The regulatory winds, they are not a-changin’
Did you read the news?
The US Consumer Financial Protection Bureau (CFPB) is going to be supervising Big Tech firms operating digital wallet and payment apps in consumer financial markets.
Arguably, the standards that Big Tech firms need to comply to are neither new nor surprising.
This latest rule is certainly new, yes. But is it surprising?
It really shouldn’t be.
First of all, it stands to reason: ‘meddle ye not in the affairs of dragons’ should be self-evident. If you stray or march into regulated activity, your activity will be regulated. There are warning signs and everything.
And for firms handling upward of 50 million transactions per year, the expectation to follow legal frameworks similar to banks and credit unions should be a given and definitely not surprising.
A consumer assumes that when they make a transaction ‘the powers that be’ do ‘whatever it is they do’ if there is an issue or dispute. If something goes wrong, you expect the law to be on your side. And you should. Only the law can only be on your side when supervision was in place before the thing (whatever it is) went wrong.
The reality is that the average consumer doesn’t give two hoots or a single thought to things such as AML provisions and fraud checks before something goes wrong.
The average consumer assumes services are already regulated in a vague and generic way.
What do I mean by that?
The average consumer knows there are rules that govern financial services, but are more than a little cynical about said rules because they have seen things that seem preposterous from the point of view of the average consumer go by unpunished.
Like they are not even an issue.
Simultaneously, they know that certain rules do govern the game and there is some low-level recourse when it comes to ‘money stuff’, so if there is a transaction you don’t recognise or your card is cloned or stolen there is a process whereby the bank or issuing institution will make you whole.
The assumption tends to be that those rules apply in a blanket sort of way, the way laws apply to the rest of life.
Which they don’t.
Financial regulation applies in a way that is esoteric, layered, fragmented and conditional, and although there are many good reasons for that (and many not so good reasons), the average consumer neither cares for nor understands the nuance. Hell, the average consumer doesn’t know the difference between the FCA and the PRA in the UK or the ACCC and APRA in Australia and, arguably, why should they?
So when the regulators announce proactive examinations into the compliance of suppliers not historically supervised in this way, the average consumer doesn’t necessarily notice (because the headlines look boring and the acronyms esoteric), but if they were paying attention and understood the implication, I suspect the reaction would be… wait up… why on earth were they not supervised in this way until now?
Good question, average consumer.
And there are reasons. Regulatory fragmentation globally and across regions is one. The fact that the digital landscape across the board and in payments in particular is evolving in ways that are testing the boundaries of and handovers between supervisory authorities, and some jostling has been needed to work out who needs to be responsible for what and where the handshakes need to be in a changing world.
Then there is the fact that regulation emerges through a long and thoughtful process and sometimes the world doesn’t exactly go where we think it is going, which leaves us with gaps and the need to adjust, re-think, add and expand which, in turn, leaves us with what a colleague recently described as regulatory ‘debris’ cluttering the landscape.
But the reality is that slow, ponderous and non-linear as it may be, the regulatory winds are blowing relentlessly in one direction. Which is the second reason why none of this should be surprising.
If you are a consumer, you can rest assured that the way the global regulatory landscape is changing has you and your interests at heart. It won’t always get it 100% right, but the thing we all assume is happening as consumers (that the powers that be do their thing when you pay for your goods and services online or in-store) will be happening.
And more than that: in a world where data is itself currency, the regulators globally are facing in the same direction even if they are not moving at the same speed. The questions they are asking are all around ‘what does protecting the consumer while giving them choice and freedom look like?’
That isn’t an easy nut to crack as we all – in our capacity as consumers – have a different view of the freedom to protection ratio depending on the context in which we are thinking about it. If something has just gone wrong, protection looks better than more freedom. When things are going OK, the other way round works better, please and thank you.
That is the exam question, and it’s not an exact science, but that is the direction of travel.
So a consumer may see the headline around the CFPB’s new supervisory rule and skip over it in a semi-catatonic way.
But the rest of us look at it and go ‘and another one gone, and another one gone’. Not biting the dust exactly. But falling in line with what is a relentless regulatory alignment globally.
And look, if you are a Big Tech firm that now has regulators breathing down your neck, this may feel like a lot.
If you are one of the 22,000 entities affected by the first round of DORA regulations in the EEA, this will definitely feel like a lot.
That’s because it is a lot.
And it is new.
And in the detail and nuance, there is a lot to be worked out that will require everyone affected to do a lot of new stuff and do it fast.
So yes. New.
But surprising?
Not in the slightest.
For the last 20 years, the regulatory trajectory globally has been showing a very clear sense of understanding how digital technology changes the fabric of financial services and the danger and opportunity spectrum presented to consumers and businesses. They have relentlessly moved away from backwards-looking checklists (in the spirit of ‘show me you did the right thing to get the monkey off your back’) to a demand for situational and contextual compliance checks. A mindset of ‘show me you are doing the right thing at all times’.
Is it new? Sure. Is it a lot? You bet.
Is it surprising? As I said: not in the slightest.
The regulatory shift globally has been towards standards, protocols and end-to-end predictability.
The rules keep evolving and shifting, and in that sense, it is possibly true that compliance professionals live their lives in a state of constant surprise at the detail, complexity and sheer volume of regulatory intervention.
That, I sympathise with.
But we knew it was coming.
We knew it was coming when the first set of MiFID rules came along. When PSD (the first, the original, the one we barely remember) appeared. We all talked about it then: we can see the direction is changing, but for now let’s just comply with the letter of the law and we will see how to deal with the spirit of the law when there’s no choice.
Well.
We are here now.
The letter of the law is increasingly complicated, the spirit of the law is consistent and there’s no choice.
So, is it a lot? Yes.
Is it new? Constantly and additively.
Is it surprising? All together now: not in the slightest.
So. Here we are. And there will be more where this came from.
So as a consumer, you may experience some relief that what you assumed was happening is now finally happening.
And as a service provider who is bombarded with new regulation demanding transparency and accountability in new ways each day? You are allowed to mumble and grumble. You are allowed to be grumpy at how much is being thrown at you, at the sheer cost of compliance. You are allowed to be frustrated.
What you are not allowed to be is surprised.
#LedaWrites
Leda Glyptis is FinTech Futures’ resident thought provocateur – she leads, writes on, lives and breathes transformation and digital disruption.
She is a recovering banker, lapsed academic and long-term resident of the banking ecosystem.
Leda is also a published author – her first book, Bankers Like Us: Dispatches from an Industry in Transition, is available to order here.
All opinions are her own. You can’t have them – but you are welcome to debate and comment!
Follow Leda on X @LedaGlyptis and LinkedIn.