Same Function, Same Risks, Same Regulation
“When banks and fintech firms vie for the same customers with similar services and by taking similar risks, they should be similarly regulated: ‘same risk, same regulation’.”
Agustín Carstens, General Manager of the BIS, 30 January 2018.
Technological progress always brings new challenges for financial regulators. The recent history of financial innovation includes many examples both of new ideas (like options pricing models and securitization) and improvements in hardware itself (like faster computers and communications infrastructure). By lowering the cost of transactions and of information, innovation can improve access, facilitate risk transfer, and lower prices. But, as efficiency improves and financial activity broadens in scope, the guardians of the financial system face new challenges in ensuring safety and stability.
While some innovations today seem revolutionary, in many cases they are not. The most obvious example is the accelerating evolution of retail payments systems. As recently as 75 years ago, payments were entirely in the form of either cash (notes issued by the central bank) or bank drafts (checks that instructed commercial banks to transfer funds). Over time, credit and debit cards replaced a large fraction of these, and automated clearing house (ACH) transactions replaced even more. Today, we even make in-person payments using digital wallets on our smart phones as well the services that technology firms (including PayPal, Apple Pay, Amazon Pay, and Google Pay) provide.
This broader range of both payments service providers and delivery systems poses a classic challenge for regulators: how can they ensure payments remain safe when the new providers are outside the current regulatory perimeter?
To be sure, nonbank expansion into bank-like activity is neither new nor unique. Money market mutual funds (MMMFs) arose in the 1970s, when bank deposit rates were capped at low single-digit levels despite double-digit inflation. In response, financial innovators created entities that offered fixed-value liabilities that were claims on short-term assets (including commercial paper and large certificates of deposit). More recently, nonbanks have issued stablecoins, private crypto-assets backed by a basket of securities that are pegged 1:1 to a national currency. As we emphasized in earlier posts, both MMMFs and stablecoins offer liabilities that look remarkably like demandable deposits backed by assets that look like those of a bank (see here and here).
What is new is the pace and breadth of innovation associated with fintech. Taking advantage of recent advances in information technology and communication, entrepreneurs and incumbent financial firms are creating a wide array of new intermediaries. In addition to stablecoin issuers like Tether and Circle, we have payment system providers (Venmo and Wise), peer-to-peer lenders (Lending Club and Prosper), crowdfunding platforms (Kickstarter and Indiegogo), robo-advisors (Betterment and Wealthfront), and brokers and exchanges (Robinhood and Coinbase).
At a conceptual level, regulators’ approach to the risks created by these new entrants would seem to be straightforward. Following the principle that BIS General Manager Agustín Carsten articulates in the opening quote: any provider of the same financial service, creating the same risks, should face the same regulation. Encourage innovation, but guard against any harm that it poses to the financial system. (This is equivalent to Metrick and Tarullo’s concept of congruent regulation.)
How might we do this? Again, the answer is clear: focus on the financial activities, functions and services themselves (even though rule enforcement will almost surely proceed through the firms, entities or institutions that provide the services). Such activity-focused regulation requires an enormous shift of our approach. With our regulatory objectives in mind, we need to enumerate the financial activities and then create a framework that matches these two lists. In the remainder of this post, we outline how regulators can begin to approach this task.
As a start, we note the broad array of services that the financial system provides to individuals and firms. Very briefly, the payments system allows us to transfer funds. Individuals and firms can save and lend to smooth consumption and expenditure in the face of volatile income and revenue. We all need a place to store our financial assets safely, as well as methods to turn them into a means of payment (what most people call think of as “money”). Through a combination of contingent contracts (like insurance) and access both to underlying and derivative securities, the financial system provides tools for households and firms to diversify, hedge and pool the risks that they face. In addition, the system allows firms to issue equity and bonds into financial markets. And finally, financial intermediaries collect and process information, and advise clients on all the other services they provide.
The following set of bullets summarizes these key activities, functions and services:
- Payments system access: offering methods to transfer funds between individuals and firms.
- Lending and credit provision: supplying funds both for investment and to allow individuals and firms to smooth expenditure in the face of volatile income and revenue.
- Advising: advice on the most efficient way to hold assets and obtain required services.
- Safekeeping and accounting: keeping customers’ financial assets safe and providing information to help them track their income and expenditure.
- Issuance of deposits and payment instruments: providing liabilities that can serve as or be transformed into money reliably, quickly, easily, and cheaply.
- Liquidity provision: transforming illiquid into liquid assets, providing means of payment on demand.
- Diversification and risk pooling: giving investors the ability to diversify, even small amounts; and to pool and hedge risks of all kinds.
- Financial market access and market making: providing individuals with the ability to purchase and sell securities or derivatives reliably, quickly, easily, and cheaply.
- Equity and debt underwriting: allowing firms to issue new securities into markets.
- Derivatives-based risk transfer: allowing individuals and firms to transfer risk using contingent contracts.
- Collecting and processing information: collecting information, especially for credit evaluation
The first point that stands out from this list is that the array of services is not changing. Instead, technology is altering the efficient ways of delivering these services. So, even as financial innovations alter the providers and expand the range of customers with access, the service stays fundamentally the same. A paper check, a physical debit card, and a smartphone app are all simply ways of transferring deposit balances from one accountholder to another. In our view, most of the innovation that we currently see is of this type.
Turning to regulation, existing frameworks are organized by institutional (or legal) form. We have bank, pension fund, and insurance regulators. In addition, there are securities, derivatives, and conduct regulators; as well as financial crimes enforcers and macroprudential authorities. Combined, these policymakers can meet the overall objective of a stable system, but they do not generally do it by focusing on activities, services, or functions.
To better understand the role of regulators, we start by dividing their objectives into four categories:
- Consumer and investor protection: protection of data ownership, guarding against fraud and discrimination, monitoring conflicts of interest, guaranteeing suitability, and safeguarding access
- Ensuring market integrity and efficiency: price transparency, competition, and resilience (including continuity of operations)
- Crime prevention: anti-money laundering (AML) and know your customer (KYC)
- Systemic stability: monitoring and mitigating common exposures, procyclicality, run risk, and operational risk.
The next step is to ask which of the regulatory objectives apply to which of the activities. In the following financial system matrix, we take a first cut at this. The rows list the activities; the columns enumerate the regulatory objectives. The final row identifies the type of agency that currently bears primary responsibility for each objective. Looking at this, we see that the prevention of illicit activity (AML/KYC) shows up the most frequently. Next come anti-fraud, run prevention and operational risk.
Matching financial activities and regulatory objectives
Source: Authors.
Shifting to activities-based regulation means changing our perspective. We need to conceive of regulation across the rows, rather than down the columns of the table. That requires filling in the empty cells of the final column by designating activities regulators. To see what we mean, consider the issuance of deposits or payment instruments – a service currently provided by banks, money market mutual funds, stablecoin issuers, and possibly electronic wallet providers, brokers, and exchanges. For all these entities, in addition to ensuring compliance with all crime prevention protocols, regulators should be concerned about preserving stable value and property rights, promoting resilience, and preventing or mitigating fire sales and runs.
Current regulatory frameworks are generally ill-suited to this approach, with the fragmented U.S. system especially far away from the ideal. In the United States, nearly a dozen federal agencies are layered on top of over 100 state-level agencies, with each state having some combination of banking, insurance, pension, and securities regulators. In practice, firms within the regulatory perimeter face a whole host of regulators with overlapping objectives. Depending on their legal form, these firms also face very different regulation for similar activities. Finally, firms outside the perimeter may face little regulation for these same activities.
Looking further ahead, yet another difficulty is looming for regulators, even if they adopt a functional perspective and focus on regulating similar activities in similar ways. The problem is that monitoring and enforcement ultimately focuses on legal entities. Yet, there already are financial services and products being created and delivered in a manner so that there is no identifiable person or firm responsible. Indeed, decentralized finance (DeFi) is essentially a set of algorithms and databases operating on a common network. It is far from clear who, if anyone, is responsible for what self-executing “smart contracts” do on the network (see, for example, Allen on Driverless Finance). So, while we are considering how to reorient financial regulation to focus on activities, we also need to consider the proper regulation of services that are provided in a decentralized manner with no clearly identified provider.
To conclude, current financial innovations are just another stage in the long evolution of the financial system. In virtually every case, the services remain the same, even as access broadens and costs decline. The key challenge is for regulators to meet their traditional objectives as the range of providers and their methods broaden—often beyond existing regulatory perimeters. We believe the most effective way to do this—and to secure a safe and stable financial system--will be to organize regulation by activity, and less by entity.
Note: This post is based in part on a webinar presentation that Steve gave for the EGROW Foundation on Friday January 14, 2022 (see video stream here).