The words ‘regulation’ and ‘regulatory’ could once be guaranteed to strike fear into the heart of any financial organisation. Fintechs have largely risen to the challenge of legislation and even thrived as a result of it. But as the sector evolves the challenges of central bank and government legislation are never far away. We look at the regulatory changes that could change the landscape yet again.
The dynamism of fintech companies puts them at the cutting edge of regulatory changes and often the instigators of it.
Two main shifts in regulation will be watched closely by fintechs in the coming months - those around data protection and artificial intelligence (AI).
Regulation and data
Regulation around data and who owns it, is probably the most pressing and relevant issue facing companies, not least fintechs.
Adam Mayer, a director at Qlik points out that for the last four years, GDPR has provided a framework for businesses’ data protection policies.
“But this changed in May when a Data Reform Bill in the Queen’s Speech outlined the UK’s Government’s plans to reform GDPR legislation.”
From box ticking to outcomes
The bill will aim to shift the focus of data protection legislation to privacy outcomes rather than, what the Government calls, “administrative box-ticking”.
This means a much-lauded reduction in paperwork but it could still cause challenges, adds Mayer.
“While any immediate reduction in paperwork would undoubtedly be welcomed by businesses, the Government has a tough balancing act to walk. First, people now have higher expectations regarding the protection of their personal data, so it is important that any changes to reduce compliance processes are not seen to be a weakening of data.”
The Data Reform Bill
Michael Buckworth of legal firm Buckworths said the general intention of the bill appears to be to de-regulate the processing of personal data in the UK but it could prove challenging to companies because of Brexit.
“The problem for the government is that if they go too far in the direction of de-regulation, they risk calling into question the UK's adequacy decision which allows businesses to transfer personal data relatively freely between the UK and EU.”
“Whilst businesses may welcome the removal of compliance obligations, they will likely not appreciate any revocation of the UK's adequacy decision and greater friction in terms of data transfers with the EU. What is more, businesses who process personal data about EU nationals will remain subject to EU-GDPR in any event and so may end up having to comply with two different regimes."
AI and regulation
Other incoming regulation in the UK will include the use of artificial intelligence.
But any regulation will be markedly different to the EU’s AI Act.
Last year the UK government published its National AI Strategy which outlined its aims to turn the UK into a global Artificial Intelligence (AI) ‘superpower’ in the next decade.
The strategy appeared to take on board the findings of the Artificial Intelligence Public-Private Forum, AIPPF which ran for one year between October 2020 and 2021.
The joint forum, run by the BoE and Financial Conduct Authority (FCA), did identify benefits in the use of AI to consumers and businesses but it also outlined the risks inherent in some AI models.
The AIPPF insisted that firms need to demonstrate why and how they were using AI and that its use should be “subject to a documented sign-off policy”.
The National AI Strategy will, said according to Kwasi Kwarteng, Secretary of State for Business, Energy and Industrial Strategy, build: “the most pro-innovation regulatory environment in the world; to drive prosperity across the UK and ensure everyone can benefit from AI; and to apply AI to help solve global challenges like climate change."
He said: “Whilst the UK government recognises the potential dangers of AI technologies and the need to protect the public, it states its intention to implement an effective governance regime that encourages scientists, researchers and entrepreneurs to innovate. This proposed approach emphasises the government’s position that less regulation will encourage innovation in the sector, and the intention to establish the UK as a ‘safe harbour’ for the development of AI technologies. The government views AI as a sector of major economic competitive advantage for the UK.”
So could light-touch regulation of AI mark the UK out for fintechs? We will have to wait and see.
What next? Crypto?
Buckworth believes there is likely to be further regulation of crypto-assets, cryptocurrency-based assets. He said fintechs looking to develop technology in this sphere needed to be aware that these digital assets may come under more scrutiny.
“Increasingly financial institutions are engaging with crypto-assets. E-money tokens and security tokens as well as derivatives and exchange traded tokens that relate to crypto-assets are already regulated in the UK.”
Buckworth points out HM Treasury has consulted on adding additional classifications of crypto-assets to the list of regulated financial instruments and the FCA's temporary registration regime for crypto-asset businesses closed on 1 April 2022.
He added: “Now AML registration is mandatory for custodian wallet providers and exchanges and additional information is likely to be required on transfers of crypto-assets in the near future.”
Buckworth it was likely that heavy falls in the value of crypto-assets and the continual news stories about retail investors losing all their savings from ill-informed investments in high-risk crypto-assets will prompt UK regulators to further look at how crypto is regulated in the UK. “Expect further regulation over the next 12months or so,” he warned.