Home Policy & Governance Regulate to innovate: financial supervisors strive to keep the pace

Regulate to innovate: financial supervisors strive to keep the pace

Global Government Fintech Lab 2024 panel session four: Parma Bains (moderator), Denise Delaney, Marine Krasovska, Moad Fahmi, Jon Reidar Testad and Steve Barr | Credit: Deirdre Brennan


The IMF’s Parma Bains steered a discussion with financial authority representatives from Ireland, Latvia, Bermuda and Norway, plus the private sector

Financial regulators face the challenge of maintaining financial stability and protecting consumers while enabling innovation in the companies they supervise.

The fourth panel session of the Lab (25 April) – ‘Financial regulators and innovative technology: on the right path?’ – saw the International Monetary Fund (IMF)’s Parma Bains introduce and moderate a discussion that spanned questions such as: how central banks and supervisory authorities can manage this classic challenge of balancing risk with (technology-created) rewards; structural considerations, such as how innovation hubs and sandboxes are helping their engagement with private-sector projects; and how authorities are modernising their own operations using emerging technologies.  

Bains was part of the team that set up a UK Financial Conduct Authority (FCA) Innovation Hub in 2014 and, two years later, the world’s first regulatory sandbox (also at the FCA). After moving to the Washington DC-headquartered IMF in 2020, he has worked on the establishment and review of innovation hubs and sandboxes worldwide.

He was invited by Global Government Fintech to begin the session by summarising an IMF paper, ‘Institutional Arrangements for Fintech Regulation: Supervisory Monitoring’, which he co-authored last year.

The paper urged authorities to think carefully about whether establishing new structures such as sandboxes to help with private-sector engagement is worthwhile, stating that for most authorities existing structures will likely do a better job; and that that sandboxes are ‘not a sensible fix to underlying problems with supervisory structures and could amplify existing problems as well as allow authorities to carry out risk-washing’.

RELATED ARTICLE Sandboxes could ‘amplify problems’: IMF analysis questions many test-spaces’ impact – a news story (11 September 2023) based on the above paper

Types of sandboxes

Parma Bains at Global Government Fintech Lab 2024

Bains opened by focusing on definitions, describing an innovation hub as a ‘dedicated unit or team that acts as a central contact point for firms wishing to deploy innovative technologies in financial services’; and a sandbox as a ‘controlled environment for firms to test innovative propositions with real-life consumers in a live market.’

He mapped out different sandbox types: regulatory sandboxes (which constitute “about 95 per cent” of sandboxes and are “in essence” product-testing sandboxes); policy-testing sandboxes (for example, the in-development UK Digital Securities Sandbox); digital sandboxes (“API [application programming interface] marketplaces that allow firms to connect with information, either provided by the regulator or by firms, which could be real data or synthetic data”); cross-sector sandboxes; cross-border sandboxes; and thematic sandboxes.

“We published a review of more than 100 sandboxes and innovation hubs, and our conclusions were very clear,” Bains said, summarising the paper. “There is limited evidence that most sandboxes deliver the mandate or the goals that the organisation wants them to achieve. The majority of sandboxes that we saw have very little demand and then very little utilisation.”

He acknowledged, though, that “in the right circumstances”, sandboxes can prove to be “fantastically useful”.

“Many authorities set up these sandboxes with such vague and nebulous language in terms of what ‘success’ is,” he said. “But they might work as a ‘signaling’ device. And I do think that, going forward, some forms of product-testing sandbox, as well as policy and digital sandboxes, could deliver some genuinely decent outcomes.”

RELATED ARTICLE Ireland hosts public sector fintech pioneers in Dublin for third ‘Lab’ – an on-the-day event summary of Global Government Fintech Lab 2024

‘Broader package’ of engagement

Denise Delaney at Global Government Fintech Lab 2024

Denise Delaney, head of the policy and risk horizontal function in the Lab host nation’s central bank, was invited to set out the authority’s innovation-related activities (she also spoke at the 2023 Lab).

The Central Bank of Ireland ran a consultation on ‘innovation engagement’ from November 2023 to February 2024 as it looks to enhance an existing Innovation Hub, which launched six years ago, and launch what it is referring to as an ‘innovation sandbox programme’.

“One thing that came up quite a lot when we engage with fintechs [companies], particularly the smaller start-ups, is: ‘we don’t know what your expectations are… it’s not clear what the regulator thinks on certain things’,” Delaney said.

She highlighted that a ‘Financial Industry Forum’, set up by the central bank in 2022, has an ‘innovation sub-group’, among other routes through which it engages with the private sector on fintech matters 

Her main introductory point was that the Central Bank of Ireland’s individual structures and forums should be viewed as part of a broader package of external engagement initiatives, all ultimately driven by a theme of a strategy being to be ‘future-focused’.

RELATED ARTICLE Irish central bank preps sandbox launch after ‘broadly positive’ feedback – a news article (7 June 2024) on details about how the proposed ‘innovation sandbox programme’ will operate after ‘broadly positive’ consultation feedback

Sandbox perceived ‘like an accelerator’

Marine Krasovska at Global Government Fintech Lab 2024

Marine Krasovska, head of the fintech supervision department at Latvijas Banka, was next to provide introductory remarks (she spoke at the same 2023 Lab session as Delaney and also on the EU digital finance agenda at the 2024 Lab).

The Baltic nation’s central bank operates both an Innovation Hub and sandbox.

Challenges operating Latvijas Banka’s sandbox include that companies misunderstand what they need to do and its purpose, Krasovska kicked off by saying. “They do not read all the regulatory requirements, webpages or any kind of recommendation. They consider that the sandbox is very [similar] to a ‘business accelerator’ and also [that] it is a kind of tool that will give you the ‘green mark’ [approval] from the regulatory side that you are ‘checked’,” she said.

One further challenge stems from younger companies’ typical lack of access to sufficient ‘real’ customer data, which they can also struggle to get established banks to release, Krasovska said. However, she highlighted an example where the central bank had created anonymised data and itself tested (internally) a RegTech (regulatory technology) company’s solution, with the company repaying the favour by drawing up a list of recommendations (based on its sandbox activity) to the central bank’s anti money-laundering (AML) specialists.

Krasovska aired a rhetorical consideration about the extent to which innovative concepts, as they become more established, can continue to be considered ‘innovative’. As an example, she argued that ‘open banking’ had been around long enough to have outgrown such a label.

RELATED ARTICLE Evolving engagement: governments forge new frontiers with fintech – a write-up of the Global Government Fintech Lab 2024’s opening panel session featuring representatives from Ireland, Austria and Slovenia

Biometric payments and AI

Latvijas Banka’s Innovation Hub is in “very high demand”, registering an average of “at least one” in-depth company engagement per week, Krasovska continued.

The central bank has also “enhanced broader expectation” of the Innovation Hub, she continued, explaining that it is used not only for interactions with individual companies but also as a “platform for discussions” with the private sector on overarching matters.

It has been used as a conduit to promote and host roundtable discussions with industry representatives, for example as a forum for cryptoasset service providers to make proposals on national implementation of European Union (EU) regulation.

Responding to Bains’ research’s findings that sandboxes are often underused, she said that – in Latvia’s case – authorities had adapted its framework (rules for admission) to “disclude” a pre-requisite that companies must already be licensed.

Latvijas Banka has observed growing interest in its sandbox from companies providing currently unregulated biometric payment technology (such as enabling people to pay with their eyes or handprints), as well as AI applications in the financial sector. “We want to focus the sandbox more [on] AI solutions,” she said.

Fintech: three standout components

Moad Fahmi at Global Government Fintech Lab 2024

Moad Fahmi, chief fintech officer at the Bermuda Monetary Authority (BMA), was the session’s third speaker (he also spoke at the 2023 Lab). He used his opening remarks to pick up on comments made by Bains, who had questioned whether there was such a thing as a ‘fintech sector’, given the wide variety in size and type of company that provide technology-enabled innovation in financial services (and the variety of those services).

“I think there are three main components to ‘fintech’ that make it significantly different than anything we’ve seen before and, for those reasons, I think we need to rethink entirely how we design our regulatory frameworks,” Fahmi said.

First, fintech is growing “exponentially”, necessitating regulators to “spend significant time and resources looking at things that are small and that may not matter”. As an example, he said that 10 or so years ago or so, regulators were “not that particularly interested in [and] did not necessarily understand” digital assets, thinking they were “maybe just a fad”. But, he said, “it proved that it required quite a bit of regulatory response once it started growing much faster”.

Second, the importance of platforms compared to sectoral delineation. “For that reason, there’s convergence between different sectors and that usually means that some of our frameworks will not work very well,” Fahmi said. “Obtaining multiple licences can be a little bit of a deterrent and also ineffective, both in terms of innovation but also supervisory resources.”

Third, the importance of international co-ordination. “Very close international collaboration [is needed] between regulators, and thinking about what it means when one company operates in 200 countries,” he said.  

RELATED ARTICLE SupTech on the rise: financial supervisors explore innovative technology – a write-up of a session at the Global Government Fintech Lab 2023 featuring Moad Fahmi (and representatives from Norway and Croatia)

Data dependence and problem statements

Jon Reidar Testad at Global Government Fintech Lab 2024

Jon Reidar Testad, senior adviser for digitalisation and innovation in the Department of Digitalisation and Reporting at the Financial Supervisory Authority (FSA) of Norway (Finanstilsynet), was the next speaker.

He described the Scandinavian nation’s FSA as having shifted ‘IT and digitalisation’ from being a supporting function to a core function.

“Everyone wants to be more data driven and this makes sense because we are more data-dependent than before,” he said. “One of the interesting and challenging parts of this is how we can structure and utilise [growing] amount[s] of data,” he added, stating interest in robotic process automation (RPA) and artificial intelligence (AI).

Steve Barr, global industry advisor at Microsoft Worldwide Public Sector (one of the Lab’s knowledge partners), used his opening remarks to emphasise that it was important to define clearly any “business problem” and desired “business outcome” that newly proposed innovative solutions are for, instead of starting with the technology.

He provided examples to illustrate the point. The first related to the UK’s exit from the European Union (in January 2020). Barr recalled that technology was viewed by some as having the potential to “solve” some of the practical challenges created by Brexit, such as with cross-border trade. But potential use of technological solutions was stymied by a lack of policy and regulatory clarity.

He then raised examples of more successful scenarios, both involving the use of AI: work with tax officials on ‘anomaly detection’ to tackle fraudulent invoices in Latin America; and work related to beneficial ownership (who ultimately owns or controls an interest in a legal entity or arrangement, such as a company) to help improve public procurement.

RELATED ARTICLE ‘Your entire organisation needs to be an “innovation lab”’: Australia central bank data chief – an article (25 September 2023) reporting on a panel discussion at the European Central Bank-hosted ‘Supervision Innovators Conference 2023’

‘Getting closer to cracking it’

Bains asked the panel whether regulators should be ‘bolder in shaping the direction of the market’.

“Bolder is not typically a word you use for regulators,” Delaney responded. She referred back to the Central Bank of Ireland’s strategy’s ‘future-focused’ theme. “We can’t deliver consumer protection if we’re not looking at what’s happening in fintech and innovation,” she acknowledged, emphasising that any central bank’s challenge was to balance opportunities that are “clearly” being created by innovation and fintech with risks.

“It can be challenging for us but I think we are cracking it – or we’re getting closer to cracking it,” Delaney continued. “We understand more what technology, what fintech, what innovation is. I think we’re getting better at helping newer firms or firms innovating. Actually, it’s much broader than firms, it’s the whole ecosystem. We’re getting better at explaining what we mean when we say ‘have good controls’; when we say ‘have risk management’; why we expect certain things. I think when you have those two groups – the regulator and the innovators – understanding better what’s happening, then you have a more fertile ground and more fertile place for innovation to grow in a safe and responsible way, and that then obviously feeds into delivery of our mandates.”

Barr had the view that financial regulators and policymakers often do “need to be bolder”, observing a problem with “skills around understanding new technologies and their impact.”

He gave an example from the UK, where he said that the launch of ChatGPT in November 2022 seemed to give a kick to policymakers to accelerate their thinking. “There was quite a rush to get policies out and regulations, and I feel like it’s been a constant catch-up, because by the time they’ve done that, technology has moved on again,” he said. “I think they’ve just got to get more involved at an earlier stage and be more collaborative rather than combative – which is how it feels – so that technology evolves in a responsible way,” he said.  


Four lessons from Bermuda

Bermuda introduced a Digital Asset Business Act in 2018, as well as a regulatory sandbox (‘Insurance Regulatory Sandbox’) and Innovation Hub in the same year. Fahmi was asked what lessons had been learned from being – in Bains’ words – a jurisdiction where authorities ‘have moved quite early’ on regulation and supervision of cryptoassets (in particular).

“Having a comprehensive framework is key,” Fahmi responded (a first lesson). “We have decided on a very broad definition of ‘digital assets’. It reduces uncertainty linked to ‘which bucket do I fall in?’ and then ‘which requirement should apply to my firm?’. It future-proofs the framework a little bit as well, and it also enables us to focus on: ‘what are the actual risks beyond ‘what bucket do I fall into’?’. Similarly, we have very wide activity coverage within the framework because we find that risk exists in the entire value chain, and consumers will only be protected if every single component of the value chain is appropriately managed.”

Fahmi’s second lesson was the importance of adaptability. “We’ve had to make improvements to our framework every single year over the past five years, and that means either legislative amendments or guidance documents or additional codes, additional rules,” he said. “So, the framework has evolved significantly – and, I think, is very effective today.”

His third lesson was not to “underestimate” the digital asset sector’s interconnectedness, as highlighted by the crypto crisis of 2022. This brings considerations including what information it is possible to exchange across borders and an authority’s ability to supervise across borders to perform consolidated supervision.

His fourth lesson was to “think beyond” existing regulatory tools, highlighting the BMA’s use of a ‘sentiment analysis’ tool and use of blockchain data. “We have recently started building with large-language models to automate a lot of the ‘checklist’ compliance supervision,” he said.

He described RPA as “really critical in building a system for users where you can take advantage of these three things – AI, blockchain data and sentiment analysis data – to build something that users can use easily.”


Latvia’s evolving approach

Focus then turned back to Krasovska, who was similarly asked about lessons learned from Latvia’s experiences.

She began by highlighting a recent structural innovation, saying that Latvijas Banka had recently developed a new (second) sandbox focused on helping companies looking to undertake an IPO (initial public offering). “Companies have to go through plenty of internal changes in order to create and establish a corporate governance structure in a way to be fully compliant before they go to the public market,” she explained. “We have created the legal framework for the sandbox and already seven companies are up and running in the sandbox.”

Separately, she said that interactions with companies through the Innovation Hub had triggered a need to review its “internal licensing process”. This has now been completed, she said – with the process giving a fillip by training supervisors and legal advisers in ‘design thinking’ methodology – and was gaining positive feedback.

“For example, one crowdfunding company got a licence from us in two months, and they said that ‘working with you [Latvijas Banka] was like working with another fintech’,” she said. “Actually, the biggest compliment [was] for our unit that works with the fintech companies.”

In respect of broader engagement, Krasovska also mentioned that Latvijas Banka had created a ‘Fintech Forum’ conference (alongside the Investment and Development Agency of Latvia) as a way to engage directly with companies on emerging trends, technologies and business models; and, separately, highlighted that higher education courses on fintech-related topics were (ultimately) improving interactions with the regulator.

RELATED ARTICLE Digital transformers: government finance and innovative technology – a write-up of the Global Government Fintech Lab 2024’s second panel session, which featured Dina Buse of Latvia’s Ministry of Finance

Sandboxes need ‘nurturing’

Asked about the BMA’s experience with its sandbox, Fahmi responded first by saying that “usually in our frameworks we have exemptive powers, meaning that what we do in a regulatory sandbox technically could be achieved in other ways.”

“I think what the sandbox does, though, is clarify to the market how we’re going to use these powers, for what reasons and in what circumstances,” he continued. “I think this is key to a successful sandbox.”

He then drew an amusing parallel with a (non-fintech) sandbox used for children’s playtimes. “They [children] will play with it for maybe a couple of hours, and then they will never play with it again,” he said. “So from time to time, you have to bring in new toys, and you have to have structured play. You have to ‘nurture’ your sandbox.”

“You have to be clear around what you want to achieve in your sandbox,” he continued. “Our sandbox covers all sectors, but in reality, we’ve really seen the usage in digital assets, in insurance and very little in other sectors.” He added that the BMA “want[s] to focus more on the payment and investment side of our sandbox” (and praised the Central Bank of Ireland’s plan to operate its sandbox in thematic cohorts).

“But I think it’s a matter of: what do you want to see? Where do you want to put the investment? How do you structure your activities around the sandbox? And it goes much beyond just simply having a sandbox,” he continued.

“In the digital asset space, there’s a discussion around decentralised finance and how ‘embedded supervision’ can be a potential solution to this,” Fahmi continued. “So, we want to have, this year, a proposal for firms to come in and we want to experiment with them.”

‘Regulations are difficult to communicate’

Testad was asked whether Norway’s FSA had considered introducing a sandbox.

“I like the idea of sandbox but the challenge is to get enough applications, enough companies to apply,” he responded.

He referred back to Barr’s opening observation about the importance of focusing on the ‘business idea’ ahead of technological considerations. It was important, he said, for authorities to assess whether an innovative project is “relevant and strong enough” for the authority to devote “resources on helping them achieve and test”.

“In addition to our own communication platforms and so on, we collaborate with other governmental organisations a lot, and we have a forum where we try to be visible and participate in different events,” he continued.

“Regulations are difficult to communicate if you can’t participate [engage] with fintech companies,” he acknowledged. “We need to lower the threshold for realising new (relevant) business ideas, and that’s through communication and participation and visibility”.

Four phases of innovation

Steve Barr at Global Government Fintech Lab 2024

Bains asked whether SupTech (supervisory technology) tools can ever be rolled out successfully in isolation or need to be part of organisational transformation.

“I think that’s part of the problem – it is done in isolation – if you do even quantify the problem,” Barr responded.

He referred back to sandboxes, saying that the “testing the business outcome” often played second-fiddle to “testing the product” (and that impact on other organisations, society and citizens was also often ignored, as indeed was the extent to which the product could be adaptable to changing business or external circumstances).

Barr praised a four-phase process – ‘discovery’, ‘alpha’, ‘beta’ and ‘live’ – encouraged by the UK Government Digital Service. “Having that process for innovation is really key because it’s done in so much isolation,” he said.

He added that “having traditional IT people in an innovation area is not going to work” and that “you need the business people in the process all the time.”

“Don’t let it just be the IT people running an innovation sandbox – it’s not going to work,” he concluded.

RegTech ‘critical’ to ecosystem

Krasovska was asked about the extent to which companies themselves need to step up their investment in technology to enhance their compliance processes: their use of RegTech.

“Central banks itself are quite conservative organisations in terms of consumption of RegTech products,” she responded. “Of course, there are reasons behind that: they deal with restricted information, with confidentiality, [as well as] set-up opportunities, service availability, staff availability and so on.”

Latvia’s authority created a SupTech strategy three years ago and “just a very, very small number” of RegTech solutions were seen as being compatible, she said.

She took the opportunity to mention a Latvijas Banka supervisory-related initiative – an internal ‘innovation lab’ (also mentioned at the 2023 Lab) where central bank employees can learn and test possibilities. One idea that has been tested has been whether the central bank should use cloud technology. The upshot (“after very long risk analysis”) was positive, she said, and “all” supervision data and reports are now stored in the cloud (“mak[ing] the supervisor’s job much easier”).

Krasovska concluded by nonetheless describing RegTech providers as “critical” partners to different parts of the financial ecosystem (from banks to fintech companies) and an essential part of “fintech infrastructure”.

AI ‘hasn’t reached puberty yet’

‘Financial regulators and innovative technology: on the right path?’:
(L-R) Bains, Delaney, Krasovska, Fahmi, Testad and Barr

Testad was asked about machine learning-based SupTech tools: specifically whether they could fully replace supervisors or are destined to be supportive functions.

“AI can’t completely replace humans,” he responded. “Wherever there’s human interactions, there will be humans needed. And AI hasn’t reached puberty yet so it’s not mature enough to fully replace it and it demands a lot of resources to actually build AI sufficient enough to be trustworthy.”

He said that Norway’s authority now has “more than 40 active processes” using RPA, which he described as a “great support”.

“You have all your core systems gathering data, and then you have the RPA that can utilise all the data and transfer the data and support processes as well,” he explained.

As an example, he detailed how technology has transformed the process by which data is gathered, processed and assessed in the evaluation of small- and medium-sized banks’ risk status and capital requirements.

“I’m a big believer in focusing on ‘low-hanging fruit’, with the business side [of the authority] providing the ideas. It’s not IT’s role to provide the ideas, it’s the business side – then you get ownership and commitment, and you get success,” Tested said. “RPA is a huge success for us and it’s transformed [our] digital culture.”

Breadth and depth

Overall the discussion illustrated the significant and growing breadth of fintech-related topics that central banks and financial authorities are wrestling with.  

But the session equally provided depth, exploring how authorities are developing and refining their structures to improve the quality of their engagement with the private sector; and also the extent to which they are themselves exploring innovative solutions.

The challenge, as always, is for regulatory and engagement frameworks to keep up with the pace of advancements in technology and solutions developed in the private sector.

Nancy Johnson helped with the production of this article

We expect to upload a session video recording here shortly.