Regulators have historically focused on preventing the risks associated with “too big to fail” institutions.  As a result, they are tending to overlook or mishandle the conceptually distinct risks associated with multiple smaller-scale decentralized financial markets. The reality is that, in many ways, these risks can be greater than those presented by large institutions.  Decentralized fintech markets suffer from “the Systemic Risk of Decentralization”, are more vulnerable to adverse economic shocks, are less transparent to regulators, and are more likely to encourage excessively risky behavior because of the possibility of evading effectual monitoring; in any case, the technology “disincentivises cooperation” with regulatory authorities. That, in brief, is the argument of a paper titled “Regulating Fintech” by William J. Magnuson, Associate Professor at Texas A & M University School of Law, being published in its Legal Studies Research Paper Series as Research Paper No. 17–55 (https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3027525).

The Paper concludes by sketching regulatory responses that “may better correspond to the particular risks and rewards entailed by fintech”. 

Magnuson has four suggestions:

“First, regulators should adopt a “regulation lite” model that incentivizes fintech firms to provide information to regulators about their businesses and seek guidance on the applicability of current law.

Second, regulators should focus on limiting contagion in the event of unexpected economic shocks.

Third, regulators should attempt to leverage the idiosyncratic knowledge of fintech firms to encourage self-policing.

Finally, regulators should work closely with their counterparts in foreign countries to design regulations that work on the global level.”

Well, what are we to make of all this? 

The analysis is certainly perceptive and persuasive.

Moreover, the suggestions are apt.  However, I get worried, and most knowledgeable people get worried, whenever words such as “should” and “ought” start being used too often.  Because what matters is what happens after the “shoulds” and “oughts” have been agreed: there is the far more difficult discussion which remains, regarding *how* the “shoulds” are to be achieved.

On his first point, Magnuson thinks that better quality information can be produced by promoting “observed experimentation”. In other words, “regulators should create incentives for fintech firms to provide information about their business and voluntarily seek guidance on the applicability of current regulations”. If that makes you think of “regulatory sandboxes” as are now adopted by the UK and other countries, your thought is bang on target: sandboxes allow fintech startups to launch new financial products on an accelerated basis; he adds “and with minimal regulatory barriers” though there cannot be reduction in the “regulatory barriers” as there are none in most of these countries, at present. “The advantages” writes Magnuson” of (the sandbox) approach are clear, as it promotes greater transparency in the industry while simultaneously encouraging innovation”.  Yes, but what of the disadvantages?  Some firms are co-operating.  Others are not.  Those that co-operate take on the financial, managerial and time-related burden of doing so.  Those that do not co-operate are free of the financial, managerial and time-related burden.  This provides an advantage to those competitors who choose to avoid playing in the sandboxes.  In other words, sandboxes tilt the playing field against precisely those who choose to play in the sandboxes.  The second disadvantage is that, even when a company is playing in the sandbox, it is difficult to tell whether it is sharing “the truth, the whole truth and nothing but the truth”.  In fact, most companies would be foolish to share anything like the whole truth because that would simply betray their competitive advantages to rivals, particularly those who choose not to be burdened by the financial, managerial and time-related disadvantages of playing in the sandbox.  

While Magnuson acknowledges sandboxes as “one example” of what he considers an appropriate approach, he confines himself to merely mentioning other “ideas that have been floated” including “the centralization of regulatory authority, the creation of targeted fintech regulation, and simplified registration procedures”.  He does not discuss these, presumably because he is biased against them.  My own bias is, I hope, clear: voluntarism is fine for those who willingly accept the burdens that voluntarism imposes; and voluntarism is certainly fine for a short experimental period; however, there is no alternative to regulation that imposes an equal but minimal regulatory burden on all firms in a sector.

In any case, increased flow of good-quality information is not a panacea, as Magnuson agrees: “Merely increasing public disclosure regarding the risks of fintech will not address the fundamental sources of those risks themselves. A growing number of studies demonstrate the limitations of disclosure as a method for reducing systemic risk. Individuals are often unable to process the significant amounts of information available to them, and even when they are, they often fail to change their behaviors in order to reflect this information. Thus, additional disclosure will likely be insufficient to address the systemic risk concerns (regarding) fintech”. 

That is why Magnuson asserts that “fintech regulation must also impose substantive regulations on risk”.  Though such regulations will “necessarily depend on the nature of the innovation…. one common principle should underlie substantive fintech restrictions: limiting contagion”.  For example, some robo-advisors already include “circuit-breaker” type features in their algorithms so as to reduce market volatility and prevent domino effects as parties rush to limit their losses. Such features could be made a requirement. Or, in the case of virtual currencies, regulations might focus on ensuring the trustworthiness of settlement mechanisms and the accuracy of distributed ledgers, in order to prevent breakdowns in the system and curtail herd behavior by consumers”.  In addition, there is the challenge of what could be done once a stampede has started.  Magnuson doesn’t think that struggling fintech companies should be provided liquidity by a Central Bank.  Rather, the “willingness to allow any particular fintech firm to fail should reduce the moral hazard problems in the (financial services) industry”.  He suggests that insuring consumers from losses would be a cost-effective way of restricting the pathways by which contagion is spread. After all, if bank depositors are insured from a certain minimum level of losses, why not consumers in fintech?  It is a tempting thought, but of course it assumes that all fintech firms are regulated, just as banks are, to keep an eye on their risk-management policies, procedures and outcomes.

That brings us to Magnuson’s third prescription, which relates to the difficulty of even identifying, let alone monitoring, the relevant actors.  Magnuson’s solution is to encourage self-policing – not just voluntary self-monitoring (including reporting one’s own compliance with regulatory obligations) but also the encouragement of all firms to monitor each other.  His argument is that “Fintech firms are in possession of idiosyncratic information that is poorly understood by outsiders.  Robo-advisors know their businesses and investment algorithms better than anyone else.  Crowdfunding sites understand their models and related vulnerabilities better than anyone else.  Virtual currency platforms understand the way that their currencies work better than anyone else.  All of these actors are better placed than regulators to identify material risks in their industries, such as the introduction of new players or the discovery of unexpected features.  Thus, they have the ability to identify relevant players and monitor their behavior much more effectively than outside regulators.  Fintech firms are also closely attuned to the activities of their competitors.  Fintech firms are constantly reviewing the competitive landscape to identify ways to improve their business, and, at least in virtual currency, much of the technology is “open source,” allowing fintech firms greater visibility into the functioning of alternative firms.  Thus, self-policing is likely to be particularly effective in the fintech sector”. 

Hmm, there are several issues here. 

First, if I am aware of the existence of fintech company AAA, how do I know whether or not the regulatory authority has AAA on its radar, unless all Fintech companies are required to be regulated, and to display their Regulatory Registration Number on their site? 

Second, does “open source” mean “open access to everything in the business”?  Doubtful.  Magnuson evades that issue by using the weasel wording of “greater visibility”.  He doesn’t discuss the distinction between “greater visibility” and “visibility sufficient to be able to monitor what’s really going on”. 

Further, will fintech firms be at all interested in monitor ingtheir competitors, suppliers and “co-opetitors”?  This is a problem that Magnuson acknowledges: “Monitoring is costly, and thus companies may not be willing to expend the resources necessary to do it, or they may not monitor at the optimal level.  Even if they do discover risks in their industry that could potentially create negative externalities for third parties, they may have incentives to refrain from changing their behaviors to curtail these risks if the suspect behaviors are profitable.  Thus, regulators will need to find ways to incentivize fintech to engage in an efficient level of self-policing. One particularly powerful way to do this is to leverage collective sanctions, imposing costs on the group when an actor misbehaves.  Collective sanctions are an effective way to utilize the superior information held by individual actors in a group and motivate them to use that information advantage to advance regulatory interests. By allowing regulators to impose costs on an industry as a whole, rather than requiring them to identify individual bad actors, collective sanctions can incentivize individual companies to monitor the potentially risky behaviors of other members of their group.”  Naturally, this begs the question of how “their group” is to be defined and by whom.  Magnuson thinks that, for example, debt crowdfunding platforms might be under the regulation that if a high number of loans in the industry default, the regulators will ratchet up the regulatory burdens on the industry as a whole.  Apart from “shutting the door after the horse has bolted”, this begs the question of how any such regulation coheres with Magnuson’s previous concern to avoid contagion in any situation where the public is already jittery because of the vulnerability or collapse of one player.  Possibly for this reason (though he doesn’t say so), Magnuson goes on to a possibility that has already been touted in banking as a whole: all relevant companies could be required to contribute to an insurance fund to pay for bad debts in the event of systemic shock. Such suggestions are good but inadequate in view of dangers with which we are familiar as a result of recent experience: regulatory capture, and commercial collusion, as well as whether insurance payments will be high enough to be sufficient given that there is no financial history for actuaries to utilise. So I’m afraid Magnuson doesn’t take us very far in relation to his third point.

His fourth point is the self-evident one that the fintech industry needs “a more internationally-minded regulatory regime (that) would take into account three fundamental principles:  first, fintech activity is not solely domestic, but rather crosses national borders and often raises complex jurisdictional issues; second, regulatory actions in one country will have effects on other countries; and third, regulators in other countries will have useful information about the effects of particular types of fintech regulation”.  These three considerations of course apply not just to fintech but to financial services as a whole – though that hasn’t allowed sufficiently sensible financial services regulation to emerge, for example to prevent booms and busts on a global scale.  So I’m afraid that, on this matter, Magnuson doesn’t take us much past homilies: “Governments … have an interest in cooperating to prevent systemic risk from materializing in the fintech sector.  They also have a broader interest in ensuring that fintech is not used to evade national regulations.  These important governmental interests provide an opportunity for regulators to cooperate to create responsible and appropriate measures to respond to and limit systemic risk factors in the fintech sector. This does not mean that fintech regulation must be uniform.  In fact, uniformity is both unlikely and undesirable at this stage of fintech’s development…. The aim is not so much to impose a single regulatory framework on all jurisdictions, but rather to ensure that regulatory competition and experimentation occurs in a way that produces useful and usable information for governments.”  In other words, let’s do here for fintechs what we already do for financial services as a whole – even when doing so would have results that are not only predictable but have already been experienced.  My view here too is, I hope, clear: a single regulatory framework for fintechs across the globe is not only desirable, it can also encourage experimentation and competition.

Let me close by thanking Magnuson for his paper.  It is good to have his wide-ranging contribution to a key matter on which there hasn’t been much discussion so far.