Out-Law Analysis 4 min. read
06 Aug 2018, 1:53 pm
The report was published by the US Treasury last week. It addressed the US approach to issues such as 'open banking' and APIs; the use of cloud-based solutions; and regulatory sandboxes, all of which are live topics elsewhere in the world.
The US Treasury's report, entitled 'A financial system that creates economic opportunities - nonbank financials, fintech and innovation', included recommendations to modernise the US financial services sector and better support nonbank financial institutions to embrace financial technology and foster innovation.
The aim was to ensure that the US financial sector remains competitive and responsive to the market disruption that fintech represents.
The key messages in the report are:
One of the challenges with the US financial services sector is its scale and the diversity of US financial institutions: unlike the UK which has a more concentrated market, the US has a range of financial institutions from large global banks through to community banks.
An additional complication is the interplay between state and federal law. If something is regulated at a state level, this can result in up to 50 different sets of requirements.
An example of this is in relation to cyber breach notification, which is currently regulated at state level. That means there are many inconsistencies as between states, such as what data is covered by the definition of personal information and the timing and form of breach notification. To address this, the US Treasury is recommending that a federal data security and breach notification law be put in place.
The US Treasury report is interesting because the key areas it identifies for development resonate with the 'hot topics' elsewhere in the world. The US has been observing trends in the UK, Europe, Singapore and Australia around issues such as open banking, cloud and regulatory sandboxes. Although there are aspects of the US financial market that mean that examples from other jurisdictions cannot just be 'lifted and shifted', it is clear that the US is keen to learn lessons from other markets.
One consistent theme in the report is the desire for consistency of approach across the US and for more regulation to be carried out at a federal level, rather than risking inconsistencies creeping in at state level. Generally, there is also a recognition that regulation needs to operate in an agile way to keep up with fast-moving market trends.
Although APIs are made available, it is reported that APIs are often unilaterally restricted, terminated or interrupted, meaning that screen scraping is felt by those accessing data to be the more reliable source of data.
The US Treasury looked at the UK 'open banking' experience so far and although the US Treasury found it to be instructive, the report comments that the UK's financial services sector is different to that of the US in terms of diversity of financial institutions, size and nature, and therefore it was not possible simply to replicate what the UK has done. However, the US Treasury is keen to observe and learn lessons.
Like the UK and European regulators, the US Treasury recognises the potential for cloud to provide scale in IT systems and to allow rapid innovation.
Also like the UK and Europe, financial institutions in the US have been slower to adopt cloud than other sectors, but there is an expectation that cloud adoption will increase. One catalyst for this is cyber security threats – the US Treasury recognises that the cloud technology players have the resource and expertise to invest in technology to combat cyber threat, as opposed to financial institutions trying to keep up with threats to their legacy infrastructure.
The US Treasury points out that current US regulatory guidance around cloud is felt to be inconsistent or unclear or not well adapted for cloud. This resonates strongly with the UK and European experience, where before recent FCA and EBA guidance on cloud financial institutions were trying to apply standard outsourcing guidance to cloud outsourcing, which often caused frictions.
However, we in the UK know that notwithstanding that there is now more specific cloud guidance in the UK and Europe there are still challenges around its interpretation, with financial institutions feeling that at times that the guidelines are still not sufficiently precise or at times seem inconsistent. It is interesting that the US Treasury picks out audit rights and chain outsourcing as examples of tricky areas where regulation needs to improve – arguably there is still room for improvement in the UK and European guidance in these areas.
The US Treasury has recommended that a regulatory sandbox be created in the US to address current market frustrations at the number of agencies at federal and state level that need to be consulted when bringing a new product or service to market. The view of business, according to the report, is that this is stifling innovation.
The US Treasury has commented that it is beneficial for regulators to permit meaningful experimentation in the "real world", subject to appropriate limitations. This is the same rationale that has led to the FCA's regulatory sandbox, which is now entering its fourth cohort.
Generally, the US Treasury is advocating a more agile regulatory approach. It said: "Agile regulation requires regulators to acquire and understand existing and emerging technologies, to engage with developers and first-movers, and to hire and retain staff with the appropriate technical expertise."
Yvonne Dunn is an expert in financial services and technology law at Pinsent Masons, the law firm behind Out-Law.com.