Interview: Clair Mills on the meaning of fintech

How would you define financial technology (fintech)?

Fintech means so many different things to different people. From the Bank of England’s (BoE) perspective, we would think in terms of technological innovation that could fundamentally change the way in which financial services are accessed, or provided, or changes to the underlying infrastructure. This is consistent with the Financial Stability Board’s definition.

There is both an outward- and internal-facing way of looking at fintech. Outwardly: what technology are firms using, and how are they using it; and how technology is leading to new players entering into financial services. These trends are relevant to us from a regulatory perspective and a financial stability perspective. And then internally: how can central banks utilise the technology to enable them to do their jobs more effectively.

Would you also say there is a financial inclusion aspect as well?

Oh, definitely. Fintech can help meet unfulfilled demands in the economy. Before the Prudential Regulatory Authority (PRA) came into existence five years ago, new bank authorisations were very low. Since 2013, we have regulated 37 new banks. A contributor to this increase is in the technology capabilities of new entrants. Technology has enabled a new type of banking in the form of online and virtual banks. Technology has opened up the marketplace from an inclusivity point of view.

There is the view fintech could be disruptive to the incumbent traditional players. Would you agree?

I think disruption is quite a strong term, if I am honest. I think it is more influential – disruption can come across as a negative. Yes, there are elements of fintech that could be disruptive, and we need to think how we manage that. There is so much going on in the sector, and we as regulators need to think about are we able to focus on the right things. Are we missing something? How do try and stay ahead of some of the things that are happening?

Regulation just by its nature will always be behind technology. If technology begins to take a firm in a new direction, we need to think about whether there are risks and benefits of that technology, and whether we should take steps to mitigate new risks or to encourage the use of the technology in a safe way. It is about finding a balance moving forward, which will be important.

But we also have to accept the structure of the economy is changing as a result of technology. I think it is a good thing we are moving into peer-to-peer connectivity and powerful networks. It is revolutionising how people consume, work and communicate. The nature of commerce itself is also changing. Sales are increasingly taking place online. It is not news by any stretch that people no longer walk into their banks. The contact with their customers, as well as the regulatory side, is very different. Access to payment infrastructures from a bank perspective is also a whole new ball game. And a lot of this technology is not new. A lot of it is just using old technology in new ways.

Regulators also need to think about managing new technology. Some of it is very expensive for central banks and regulators, which can be prohibitive to moving in a direction that you want to in the timescale. Central banks, as well as some of the firms regulated, have a lot of legacy systems that do not easily allow you to move on to some of the new technology. So building up some of those platforms again can be problematic, time-consuming and expensive. But you have to look at where you’re going to get the most ‘bang for your buck’. There is a whole host of things that are causing disruption, but things have always changed. I think sometimes people forget that happens when certain technology comes along.

There is the concern that the integration of fintech will see people displaced from their jobs, imagining banks filled with robots. But, from a banking perspective, there has always been changing technology. If you look at the history of ‘the bank’, it was not that long ago that pens and ledger books and a general ledger were used. When that changed, it did not suddenly replace the people doing the jobs, they just had to change their skills. And it will be no different this time.

You mentioned cost is a factor when considering integrating new technology. What other factors should central banks consider?

The BoE doesn’t just have to think about how it adopts new technologies, it also has to think about how the financial system is adopting new technologies and what it means for its objectives of monetary and financial stability. The bank has three policy committees, and fintech is relevant to the remit of all three.

The Monetary Policy Committee sets interest rates at a level that leads to the stability of prices at its 2% inflation target set by the government. Fintech is interesting for them to the extent it might impact productivity or the transmission of monetary policy.

The Financial Policy Committee has a remit to protect and enhance the resilience of the UK financial system. Fintech could enhance the diversity of the system as well as pose new risks or amplify old ones. For example, we assessed the impact of crypto assets on financial stability, and concluded they do not currently pose a risk. However, the FPC continually keeps potential threats to financial stability under review.

The Prudential Regulatory Committee has a remit to promote the safety and soundness of firms, and a secondary objective to promote competition. Within the bank’s regulatory arm, the Prudential Regulation Authority (PRA), we are continually investigating ways in which fintech could help to improve regulation, building on existing work internally and in collaboration with our sister regulator, the Financial Conduct Authority (FCA). At the moment, there is a lot of talk about robo-regulation, which in my view is an awful thing – human judgement is a core element of supervision. I do not think it is actually achievable, and I do not think it is desirable either. You need human intervention in any process, but the breadth of skills required in supervision going forwards – and our use of data – is certainly changing.

Ultimately, you are teaching a machine, and you have to ensure the machine is learning appropriately. I think if you just teach the machine, and blindly trust the results, that is a recipe for disaster. You need to have some checks and balances in place to make sure there is a diversity of learning – that it is not discriminating in certain ways just because of the types of data that might be coming

I agree artificial intelligence (AI) can help massively in enabling us to spend more of our time on analysing data. I think there is so much we can do with this technology that will help us analyse data and save lots of time in trawling through all that information. We have a huge amount of unstructured data, and we are looking very closely at implementing a recent proof of concept on how AI, particularly machine learning, can help us with that. There is definitely a place for AI, but there are two main things to consider.

One is that, ultimately, you are teaching a machine, and you have to ensure the machine is learning appropriately. I think if you just teach the machine, and blindly trust the results, that is a recipe for disaster. You need to have some checks and balances in place to make sure there is a diversity of learning – that it is not discriminating in certain ways just because of the types of data that might be coming. I think there is always that human intervention check that will be needed. The PRA does forward-looking, judgement-based supervision. It relies on the information it is getting from firms, and then has to make forward-looking decisions based on that data. I think that will always require a certain breadth of thinking. What we hope fintech will do is provide us with richer analysis and, more specifically, better peer analysis. At the moment, that is really hard, given that firms submit information in different ways, using different terminologies. If technology can help you bring that into a more standardised and aligned view, that has to be good thing.

Is machine-executable regulation the future?

I am an advocate of this, especially the machine-readable side of the argument, but I doubt that any regulator will ever be able to make all of their regulation machine-executable. That said, the FCA have done a lot of work on this and have had some success. From their perspective, machine-readable regulation could be useful for a limited number of regulations, especially for some of the smaller consumer-based regulations. I can see how it could be useful for us both. But I don’t think we are ever going to get to a stage where we can regulate the globally systemic banks in a fully automated fashion.

What areas of central banking are the most influenced by fintech?

If you look at where novel technology is been used at the moment, a lot of it is more on the conduct side. It is being used for streamlining money laundering and ‘know-your-customer’ (KYC) processes, and I think technology will continue to gain traction in this area, especially through transaction monitoring, which could be the big winner.

The BoE have also looked to deploy fintech for both cyber security and within our own payment services provisions. Our payment systems process a large amount of information on a daily basis, and technology could really help us in this area. From a regulatory perspective, new technology holds additional promise in terms of reporting.

Then there are other types of technology that have been around for ages, which we could probably use better. At the BoE, we are looking at all sorts of things, such as crowdsourcing models, which we think could be used in a number of different scenarios – for example, consultation processes. We are always looking at how we might be able to do things differently or more inclusively. A lot of the big firms obviously have big compliance departments that already do this sort of thing. The smaller, newer entrants or smaller banks do not. But if you start to do things more online, that makes it more accessible.

There has been talk of using technology for more day-to-day in-house central bank functions – in the human resources department, for example. Has the BoE considered anything along those lines?

We do already use a type of AI software for one of our human resources processes linked to recruitment. There is evidence that the phrasing of job adverts can affect the diversity of the candidates that apply, so we use software that analyses all of our job adverts for gender bias.

There is a plethora of fintech solutions out there. What do central banks need to do in order to fully capitalise on the technological innovation taking place and ensure you are using technology in the right place?

Personally, I think it is too soon to form a judgement on whether we are using it in the right place. I think we are all still learning, and I also think there’s a huge amount of hype about what is and is not being done. We talk to a lot of regulators, banks and other financial firms who go out quite publicly and say they are experimenting with a number of new technologies. But when you have a dig underneath the surface, you find there is a lot of good talk, but as yet not so much delivery. And there are a number of reasons for that, time being one crucial factor.

It takes time for innovation to occur. Then there are budgetary constraints to consider, as well as human capacity and skill – of which there is a shortage. Central banks and other public institutions cannot afford to pay what Google pay their experts.

We are doing – and have done – a lot of research in this space, especially with regard to distributed ledger technology (DLT) and blockchain. We are in the process of starting to replace our real-time gross settlement (RTGS) system, and one of the frameworks we considered was a DLT-based system. After some work, the BoE decided DLT, as a total solution, was not ready. The technology is not ready to handle the requirements we need the system to scale to. Having said that, we are conducting some proofs of concept that would look to link DLT-based systems to the overarching systems. So banks that wish to use DLT internally would potentially still be able to connect to the new RTGS.

Although we want to be sure we’re utilising technology for all the best reasons, we are unlikely to be wanting to be the first one out there taking the risk of unproven technology

We need to take gradual steps, and not dismiss things out of hand. We need to be sure that the use of new technology will meet the problems we want to solve. Therefore, although we want to be sure we’re utilising technology for all the best reasons, we are unlikely to be wanting to be the first one out there taking the risk of unproven technology. We will do the analysis, we will aim to understand what it means, and only where we think it is the right thing we will implement it. We have done a lot of work over the last couple of years in understanding some of the new technologies coming out. What was quite interesting for me is that of all of those that we did explore, very few of them have gone much further at this stage. Again, we are looking at a couple of companies, and working out where they could be useful for us, but I think we’re a little way off taking all the new stuff and running with it.

But there is a bit of a [misconception] that we, central banks, do not seek to innovate. One area we really are getting stuck in is on the machine-readable front, as I have already touched upon. Technically, our rule book is already machine-readable, as the reporting is all done in XBRL, which is a machine-readable format. In this regard, we have liaised with the European Banking Authority and the US Federal Reserve to try and find some way of providing some standardisation. Our aim is to make it easier for firms to adhere to regulation, not make it harder – and if that is through the way we set standards, then we will work on that.

So, we do these things – I do not think it is that we are not doing it, perhaps just not at the speed that people expect.

Realistically, a machine-readable/-executable rule book is probably five years or so away from being complete purely because of the process elements that come with it. It is written by a lot of people – it is not just one person or one small group of people and three or four lawyers. They do not all write in the same way, or use the same terminology or phrasing. You get a consistency, but it is not the same. And unless you have consistent and clear terminology, it is very hard to get to that point. So, realistically, it will probably take in the region of four years for us to develop a machine-readable rule book that we can use internally and externally.

Central banks are using sandboxes and accelerators in an attempt to find a balance between innovation and stability. Do you think central banks have found the balance? Or do they continue to be too risk-averse when it comes to fintech?

I think we are always looking – innovation and stability are not always trade-offs. If harnessed properly, they could lead to a more dynamic financial system that better meets the needs of end-users. But I think what we have to consider is what priority we give certain aspects of fintech. We have finite resource and we’re under constant budget pressure regarding the cost of regulation. You have to weigh that up against trying to move forward; efficiency and effectiveness are two words that we use all the time. If you could just get going, it would all happen a lot faster. Then there are legacy systems – like most regulators and the firms that we regulate, we are probably having to spend more money, time and effort than we would like on keeping the wheels turning on obsolete systems, whilst investing in strategic direction. And while you are doing that you are also trying to make these systems future proof.

I think as a central bank and regulator we understand that Technology and innovation is becoming more integral to what we do and how we do it. We had the FinTech Accelerator, and have moved this forward into a fintech hub. We invest in advanced analytics and research. We are always looking at what’s happening and where we can go – it is just quite a process to get to the actual implementation delivery point, and I think that will always be the case.

Do you think there is a risk central banks are not moving fast enough? Is being a fast follower enough in a financial landscape that could be destabilised by technology?

If I am honest, I think technology will always outpace regulation and central banking purely just because of the pace at which technology evolves. We are as forward-thinking as we can be. As I mentioned, we are doing things with RTGS before they are needed. We are more limited on the regulation side because we can’t regulate before we have assessed the risks.

I do not think being a fast follower in this sense is necessarily a problem, but you cannot be a fast follower in everything. I think one of the areas where we could do more is in analysing how fintech – and perhaps technology more generally – is affecting commerce, and the knock-on effect of that on the economy. In the UK, this is equally an issue for the FCA, as they look at where technology could pose a threat to the consumer.

Where there is an operational resilience factor, we have to take a lead, especially if there is going to be a larger financial stability impact. I think one of the areas I suspect that we will always try to be innovative is on the cyber crime side, because the sort of cyber crime targeted at a central bank is not the sort of thing that your normal antivirus software will catch. That is where we need to be ahead, and where personally I would say we need to concentrate on being ahead of the curve.

I think technology will always outpace regulation and central banking purely just because of the pace at which technology evolves. We are as forward-thinking as we can be … We are more limited on the regulation side because we can’t regulate before we have assessed the risks

The BoE has changed its approach to cyber recently, taking a more reactive, rather than proactive, approach. Is this not admitting defeat in a way?

You are right that we have highlighted that firms need to ensure they can recover quickly when an attack has happened, as well as the first line of defence. But there are two aspects to how financial firms need to think about cyber security.

The first side is to ensure you prevent hackers from gaining access to your systems and moving money. That is the type of cyber crime you are trying to stay on top of. You are going to be defensive because the last thing you want to see is millions transferred and lost. Then there is the second angle of ensuring you can get critical systems back up and running when there is an attack that disables them. This is into the realms of cyber terrorism, rather than cyber theft. There is a need to do damage control to ensure that personal data is non-accessible and that you have protocols in place that will allow you to continue to offer services to your customers. So there are two contexts in which firms, and central banks, have to think about cyber.

It is important to remember that a system failure can be caused by human error as well as cyber. Banks can be just as susceptible to hardware failure, someone pressing the wrong button or poorly tested deployment of new software. You can try and reverse whatever has happened, but that doesn’t always work. And no-one is immune: you can test and test and test, and it still happens. It’s the speed with which you can get things up and running that is the real test. Time and time again, we see in the press that when a bank’s core service has gone down, it is not because somebody tried to steal the money, it is because something has gone wrong internally. If a service is down for a long time, this can have as equally big a financial stability impact as a cyber event – if not more, if it affects their business and customers go elsewhere.

Fintech has given birth to numerous other terms, including regtech and suptech. How would you define these?

Regtech is the use of technology by financial institutions, aka the regulated institutions, for purposes of meeting regulatory requirements. This would include the application of new technologies to help service providers in back-office functions, in productivity, in overcoming regulatory challenges. Anti-money laundering and KYC would also come within that space.

Suptech would be for the use of the authorities that do the supervision. Another analogy would be ‘the regtech for regulators’. This would include applying the sort of technology-based solutions, various forms of data science included, that help us regulate. Machine learning to automate tasks and improve analysis would come in this space.

And you have crossover, so what we are doing with the rule book has implications for both the regulated and the regulator. That would be how I would define the two, but we do not commonly use the term suptech internally at the BoE – to me, it just seems a term for term’s sake!

What is the BoE’s fintech strategy’s focus for the next 12 months?

We have some big-ticket items on the agenda. We need to continue to consider the implications of fintech for our objectives – where should we mitigate risks, and where should we encourage innovation in a safe way. The future of interbank payments and the development of RTGS is an obvious one for us.

We are also looking at technology for advanced analysis, and how we can best use our data. This will focus around how we digitally transform our systems, asking the question internally: “What can we do better?” One of the biggest issues we have is just the sheer amount of data we collect. We are constantly searching for more effective ways to collect, store and analyse our data to ensure we get the most from it.