Can regulators catch up to tech changes?

Policymaking has moved at an agonizingly slow speed compared with the exponential growth of technology, leaving regulators and lawmakers facing a huge task over how to keep up. 

By Joe Adler

WASHINGTON — Nearly 3,000 miles separate Silicon Valley and Washington, D.C. But comparing the pace of progress in the two locales, they may as well be different solar systems.

Take the Dodd-Frank Act in 2010. The post-crisis law created a consumer protection regulator, eliminated a thrift regulator, empowered the Fed to tighten its supervision of big banks, and launched a committee of regulators to combat systemic risks, among other changes. Against the history of bank policymaking, Dodd-Frank was a big deal.

Banking 2025

Yet it was merely a drop in the bucket next to the tectonic movements in digital technology. In 2010, bitcoin and Venmo were in their infancies and Apple’s cellphone market share trailed Nokia’s. 2020 is like a new century in tech development.

With policymaking moving at an agonizingly slow speed compared with the exponential growth of technology, regulators and lawmakers face a huge task heading into a new decade. By 2025, despite efforts to close the gap, policymaking could fall even further behind. Given the goals of the tech firms like Google, Amazon, Apple and Facebook to get deeper into financial services, the tension between those who want to innovate banking faster and a regulatory system designed in many ways to slow change will only intensify.


Perhaps the biggest puzzle for regulation to solve is the intersection of big tech and financial services.

“Financial services are regulated as a sector. Now you see Google and Amazon — these big-tech, commercial entities — starting to blur that line,” said Kelly Cochran, a former official at the Consumer Financial Protection Bureau who is now the deputy director of FinRegLab.

“Does the financial sector stay distinct? Does financial data stay distinct? If so, how does that happen when all this line-blurring is going on? I'm not exactly sure how it will play out. But I strongly suspect that's going to be the central question over the next five years,” Cochran said.

What will regulators do to catch up?

A broad regulatory reform push by 2025 to address fintech appears unlikely. Instead, observers see piecemeal changes perhaps in response to singular market developments or crises, while agencies will continue a process already underway to digitize the regulatory process and streamline their assessment of banks’ fintech solutions.

“We’ll certainly have organic change. We might have crisis-driven change. But I think what actually is going to happen and is needed is something in the middle,” said Jo Ann Barefoot, a former regulator and congressional staffer who heads the Alliance for Innovative Regulation. “That is, not structural change in the sense of creating a new Department of Financial Technology Oversight … but rather new modes of working by the regulators.”

With the past five years as a guide, there is little doubt that the steady advance of digital technology, automation and artificial intelligence over the next five years will further reshape how consumers handle their money. Data-focused tech companies will continue to venture into financial services, redefining what it means to be a bank and even obscuring the lines between financial and commercial companies.

That evolution is certain to set off policy debates over new proposed charter types, regulatory frameworks and activity restrictions. The growing dominance of data in financial services will lead regulators and lawmakers to zero in on who owns that data, how to protect consumers’ privacy and the risk of criminals using financial technologies to launder money.

But despite such a rapid transformation in the financial services sector, policy experts doubt Congress will pass comprehensive regulatory reform to keep pace.

“It's very unlikely that there will be this ‘aha’ moment — a Big Bang or sweeping change in policy towards financial technology,” said Michael Barr, the dean of the University of Michigan’s Gerald R. Ford School of Public Policy and a former Obama Treasury Department official.

Policymakers will instead respond in more discrete ways.

“It’s much more likely that you'll see a series of interventions, maybe around many mini-crises, or maybe around many mini-possibilities for innovation or mini-realizations about important areas,” Barr said.

Incremental change has limitations

Many have been encouraged by the progress of agencies like the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency and the CFPB to build in-house units focused on innovation.

There appears to be a sincere desire among regulators to understand both digital products offered by banks and new compliance tools, as well as utilize their own data-focused tools to make regulatory oversight more efficient.

Examples include the OCC’s work to develop a specialized fintech charter, although no firm has yet applied as the charter has hit legal roadblocks. The CFPB has advanced vehicles to give fintech startups running room to test products without the looming threat of an enforcement action. FDIC Chairman Jelena McWilliams, meanwhile, has been credited with bringing a new innovation-focused attitude to her agency, illustrated by her participation in a recent transatlantic “tech sprint” — in which teams demonstrated new anti-money-laundering tools — co-hosted by the Financial Conduct Authority.

“Candidly, the FDIC was probably the most cautious of the regulators a few years back,” said Barefoot, whose alliance helped put on the tech sprint. “And now” McWilliams “has set a goal — these are her words — of transforming how they supervise banks during her term, which has three and a half years left, and doing it in a way that will survive long after she's gone. … Increasingly, we are seeing bold leadership.”


Adrienne Harris, who was a special assistant to President Barack Obama at the National Economic Council, said officials have to thread the needle of protecting the financial system from mishaps while still cultivating innovation.

“From the innovation offices to other types of engagement that we're seeing from policymakers, a lot of this will continue to develop organically as all the stakeholders are trying to find the right balance between mitigating risk and making sure the market’s able to seize opportunity responsibly,” said Harris, a policymaker-in-residence and Gates Foundation senior fellow at the University of Michigan.

But an incremental, organic approach to setting federal policy for the profound technological change in the financial services sector has limitations. Analysts say a better scenario is for the legislative and executive branches to develop a more comprehensive framework to enable innovation while safeguarding the system from new risks.

“If we had sufficient political attention and will not just in the Congress, but in the regulatory agencies, to get together in a concerted way, we'd be much better off as a country — if we pushed forward aggressively to have an innovation policy on fintech that balanced all these issues, that took care of consumers, that was pro-innovation,” Barr said. “As a predictive matter, how likely is that? I don't think very likely.”

Tech will obscure line between financial, nonfinancial regulation

A structural policy already in play that appears likely to grow more complicated in the next five years is the blurring of lines between banks, other types of financial companies and commercial firms.

The aim of tech giants such as Google and Facebook to be more involved with consumers’ money highlights the fast-growing emphasis on consumer data as a commodity in the financial services sphere. But that leads to questions about who regulates the use of data across different sectors, not to mention who owns the data and how portable it should be. Meanwhile, longstanding efforts to pass legislation strengthening data security and privacy have yet to succeed.

A future policy debate could revolve around whether an existing agency such as the CFPB or the Federal Trade Commission is given new powers to oversee the use of consumer data for financial purposes, or whether Congress creates a new agency for that purpose.

“One of the advantages to the Federal Trade Commission structure right now is that it has both competition and consumer protection within the same agency,” Cochran said. “There are some real advantages when it comes to data issues to having both of those lenses being used at the same time.”

Factors such as a massive data breach or concerns about the reach of a private-sector cryptocurrency could force Congress to finally enact strong cybersecurity standards or take steps to protect consumers’ privacy.

Amy Friend, a former staffer on the Senate Banking Committee and former general counsel at the OCC, recalled how — even before the debate over Dodd-Frank — the financial crisis spurred lawmakers finally to pass a sweeping credit card reform bill in 2009. At the time she worked for then-Chairman Chris Dodd, D-Conn.

“What enabled the CARD Act to move forward was lawmakers, particularly the chairman of the Senate Banking Committee, saw the opportunity during the financial crisis, when the banks really couldn’t muster the lobbying force to lobby against it,” said Friend, referring to the Credit Card Accountability Responsibility and Disclosure Act.

Areas such as privacy and data portability are “ripe for legislation,” said Friend, now a senior adviser at FS Vector. “Privacy is something that Congress has been trying to do for many, many years, even before where we are right now with more intrusive technology.”

But Friend acknowledged that the 2008-10 financial crisis was like a “100-year flood,” and said it’s unlikely the next five years will produce anything that results in sweeping financial reform.

“Creating the CFPB” in Dodd-Frank “was an enormous heavy lift,” she said. “Is it possible that we have a catastrophe involving fintech? What’s more likely is, if something needs to be regulated more comprehensively, they say, ‘Look at CFPB; it already has really broad jurisdiction.’ Or they could make the OCC a chartering authority. Creating a new agency is just really hard.”

Getting the Barney Franks and Steve Jobs to work side by side

The broad powers given to the CFPB, and the authority of the Financial Stability Oversight Council to designate nonbank firms for tougher supervision, are tools that could be adapted for a future crisis related to technology or otherwise.

“I don’t think you need to throw the baby out with the bath water — to start from scratch to get a new regulatory system,” said Mehrsa Baradaran, a banking law professor at the University of California, Irvine.

For example, Baradaran said, if a fintech-related product is widely seen to be discriminating against certain consumers, the CFPB would already have the legal mandate to address that.

“Look at the function … and then pick a regulator. You actually don’t need to have some tech expert that looks at discrimination,” she said. “You actually have to know a little bit about how discrimination works, not necessarily just how the tech works.”

Still, Barefoot said, the regulatory agencies will need to hire more tech- and data-oriented personnel in the coming years to complement their policy experts, both to respond to innovations in the industry and hone technology for their own supervisory process.

“In my speeches, I have a slide that … shows a picture of Barney Frank, and a picture of Steve Jobs on the same slide, and I say, brilliant people at the top of their respective fields of knowledge, that if you give them the same problem to solve, they would tackle it in completely different ways,” she said. Getting “that kind of talent side by side, looking at financial regulation,” will help regulators think “about what are the best technologies we could use.”


Innovative future for regulation will be large focus

With regulators setting out to be more innovation-focused, a variety of nongovernmental groups are trying to aid the process, conducting projects looking at the future of financial policy for both the policymakers and financial services companies.

Harris and Barr are involved with the University of Michigan’s Center on Finance, Law and Policy, which has developed projects looking at the future of central banks and small-business consumer protections tied to fintech, among others.

The center’s Central Bank of the Future deals with how those central banks might evolve so that financial inclusion becomes a core part of their mission.

“Part of our task is to think about technology that those institutions could leverage in the ‘regtech’ or ‘suptech’ arenas, ways they might change their processes, how they might even change their explicit mandate such that they would be in a position to better promote and foster financial inclusion around the world,” Harris said.

Barefoot’s group is developing what she called a “regtech manifesto” on steps to make the regulatory system more innovative, as well as a legal memo in concert with the Buckley law firm on the statutory impediments for regulators to incorporate more tech-focused tools.

“We have to get the information in the regulatory system into digital form so that we can see it. The information that we use to oversee banks … is mostly locked up. It’s opaque,” she said. “They need smarter data. They have to become data-centric. I’m optimistic that there is fast-developing interest in this.”

FinRegLab, meanwhile, has conducted a project focused on the predictive power of cash-flow data — versus more traditional factors such as credit scores — in the underwriting process.

Cochran said even though “there could be regulatory changes that would come in connection with using this data more often … it’s permissible for people to use it now.”

“It's just that a lot of people don't” use it, she said. “If you adjust underwriting models to incorporate new information, what are all the issues that come along with that adjustment? If you can figure that out in the cash-flow space, that might be very useful to the extent that people want to use some other kind of data downstream.”