海外之聲丨BIS總裁：金融科技巨頭——打造新的監管路徑

導讀

國際清算銀行一直在密切關注大型科技公司及其在金融領域的發展。資料是數字經濟的中心，各大科技巨頭可以通過現有使用者資料，克服金融服務的規模限制，打造“資料-網絡-活動”(DNA)循環。其次，這些公司從各業務線高效地收集不同類型的資料并整合，以開發或改進服務模式，并率先利用人工智能進行資料管理和分析。

科技巨頭可以改善金融服務、提高金融市場效率和增強金融包容性，同時可能會引發行業的快速變化并帶來挑戰。資料效率和隐私之間需要得到權衡；科技巨頭威脅了競争秩序，能夠在細分市場建立主導地位，直接影響市場競争和消費者福利。

中央銀行和金融監管機構也要考量一系列的金融穩定因素。科技巨頭公司有着潛在的系統重要性，這些公司固有的實質性互相依賴性也會帶來風險。然而，現有的行業法規不是針對科技公司設計的，不适用于可能的溢出效應或其潛在的系統相關性。

國際清算銀行一直主張直接監管大型高科技公司，思考如何補充現有的行業法規，讓政府能夠解決科技巨頭公司的監管及其帶來的金融系統性風險。

國際清算銀行提出了三種方法，可以作為新監管架構的基礎。第一，禁止科技巨頭從事受監管的金融活動。這種方法從根本上緩解了對金融穩定的擔憂，但金融領域的大型科技服務的優勢也将削弱。第二，将科技公司的金融服務集中在一家金融控股公司的旗下。這個金融機構必須獨立，以減輕非金融活動對金融活動的潛在影響。但這也會妨礙協同效應和規模經濟的發展。第三，這些科技巨頭需要遵守對管理、業務、營運彈性以及财務穩健性的要求。這種方法适合現有的商業模式。無論選擇哪種方法，實施針對這些公司的監管架構都将充滿挑戰。

作者丨奧古斯丁·卡斯滕斯（國際清算銀行總裁）

Big techs in finance: forging a new regulatory path

Bigtechs and data

Agustín Carstens， General Manager of the Bank for International Settlements

February 8, 2023

We at the BIS have been closely following large technology firms (bigtechs) and their advances into finance1. Bigtechs’ reach extends across a wide range of industries, with existing core businesses grounded in e-commerce and social media, among others. From this base, they have expanded into finance.

To understand how bigtechs can easily make forays into finance, one must grasp the key role of data. Indeed, bigtechs have fully embraced the centrality of data in the digital economy. This is what distinguishes them from other firms. It also shapes their unique characteristics. Let me mention those that are particularly relevant for policymakers.

First, bigtechs can overcome limits to scale in financial services provision by using user data from their existing businesses. Their business model revolves around users’ direct interactions and the data generated as a by-product of these interactions.

They use that data to offer a range of services that exploit the inherent network effects in digital services, a phenomenon where more users attract ever more users. In this way, bigtechs can establish a substantial presence in financial services very quickly through what we call the ‘data-network-activities’ (DNA) loop.

Second, bigtechs collect different types of data from the various business lines they straddle2. They are uniquely positioned to combine that data to uncover patterns and insights that can help them improve their services or offer new ones3.

This combination of different types of data across sectors carries efficiency gains and is key to bigtechs’ provision of digital services.

Third, bigtechs are unrivalled experts in data management and analysis. They devote significant resources to developing or acquiring state-of-the-art technologies. After all, access to large troves of data generates value only if you also have the technological capabilities to analyse it and monetise it.

Bigtechs have been pioneers in leveraging artificial intelligence techniques for this purpose4. To be sure, these capabilities have high fixed costs, but once that is overcome the marginal cost of handling more data is negligible.

Therefore, bigtechs benefit from significant economies of scale in their use of data. For other firms, reaping the benefits of such economies of scale is a tall order.

Data management is thus at the core of bigtech activities, and the financial sector is all about managing information. Coupled with bigtechs’ relentless drive to expand, their growing and already substantial footprint in financial services should come as no surprise.

Moreover, the trend towards greater digitalisation, which the COVID-19 pandemic has accelerated, has allowed bigtechs to fortify their market positions even further.

Public policy challenges

Given their size and customer reach, bigtechs’ entry into finance could trigger rapid change in the industry, generating both opportunities and challenges. The potential benefits of bigtechs’ entry into finance include improved customer outcomes, increased financial market efficiency and enhanced financial inclusion.

For example, BIS research has shown that access to innovative (QR code-based) payment methods provided by bigtechs helps micro firms build up credit history, and the use of bigtech credit can ease access to bank credit5. And there are many more examples.

But it’s not all roses in the garden. The economic features that make bigtechs powerful in lowering costs and supporting financial inclusion also create new challenges for policymakers6.

First, data governance. Bigtechs have large amounts of personal data, and their use comes with a trade-off between data efficiency and privacy. While detailed data may help align products on offer with consumer preferences and lower costs, there are risks to consumers, especially when sensitive data are shared.

Moreover, bigtechs can engage in price discrimination, making consumers worse off7. Restricting the use of data may help, but could have costs for allocative efficiency8.

Second, competition is at threat in the presence of bigtechs. While bigtechs can initially bring greater competition, network effects allow them to quickly build positions of dominance in specific market segments, for example by increasing user switching costs or raising barriers to entry. And the resulting concentration dynamics have a direct effect on market contestability and consumer welfare. Thus, new entry may not increase market contestability. Moreover, in the case of network industries market failures and externalities may arise.

Last, but certainly not least, there are important financial stability considerations which fall squarely within the mandates of central banks and financial regulators. Let me elaborate on specific concerns around the financial stability risks arising from bigtechs in finance.

One concern centres on bigtechs’ potential systemic importance. Financial services currently represent a relatively small part of bigtechs’ overall activities, but this can change rapidly through the DNA loop. They may quickly become ‘too big to fail’.

This gives rise to concerns about the emergence of dominant firms with excessive concentration of market power and a possibly systemic footprint in the financial system.

A second concern is emerging around the risks from substantive interdependencies inherent in bigtech activities9. These arise between bigtech entities because they share data and provide relevant services to each other. They also share technological platforms and applications and use a common payment infrastructure10.

Meanwhile, interdependencies with outside parties arise from joint ventures with financial institutions in providing financial services. These partnerships can entail an opaque distribution of responsibilities that diffuses accountability and hinders adequate oversight. They also have the potential to intensify operational, reputational and consumer protection risks as well as moral hazard issues.

Then there is a third concern around the role of bigtechs as providers of critical services. Financial institutions have come to heavily depend on bigtech technology services, and this is exacerbated by bigtechs’ tendency towards market concentration.

While these services bring many advantages, the widespread dependency on them is forming single points of failure, and hence creating new forms of systemic risk at the technology services level. This type of risk is particularly evident in the market for cloud computing, which is highly concentrated and now dominated by a handful of bigtechs11.

As a consequence, disruptions in the operations of one bigtech could have a substantial impact on the financial system12. In other words, greater operational risks can translate into greater financial stability risks, especially when critical services are highly concentrated.

The concerns I have just discussed are aggravated by shortcomings in the current regulatory approach, which is not fully fit for purpose to deal with the unique set of challenges arising from bigtechs’ entry into financial services.

The current regulatory approach and its shortcomings

Most financial activities in which bigtechs engage are governed by sectoral regulations. And the existing ones can at best partially address the risks I outlined earlier.

These regulations are grounded on the main supervisory concerns in each sector, be they the protection of depositors, policyholders or investors. They were not designed with bigtechs in mind and therefore are not geared towards possible spillover effects across all the activities bigtechs perform, or their potential systemic relevance.

And yet they determine the applicable regulatory treatment for bigtechs’ financial activities, the width of the regulatory perimeter and the reach of supervisory oversight.

Importantly, such regulations tend to follow an activity-based approach, where providers must hold licences for specific business lines13. Activity-based regulation constrains an activity on a standalone basis by imposing restrictions on how it can be performed.

It does not vary according to the type of entity that performs the activity. It also does not consider possible spillover effects from other activities performed by the same entity14.

In contrast, entity-based regulation constrains a combination of activities at the entity level by imposing restrictions on an entity’s characteristics that affect the likelihood and repercussions of its failure. Such combinations of activities affect an entity’s resilience.

The financial stability risks of such combinations cannot be addressed by constraining individual activities, without any controls on the critical interactions across bigtech entities and their activities. In short, a purely activity-based framework for regulation is ill suited to address the policy challenges bigtechs pose.

Forging a new regulatory path

Without a doubt, a regulatory re-think is warranted, and we need a new path to follow. One that considers the key role of data in bigtechs’ DNA-based business model. One that strikes the right balance between benefits and risks.

We at the BIS have argued for some time now that we have to go one step further and regulate bigtechs directly15. More concretely, we need to consider how best to complement existing activity-based rules under sectoral regulations with group-wide entity-based requirements that would allow authorities to address financial stability risks emerging from the interactions between the different financial and commercial activities that bigtechs perform16.

It is high time to move from theory to practice and consider tangible options for regulatory actions. Now let me attempt to put forward a blueprint for thinking about what such options could look like.

Recent BIS publications have identified three regulatory approaches that could serve as a basis for a new regulatory framework for bigtechs in finance17.

First, the restriction approach would prohibit bigtechs from engaging in regulated financial activities. It follows the logic inherent in the traditional separation of commerce and banking that prevails in many jurisdictions.

This approach radically alleviates financial stability concerns as bigtechs would be left only with their non-financial business lines. Yet it would deprive them from using big data to solve asymmetric information problems, for example assigning credit scores to small and opaque firms that do not have collateral18. It would therefore remove the numerous benefits that bigtech services in finance have brought.

Second, the segregation approach would require a bigtech’s financial services to be grouped together under the umbrella of a financial holding company. This financial subgroup would have to meet prudential and other requirements. And it would be ring-fenced to mitigate the potential for contagion effects from non-financial to financial activities.

This could be achieved by banning the use of common group-wide technological platforms and any form of data-sharing between the financial and non-financial parts of the bigtech group.

This approach is conceptually simple, increases the transparency of a bigtech’s organisational structure and facilitates oversight. Yet it would prevent bigtechs from realising synergies and economies of scale, and from generating insights from data generated across sectors.

It would therefore come with some of the shortcomings of the restriction approach. In all likelihood, this would lead – at least some – bigtechs to exit financial services altogether.

Third, the inclusion approach would make bigtechs with significant financial activities subject to group-wide requirements on governance, conduct of business, operational resilience and, only when appropriate, financial soundness.

This is because most bigtech risks are not strictly related to their financial soundness but their data-driven business model. Requirements would be levied on the group as a whole, including the bigtech parent.

This approach is tailored to existing business models. It acknowledges the fundamental role of data within bigtech groups and their tendency to use them to achieve dominant market positions.

As such, it would not prevent bigtechs from making efficient use of data collected from different activities, like the previous two approaches, as long as they observe sound data governance principles and effective pro-competition rules on a group-wide basis.

However, the inclusion approach is more complex than the segregation approach, as it requires effective monitoring of global groups that conduct a large variety of activities.

The segregation and inclusion approaches are to some extent mutually compatible, and in practice a combination of both may be desirable. Such a holistic approach could combine a prudential sub-consolidation of the financial part of a bigtech group (as under the segregation approach) with group-wide requirements on governance, conduct of business and operational resilience (as under the inclusion approach). Importantly, it would avoid efficiency losses in the use of data that (too) tight ring-fencing measures could cause.

Regardless of the approach chosen, the implementation of any comprehensive entity-based regulatory framework for bigtechs is beset with challenges and raises a host of practical questions.

One is how to ensure effective cooperation and information-sharing between financial, data and competition authorities at the local and crossborder level.

Another is whether any one authority has the expertise required to serve as lead supervisor for global groups that engage in a wide set of data-driven financial and non-financial activities.

Yet another is about enforcement and extraterritoriality, especially when bigtech services are performed by entities incorporated in foreign jurisdictions. This, together with unavoidable political considerations, may also explain why progress towards a new framework has been slow19.

And, I’m afraid to say, as we are working on devising an adequate policy response to bigtechs, challenges will continue to emerge. Innovation never rests, as recent advancements in artificial intelligence and the emergence of quantum computing make clear. But I am confident that the international community will find ways to address current and coming challenges.

ConclusionTo support the search for answers, a thorough international policy debate is essential. After all, international standards are the only way to shape a consistent policy response. As the saying goes, policymaking is poetry, implementation prose. But before we can even think of implementation, we need to consider the right policies.

編譯：黃津怡

本制：董熙君

來源｜BIS

版面編輯｜邸馨逸

責任編輯｜李錦璇、蔣旭

總監制｜朱霜霜

近期熱文

• 海外之聲丨IMF副總裁：數字化助推亞洲生産力發展
• 海外之聲丨IMF研究部主任：全球經濟仍将進一步放緩
• 海外之聲丨IMF副總裁李波：全球監管機構需迅速行動遏制加密貨币風險擴散
• 海外之聲丨IMF總裁：今年中國GDP增速将達到5.2%
• 海外之聲丨國際清算銀行總經理：迎接新興市場央行的新時代