José Manuel Campa interview with Verslo žinios: transforming a bank is challenging, whereas FinTechs start from scratch

The EBA Chairperson on the convenience of financial services: transforming a bank is challenging, whereas FinTechs start from scratch

The advent of financial technology (fintech) has brought innovation and convenience to consumers and forced traditional banks to change, says Jose Manuel Campa, Chairperson of the European Banking Authority (EBA). At the same time, however, he tells VŽ that the rapid pace of technological change creates significant challenges for regulators, so companies have to adapt to new regulations.

What do you think of the current fintech ecosystem? Is the growth of fintech companies affecting the traditional banking sector?

Over the last decade, two distinct types of players have emerged in the financial sector. First, there are the fintechs, which are small start-ups that offer innovation. Second, there are the large technology companies providing a range of services to businesses and thinking about delivering financial services directly to customers.

Over the past seven years, small fintechs have made the financial market more dynamic. In some areas, they have also been destructive, for example, in the field of foreign currency payments they are extremely active. They also tend to provide services to businesses rather than to individuals. Therefore, they do not compete with banks for the latter. However, these financial institutions also cooperate with each other. We have seen many times how existing large financial market players acquire small fintech companies and incorporate them into their business model.

However, now the focus is on the willingness of large technology companies outside of finance to provide financial services. In this case, as regulators, we are very focused on cyber resilience, i.e. we need to ensure that the provision of information technology services to the financial sector is reliable. The Regulation on digital operational resilience for the financial sector (DORA) was adopted for that purpose.

Do you think that the banking sector is sufficiently modern and innovative? The impression is that fintechs are able to offer much more customer-friendly solutions, both for money transfers and investments, whereas banking apps are very discouraging and not customer-oriented.

We keep telling banks, especially given their profitability, that now is a good time to invest in new technology solutions. Closer cooperation between banks and fintechs would also be beneficial.

Of course, there are differences here. First of all, a bank has well-established systems and a certain [infrastructural – VŽ] legacy. It is difficult for a bank to transform established practices, whereas fintechs start from scratch.

Another thing is that fintechs usually have one product, while banks offer a very wide range. Therefore, it is much more difficult to create an app or a website that includes payments and access to your current account, a loan application, access to the stock market, and maybe insurance products. This is a challenge for banks, for sure.

What role does the European Banking Authority see between the traditional banking sector and fintech companies? Do you encourage innovation or take a more conservative approach?

A common policy applies to both areas. Our principle is to be technology neutral. This means that we want to highlight the risks that the technology poses to the market and then set limits on the use of the technology.

What are the main risks you see in the fintech sector today?

First of all, this is a question of digital operational resilience. Until now, financial companies have mainly subcontracted to technology companies for the provision of information and communication technology (ICT) services. To date, these services have been provided by a very small number of suppliers. For cloud and cybersecurity services, many banks, insurance companies and asset managers use only a few suppliers, which creates a risk of concentration. Therefore, the aforementioned DORA has been adopted.

Another risk is created by services related to crypto-assets. Investing in crypto-assets has long been a highly disputed issue. Their business model was not very clear, followed by many unregulated risks. That is why, until now, we have not recommended financial institutions to invest in crypto-assets. However, progress has been made in this area and we now have the European Markets in Crypto-assets Regulation (MiCA).

For this reason, can the European institutions now promote the use of blockchains or cryptocurrencies? Is decentralised finance still more of a competitor to the traditional banking sector?

Distributed Ledger Technology (DLT) or blockchain is a technological innovation with many potential applications. Naturally, some of them have a lot of potential, and some of them are questionable.

We see that banks themselves are starting to adopt DLT to improve some processes, which is positive. Crypto-assets also apply to payments or currencies backed by reserves and stable value. This has already been taken into account in European regulation.

Nevertheless, would you say that crypto-currencies pose more risks related to financial crime than other financial areas?

I wouldn't say that cryptocurrency is good or bad, we have both opportunities and risks here. It all depends on how it is applied and what controls are in place.

The emergence of this technology has raised concerns, in particular with regard to the possible use of cryptocurrencies for money laundering, financing of crime or other illicit activities. Cryptocurrencies have historically been created as an alternative to a regulated system. This was the starting point for this technology, but it is not desirable for cryptocurrencies to exist in this sense.

As regards the fight against money-laundering, progress has been made in the regulation. However, calls to invest in crypto-assets, which supposedly offer potentially high returns, are still a cause for concern. This is not something we want to encourage. There are also concerns about the internal procedures of crypto-companies, which often do not have adequate risk management, adequate control procedures or conflict of interest safeguards.

Although now that you have started to regulate, you are recognising crypto-companies as equal participants in the financial market.

Yes, absolutely right. The access of crypto-companies to the regulatory environment also recognises that this activity is legal.

For the financial sector as a whole, what are the main challenges today for preventing financial crime?

Geopolitical tensions are perhaps the most important challenge at the moment, making cyberattacks more likely. This is why corporate resilience is so important to us, ensuring that companies have the right risk management in place, especially in relation to cyber incidents.

Secondly, problems remain in the area of fighting illegal activities such as money laundering, terrorism and terrorist financing, and tax evasion. New technologies are used for this. This means that financial institutions also need to have the right tools in place to prevent these crimes. In the whole context of war, the enforcement of sanctions also plays a part here.

Do you see a problem that many e-money companies do not seek to innovate at all, but simply serve high-risk customers?

Of course, this is absolutely true. We see that sometimes their business model is based on traditional services provided to high-risk customers without sufficient controls.

Last year, we did a peer review of payment institutions’ compliance requirements. We concluded that not every company is weak in the risk management area, but that there are a number of companies with significant weaknesses in implementing know-your-customer and money laundering controls.

Recently, VŽ ran an investigation which highlighted how several Lithuanian fintechs are servicing illegal gambling companies. Do you see any measures that can be taken in the regulatory area to prevent such practices?

We are focusing on this issue right now. The EU has a new anti-money laundering regime – we have just approved a new anti-money laundering regulation and a new authority to control money laundering at European level, called AMLA.

One of the most important aspects for us was what we term ‘the scope of the money laundering entity’. This will cover not only financial institutions now, but also high-risk activities outside financial institutions, such as gambling and the like.

More broadly, does artificial intelligence pose any challenges to the financial sector?

The same as for any sector of the economy. We surveyed banks and found that more than two-thirds are experimenting with AI in a variety of ways. This ranges from management and internal procedures, compliance, customer profiling to practices for improving risk management models.

Therefore, this is being rolled out across the sector, but so far most of these experiments are at a pilot stage, not on a mass scale. Two years ago, we already recommended that when using technologies such as artificial intelligence, it is important to have a clear definition within the company of what it is used for. Second, the company must appoint a person who is responsible for the decisions made using artificial intelligence tools.

Within the European Banking Authority, how do you seek to maintain a balance between adapting to and regulating new technologies?

We follow technological developments. To understand how technology works, we have set up a European forum where we work with market players, fintechs and other relevant stakeholders. Based on this, we approve an annual work plan each year to prioritise technologies, to assess what risks they pose, and how they should be managed.

For example, this year we are prioritising artificial intelligence, deposit tokenisation, decentralised finance, evaluating the use of DLT, crypto-assets lending, white-labelling of financial products, and evaluating the importance of major technology companies for the European Union's financial sector.

What do you make of the criticism that Europe cannot be as innovative as the United States because of all the regulatory rules, that are allegedly too many?

I often hear this remark. However, there is also another term, the 'Brussels effect', which means that Europe is very good at adopting regulations on setting standards, which steers the further implementation of technology in a positive direction.

Therefore, as I’ve already mentioned, we want to be technology neutral. We don't want to be anti-technology, we want to evaluate it and then protect it.

In terms of the digital transformation taking place in the world, are you addressing the digital divide?

Indeed, the level of digitalisation is uneven across the European Union. However, the main problem is in the older age group.

We therefore require banks to continue their traditional practices with customers, keeping branches open for at least a minimum period of time, and providing services physically in rural areas. This means having ATMs, contracts with local shops, pharmacies, or other companies that can provide basic banking services.

The interview was conducted by Akvilė Venckutė.

Verslo žinios (Lithuania)