FSI Paper Endorses Entity-Based Regime for Regulating Big Tech Firms
The Financial Stability Institute (FSI) of the Bank for International Settlements published a paper that examines financial stability risks stemming from the interconnections and interdependencies inherent in the business models of large technology companies—also known as the big tech firms—that are now increasingly providing financial services. The paper outlines the regulatory implications of how big tech firms provide financial services and the tools financial authorities have at their disposal now to address related risks. The paper concludes that addressing interdependency risks requires the development of specific entity-based rules, which could take the form of a new regulatory framework that allows authorities to control risks emerging from the combination of financial and nonfinancial activities. This framework should follow an entity-based approach and impose requirements at the group level, including on strengthening operational resilience.
The paper notes that such large digital platform companies (or big tech firms) operate highly interconnected platform ecosystems and have gained a substantial footprint in the provision of financial services. Such firms are increasingly becoming intrinsic to the financial services sector and are embedding, into their business models, offerings like cloud computing, banking-as-a-service partnerships, payments, credit scoring, and the available data/analytics on existing customers. In particular, several big tech firms have developed proprietary credit scoring systems serving all their business segments. The big tech firms leverage alternative data and sophisticated artificial intelligence-based tools as part of their credit scoring systems. These systems can identify eligible potential customers who might not qualify for credit on the basis of traditional credit risk models used by financial institutions. This is possible because big tech models not only analyze the credit history of customers but also past transactions and digital behavior in their ecosystems. Overall, these advantages of big tech firms' credit scoring systems have become important for their service offerings and, therefore their, profitability. These firms are also increasingly becoming critical third-party service providers to the financial institutions, thus giving rise to not only information and communications technology (ICT) and cyber risks, operational risks, reputational risks, consumer protection risks, and related moral hazards, but also to systemic and financial stability risks.
The big tech firms' operations in financial services are, however, regulated on the basis of sectoral regulatory regimes. When a big tech entity provides its financial services in collaboration with other financial institutions, it usually does not need any license because its partners will typically meet the regulatory requirements. Though if a big tech entity is licensed to perform a regulated financial activity, it faces a body of regulatory requirements attached to that license under sectoral financial regulations. The regulatory frameworks for different financial sectors were not formulated with large interconnected digital platform companies in mind and thus they do not fully capture such risks under sectoral regulations. Thus, to effectively foster operational resilience and preserve financial stability, it seems essential that the entity-based rules be put in place to comprehensively address risks related to interdependences. The paper notes that a few jurisdictions have started to insert entity-based rules in their regulatory framework to cope with selected risks presented by big tech firms. The paper also concludes that strong intragroup dependencies among big tech entities call for risk assessment at the group level.
The paper suggests that, until the entity-based regime is in place, to begin with, authorities could focus on regulated financial entities and use them as a lever to counter potential financial stability risks:
- For regulated financial entities that are members of big tech groups, authorities may wish to assess whether they have a clear picture of the risks stemming from interdependencies. Based on the assessment, they could enter into a structured supervisory dialog with the examined entities to discuss the findings and potential risk mitigants.
- For all regulated financial entities, authorities may wish to assess whether there is a need to strengthen digital operational resilience. It would also include assessing regulated entities’ resilience to cyber incidents and whether they follow international guidance and industry best practices. Deficiencies identified in the assessment could be addressed with the existing regulatory instruments, which encompass, among others, prudential capital requirements, large exposure limits, AML/CFT requirements, outsourcing requirements, rules on related-party transactions, regulatory disclosures, and cyber and operational resilience standards and guidelines.
- For regulated entities’ use of critical services, authorities may wish to ramp up their monitoring efforts. A major concern in this respect is that the limited number of providers of cloud services could magnify the impact of any operational vulnerability.
Related Links
Keywords: International, Banking, Regtech, BaaS, Lending, Lending Marketplace, Platform Businesses, Cloud Computing, Systemic Risk, Basel, Entity Based Regulation, FSI, BIS
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Blake Coules
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Previous Article
EC Welcomes Adoption of Digital Services PackageRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.