most of my life in Microsoft Word for people who spend their lives in like excel or databases they see databases everywhere databases you know for example Facebook is just kind of this giant database of all of our information and then they display it in different ways and recently Mark Zuckerberg was at Harvard Law School and he was interviewed by Jonathan Zittrain and he said oh I've been thinking about figuring out a way to do identity in the blockchain where instead of everyone storing all their data on Facebook and people logging in through Facebook you could instead store all your data on some database that no one owns in controls not Facebook not anyone in the magic of the computer cryptography etc is a database everyone trusts and when someone wants to go log in somewhere then they could go and they could use their keys to tell a website hey you're allowed to reveal to this website this amount of data and then you could eventually deauthorize that data if you didn't want it so you can have essentially Facebook login and all your data somewhere or bank login and all your bank data somewhere without trusting anything about technology now so that's that's the concept and there are a few companies out there trying to do this one's called Blockstack one's called Civic trying to do what they call decentralized identity just think of it as putting your data somewhere and not having to trust any of these entities that can be regulated right so rather than relying on some entity regulating it make sure it's keeping your data secure in all these different ways you could rely on public key cryptography and other things that can't be broken to know that your data secure to share that data with new fintech companies and to permit a hopefully competitive market where you're in charge of your data so that's the technology I wanted to talk about as a potential solution and unlike some of the other folks on the panel who I guess come from more of a regulatory background I come from an internet background I worked on internet issues for about 20 years and I remember when we passed all these laws to sort of make it legal to do things on the internet like all these immunities around libel and copyright and you know when I I come from a world where the idea of something like pharma for fintech made my soul hurt to think that you would go to some government bureaucrat some like agency stocked with terrible engineers and software developers and asked them for permission to start your company and go through all these trials to me just makes me want to puke but I get that you were throwing out just one idea and then I appreciated that and so we're here to be controversial yeah I figured I figured I'd spice it up and so when I look at this issue you know these companies like block stack and so all these companies that are trying to create decentralized identity and some sort of way for you to control your own data they tend to rely on cryptocurrency in the background at the same way that you know I don't I don't really know what happens between me and the banks when I when I transfer money to Melissa there's a lot of technological incentives designed to keep to keep that database secure without any one person having to be trusted you kind of incentivize a whole group of people through paying them a little bit of cryptocurrency to keep it secure in the in the bitcoin world it's called bitcoin mining but just think of like there's some sort of incentive structure now what I was going to talk about is that we need to make sure that technologies like these can thrive and we have a bunch of folks in DC who are well-meaning but who don't understand the technology I'll just name one agency like the Securities and Exchange Commission which looks at most cryptocurrencies as securities and therefore is doing a bunch of things that kind of chill the market and the innovation that's possible so that's all I wanted to sort of put on the table and then we can talk about anything else rather than me as questions I think we shouldn't have audience questions because I think that I'll probably elicit some of the themes that we've been talking about that I've been thinking about and certainly I think the rapid pace of change in this area has really been I think a common theme and then how we address that it remains to be a challenge but I think Sophie has the mic so perhaps we'll just turn over to audience questions my question is I know that blockchain's a huge consumer of electricity to verify transactions and if you're going to put that out as verifying everybody's identity what does that do for global warming folks I'll answer it pretty quickly Bitcoin is secured through something called proof of work which says require a lot of electricity there are new technologies coming on such as proof of stake and other kinds of ways to do consensus that won't require a lot of electricity it's still going to require lots of and people doing lots of things which are going to require energy in some form so I don't know exactly what the alternative if you want is but yes in Germany where they have a lot of it is I think there's one a utility plant that's actually they say is basically fun is basically supporting all the miners so yeah it's actually a significant issue and in and one of the and one of the problems is is that it's not clear that the utility bills are being offset by how much the miners are making so there's a definite incentive thing there so yes there's been a lot of these economic marginal return on it so whether it's a viable economic model I don't know but we'll see just one quick point and I agree with with everything you said if it's not viable for for a miner they usually will stop mining because they'll do something else but you know at the moment we do there's a lot of greenhouse gas emissions coming through lots of things on the internet and finance bank buildings and cloud computing centers so it's not a question it's a question of sort of alternatives right do you get the benefits that are worth the costs not not meaning to take us down another diversion down the road for blockchain here but it's a subject that's near and dear to my heart and and let me just say in the interest of full disclosure I do think we need some regulation there because it is something that poses a lot of risks I'm not so averse to to to having regulation there but bringing things back to the privacy aspect for a second here the bitcoin blockchain as it is currently structured as a public blockchain has all of your personal information on it and it can and it does not come off that's the whole purpose behind the blockchain itself it's immutable which means you know once your information is on there it's on there so I was just wondering what the views of the panelists were with respect to the risk that this represents to individual privacy and and what approaches if any we should be taking in order to regulate this maybe I'll start with a couple one risk is operational risk and cybersecurity you know the blockchain acolytes think that you can't hack this stuff but clearly as soon as you start trading on exchanges you know then that's a different problem and there's no recourse so that when an exchange is when you lose money on an exchange it's gone it's just like losing currency on the street um another regulatory issue relates to what I call digital assets and so I think there's a lot of confusion about what the range of digital assets is Marvin you know has a an opinion which I respect which is the SEC is not equipped to deal with how to regulate these things maybe the lawyers in general aren't equipped to regulate these things but but the but the point is um you know we do have securities laws we have laws that govern other kinds of financial assets and actually part of our problem in our regulatory framework is that we have certain legal definitions for securities and for commodities so certain crypto assets are commodities and the SEC doesn't regulate those it's the CFTC and certain are judged to be securities because they look smell feel act like securities like ICOs initial coin offerings whether they are or they aren't probably will end up being decided in the courts I'm not a lawyer so I don't want to act like play play to be lawyer but you know the SEC on a preliminary basis has decided that some ICOs are are securities you know this is not settled law and so there is a an issue there in the same principles that I talked about really are relevant for protecting not just consumers and businesses but also for thinking about making our markets fair and effective so that we we make sure that it's trust in them also yeah there are are other technologies on there developing on privacy I mean that are probably much more innovative just because blockchain is actually quite slow just so they're there's just many things about the blockchain in and of itself that is perfectly great for a distributive ledger if you need you know issues around transparency if you're in a low trust environment and if you need to have an audit a traceable audit so those are sort of the and that's the environment that's when you really want a blockchain it's not that's not all places correct the other the other issues like there's some really great we're sort of really innovative things such as encoding on DN our synthetic DNAs are using metallic things that are actually probably much safer more secure very fast and higher in storage that probably have a much higher propensity to to be storage informations so I think in the long-term blockchain and the distributive ledger were a solution to a particular problem and that's fine but we shouldn't just try and keep trying to take blockchain and make it a solution to things that it was never set up to do and it solves a problem that it and there may be certain applications and use cases and that's fine under certain those types of circumstances but you know that's fine that's it I'll just give a different point of view for a second which is so two different questions two different things that came up one was that the Bitcoin blockchain is very public in terms of all the transactions around there not not names sort of pseudonymous you can track certain transactions and there's already been multiple the one that's sort of us known Zcash attempts to make private blockchains where you can transfer funds in a private way and then in terms of you know immutability there are a lot of one of the strengths of blockchain is that it's there and it's auditable now in terms of other weaknesses when it comes to blockchain to me it's one tool among many but there are lots of attempts to make it faster lots of investment and innovation in that space not only the Ethereum blockchain but you know my company is called protocol labs our investors include Sequoia which is the top venture capital firm you know Barna and Union Square Ventures which invested in Twitter and Coinbase and others and Injuries and Horowitz which is you know the top investment firm these guys are investing pretty heavily in blockchain not because there's there's no in our view there's no future and there's lots of ways to adapt the technology and if you look at what the technology is doing today and where it is today sure you might misunderstand the promise and over-regulate it thinking there isn't enough benefit that's kind of like in 1996 passing a law banning all the porn on the internet in a way that would have crippled the internet which Congress tried to do but luckily the Supreme Court struck it down so had that law been upheld the internet would probably have been regulated in a way where you had to show your AT to go on websites because there are all these bad actors and porn on the internet and if we treat the blockchain technology that way right now I think you could really cripple what needs to be done and so when it comes to the SEC they might be right there are lots of bad actors but fraud is illegal the FTC handles fraud when it comes to pre-selling software the CFTC handles fraud when it comes to commodities like Bitcoin and Ethereum and there are lots of state laws against fraud and so do you really need the disclosure the disclosure regimen of the SEC when it comes to an open source software that's being used to power a network they've decided you don't when it comes to Bitcoin and Ethereum and they've decided you might when it comes to all of the new innovator technologies coming after it and they haven't even done that by rulemaking they've done that through one one director of one part of the agency giving one speech the Yahoo Finance Conference in June of 2018 and a bunch of after-the-fact enforcement actions without even the shred of the guidance that they were going to post on their website which they haven't yet or rulemaking so I just think that's bad governance maybe I just pull that together and make this tie into what Sharon talked about earlier because I really think and I'm actually teaching a course in risk tech and reg tech that the promise of using data appropriately and technology appropriately can be hugely beneficial both to regulators and to the industry whether they're looking at a certain technology or not whether they're looking at a new financial product that uses a different kind of technology whether the distributed alleged technology is permissioned or permissionless in any case I think that the use of these technologies appropriately can not only foster a more streamlined regulatory process and a reduced regulatory burden but also make the conversation between the regulators and those they regulate much more effective and efficient and that's where what Melissa is trying to do really can come in and provide a safe harbor for having that conversation without having regulatory capture so my sister is getting married today and I have to be somewhere for photos and so we haven't finished that in time but I'm gonna run I'm gonna run I'm super honored to be on this panel thank you guys for everything I apologize for running so I think we'll leave it there in respect for the third panel thank you again and thanks to our panelists