On the 7th of June, CEPS, in partnership with ECMI and ECRI, held their Fintech Day where the discussion focused on the balance between innovation and regulation. COFACE Policy and Advocacy manager Martin Schmalzried spoke on the first panel session, entitled “privacy rights and financial innovation: how to promote both?” The major points raised were the following:
Innovation is not necessarily positive
All too often, innovation is systematically presented as a “good” thing, but there are plenty of examples of harmful innovation and so regulation, far from being a burden, can save consumers, citizens, public authorities and even financial institutions major problems. The most salient example is the 2008 financial crisis which saw major “innovations” in the form of subprime lending, securitisation (mortgage backed securities) and credit default swaps, which proved to be toxic and the effects of which are still felt today. A more recent example is the dynamic currency conversion service, which, far from providing consumers a useful service (paying in their national currency abroad), adds a significant surcharge to the consumer. Finally, several European countries including Belgium have interest rate caps, making it very hard if not impossible for pay day lenders to enter the market with their innovative financial products. Yet nobody seems to find this problematic.
Who are you innovating for?
Ideally, innovations should benefit everyone and should be a win-win, but all too often, innovations mostly benefit shareholders and aim at increasing profitability without necessarily providing some equivalent added value to consumers. Another important factor is examining the impact of innovation on financial inclusion. If your financial service only benefits the richest and least vulnerable consumers and increases the vulnerability or exclusion of the most fragile elements in our society, then it cannot be seen as “positive”.
Good innovations do exist
There are examples of positive innovations to be sure, in the field of financial services and in Fintech. In most cases, Fintechs focus on doing in a faster/cheaper/better (more intuitive and user friendly way) what traditional banks have been doing so far (credit, insurance, payments, investment). One example is Transferwise which enables the transfer of money across borders and especially in foreign currency at a fraction of the cost using more “traditional” means like a bank transfer.
The transformative power of the GDPR
There are a few key provisions which, inside the GDPR, have the potential to transform the financial services industry, and especially the Fintech sector. Those principles are: data minimization, data portability, objection to automatic decisions made by algorithms, transparency of algorithms, and purpose limitation (the principle to only to the data which is strictly necessary for the purpose of delivering a specific service). Taken together, they could usher in a new era in which consumers are in charge of their own data directly (host their own data on the cloud service of their choice) and grant access to services based on their preferences. This could greatly facilitate bank account switching for instance, as it would only require to change which financial service provider has access to their transactions history and other relevant data. Purpose limitation on the other hand is absolutely essential to avoid a race to the bottom where any and all consumer data are used in insurance and credit risk assessment, leading to the end of risk pooling and moving towards personalized risk based pricing. Regulators will have to clarify which data is strictly necessary for carrying out creditworthiness or assessing risk for various insurance policies (health insurance, car insurance etc), ensuring a balance between personal responsibility and risk pooling. Also, the GDPR may prompt businesses, especially those operating online, to diversify their business models and move away from the dependency on exploiting user data for targeted advertising. Examples include crowdfunding and online donation via facilitated online micro-payments, or in browser cryptocurrency mining.
Privacy in the age of mass manipulation
If the Cambridge Analytica scandal taught us anything, it is not so much about privacy violations, which have been numerous throughout the past, but about wider negative consequences of privacy violations (manipulation during elections) which so far were only limited to personal detriment. The importance of privacy and data protection goes beyond the issues of personal data breach and individual consumer detriment, but can have deep implications for democracy. The protection of sensitive data such as financial data should, in this regard, be of utmost importance, and not relegated to questions of “stifling innovation”.
To conclude, the GDPR and a renewed focus on privacy and data protection may allow us to move from a mentality of “moving fast and breaking things”, something that was a part of Facebook’s internal “mantra” for their staff, to “moving slow and fixing things”, stopping to think about the implications about what we are creating rather than being the first to push it on the market, regardless of the larger societal implications.