Technology and climate: the policy response

Speech by Mr Fernando Restoy, Chair, Financial Stability Institute, at the BIS Innovation Summit, 22 March 2023.¹

Thank you very much. I am delighted to participate in this BIS Innovation Summit. Today I would like to share some remarks on how the technological disruption and increasing climate-related financial risks are affecting policy approaches aimed at ensuring the adequate functioning of the financial system.

Of course it is tempting to try to mix those two developments together. Indeed, both are among the main drivers of the most profound transformation of the global financial sector in decades. And both have important implications for various policy objectives, including consumer protection, market integrity and financial stability. Yet the ways technology and climate affect social policy goals are obviously different, as should be the regulatory adjustments that they each require. At the same time, the forward-looking nature of the risk drivers resulting from both supports a shift in the supervisory procedures and methods aimed at safeguarding the safety and soundness of financial institutions. I will elaborate on this in the rest of this brief presentation.

Regulation

Technological disruption implies three main structural changes in the market for financial services. First is the modification of the production process for traditional financial services, which now rely more on data, digital delivery channels and services provided by third parties. Second is the availability of new products (like digital or tokenised assets) that leverage more decentralised issuance, trading and settlement processes. And third is the emergence of new players in the market, like tech companies that benefit from data and technological advantages to compete with traditional financial institutions in the provision of some financial services.

Those developments generate many opportunities but also risks for the adequate functioning of the financial industry, which might impede their ability to support social welfare. Yet we are still far from achieving a general consensus on what the right regulatory response should be. At times, there is a relatively complacent view on the scale and nature of the required regulatory response. Frequently repeated slogans such as "same activity, same risk, same regulation" represent a relatively optimistic view according to which the existing regulatory approaches would still be roughly valid in the new technological environment if their scope of application is extended to the new products, the new production processes and the new players.

In many cases, this adjustment of the regulatory perimeter is an essential first step, but it may not be sufficient. For instance, the Financial Action Task Force (FATF) quickly adapted its policy guidelines to account for the AML/CFT risks posed by cryptoassets, by incorporating crypto-related service providers into the scope of application of its standards. Yet in this crypto world, that strategy can hardly effectively address the risks posed by decentralised platforms, where transactions and back-end procedures are conducted through automatic protocols (smart contracts) whose beneficial owners cannot be easily identified.

As to new production processes of regulated institutions, the current rules on operational resilience and, in particular, outsourcing controls clearly fall short of limiting the risks posed by most financial institutions' increasing reliance on the services, like cloud computing, offered by a few (big tech) providers. The large concentration of this market calls for direct regulatory intervention on cloud service providers themselves and not only on the banks demanding those services.²

Finally, any new entrant providing regulated services (like payments or wealth management) is normally subject to the corresponding activity-based regulation. The problem is that when those new providers (like big techs) are also active in other financial and non-financial markets, there could be interdependencies and conflicts across activities which might not be well addressed by activity-by-activity regulation. When this is the case, you may need new bespoke entity-based rules for those multi-activity players.³

In sum, technological disruption calls for a significant regulatory revamp, which entails much more than simply adapting old rules to the new technological environment. Regulation may need to take new approaches and remain flexible enough to respond nimbly to the challenges posed by the rapid pace of innovation.

Climate-related financial risks manifest themselves through the standard risk categories of prudential rules: credit, market and operational risks. This could be seen as reassuring, as it may be interpreted as supporting the idea that climate-related financial risks could be addressed without modifying the structural skeleton of financial regulation – that it would just be a matter of revising the regulatory procedures used to evaluate and address the traditional risks in the new climate environment.

Yet it is not frequently stressed that regulatory actions aimed at addressing the impact of physical and transition risks on institutions' balance sheets may have detrimental implications for the overall level of risks and regulation's ability to facilitate a smooth transition towards a more sustainable economy. Unlike in the case of standard macroprudential measures targeting risks posed by macro-financial imbalances, macroprudential measures, such as a carbon penalising factor, which aim to increase banks' resilience against climate risks could well amplify transition risks.⁴ This poses policy trade-offs and technical challenges that severely complicate the design of adequate prudential policies targeting climate risks.

Supervision

From what I have already said, it is clear that the new structural challenges faced by the financial industry need to be addressed with an ambitious regulatory reform package. In other words, adjustment in the margin of the current rules is unlikely to sufficiently protect the relevant social objectives.

Actually, I believe that even introducing new well defined rules that attempt to directly address all relevant financial stability implications of developments such as technological disruption and climate change would hardly be enough either. The policy response should also include an adaptation of oversight procedures.

This is particularly important in the case of banking regulation. The main channels through which technological developments affect banks' safety and soundness are probably the challenges they pose to preserving banks' operational resilience and the sustainability of their business models as they face tougher competition from new tech players. While those risks could eventually affect banks' solvency, they cannot always be effectively addressed by standard capital requirements. There is simply no sensible level of capital that could compensate for a significant disruption in banks' ability to deliver critical services to their clients. The same could be said of the sustainability of banks' business models. In fact, a bank's difficulties to deliver sufficient return to its equity holders on a sustained basis can hardly be addressed by requiring that bank to hold more equity.

In principle, climate-related financial risks' impact on credit, market and operational risks could justify an additional capital cushion. Yet risks derived from banks' exposures to "dirty" firms or sectors normally materialise over long and uncertain horizons. That means that the largely backward-looking approach traditionally used in prudential policies to calculate the capital coverage required to cover potential losses is not fit for purpose when addressing climate-related-financial risks. Moreover, it is difficult to justify asking banks to hold capital today to address risks which can only become relevant once many of the current affected exposures have already expired and whose significance could well be reduced by adequate climate risk management.

Therefore, the increased importance of both technological and climate-related risks points to the need for a supervisory framework in which the role of direct risk-mitigating management actions will be enhanced. Rather than focusing purely on bank' loss absorption ability to withstand adverse developments, the main objective should be to promote specific management actions aimed at reducing the frequency and severity of distress episodes. A number of instruments, such as cyber resilience tests, scenario analysis or prudential stress tests, could be deployed with different purposes and different horizons to support supervisors when they perform that task. Moreover, pillar 2 of the Basel framework already allows supervisors to impose, in addition to capital add-ons, qualitative measures with a sufficient degree of intrusiveness aimed at improving institutions' risk profile when this is required.

Therefore, while quantitative capital and liquidity requirements need to remain at the core of the prudential regime, new developments such as technological disruption and increasing climate-related financial risks support the move towards a possibly more intrusive and forward-looking, but also less capital-centric, bank prudential framework. While a crucial ingredient, adequate capital levels do not ensure by themselves a sound financial system.

Many thanks.

¹ I am grateful to Rodrigo Coelho and Juan C Crisanto for helpful comments on an earlier version. The views expressed are my own, and they do not necessarily represent those of the BIS or the Basel-based standard-setting bodies.
² See J Prenio and F Restoy, "Safeguarding operational resilience: the macroprudential perspective", FSI Briefs, no 17, August 2022.
³ See J Ehrentraud, J L Evans, A Monteil and F Restoy, "Big tech regulation: in search of a new framework", FSI Occasional Papers, no 22, October 2022; and A Carstens, "Big techs in finance: forging a new regulatory path", remarks at the BIS conference "Big techs in finance – implications for public policy", Basel, Switzerland, 8 February 2023.
⁴ See R Coelho and F Restoy, "The regulatory response to climate risks: some challenges", FSI Briefs, no 16, February 2022.