Articles & E-Books


Regulatory Risk and FinTech/Faster Payments: Balancing Consumer Expectations With Regulatory Requirements

Feb 27, 2018

Based on information noted in the January 2018 Digital Banking Report’s 2018 Retail Banking Trends and Predictions[1], recent survey responses indicate consumers, particularly younger consumers, support and wish to have a relationship with financial service providers that embrace the following focus areas:


  • Improved consumer experience
  • Expanded use of data and analytics
  • Multichannel delivery support
  • FinTech partnership building
  • Upgraded digital payment capabilities
  • Exploration of advanced technologies
  • Blockchain capabilities testing


The cited survey information reflects the responses of 100 global financial services leaders as well as financial institutions and service providers. The list is just the tip of the final published report, which is robust and includes other focus areas and strategies as well. Boards of directors and senior management may wish to consider the cited information as baseline digital transformation insights for future planning. However, as a cautionary tip, these retail banking digital initiatives are focused on consumers!


Something’s Missing


What about regulatory risks? With all this change, governments and respective regulatory agencies have been and will continue to be challenged to evaluate applicable laws and regulations. Transactions, formerly paper-based, are now often captured in a digital format and take seconds to be processed and recorded. Regulatory authority input regarding applicability of current relevant regulations, potential required changes to existing requirements, and the immediate need for adoption of new laws and/or regulations is critical. The world is moving toward instant transaction recognition, and in that movement, regulatory risks will need to be addressed.


Rather than a one-time effort by the regulatory agencies, these types of changes will require ongoing efforts to ensure regulations are flexible, effective, and responsive to different types of covered entities. For some situations, not only U.S. requirements but also global regulatory risk points will need to be considered. A sample listing of potential regulations impacted by these rapid digital transformation changes includes:


  • Anti-money laundering, e.g., Bank Secrecy Act (BSA)
  • Office of Foreign Assets Control (OFAC)
  • Consumer protection laws, e.g., Regulation E, Regulation Z, Regulation CC, UDAAP
  • Privacy—U.S. as well as other countries, e.g., General Data Privacy Requirements (GDPR)


Many more regulatory requirements, within the U.S. and globally, may be impacted as well.


Technological innovation and digital transformation are occurring each day, and within these new advances, regulatory risk should be a key focus point. Whether initiating a new digital payments platform or introducing internal risk BSA/AML/OFAC modeling and high-risk customer tracing models, there will be regulatory requirements and related risks.


Digital Transformation Impact


Various forecasts and projections suggest significant opportunities will continue to occur in the digital transaction space. Boards of directors and senior management must balance risk versus growth in terms of this changing landscape. This involves focusing in part on the future and more specifically on digital transformation in the payments system.


For example, there are numerous regulations that impact and guide the financial payments system. Consider the emerging bitcoin/cryptocurrency and blockchain technologies with respect to the following elements:


Positive Consideration Points


  1. Decentralized network. Blockchain does not have a central administrator or potential singular failure point. This structure to date has been reliable and able to deflect malicious cyber attacks. Blockchain as a distributed ledger technology (DLT) also is generally not exposed to power outages, natural disasters, or other similar severe problems. Blockchain offers complete data that is timely, accurate, widely available, and in a consistent format.


  2. Efficiencies. Cost reduction occurs because there are reduced infrastructure support systems, enhanced cost-effective recordkeeping, and no longer any third-party intermediaries. A single source of truth concept in a blockchain system will also be a key component in reducing fraud.


  3. Reliability and consistency. Data on a blockchain system that is widely distributed offers hundreds or more nodes that make it virtually impossible for a transaction to be eliminated or altered. Transparency exists across the system.


  4. Virtual currency acceptance. Virtual currency (bitcoin) has already been acknowledged by FinCEN and the Financial Action Task Force (FATF), an intergovernmental global body that sets standards and promotes specific actions to address money laundering, terrorist financing, and other related threats. To date, these primary regulatory agencies have provided direction in FATF’s Guidance for a Risk-Based Approach to Virtual Currencies, (June 2015)[2]. In addition, FinCEN has already determined that virtual currency administrators and exchangers are subject to the recordkeeping and reporting requirements of a money services business (MSB)[3]. MSBs must have their own anti-money laundering compliance program and comply with recordkeeping and reporting requirements as well as register as an MSB with FinCEN.


Negative Consideration Points


  1. Cost. While blockchain and related DLT systems offer numerous benefits including efficiencies and cost savings, the initial start-up costs may be high and even a deterrent. Faster may not always be better with respect to profitability or return on investment. To date, financial institutions implementing blockchain technology have encountered initial prototype or experimental software, dated technology, regulatory constraints, and user resistance.


  2. Security and privacy. While technological innovation has made significant advances, there are still potential cybersecurity and identity verification concerns that need to be addressed.


  3. Transparency. Privacy remains a major concern with respect to the potential exposure of personally identifiable information and/or theft of trade strategies.


  4. Regulatory change. Ensuring compliance with BSA/AML Know Your Customer requirements as well as OFAC directives and sanctions is a major challenge. Added to this are across-the-board regulatory requirements. Data sharing restrictions have already been implemented by certain national governments, and regulators will have to decide who may access the blockchain information. Also, consumers who may be virtual currency administrators may not always disclose this activity at the time of account opening.


These are but a few potential negative aspects of the challenging world of digital transformation and the changing payments system.


Future Steps


The board of directors’ and senior management’s efforts to address digital transformation and the quickly evolving payment systems become a unique balancing act between consumer desire, future growth, and risks such as regulatory requirements. 


In testing new concepts, acquiring new strategic partner relationships, and enhancing product and service offerings, boards of directors and senior management are encouraged to reflect on these points:


  1. Will the right people be involved in the initial planning and throughout the project? If you are lacking internal skills or experience, will outside assistance be secured?


  2. How will the testing of concept and prototypes be performed? Have reasonable risk appetite benchmarks and timelines been established?


  3. Who will manage communication? What specific communications will be created for internal staff, separate from consumers?


  4. What controls exist/will be created to monitor performance? How will the controls be identified, mapped, and tracked to ensure adequate coverage?


  5. Who designs controls? Will all stakeholders have an opportunity for input as well as testing any prototype?


  6. Who’s in charge? Is it the primary stakeholder, e.g., BSA Officer, or will IT be in charge? Or will an independent, subject-matter-knowledgeable executive manage the project?


  7. Are you in compliance? Will compliance encompass not only BSA/AML/OFAC regulatory requirements but also corporate governance elements such as security, privacy, and recordkeeping requirements?


  8. What about cybersecurity and data privacy? Will the Chief Information Security Officer and Chief Privacy Officer be consulted and have input on the project?


  9. What’s the backup plan? Will sufficient off-site storage be provided to ensure support not only for the automated solution but also for worst-case-scenario manual support?


  10. Are you ready for change? How has this readiness been assessed and how will it be monitored during the project?


  11. How do you configure robots and artificial intelligence (AI)? If robotics or AI exist in one or more areas impacted by the proposed project, will these be changed, and if so, to what extent?


  12. How will you choose your projects? How will priorities be assigned?


The above questions are offered as starting points to encourage discussion and, where applicable, establish mutually agreed-upon guidance for project team members before embracing a strategic project or objective. Innovation and change most certainly offer opportunities for growth and positive gains. However, a major tempering factor is managing the risk, particularly regulatory risk.


[3] 31 U.S.C. 1022.100 et seq.