 Hi, my name is Victoria Guida. I'm a reporter with Politico and I'm here to host your Panel on responsible innovation and how regulators are doing and keeping up with the technological side of financial services Countries are in very different stages of regulating fintech And we have three experts with us here today to tell us what's going on in the world and how regulators are doing We have Joanne Barefoot who is the CEO and founder of the Alliance for Innovative Regulation and a senior fellow Emerita at the Harvard Kennedy School for Business and Government. She also previously served as the deputy comptroller of the currency in the United States Then we have Malavika Raghavan a where working on interdisciplinary research in India focusing on the impacts of digitization and finance on the lives of lower income individuals She founded and led the future of finance initiative to for Dabara research in India until this month She's now a member of the initiatives advisory board. We also have Douglas Arner who is the Kerry Holdings professor in law at the University of Hong Kong Thanks so much for joining me you all and I would just First of all, I'd like to ask each of you to kind of lay out the landscape for us here You all are experts in in different parts of the globe so Joanne if you wouldn't mind starting us off, you know What do you think is sort of the most interesting thing going on in sort of this intersection between regulation and financial technology and data? Great and it's great to be here. This is such a wonderful project on the future of the central bank so we know that technology is transforming everything including finance and including financial regulation and The perimeter of regulation that we have been accustomed to in the past Definitely has to modernize we need to be smarter faster cheaper better and Future-proofed on how we regulate both banks and non banks and we need to build a new regulatory system around data I submitted a paper to the to the conference and would commend it to people it's called a reg tech manifesto and it makes an argument for why we need to modernize the financial regulatory system and how to digitize it and and also how to get there from here in terms of the practical challenges involved and When we think about the challenge that regulators have it's two-fold one is that they need to get really good at regulating the Activity in the industry as it is digitizing and as the industry is transforming away from classic models of being dominated by traditional banks and secondly They need to Modernize how they themselves work. They need to digitize the information that they have so that they can have information in real time in complete data sets and use tools like Artificial intelligence to analyze it and as we go through that the perimeter is going to completely shift and be re-rethought and redesigned Great and Malavika you're in India, which is a very exciting place right now for this whole conversation A lot of pressing developments going on right now. So why don't you why don't you walk us through some of those? Yeah, sure. And thank you for having having me here and I'll pick up exactly where Joanne left off actually very similar issues in India In terms of the regulatory perimeter and the need to really focus on regulating activities because the shape and form of entities are changing very very rapidly There's even a question of whether we will have entities or merely platforms, you know, five or ten years from now And within that context, I think there may be two or three large developments that I'll just flag up maybe for our Conversation, I think one is this whole kind of tension between data regulation and financial regulation and for our central bank That's really very central central to its mandate and you know, how far can it go in terms of regulating information flows in the financial sector? And that's really the the topic and the title of the paper that I submitted with my co-author Anubhuti Singh to this Conference, it's called the regulation of information flows as a central bank functions And it's a case study on the treatment of account aggregators by our central bank in India. I very much recommend a rate of back I think within the financial sector. This creates also issues apart from the data regulation versus financial regulation in India We have multi sectoral financial regulation. So we're also seeing Different regulators and the insurance of securities or banking industry taking different approaches to similar technology Which again creates all kinds of issues for consumer protection and financial stability And then I think the last thing that's quite interesting is kind of background infrastructure In many cases not at all in the financial sector for us It's our digital identity system and then of course our payment systems and so on and how they interact with You know, how trustworthy or not trustworthy fintech is perceived to be especially by people for whom, you know Money is a very scarce commodity, especially in these difficult times So yeah, that's just some top developments. Hope we can discuss them further I'm sure we will and Doug if you wouldn't mind, you know giving us your view from Hong Kong Thanks very much and great to be here Just a thanks to the San Francisco Fed and the University of Michigan for putting this all together and for everyone joining us You know, I think when we're looking at Evolution of central banks and some of the the challenges we look back over the past 10 years We can say that really the 2010s were driven by three different issues the crisis and central bank and regulator policymaker responses to that Across a broad spectrum second regulatory changes which transformed the way that finances operated and Technology and I think what we can say is that if we were looking to the 2020s The next 10 years are going to be set in a little bit different way The first is really around technology but the technology that we're looking at in the coming decade is much more Transformational than the technology that we're looking at in the past 10 years I think Facebook's proposal for Libra highlights really the potential of technologies that we're looking at Today is just categorically different. The second is when we're talking about crises We're probably talking at about different types of crises I think we're looking at a period where there's an increasing focus around Sustainability both from a positive standpoint, but also from the negative standpoint I think the final bit is one that we are seeing and it's a tension between ongoing trends of globalization and fragmentation and I think if we look at 2020 really a sort of inflection point year with COVID-19 and It didn't really change any of these directions, but it's accelerated all of them pretty dramatically I think from the technology standpoint the big impact of COVID-19 has been driving digitization driving payments and this is driving discussions around issues like central bank digital currencies second all of this Digitization is bringing with it a range of new what we call tech risks the risks of tech being new pervasive national security Financial stability basically just about every direction The third is really around the use as Joanne has said around technology for regulatory purposes We're talking a lot about this before 2020, but 2020 just changed the nature particularly by driving the necessity of off-site supervision through reg tech and Subtec this from the standpoint of Malavika's points about infrastructure is also leading us to the necessity of onboarding mechanisms in particular around digital identity systems that are Necessary when we're talking about non face-to-face Activities and finally the point that I think both Joanne and Malavika have highlighted and that is all of this digitization is reinforcing pre-existing trends towards concentration So dog, I'd like to stick with you for a second You have segwayed beautifully into what I wanted to ask you next which is about and financial which is brings up all of these questions about concentration about activities versus entity-based regulation And to sort of it in a different place than I think of a lot of the institutions here in the US in terms of fintech Which are much more upstart much more Unbundled in terms of what they're doing. So if you wouldn't mind giving us an update on the latest It seems like it's it's changing a little bit day-to-day about you know What's going on with ants and and what that tells us about about the future of fintech regulation? Yeah, I agree with you. I think it's it's a tremendously interesting situation a tremendously interesting case and it really for me highlights the biggest sorts of positive contributions that we can see from the standpoint of fintech, but it also very much highlights the new sorts of risks that these sorts of Global digital finance platforms Are raising and I think you know if we think about the origins of ant if we think about its business model It starts out as an electronic payment system to basically provide an essential means of payment in the context of any Commerce function in the context of of Ali Baba. They eventually discover however that People just want to leave their money in the system, but they don't want to be a bank They don't want to pay interest. So these aren't deposits so instead they take a very US style approach of effectively developing money market mutual funds which allows People to leave their money in but instead of having an account a deposit charge of paying interest They're investing that into China's interbank bond markets in the context of debt securities This becomes so popular that it actually grows to be at one period about two years ago The world's largest money market mutual fund I think that's really quite incredible and at the same time a real discussion if we think about China's Development and many other places one of our biggest challenges is always around SME financing And we've tried all kinds of different mechanisms. We've looked at collateral We've looked at leasing. We've looked at micro finance We've looked at just about anything you can think of and nothing has really hit the spot And I think what has been interesting with ant is ant has emerged as one of the largest Consumer and SME lenders in China and essentially how it's doing that is on the basis of big data analytics and cashflow analysis Which of course is what we've always wanted from the standpoint of SME and consumer lending and so a very successful example But how is it financing this well initially by a Securitization structures which many of us will understand both the positives of Securitization, but we'll also understand from the 2008 experience the many risks that have arisen Laterally, it's moved from there to more of a sort of loan Broking structure and we'll all be familiar once again with the good sides of sort of loan brokerage But also the weaknesses and I think the key what we've seen with and has been this tension That it's evolved to solve very specific problems Which are not just issues in China's financial sector, but in financial sectors all over the world and it's done wonderfully well But at the same time it's become a systemically important financial institution It was designated as such in China last year It spurred the creation of a new financial holding company's law in order to actually address the challenges of its cross-sectoral activities and I think the most recent tensions have really arisen because the banking regulator the central bank wanted to bring it fully within the regulatory net and obviously as a tech company and Didn't want this and eventually as usually happens the regulators come out On top and I think what we've seen is a determination to basically have Similar treatment regardless of structures and so for me I think and very much highlights all of these issues highlights the potential of FinTech, but it also highlights that if you're looking at economies of scope and scale Eventually some very big risk can emerge and we need to act when those risks do take place Yeah, I don't know if Malavik or Joanne if you guys want to weigh in on this I think it's a I think it's a fascinating discussion because when I when I think about financial services How there's this trade-off between as you were talking about, you know Diversity of activities within a single institution versus, you know having different activities performed by different places I mean, are we basically just going to have a different type of too big to fail institution? Or or is is FinTech supposed to just kind of disrupt that whole concept? I'd be interested to hear the thoughts from either of you. Well, I think we will I think some of the lessons that Doug is pointing to here have Remifications for the other debate about big tech coming into financial services and People have been talking about that for a long time Do they know there isn't much sign so far that they want to be banks and take on that type of regulation that you're describing Doug But at the same time they have so much potential to Swallow up vast swaths of financial activity. You already mentioned Libra Facebook's effort on Libra really was a wake-up call for everyone to realize that you could have pieces of financial activity just carved out of the regulated traditional Money movement system and operate inside of an environment like Facebook and I think we're just at the early stages of Thinking those issues through I loved what you were saying Douglas because the whole Conversation about innovation and finance or anything else has to keep reminding us that every time you innovate You get something good and something bad There's no such thing as innovation that doesn't create a new set of problems and staying ahead of that For regulators is a tremendous challenge because if they're too quick they'll squash good things And if they're too slow bad things will happen that they didn't realize were coming I mean, I think if there's one thing I could add that would be that It's interesting because India made this choice to stick with bank-led financial inclusion because we've had Explosive financial inclusion in the last 10 years and I think many countries especially some countries in Africa Didn't insist on that kind of bank-led financial inclusion and that's been quite heavily critiqued in the past because in some ways it slows Fintechs down in India if you had a similar kind of prepaid instrument for payments in India You would still need to have a back-end bank account at least for that Provider with a book entry system almost in front showing how the funds were being accounted for Even though of course, that's not the same as a bank account It did have it didn't have some of these back-end tie-ups with banks that telecom providers in Africa, especially in Kenya have And I think in some ways it's a good Positive thing in self-bank regulation in India that we've gone kind of going slow to go fast So I think having some of those risk-based regulation requirements up front And insisting on bank-led inclusion now in hindsight Seems like it did have its upside I think the two things that we are struggling with in this context though is the liability structure I think Technology service providers are really good at figuring out liability structures for situations when things don't work out So I think that's where central banks really need to be focusing their attention because again It's not so much about the entity or in sometimes even the activity. It's just about what happens when things go wrong And I think the other big Area of this regulatory parameter question for us is really the question of what happens with the data Because I think a lot of these financial risks are so inherently tied up with the data security and the data protection risks And I'm not quite sure that central banks have a clear common vocabulary to talk about those risks in the same way that we do with potential risks for instance Yeah, definitely. I mean I was I was just thinking about how in the US you know, we've had a much more ad hoc approach to fintech regulation as opposed to picking a choice of you know bank-led finance and That has led to this sort of open finance ecosystem that where it is as I said just kind of ad hoc where Tech technology companies and and banks have sort of worked out these arrangements that people are not totally happy with and now You know the consumer financial Protection Bureau is trying to decide whether to regulate, you know data aggregators as you were talking about earlier Malavika, so I was just curious, you know, you all come from sort of different perches You know where you think data protection is being done. Well, you know whether there is a particular jurisdiction That's that's found a good balance What what countries are doing wrong? So, you know Malavika, I'll stay with you since since you were you were heading that way Sure, and I should just clarify What's really interesting and this is I suppose where India departs from we've all been agreeing quite a lot, but there is an idiosyncratic Issue with the way that the bank regulation happens in India So for us non banks are not shadow banks the way that the rest of the world thinks about them we've actually regulated non banks as a non bank financial company as a licensed provider and Actually, the interesting thing is whether fintechs even fall within Non-bank Regulation and that's an interesting question because if you're not accepting Deposits and you're not systemically important and you're still a financial provider What kind of conduct regulations would you have and I think that's really Where I think there's this link between data protection and financial regulation is about conduct so as a technology service provider if I'm Interfacing with a financial consumer Is it just data protection laws about collection and say you know security that apply to me or should conduct regulation also apply And I think that's one of the kind of really interesting flash points for us in what is really you know kind of developing a story Again very quickly in terms of descriptive background for those of you who may not follow the Indian landscape as closely We don't have currently Omnibus data protection law, but we're getting one it's in the final stages of the parliamentary process after a I think a three-year journey from committee to ministry and so on and Really the question for us is how should central bank regulation play when it comes to the data protection regulator because our regulator is actually deposing before the Parliamentary committee to talk about where that parameter lies and I'm not quite sure to answer your question Whether we have a balance yet Actually our central bank and I'm sure you know if there's some audience members from the RBI had meetings with the JPC the parliamentary committee some weeks ago and actually asked to be carved out from the data protection regime Which kind of shows that within the financial sector. They're very much They already have rules around data localization for payments data and so on so and storage requirements So in some sense it is really a race to who will regulate first In terms of who's doing it well, I think there are two jurisdictions two different types of jurisdictions I know that there are some countries again I'm thinking there's potentially Kenya and maybe Nigeria where there are mo use between the central bank and the Telecom regulator So there's this kind of joint regulatory approach, which is really interesting I think the EU does a quite a good job Of course, you know people have different views on whether they should go as far on certain Respects or not, but I personally think that the joint approach of competition regulators data protection regulators and financial regulators at least kind of having Consultation before rulemaking for instance is just a single You know a process point that could dramatically improve what's happening because otherwise I really fear in my context that we're going to have this kind of regulatory turf war which is ultimately always hurts firms and consumers Yeah I think I think Malavika just I would just go I would hit a couple things and I think When we look at this question and I completely agree that the one of the biggest challenges going forward is this Interaction between data regulation and financial regulation because the reality is that in an increasing number of markets There really is no difference between data and finance finance is increasingly One of if not the most digitized industry and as a result pretty much everything about the industry is Data and of course what you're seeing is is as we've all mentioned this sort of interaction between Banks and tech companies where it's increasingly difficult to tell them apart and is one example Visa Mastercard other examples Amazon Facebook Google in India is the the largest payment services provider It's increasingly difficult to tell the difference and of course We've always thought of financial services as an industry which benefits from economies of scope and scale So there's a natural Concentration effect and that's something that we've had to deal with in different ways periodically and the same by a network effects appears to be the case in data industries And so you seem to have this natural tendency in both data and financial services Towards concentration and that has many benefits, but it's also raising Lots of challenges and I think you know if we look at this question of data in societies This is going to be beyond financial services one of the biggest issues that we have to come to terms with in general And I think it's interesting to sort of contrast Say the US versus EU versus China and a sort of loose characterization is that historically the US has basically allowed individuals to Freely transfer their data, but what that means is that most of us have freely transferred our data to some firm Which has aggregated it and not really given us that much in return and There's now a sort of reaction Against that and we're trying sort of traditional tools to come to terms with it We think of the EU the EU sort of went at it from a different direction They basically said that some data is just yours. You can't transfer it to anyone It's always under your control and the design of this was to prevent dominance of their markets primarily by US tech platforms China on the other hand Had a largely similar approach to the US from a private sector standpoint But a different view from the public sector stand China's very comfortable with public sector amalgamation of data US Europe not so comfortable and the end result is different approaches But all three are now trying to come to terms with these concentrations. We've seen actions in the US we've seen in November Decisions by China to basically enact new regulations on antitrust Against internet companies in addition to actions against ant and other large FinTech providers and of course in the context of the EU the new digital financial services platform Which is essentially suggesting a move from open banking to open finance as the way to deal with these concentrations and so I think we're in a Area where we're experimenting with different approaches to similar challenges And we don't necessarily know what's going to work yet Yeah, I would add to that I agree with everything my fellow panelists have said I think this is the issue of our age the Digitization of all the information around us and how it should be used how it should be protected how it should be limited and how it should be allowed to be used with new tools and I think as Douglas I loved your summary there I don't think anybody is doing it well in the sense of having it all figured out I think different strategies are under way and it's all going to change one thing I would add to the mix is that I do think that Regulators should ask themselves whether there are technology solutions Before they go to regulatory solutions. There's a lot of work in so-called privacy enhancing technologies things like homomorphic encryption and zero knowledge proof for example if you had a system in which You wanted to restrict the age at which someone can purchase alcohol The the seller of the alcohol doesn't need to know everything. That's on your driver's license or identity card They really just need a yes or no answer. Are you old enough to purchase alcohol? They don't even need to know your birthday, but we hand over all this additional information all the time So there's a lot of work underway and thinking about are there ways that we can curtail use in the Anti-money laundering space for example There's a tremendous amount of work on enabling pooling of large sets of data Internationally where privacy would be compromised if everybody just shared all that information but if you can keep it fully anonymized and Encrypted but allow machine learning to look for patterns of crime across the global scale You can start to to get things done that you can't do in the traditional way So that isn't a complete solution We want people to have agency and control over their own information But I'm a veteran of decades of work on consumer protection That has started with the premise that we should disclose to people what the choice is that they're making That does not work people don't make good choices when they get government mandated disclosures We've got to figure out a better way to enable people to really have a Practical understanding of what's happening with their information and what they do and don't want Yeah, and then the other you know data boogie man out there is how to deal with With cloud computing and how to how to fit that into a financial regulation and a financial stability context given that you have financial institutions that are Putting all of this data into the cloud. So, you know, I was wondering Joanne Maybe I'll stay with you about you know, what are sort of the considerations that regulators are working through right now? You know, how far have we gotten in that question as to how to regulate cloud computing as a third party and What what what else is should people be watching there? So the first thing that needs to be said is we all have to go into the cloud Period I cannot continue to run this system either the regulators or the financial system with on-premises mainframe IT it's too inflexible. It's too, you know, right now. It's all old The banks in the United States and the agencies too are running on 30-year-old technology in most cases So we got to go into the cloud. It's cheaper. It's more flexible You can just pay for the amount of data you're using you can update it You don't have to put millions of dollars into or if you're a big institution hundreds of millions of dollars into Modernizing systems that are then going to be obsolete again Having said that the regulators are grappling with a lot of issues one is the basic security question if our regulatory system is reliant on certain cloud infrastructure what would happen if it was sabotaged or Taken down by natural disaster there. So there's a lot of issues there in terms of distributing and The technology and and having redundant technology There are a lot of issues around keeping the cloud Information secure in the United States we had an episode with capital one Cloud computing that sort of set back the whole space. Although it wasn't really the fault of cloud computing per se And then the another big issue is data localization There are many countries in the world That are not big enough to host a good cloud effective cloud environment Themselves, but that are reluctant for their data to leave their borders So there's a lot of issues to be grappled with but it should be a priority to get the whole system into the cloud sooner rather than later And I'll bet we're probably I'm sorry if you said how far along are we you know, I'll bet we're 10% into that journey. Maybe something like that I was going to jump in there because I think it's it's a really interesting when it's one of those other things that COVID has accelerated I think if we look at financial services, if you think about any financial institution that has been founded in the past Five years, it's cloud native. There is no server. There is no server room There are no keys to that server room there. This is why FinTechs can compete with banks because they don't have any of that They didn't have to have the capital or anything for it. I'm sorry. Go ahead. Absolutely. Yeah. Yeah. No, absolutely and I think the other side is that you know pre COVID all of the big banks were moving pretty slowly on this But it's something that really we've seen some massive acceleration in cloud projects amongst the biggest banks in the world as a result of Everything being off-site work from home all this year. And so I think that process what was Kind of slow moving Is something that has been dramatically accelerated and also has to be said that we've had some recent regulatory actions particularly the US With Citibank but also in the UK with Goldman Sachs UBS and others where increasingly you're seeing requirements to where the regulators are actually mandating comprehensive IT system reform as part of the enforcement action and so I think we're seeing the technology and I think this Trends point is one that has to be emphasized from almost every angle except maybe the very Biggest banks cloud is better more secure than any other option But it brings with it back to our earlier point Technology brings benefits, but it also brings new risks and in particular The amount of Concentration that we're seeing in cloud services. I think is one that is going to be an increasing focus of attention Yeah, I just like to jump in there as well and kind of maybe talk about the opposite trend that we are seeing in India Which is very much driven by regulation in that we actually had a circular from our central bank On the storage of payments data payment systems data locally on local servers So any Indian transaction has to have its data on a local server in India And of course that server can be connected to the cloud or whatever Ultimately that is the that is the law and all you know the multinational payment services providers including visa mastercard Google all of them Have complied and it's interesting because there's also a requirement where you have a cross-national Transaction to delete the data from after it is executed externally and then bring the data back into India And I have only one copy and then in certain cases have an additional copy outside So I think that even though, you know, obviously, there's a way that FinTechs were able to gain from this I think there is kind of a regulatory pushback and I think a lot of this at least in the Indian context the stated reason for Wanting localization and having that kind of server on site is really supervisory access because I think the geopolitical issue here Is that at least regulators in certain countries feel that they do not have access to data when they want to undertake? criminal investigations or even you know white collar crime investigations and so the idea is at least if you have the data on your Server in your geographical jurisdiction you can go serve a notice and get that data I think I mean on the one hand it's kind of a failure of I think mutual legal assistance on data transfers So that's not really the subject of this panel But I think the broader point for financial regulators is if the approach is to kind of force financial data back into Local countries then that's and this is happening in the US as well right from the cloud act and whatever I understand there I think the question that opens up is really I think a lot of this is about control It's about state control versus the private sector and within the private sector these kind of Intensine warfare between small FinTechs and big techs and so on and I guess the question I wanted to raise in all of this is kind of where does that leave the consumer? I feel I must as a consumer advocate of sorts because I think what we have seen you know with this proliferation of different players in the market and You know for instance Google uses our public digital infrastructure To settle payment transactions so does a large Indian FinTech. So does the government back payment service I think the load that this puts on the public infrastructure There we have to find a way of somebody funding that apart from the taxpayer and the consumer Because not only has a lot of public money gone into that infrastructure Our experience in the last six months during the lockdown was a kind of and I have a paper on this about the transaction Failures in the other unable payment systems for instance. We saw up to forty to sixty percent failure rates And in certain cases you have a cap on the number of transactions you can do in a day So if your transaction fails, it's incredibly hard Especially for a low-income consumer to do anything about it, right? And your caches or whatever is required immediately. I think there is an important Kind of moment here where that concentration risk in in is being enabled in some sense by digital Infrastructures I think and so there's really I think an important need to think about, you know How does how do we deal with this issue? Is it a competition issue or is this actually a utilities regulation issue? Which is I think a subset of of competition law But when you have this large public digital infrastructure that everybody is kind of piling on to and even if it's new like ours Is pretty new it's only a ten years old It's still breaking right and I don't have the answers to this But I just I wonder how do we ensure that consumers aren't left either with a failed transaction or paying for you know And therefore paying a transaction cost Whose responsibility is it in this content? Is it the center bank? Is it somebody else? I mean, how can it not be the taxpayer? That would be my question. I guess back to the panel Great question Yeah, if you guys want to jump in I'm curious to hear your thoughts as well Haven't thought about it in exactly the way you framed it Clearly there's there's a public role in regulating it. I don't know. I'm just gonna take it as food for thought myself You know, I think it's something that There are sort of public goods that the government provides There may be costs associated with those and in some cases we've we've had systems that have evolved Via private sector solutions and so we have to think about a range of potential treatments in some cases Just regulation Maybe sufficient and others treating as a public utility or or even Taking it into as as we've seen with with some of the infrastructure in India or something for me I think when we're talking about Identification that's a sovereign function at its base and maybe you can have private sector things build on that and Currencies maybe this issue as well You can have some aspects that may be sovereign some that can build on that I think what we have to do as we see these concentrations and these new quasi-utilities these new infrastructures whether that is cloud or payments rails Communication services we have to think about the financial stability standpoint We have to think about the national security standpoint and we have to put in place An appropriate balance response and in some cases Like we've seen with aunt the company may not enjoy that Yeah, just just to kind of bring this question to a point I mean, I'm curious is there do you see this a trade-off between Financial stability and consumer protection because when you consider that you know the the more places you could access data The easier it is for someone to find a point in to access it But then you know, there's it's also duplicated So you have less of a potential for for loss of data or some other kind of You know invasion that way, so I don't know what what what do you guys think about that? I was just going to jump in because I had and actually it relates to the previous point that Douglas was making as well You know, I know this is a difficult question when we have so many players and so many concentrations as well And maybe many of them are not even you know Indian fintechs for instance And or an Indian public utility that they're using and I think a lot of this really has to do with Thinking about the central banks role So I think if we go back to like first principles about what what is the central banks role over here? And if it is it is and in our case, it's consumer protection and its financial stability, right? And therefore in fact in the paper for this conference We've kind of drawn that boundary as to when should a central bank get involved with data protection, right? or data regulation and really our boundary condition is when it's so closely Related to an immediate provision of financial services That's the boundary because the danger is if central banks start setting the rules on how data is, you know How every all data is financial data right now, right? Like your Fitbit is financial data so if You know the central bank of a country cannot be setting the rules for say a telecom Industry player who has not does not provide services at all or the health industry for instance and so I think we need to come up with these boundary conditions and Within that I think then this whole question to your point around consumer protection and financial stability I think it's easy one to say and I know it's hard to implement But I do think they are Reinforcing because especially in the context where people, you know make very very little money a month for us It's really important that if you're inviting a consumer into a system. It really has to have that stability So really, you know, how do you ensure that? You know, you can do digital KYC. That's trustworthy and that's not onerous But at the same time really if we think about the system as a whole often you find it's not that one errant Low-income consumer often who is the highest risk? I mean microfinance has shown often that they are keep their repayments pretty high even when they're facing other shocks Often it's completely other kinds of incentives like the ones we talked about You know with the ant case and so on that has nothing to do It's got to do with the markets and financial engineering and maybe not a single little consumers choice So yeah, I do think they're actually reinforcing But I'm curious to hear from panelists who thought about this much harder than I have I think they're mutually reinforcing when you're talking about consumer protection But when we're talking about financial inclusion, I think there is a lot of tension and what I worry about is regulators and central banks underestimating the upside potential for consumers from fintech The mobile phone was the most democratizing force ever invented In the history of the world Nobody was ever going to build bank branches and staff them in the old model for hundreds of millions of people who now basically can have a bank And set of financial services in their hand on the phone that they already own and already know how to use And already have data in that probably helps them able to be able to qualify for and get these services And the the sort of bank centrism and safety and soundness Culture emphasis of bank regulators is necessary again. I'm a former bank regulator I love bank regulators. My son became a bank examiner. I don't criticize regulators, but But there's a the regulators in general are not at Not in close touch with the newest technologies and tend to under us they tend to see the risk instead of the Opportunity so there is a real balancing act there and the first step and it is frankly just education rapid learning and I think maybe we're still going to talk about how the regulators themselves need to Change what they do, but um, you know, they need some different tools in their tool set also one other thing the regulators have to speed up and The technology is changing at an exponential pace regulators and human organizations in general, but regulators in particular change at a linear pace And um, that's opening up, you know, it the covet has been giving us a harsh lesson in the what exponential change looks like that that um Uh hockey stick type curve that you get where things look gradual for a long time But as the speed is doubling and doubling and doubling suddenly it spikes Upward and and if you get caught underneath one of those curves as a bank regulator You may never catch up to it bad things happen In that delta between how the technology is changing and the pace at which regulators can change And uh, so they're going to have to find ways to move more quickly and especially again to uh, keep up with the the upside potential Uh of technology for consumers. It's it's it's the best thing that could possibly have happened to consumers is to have these new High tech solutions um, so I I did want to make sure that we home down on this point of Of regulators working together malavika. You mentioned earlier that You know, you have the the data regulators and the financial regulators and the competition regulators and all of the agencies You also have agencies across jurisdictions. Um, so what can regulators and central banks do to work together more smoothly on on data issues? I think this is the the Kind of prescription that's easy to give and very very hard to follow and practice I think we all know intersectoral regulation is kind of the gold standard of good policy making But I think there are some very sort of understandable reasons why Different regulators are optimizing for different objectives. And I think that's really the heart of where this is coming from Um, I mean, I can talk again from my observation of the indian context not being a regulator But constantly responding to consultation. Um is I think uh For us, um, I think a lot of this is because we do have regulators at different stages of their own journey So our central bank is obviously very old and had Was almost the preeminent regulator and then we kind of birthed these other financial sector regulators So they are it isn't linear. I think regulatory development is not linear And so I think there is a we need to come up with a way there where regulators can seed space But also take space when the landscape is so quickly changing and I think the big Kind of upcoming I wouldn't say battle, but at least what we need to deal with coming up is the A new data protection regulator And the convergence. I think the big trend in india is a convergence that's being caused by technology So convergence across information communication telecom banking and so on and so forth And what we're finding is that Like joan said a lot of a lot of first time users of finance may do that on their mobile phones And I think the existence of these, you know Multiple regulatory mandates can create some gaps which actually result in not great experiences for consumers. So I think Even though there is that amazing potential you do have these situations where you know a transaction fails and there are 20 parties And the consumer can't understand which parties grievance redress they go to and I think that's one of the Um Reasons why we need more of it. Um, I think there may be two ways that I think we could deal with it. One is coming up with process orientation for intersectoral coordination We've had some attempts at it in india. We have a within the financial sector We have an fsdc, which is a council where all financial sector regulators are supposed to meet quarterly Um, I mean, I think as more and more convergence of technology happens There's probably going to there is a need for that kind of I don't know whether it's by an mo you or some other instrument where you almost have to kind of force Regulators into a room every three months and I hope that it will take off I think another axis on which this could work is actually On by identifying areas where that's needed and I think this might be more pressing For instance, I think grievance redress is a huge area where no regulator has taken leadership in india Um yet and I think therefore we have a lot of innovation without that feedback loop from the consumer So really, you know, how can we get one or two regulators to take leadership in that situation? Because they all invested in that process. It's a source of good data for supervision I can talk about that for a for a long time But I think finding these areas right where there are either flash points like data localization Which is a flash point between our data regulation and financial regulation All these kind of vast open spaces and maybe if we can identify those agenda items And I think there is commonality there across jurisdictions Then really getting those regulators into a room to start having that conversation is my kind of very prosaic response to your question victoria I would just add I think part of it is just thinking through The design issues in other words often data regulation and financial regulation Evolved in very different ways for very different reasons and honestly until about three years ago No one ever thought that they had anything to do with one another And what has changed over the past several years is we've suddenly discovered that actually they do And that probably what most places are going to end up needing is a general approach to data And then a specific framework for data in the financial sector because the financial sector raises specific issues and concerns Beyond the general remit of of data protection I Agree with all of that. I mentioned at the start that we have the reg tech manifesto paper in the conference In that we have tried to lay out practical strategies for shifting to a digital regulatory environment and Including for interagency work interagency coordination is a critical An acute issue in the united states because we have a whole lot of bank regulatory agencies At the national level plus our 50 states and our territories Plus all these other agencies that get into the data regulation and and so on and um It's very difficult to reorganize these agencies We think we need new models Not just trying harder and Which is does happen. I mean, I see a lot of a lot of informal collaboration growing but um We really need new interagency models. We also need new private public Sector models in some of these areas where there are bodies that can be doing standard setting and Certifying of of new kinds of emerging Adherence to standards and so on We should really step back and think about how to do things differently. And if you're in a regulatory agency my thinking is Ask whether there's another agency you could do something with together One of the things the agencies all need to do is more experimentation They need sandboxes and tech sprints and and hackathons and Innovation labs so they can try things out. You can't innovate unless you can try things that might not work You know, that's the very essence of innovation and um And do that in a safe space where if something goes wrong. No harm will be done I'd love to see many more agencies doing that type of work together learning Especially learning on new issues. It's easier for the agencies to coordinate on um When there's something there's something new to be done than it is to go back and redo their Existing Requirements and processes and so on so find that cutting edge of change And come together on it in the spirit of trying to collaborate and it's necessary again in order to speed up Melavik, I loved what you said earlier about slowing down to speed up Doing things on an interagency basis is harder than a single agency acting But once you get it right with an interagency Approach, then things can really move much much faster and keep up with the change um So just kind of jumping off of that point that you were just making I mean are there areas where existing regulation Is is holding back financial innovation in in um unfortunate ways What are the things that that where regulators should act to to make it easier to you know I'll start I'll point to a few of them one is in anti-money laundering they uh the un numbers are That we've got 1.6 to 2 trillion dollars in annual Financial crime some of some estimates are higher and that we catch less than 1 percent of it And this is because we're using old technology and a lot of the reason we're using old technology is that the regulations are not aligned With modern tools for for dealing with these problems We also have so much regulatory split between the law enforcement agencies that are using The information produced by the financial system in terms of suspicious activity reports and those kinds of efforts versus the bank regulators who are Looking for compliance with the rules but not necessarily connecting that up with what law enforcement really needs Massive work that can be done there and a lot of it is starting another one I would point to that's acute in the united states Is the ability to use new kinds of data and credit underwriting for consumers and small businesses the uh industry relies mostly on traditional credit history and credit score information And there are a lot of reasons for that but one of them is that that's safe in the eyes of the regulators even if it has Uh differing impacts on different groups of consumers and might have a an unintentional discriminatory impact We are seeing more and more research indicating that if we will allow lenders to use more kinds of data They can take this enormous group of people who today are are rejected for loans or charged a higher price Not because they're actually more risky But because they the lender can't tell if they're risky or not because they only have that little bit of information And the regulators are encouraging this they've they've taken a few actions, but they should really set out clear rules of the road On an interagency basis and let the industry really Use these new kinds of tools to be able to make loans to tremendous numbers in the united states It's probably tens of millions of people Who are cut off from mainstream credit are now using high-priced alternatives Because the the old technology is being used by the industry because I think that's what the regulates regulators want them to use Yeah, i'm just going to hit on that that aml point because I think it's a hugely important one It had the there are very good reasons for the system. It's about market integrity It's about protecting the integrity of the system. It's about protecting the financial system from the use of that system For criminal activities And so we have to think of it from what the objective is and the system that we have Is often a system that we think of I think of it that there are at different points in time There are different technological horizons and our system for money laundering Is what I would describe as an analog system designed in the context of a 1970s 1980s technological horizon And in the existing technological horizon at that time This system probably made sense. It was probably the best we could do But the reality is that the technological horizons have changed dramatically and we can design much better systems on the basis Of amalgamating data as opposed to essentially pushing Attempting at tracking down to private institutions, which have proven not terribly effective And I think that this is one of those areas where actually from a law enforcement standpoint Law enforcement is increasingly comfortable with digital tracking and use of Data systems. It's actually the financial regulators who haven't sort of caught up with this And I think very much as joanne has said have Focused on the system as the system as opposed to what it's trying to achieve and how we could design a better one And this I think is one of the biggest opportunities pretty much globally To do a better job at achieving our regulatory objectives In a cheaper and more efficient manner. That's really what it's all about When you digitize anything you make it better and faster and you also make it That flexible and agile so that you can keep improving on it And we've never had that in regulation. We've always had to choose between better our cheaper and Really if we convert to digitizing this approach we can Really do it do it better for everyone I Thought I'd just add a couple of areas where maybe regulation is creating some bottlenecks for innovation in india And then one which where I think maybe regulation could do more to create a bottleneck I think the first is really about symmetricity with the same kind of regulation Same kind of technology. So we often have asymmetric regulation for the same kind of technology And an example is really of say an aggregator of financial products So our treatment of insurance web aggregators, which is aggregate policies for you You have a different regulatory treatment from a credit comparator where you're trying to compare loans And then for your mutual fund kind of direct investments And that's all because I think we have different regulators who are using kind of different frameworks to think about these Issues and then you know regulating accordingly. So I think that's where we may need to we need that intersectional coordination and maybe Figuring out how we can because it's the same technology. It's just a comparison site that they've built and it's just a rule-based engine So really, how can you start thinking about the tech itself and look at it's just and and it's you know liabilities upsides and so on and You know Not having different rules for the same technology because it does create regulatory arbitrage Or also it creates this weird system of the same company in effect has to have multiple entities Licensed and it adds all these costs which are just kind of strange paperwork because of this kind of 19th the 20th century approach to financial services sometimes Where the the entity is doing one activity and I think that Reality is increasingly changing. So I think that's definitely one area. I think an other interesting area for us is uh, where uh, you know, you have one technology stretching across different Types of activities within one sector itself. So for instance the way crowdfunding platforms and peer-to-peer platforms are very differently regulated in India even though again the technology is doing the same thing um and In some sense nobody is having any kind of liability or any kind of lending or any crowdfunding on their own Balance sheets, but I think that's also interesting. So it's not just inter regulatory coordination I think even within regular regulators themselves. I think just thinking very carefully about what is the technology really doing and You know, if the financial function is delivered really going back to for basics around functional regulation um Using that as the mandate for regulation and for the technology risks I think really leaving that with a different regulator. Hopefully a better data protection regime Hopefully, you know, someone who's really thinking about the risks from poor data sharing and I guess this is where I think All regulators could be doing more Because at least in India we're in kind of the second wave of our digitization journey And I think the first one there was a lot of heady optimism But in the last two or three years, I think there's increasingly this concern that maybe some of these algorithmic processes are actually Creating more of a gap, right? Maybe they're reinforcing some of these structural inequalities that we have in our data and therefore, you know If you have never going to get credit You're probably never going to get credit and that kind of financial determinism So I think actually we need more regulation on the fair credit side and from financial regulators because This is very much the the soul of conduct regulation and finance right just because a computer does it Doesn't make it better than your bank teller telling you You can you can you can't do something. So I think yeah, those are my kind of two or three areas That's my wish list for the next decade. Maybe Great. Um, well, I think that's all the time we have but thank you guys so much for for joining this conversation I found fascinating. Uh, hopefully everyone else did too And uh, look forward to seeing the rest of the event Thanks a lot. Victoria really enjoyed it Thank you