Maja Kadievska-Vojnovik: Fintech and digital transformation - "Regulating an anonymous world"

Platform for discussion by Ms Maja Kadievska-Vojnovik, Vice-Governor of the National Bank of the Republic of Macedonia, at the xCEEd Conference on Fintex, Belgrade, 22-23 May 2018.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
11 June 2018

FinTech Sector – General trends, current state in Macedonia, main challenges and risks and impact on central banks’ activity

FinTech is one of the fastest-growing sectors in the global financial services industry nowadays with total global venture investment in FinTech companies reaching high of $13.6 billion in 2016(KPMG, 2016).The highest number of FinTech service providers is in the payments, clearing and settlement category, followed by credit, deposit and capital-raising services (Basel Committee on the Banking Supervision Survey, 2016).

Research in the area (ATKearney & EFMA, 2013) points to several factors that define readiness for digitization in the banking sector such as: 1) the capacity of banks for innovation; 2) the stage of technological development where the country is located; 3) the level of competition in the sector; 4) culture of consumption; 5) demographic structure of the population;  6) degree of concentration in the banking sector; and 7) the existing regulation, which can promote or constrain emergence of new technological solutions.

On the other hand, there are some constraining factors that hamper digitalization in South East Europe, including Macedonia, such as: the negative effects that the financial crisis had on the ability of banks to innovate, and the local mentality of the population which still does not show a sufficient level of confidence in online activities.

Financial services industry in Macedonia is in essence still traditional, conservative industry, but is evolving. Banks strive to keep pace and fit in the new digital era by investing more and more funds in new products and financial innovations, as well as sponsoring software development conferences and new technologies.

This is supported by relatively solid infrastructure for digitization in Macedonia which is readily available at satisfactory level. For example, 76% of households in Macedonia had access to internet in 2017 vis-à-vis 85% in the EU. On average, bank deponents have two payment accounts in Macedonia. However, only 7% of payment accounts held by the households can be used for electronic payments, while this share is relatively higher in case of legal entities (29%). The latter initiated 51% of the credit transfer in an electronic way, while the households initiated electronically only 20% of their credit transfers in 2017. The companies usually initiate their payments by using computers, while households rely mainly on computers (92% of electronic credit transfers), mobile phones (7% of electronic credit transfers) and ATM (1% of electronic credit transfers). In comparative context with the EU members, we are lagging behind given that 91% of credit transfers were electronically initiated in the old EU members and 86% in the new EU member countries in 2016. Regarding digital channels used for ordering goods and services, internet shoppers in Macedonia increased by 5 p.p. during the last five years and reached 15% of the population that used internet in 2017. This is quite below the 57% of internet shoppers in the EU in 2017, according to the Eurostat. Internet shopping is becoming popular among all age groups, but the young internet users have the highest share of online shoppers among internet users.

In addition, the development of FinTech companies is expected in the coming period through further liberalization of payment transactions and the further trend of opening of the information systems of the banks towards this type of companies.

The absence of liberalization in payments industry can be treated as a factor that in a sense constrained digitalization in Macedonia in the past. This is expected to change with the new Law on payment services and systems which isunder procedure implementing PSD2, PAD, E-money 2, Settlement Finality Directive, IFR provisions and some provisions of Regulation on credit transfers and direct debit. The new law is expected to provide more stimulating environment for financial innovations allowing for new entrants to the market with innovative payments solutions, while establishing standards that will enhance the security and consumer protection.

Financial regulation – How to promote safe and secure financial innovations

A sound legal framework is important for private service providers to develop secure and efficient payment services and for authorities to keep the confidence of users in the regular functioning of the payment system.

The development of payment services is a continuously evolving dynamic process, driven by technological advances. Market players design new services that better adapt to users’ needs in order to expand their business. In doing so, they try to balance the new opportunities the market opens up with the financial regulation they have to comply with. However, private players want to maximize their profits and may not have the right incentives to reach a socially viable equilibrium.

In this sense the regulator monitors the development of the market and technological advances to be able:

  • to foster innovation (and better customer experience);
  • strike the right balance between security and efficiency;
  • adapt the regulation to new services;
  • put in place effective consumer protection measures;
  • ensure fair competition among market players;
  • avoid regulatory arbitrage.

The new regulatory framework in Macedonia which is in an advanced stage of drafting, aims at balancing safety and creativity. In order to protect consumers and maintain financial stability, the new framework envisages licensing regime for the non-banking payment service providers as well as an appropriate safeguarding measures for client’s funds. However, it supports the grow of start-ups in the Fintech sector by easing some of the regulatory requirements related to the initial capital, BCP, external audit etc. Moreover, it intends to allow already established companies or start-ups that aim to provide payment services to be involved in other business activities allowing them to diversify the business risk and freedom to grow. 

Open Banking – Benefits, challenges and risks

Digital disruption is the driver that enables banks to keep pace with customer demands. By adopting the right digital business model, banks can take advantage of open banking to unleash new business value. Being an open bank means operating like a platform company, with a business model that connects people and processes with assets and a technology infrastructure to manage internal and external users’ interactions. Open banking—a platform-based business approach— is a new way of how banks generate value, born out of the increasing pressures from regulations and competitors. Outside the banking domain, industry leaders like Google, Apple, Facebook, Amazon and Alibaba are unleashing technology’s power by developing platform-based business models and taking advantage of the strategies they enable. Since the beginning of 2018, sharing proprietary data with third parties is not an option for European banks, with PSD2 in the European Union. Investments are being made to make this a reality; almost $1 billion was invested in PSD2 enabled services in 2016 (up to 200 percent from 2015)1.

In the core of Open banking are the application programming interfaces (APIs), which has also been used and facilitated by eBay starting in early 2000s, and also by technological giants like Google, Apple, Uber, and so on. Thus, banks could have similar benefits by adopting the APIs or the Open Banking concept. The emerging ecosystem of Bank & FinTech partnerships and collaborations i.e. Open Bank has paved the way for the data sharing economy, and a way banks to monetize their digital assets and data. Many open initiatives and government regulations open up access to the customer data banks hold on other businesses. Regulations such as Access-to-Accounts as part of PSD II and Open API (application programming interface) standards are paving the way for an open API ecosystem. Regulators in many other countries are also evaluating feasibility of open APIs with the aim to provide consumers with secure, less expensive, and easy-to-use financial services.

PSD2, as the most significant regulation, will arguably make the greatest impact in opening up bank-held customer account data to Account Information Service Providers. The ecosystem of open banking would be influenced by PSD2. Firstly, PSD2 does not mandate the creation of common API standards. This means that individual banks may make their data available through different technical standards. Secondly, PSD2 only opens up access to customer transactional data for specific institutions, which must also be regulated PSPs. Furthermore, the concept of platform is a crucial factor for open banking, whereas regarding financial industry, the phenomenon of platforms has to be further developed. For payments and personal information this is expected to gain traction through the PSD2, as third parties can engage in service provisioning without actually owning bank assets. Open Banking extends this concept further. From the customer’s point of view it means increased choice and control over financial assets, data and the service providers having access to this.

The big aim of Open Banking is to increase competition in the market by driving innovation in the quality of products and services that customers receive. The current account market has complex pricing, low customer switching, difficulties in comparing products and high charges on overdrafts. The outcome is that people are paying more for lower quality services than they need to. In 2016, Accenture conducted a research with consumers which showed that 85% of 18–24 year olds would trust third parties to aggregate their financial data. In contrast, 48% of 55–64 year olds were neutral or positive.2 These figures already suggest that we will witness a battle for the customer relationship and data between banks and FinTech. The outcome of this battle will be crucial in determining the future of the bank models which will likely face several transition stages. At the current stage, the existing banks are under pressure by the FinTech to improve cost efficiency and the customer relationship. Given their market knowledge and good market positions, the existing banks may adapt relatively fast by adopting new technologies in close cooperation with the FinTech. In the future, banks and FinTech companies may strengthen their cooperation as joint ventures, partners or other type of structures where delivery of services to the clients is shared between them. However, it is not excluded that some of the existing banks will not survive the wave of technology-enabled disruption and are replaced by new technology-driven banks founded by FinTech and BigTech companies. In a more extreme scenario, which is not likely nowadays but may be viable in the very long run, banks are displaced by FinTech and BigTech companies and are no longer significant players on the market. In order to establish Open Banking in Macedonia, it is necessary to implement the best practices and regulations from European countries. Although our regulation is still in drafting process, our Banks are not passive in this field and are already undertaking activities for opening their IT systems with new interfaces and modules for interacting with customers and external companies.

The biggest challenge that can endanger this process are digital space attacks (cyberattacks) in this domain, which are a relevant threat with a high probability of happening.

The National Bank as a regulator is in charge of defining the framework for information security in our financial system. The task of our banks is to implement concrete safeguards on the technical, administrative and physical level based on performed analysis of risks from introduction and use of new services, which includes the risks of digital attacks.

In 2016, the National Bank conducted thematic control through the development of a tool whereby banks made their own assessments of the inherent risk and appropriately determined the activities that they needed to fulfill on different levels of readiness from attacks from the digital space (primary, secondary and advanced level of readiness).

Blockchain technology and impact on central banks’ activity

The potential of blockchain is immense and is an issue for the central banks as well. At retail level blockchain from Central bank perspective in regards to cryptocurrencies or Central bank cryptocurrencies (CBCCs) does not exist. However, the concept of a retail CBCC has been widely discussed by bloggers, central bankers and academics.

While CBCCs for retail payments remain at the conceptual stage, some central banks have completed proofs of concept for DLT-based applications. One of the reasons for the interest in DLT is that many central bank-operated wholesale payment systems are at the end of their technological life cycles. The systems are programmed in obsolete languages or use database designs that are no longer fit for purpose and are costly to maintain.

Project Jasper at the Bank of Canada (Chapman et al (2017)) and Project Ubin at the Monetary Authority of Singapore (MAS (2017)) and STELLA – a joint research project of the European Central Bank and the Bank of Japan simulate real-time gross settlement systems (RTGS) on a DLT platform.

The two projects Jasper and Ubin show that central bank money can be transferred on a distributed ledger in real time, in realistic volumes. Nevertheless, none of the current initiatives to update or replace existing wholesale payment systems are considering the adoption of DLT.

The ECB and the BOJ, in their role as operators of important market infrastructures services, decided to conduct in-depth experiments to determine whether specific existing functionalities of their respective payment systems could run in a DLT environment. Findings in relation to efficiency show that, with regard to the specific aspects of RTGS services tested to date, a DLT-based solution could meet the performance needs of current large value payment systems.

In conclusion, this joint effort of ECB and the BOJ has produced a thorough set of results that provide reasons to be optimistic with respect to the capabilities of DLT within payment systems. It is, however, important to bear in mind that this work has been conducted in a test environment; therefore, any assumptions regarding the capacity for DLT to be used in production should not be made from this report.

Both, the Bank of England (2017) and Bank of Canada (Ho, 2017)) conclude that DLT is not yet mature enough for current adoption. Yet most central banks that are considering modernizing their core payment infrastructure stress the need to make new systems inter-operable with future DLT platforms.

Looking beyond the immediate horizon, many industry participants see significant potential for DLT to increase efficiency and reduce reconciliation costs in securities clearing and settlement. One potential benefit of DLT-based structures is immediate clearing and settlement of securities, in contrast to the multiple-day lags that currently exist when exchanging cash for securities (and vice versa). Progress in this direction was recently achieved by a joint venture between the Deutsche Bundesbank and Deutsche Börse, which developed a functional prototype of a DLT based securities settlement platform that achieves delivery-versus-payment settlement of digital coins and securities (Deutsche Bundesbank (2016)).

Whether or not a central bank should provide a digital alternative to cash is most pressing in countries, such as Sweden, where cash usage is rapidly declining. But all central banks may eventually have to decide whether issuing CBCCs makes sense in their own context.

In making this decision, central banks will have to consider not only consumer preferences for privacy and possible efficiency gains – in terms of payments, clearing and settlement – but also the risks it may entail for the financial system and the wider economy, as well as any implications for monetary policy. Some of the risks are currently hard to assess. For instance, at present very little can be said about the cyber-resilience of CBCCs, something not touched upon in this short feature.

In this context, the current regulatory framework predate the emergence of FinTech companies. Therefore, it will certainly be changed and as a matter of fact it is already an evolving process in many countries, including Macedonia. This means that in the light of new FinTech risks, the current supervisory frameworks will evolve in a manner that ensures appropriate oversight of banking and non-banking service provider’s activity as well as new payment systems based on DLT solutions while avoiding innovation hindering. Different countries may follow different supervisory regimes, which includes direct oversight of the new market players, then establishing innovation hubs, accelerators and regulatory sandboxes.

The role of Regtech in enhancing regulatory and compliance challenges

Digital finance raises new risks and new areas of vulnerability might develop because of new financial products (virtual cryptocurrencies) and new technologies (distributed ledger based on anonymous users and on decentralized governance without accountability). Digital finance gives rise to an increasing number of financial players and eases cross-border transactions, which makes the monitoring of transactions more complex for financial institutions and public authorities. Finally, while new financial players are reshaping the financial sector, they may be outside the scope of banking sector regulation and subject to less stringent AML/CFT rules than are banks.

New technologies may support greater efficiency for staying compliant. Regtech companies are especially keen to provide banks with more effective ways to improve their compliance and risk management, through outsourcing or insourcing processes. They may open up opportunities for digital transformation of control and support functions within banks (risk, compliance, legal, finance, IT). Regtech could address a wide array of requirements related to regulatory reporting, financial crime, operational risk (including cyber-security and fraud detection), consumer protection and data protection regulation. Although there are many Regtech companies operating in developed countries, there are no examples of Regtech operating in Macedonia. Nevertheless, Macedonian banks and non-bank players are allowed to use services offered by Regtech companies operating globally in order to stay compliant with the rising regulatory requirements.


2 Accenture Payments, Consumers’ initial reactions to the new services enabled by PSD2, 2016