Sensitive matters: data & legislation

FinTech Pulse

← Blog Home

Sensitive Matters: Data & Legislation - Part 1

 

g-crescoli-364214-058462-edited.jpgProper management of personal information has been a topic of discussion since the 1970s, leading to comprehensive information safety laws in over 80 countries and to the creation of public institutions dedicated to safeguarding privacy rights. In recent years, however, the rise of alternative finance or “FinTech” companies has disrupted this tightly guarded space, raising an entirely new set of concerns due to their occupation of a regulatory “grey area”.

So what kind of regulatory environment is needed specifically for FinTech, and what could it look like? Understanding the current regulatory situation makes for clearer perspective, not only to encourage consumer trust in FinTech, but also when it comes to influencing the direction policymakers take and what can be expected from the rise of FinTech in the coming years.

Are we ready?

Are governments, banks, and users ready to embrace a sea of change in how we deal with financial information? In Europe, it wasn't until 2012 that a new legislation (General Data Protection Regulation), focused on new technologies, was created to replace the old one from 1995 (which wasn't as solid or complete and ended up being applied differently by every country). 

Finding a balanced tradeoff between the privacy we need and the benefits of less-trusted entities is not a simple task, and that’s why individuals and companies from a range of industries (finance, law, technology, etc) are working to create legislative and technological frameworks that are both secure enough for the end user, and accessible enough to facilitate innovation. 

The adaptation of payment cards (credit, debit, etc) took decades to consolidate as an even safer payment method than cash. Fortunately, things move faster nowadays and we won't need decades: startups and now consolidated companies have been far quicker in identifying new opportunities that arose with the boom of Big Data, open APIs, etc than governments and old financial institutions.  So, what are the differences on an international scale?

Europe

Europe is aware that they need to make changes, and is pushing for change in their data protection policies (Why do we need an EU data protection reform?) as we mentioned before, but it's basically the United Kingdom who is leading the race to both build and regulate FinTech. They plan to become the Global Center of Financial Innovation by approving measures to support the growth of the country's FinTech sector.

Legislation doesn't have to mean limitation.  Many regulations are in fact facilitators of innovation, as the UK has proved by implementing several groundbreaking measures.

Here are just a couple of examples:

UK: THE MIDATA PROGRAMME

The principal aim of this programme is to make sure that users have an easy way to obtain the data that companies (energy, personal current accounts, credit cards and mobile phones) store about them in a machine-readable and reusable format. This would allow users to download a CSV of all their bank transactions and then upload it to a third-party service that would recommend the best bank for his particular behaviour. 

"Midata for personal current accounts – To improve switching, the government announces a new commitment from the major providers of current accounts. This means that personal current account customers will be able to access transactional level data on their account, in a standardised and downloadable format, which can be used in comparison tools. The data will be available by the end of 2014"

HM Treasury at Budget 2014: 2.230

UK: IMPROVE ACCESS TO CREDIT DATA FOR ALTERNATIVE LENDERS

In 2014, the HM Treasury held a consultation which objective was "increasing access to credit data on small to medium sized enterprises (‘SMEs’) in order to stimulate competition in the SME lending market.". This reform tried to improve the quantity and quality of credit data that was shared by CRAs, what would result in better information that would be accesible by young companies offering credits, for example.

"The intention of these guidelines is to ensure that all companies that use and/or subscribe to shared data do so on a reciprocal basis so that ‘“subscribers receive the same credit performance level data that they contribute, and should contribute all such data available”.

- HM Treasury in Competition in banking: improving access to SME credit data

And in the USA?

Things move more quickly in the USA as a general rule, but not because their regulatory structure is simpler. Several agencies supervise financial institution at the federal level:

  • Comptroller of the Currency (OCC)
  • Federal Deposit Insurance Corporation (FDIC)
  • Federal Reserve Board (FRB)
  • Consumer Financial Protection Bureau (CFPB)
  • National Credit Union Administration (NCUA)

And then each state has their own regulations. The State of California was the first state to legally approve the use of Bitcoin and other types of currencies.

"Existing law prohibits a corporation, flexible purpose corporation, association, or individual from issuing or putting in circulation, as money, anything but the lawful money of the United States.
 
This bill would repeal that provision."
 

the case of CANADA

Noteworthy for having opened the world's first publicly available bitcoin ATM (Robocoin at Waves coffee shop in downtown Vancouver), Canada is following in close step to the UK and US approach to "light-touch regulation" when it comes to FinTech innovation. Although Bitcoin ATMs are not yet regulated in Canada, regulations have been officially proposed for exchangers of bitcoin as of mid-2014. More recently (June 2015), the Canadian Senate Banking, Trade and Commerce Committee issued a report encouraging a "hands-off" approach to regulating digital currencies, calling for the Minister of Finance to work with banks in order to "find solutions for the lack of access to banking services for digital currency-related businesses." 

More information here

What's coming next?

Once technology is good enough to provide secure access to information and legislation is flexible and solid enough to set the limits, financial institutions will need to adapt their internal rules and processes to prevent any possible breaches, or at least be ready to act quickly. Right now, 1 in 3 banks don’t require Third-Parties to alert them of breaches

Access to sensitive data has its risks, but technology and legislation are both evolving (though at different paces) to deal with it in a secure way. The benefits that can be obtained from FinTech are huge, and if the regulations and technologies behind this emerging field are able to ensure the necessary levels of security and trust, we may be on the cusp of a true revolution in the financial industry, which may set a precedent for change in other traditional sectors. 

CONCLUSION

It's time for regulators to review the laws that were created in a very different time and adapt them to the digital world we live in today, so the financial sector is not left behind in the race that many other industries started years ago.

----

 

pabloreyes.png

ABOUT THE AUTHOR

PABLO REYES

Spanish-born and based in Columbus, Ohio, Pablo is passionate about finance, technology and banking legislation, and enjoys finding synergies between the three.  He has worked with banks in many different countries, experiencing the huge diversity of different legal requirements around the world and applying this international knowledge to the many projects which he leads for Strands.



Topics: Big Data, PSD2, psd2 impact on banks, LEGISLATION

Author: Pablo Reyes, Software Engineer on Nov 14, 2017

Find me on:

Subscribe to Email Updates

Posts by Topic

see all

Recent Posts