FSI Paper Endorses Entity-Based Regime for Regulating Big Tech Firms
The Financial Stability Institute (FSI) of the Bank for International Settlements published a paper that examines financial stability risks stemming from the interconnections and interdependencies inherent in the business models of large technology companies—also known as the big tech firms—that are now increasingly providing financial services. The paper outlines the regulatory implications of how big tech firms provide financial services and the tools financial authorities have at their disposal now to address related risks. The paper concludes that addressing interdependency risks requires the development of specific entity-based rules, which could take the form of a new regulatory framework that allows authorities to control risks emerging from the combination of financial and nonfinancial activities. This framework should follow an entity-based approach and impose requirements at the group level, including on strengthening operational resilience.
The paper notes that such large digital platform companies (or big tech firms) operate highly interconnected platform ecosystems and have gained a substantial footprint in the provision of financial services. Such firms are increasingly becoming intrinsic to the financial services sector and are embedding, into their business models, offerings like cloud computing, banking-as-a-service partnerships, payments, credit scoring, and the available data/analytics on existing customers. In particular, several big tech firms have developed proprietary credit scoring systems serving all their business segments. The big tech firms leverage alternative data and sophisticated artificial intelligence-based tools as part of their credit scoring systems. These systems can identify eligible potential customers who might not qualify for credit on the basis of traditional credit risk models used by financial institutions. This is possible because big tech models not only analyze the credit history of customers but also past transactions and digital behavior in their ecosystems. Overall, these advantages of big tech firms' credit scoring systems have become important for their service offerings and, therefore their, profitability. These firms are also increasingly becoming critical third-party service providers to the financial institutions, thus giving rise to not only information and communications technology (ICT) and cyber risks, operational risks, reputational risks, consumer protection risks, and related moral hazards, but also to systemic and financial stability risks.
The big tech firms' operations in financial services are, however, regulated on the basis of sectoral regulatory regimes. When a big tech entity provides its financial services in collaboration with other financial institutions, it usually does not need any license because its partners will typically meet the regulatory requirements. Though if a big tech entity is licensed to perform a regulated financial activity, it faces a body of regulatory requirements attached to that license under sectoral financial regulations. The regulatory frameworks for different financial sectors were not formulated with large interconnected digital platform companies in mind and thus they do not fully capture such risks under sectoral regulations. Thus, to effectively foster operational resilience and preserve financial stability, it seems essential that the entity-based rules be put in place to comprehensively address risks related to interdependences. The paper notes that a few jurisdictions have started to insert entity-based rules in their regulatory framework to cope with selected risks presented by big tech firms. The paper also concludes that strong intragroup dependencies among big tech entities call for risk assessment at the group level.
The paper suggests that, until the entity-based regime is in place, to begin with, authorities could focus on regulated financial entities and use them as a lever to counter potential financial stability risks:
- For regulated financial entities that are members of big tech groups, authorities may wish to assess whether they have a clear picture of the risks stemming from interdependencies. Based on the assessment, they could enter into a structured supervisory dialog with the examined entities to discuss the findings and potential risk mitigants.
- For all regulated financial entities, authorities may wish to assess whether there is a need to strengthen digital operational resilience. It would also include assessing regulated entities’ resilience to cyber incidents and whether they follow international guidance and industry best practices. Deficiencies identified in the assessment could be addressed with the existing regulatory instruments, which encompass, among others, prudential capital requirements, large exposure limits, AML/CFT requirements, outsourcing requirements, rules on related-party transactions, regulatory disclosures, and cyber and operational resilience standards and guidelines.
- For regulated entities’ use of critical services, authorities may wish to ramp up their monitoring efforts. A major concern in this respect is that the limited number of providers of cloud services could magnify the impact of any operational vulnerability.
Related Links
Keywords: International, Banking, Regtech, BaaS, Lending, Lending Marketplace, Platform Businesses, Cloud Computing, Systemic Risk, Basel, Entity Based Regulation, FSI, BIS
Featured Experts

María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer

Blake Coules
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.

Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Previous Article
EC Welcomes Adoption of Digital Services PackageRelated Articles
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.
DNB Publishes Multiple Reporting Updates for Banks
DNB, the central bank of Netherlands, updated the list of additional reporting requests and published additional data quality checks and XBRL-Formula linkbase documents for the first quarter of 2023.
NBB Sets Out Climate Risk Expectations, Issues Reporting Updates
The National Bank of Belgium (NBB) published a communication on climate-related and environmental risks, issued an update on XBRL reporting
EBA Updates Address Securitization Standards and DGS Guidelines
The European Banking Authority (EBA) published the final draft of the regulatory technical standards that set out conditions for assessment of homogeneity of the underlying exposures in simple, transparent, and standardized (STS) securitizations.
FSB Publishes Letter to G20, Sets Out Work Priorities for 2023
The Financial Stability Board (FSB) published a letter intended for the G20 Finance Ministers and Central Bank Governors, highlighting the work that FSB will take forward under the Indian G20 Presidency in 2023