Foundations for the future - technology as a source of good in the financial system – Remarks by Deputy Governor Sharon Donnery

28 November 2024 Speech

Sharon Donnery, Deputy Governor, Financial Regulation

I am delighted to be here to speak at the Fintech Ireland Summit 2024 and many thanks to Peter for the invitation.[1]

Being asked to share thoughts on the topic of Fintech is no easy task – given it is an area and term which encompasses so much.

Not least due to the fact that it is a portmanteau, combining two of the fundamental features of modern life – finance and technology. But also because of the breath of activity it increasingly covers.

For fintech is synonymous with a host of new companies – disrupting other financial services providers, and providing choice and efficiencies through new products and new ways of serving customers.

But “fintech” and indeed simply “tech” are also an increasingly integral feature of how incumbent financial services providers operate and deliver their services – as well as an integral part of the functioning of the financial system itself, given the degree to which it now uses and relies on technology.

Central banks and regulators too are increasingly to the fore in terms of embracing and harnessing technology for their own use, in addition to their other roles in managing, anticipating and regulating innovation in the system.

While there is much to cover under the broad umbrella that is fintech, for the purpose of today’s remarks I will focus on providing some Regulatory and Supervisory perspectives on technology and financial services – including what we are seeing, and how we are dealing with rapid innovation in the financial sector.

Neither good nor bad – supervising innovation in financial sector

Contrary to some beliefs, central banks and regulators welcome innovation.

While we of course don’t embrace it indiscriminately, our mandate is to deliver in the public interest. And innovation done well is clearly in the best interest of consumers and the wider economy.

But, as I have said before, not all innovation is good – and not all innovation is done well.[2]

And so while we very much support the use of technology to improve the system and outcomes for consumers and the wider economy, it is crucial that such technology is adopted and deployed in a way that delivers on its benefits, without introducing undue risks.

In that regard I am often asked about our supervisory approach to innovation and technology.

We are an institution over 80 years old, with a core mandate largely unchanged during that time.

We serve the public interest by maintaining monetary and financial stability while ensuring that the financial system operates in the best interests of consumers and the wider economy.

And so although times change, and we change with the times, our mandate for stability has broadly stayed the same.

Meaning that in times of rapid innovation while we need to adapt (and indeed we are adapting, as I will touch on later), we also need to stay focused – on broader outcomes to deliver on our mandate in the public interest.

This requires us to be technology neutral – but not technology blind – I would say.

And from a supervisory point of view suggests we approach fintech and technology in the financial sector as we do all other supervision – in that we focus on ensuring we are delivering our four inter-related safeguarding outcomes, namely: safety and soundness, consumer and investor protection, integrity of the system and financial stability.

In many ways technology poses both benefits and risks to all of these outcomes.

Technology and innovation can deliver better outcomes for consumers and investors; but it can also, of course, expose them to increased and unexpected risks.

Technology is in today’s world intricately linked with the safety and soundness of firms – in terms of evolving business models as well as developing and maintaining financial and operational resilience in a digital age, with operational continuity and resilience key given the 24/7 digital service offerings of many firms.

Technology can also be the cause of, and solution to, financial integrity risks – with inherent money laundering risks in some innovative sectors, but also innovative anti-money laundering tools and solutions being provided by technological advancements.

In terms of financial stability, digitalisation and innovation can also have both positive and negative implications: providing diversification, efficiency and transparency – but also increasing complexity, potential concentration risks, not to mention the role technology and social media could play in times of financial fragility.

So in the end, to quote Kranzberg, it would seem from a supervisory outcomes point of view “Technology is neither good nor bad, nor is it neutral.”[3]

Or better yet, channelling Shakespeare, “Technology is neither good nor bad, but humans make it so.”[4]

This would suggest, for me, that we should avoid fixating on the technology itself, and focus instead on how it is used and how risks from that use are managed. With our role as a central bank and regulator not to eliminate risks, or indeed halt innovation – but rather to ensure risks and innovation are appropriately managed. 

A lesson I believe is even more true at a time when technology is progressing at such pace.

Basic expectations – growing safely

This brings me to our supervisory experience of rapidly growing and rapidly changing parts of the financial system.

In times of rapid change I firmly believe that the fundamentals become all the more important.

And as I have said before, no matter how novel or innovative something is, the basics of good governance, risk management and delivering for consumers and investors remains true. So too does the fundamental supervisory principle that boards and the management bodies of regulated firms are responsible for all activities undertaken by the firm.

While these principles are general, our supervisory experience tells us that they are not always understood – or if understood, not always sufficiently delivered.

And while a focus on growth is natural for innovative and fast growing firms, growing the business without also properly growing its control frameworks is not a recipe for sustainable success – and indeed is not acceptable for regulated providers of financial services to our citizens and in our system. 

That does not mean that firms will not or cannot fail; but rather if they do fail we expect and work to ensure that they do so in an orderly fashion.   This is why we emphasise the importance of wind down plans and ensuring customer funds are protected.

For at the end of the day it is people’s money and financial well-being that regulators and regulated entities are collectively responsible for.

And for those firms trusted with that responsibility, there come some basic expectations – in particular that you are well run, have good governance and risk management capabilities commensurate to your business model.

As I have said before good governance and risk management is not just good for compliance – it is good for business, good for shareholders, good for customers, and good for the economy.[5]

And so it should be seen by fast growing firms not as a compliance exercise but rather as a key enabler for growing safely and sustainably.

While such capabilities can be proportionate – which indeed also means they should grow proportionately – they also need to be substantive.

For global entities operating in Ireland, this means finding the appropriate balance between leveraging expertise and services provided by the wider group and ensuring local governance arrangements are sufficiently substantial to be able to deliver and bear responsibility for the local entity. 

In this regard, I would like to emphasise the importance of the Independent Non-Executive Director (INED), and I am conscious that some of you here today will be INEDs or aspiring INEDs.

The INED is an important role in delivering challenge at board level, providing independent and objective perspectives and specific expertise.  In fast growing firms with a high level of ambition, such challenge is valuable – and dare I say vital.

Protecting your customers funds

I would like to spend a little more time on another basic expectation – namely that firms will first and foremost focus on protecting their customers’ funds. And indeed, as many of you will know, this has been a specific supervisory focus of ours in the Payments and E Money sector – and will remain so for the years ahead.

That you must keep your customers’ money safe and segregated should not be news to anyone.

And that it is a fundamental responsibility to safeguard the funds you have been entrusted with should go without saying – and is precisely what your customers assume and expect

But unfortunately it does have to be said, with our supervisory experience pointing to continued instances of firms failing to comply with basic statutory obligations around protecting users’ money.

As we have communicated before, and hope we have made clear, we have no tolerance for weaknesses in safeguarding arrangements – and expect firms to prioritise protecting and safeguarding their customer’s funds. To repeat, this means we expect:

  • Firms to have robust, Board approved, safeguarding risk management frameworks in place which ensure that relevant users’ funds are appropriately identified, managed and protected on an ongoing basis. This includes the clear segregation, designation and reconciliation of users’ funds held on behalf of customers.
  • Firms should be proactive in ensuring that the design and operating effectiveness of their safeguarding frameworks is tested on an ongoing basis.
  • They must notify the Central Bank immediately of any safeguarding issues identified.
  • And take mitigating and corrective measures immediately to ensure that users’ funds are safeguarded where, in exceptional circumstances, issues are identified.
  • They must also Investigate and remediate on a timely basis the underlying root cause of the safeguarding issue(s).[6]

These messages on governance, risk management, safeguarding, and resilience are not new. Indeed our supervisory expectations and priorities for the fintech sector have been broadly constant over the last few years.[7]

Constant as they are fundamental; unchanging as they are non-negotiable.

Changing with the times

So I have spoken of how we are thinking about innovation and what we are seeing from our supervision of innovation in the sector. I would now like to speak about how the Central Bank itself is dealing with a rapidly innovating financial sector.

As I noted, while the times change our core mandate broadly has remained the same. But I don’t want to give you the impression that we are standing still – for we too are of course changing with the times.

Indeed, as Our Strategy recognised, in a changing world we need to change too, in order to continue to deliver on our mandate now and into the future.[8]

Part of this includes being more future-focused, so to anticipate and support innovation. As well as being more open, so as to strengthen our engagement with external stakeholders.

It also includes transforming our approach to regulation and supervision – which involves new tools and a new supervisory approach.

From the point of view of the fintech sector you will all be familiar with how we have significantly enhanced our engagement with the innovative ecosystem. We do this so we can:

  • Deepen our understanding of innovation in the financial services sector – so that we can better understand the opportunities and risks for consumers and the economy.
  • Better inform our regulatory approach – allowing us to ensure that our regulation is aligned with a well-functioning financial system based on good levels of competition and innovation.
  • Better explain to innovative firms what being regulated entails – so you can build regulatory requirements and safeguards into your early stage development and are better prepared for the responsibilities that come as a regulated firm.
  • Embed a regulatory culture in firms – as firms with strong governance and risk management foundations are set up well for growth and innovation.   

Initiatives have included enhancing our Innovation Hub, as well as the launch of an Innovation Sandbox Programme, with the inaugural programme focused on Combating Financial Crime.

Applications for the Sandbox closed last month, and we were delighted by the breadth of the applications received. 38 of them in total – from Ireland, the rest of the EU and the UK – representing a wide variety of firms – from start ups, to established fintechs, to incumbent financial services providers.

Selected participants will be announced in the coming weeks, with projects to explore new technologies and innovative methods to tackle financial crime – benefiting both the financial system and consumers.

We thank all those who applied, and look forward to sharing the insights and learnings that emerge from this work.

In addition to this engagement with the innovative ecosystem we have also been enhancing the clarity of our communications. This includes the clarity of our authorisation and supervisory expectations – and indeed I hope I have been clear today – as well as improving the efficiency, transparency and clarity of our authorisations processes.

This latter focus not just reflects our ongoing commitment to efficiency but again – changing with the times – it also recognises that better prepared firms find the authorisation process the most straightforward.  This in turn delivers better applications, and reduces the need to expend unnecessary effort at the gate – all to the benefit of both us and applicants.

Increasing the efficiency of the gate, while maintaining its robustness, are two essential characteristics of modern gatekeeping – ensuring the gate is not an undue barrier to entry, while still representing an appropriately high bar in terms of standards, reassurance and protections for the people of Ireland and Europe.

Finally, while we have done a lot in terms of enhancing our engagement with the innovative sector, we are also embracing innovation for ourselves. This includes enhancing our data and technological capabilities – crucial in a rapidly developing and digitalising financial sector

That data is the lifeblood of the modern financial sector and central banks has long been the case – and is nothing new. However, the amount, type and frequency of, and ways of collecting and managing data is changing significantly in our technological age. While this has implications for you, it also does for us – and we are therefore also taking a more strategic approach to enhancing our data and analytical capabilities.

From a supervisory point of view, this means evolving our supervisory approach to be more data led, and to better leverage technology.

The increasing size and complexity of sector, means we increasingly need data and technology to do our day jobs; but more importantly we also need them in times of stress – with the speed at which financial instability can now materialise, increasing the speed at which we need to act, and having the tools and the insights we need to act right.

Within the Central Bank we are therefore enhancing the supervisory tools at our disposable, including as part of ECB Banking Supervision which in particular has made great strides in the areas of supervisory technology these last years.

Having the right data and the right tools may not be much use though if we don’t have the right skills – and so enhancing our technological and data skills and capabilities has also been a focus of the Central Bank.

While this involves an array of initiatives to develop organisational capabilities and better embed a data culture in the Bank, I would like to highlight a particular initiative which we launched this week.

Artificial Intelligence is already an important technology for financial services firms, central banks, and the wider economy – and is becoming more central to the provision of financial services to both households and businesses.

AI, like all innovation, poses both benefits and risks. Though the nature and scale of those benefits and risks is still uncertain, their potential is significant.

In this regard, on Monday I was delighted to launch a research partnership programme between the Central Bank and Insight Research Ireland Centre for Data Analytics. This partnership represents for both organisations a landmark collaboration to push the boundaries of artificial intelligence (AI) and data science.

For the Bank, it will provide us with additional capacity to deepen our understanding of applications of AI and Data Science to safeguarding consumers and the financial system; and it will help us as an organisation to better anticipate, support and manage the risks of innovation related to AI, which I believe will be central to delivering on our mandate in the future.

While the programme is just one element that will build capacity for the Bank to supervise AI and to use AI and data science itself across all our roles, the partnership will enable us to catalyse activity to answer applied policy-driven and fundamental research questions related to AI, Data Science, and related disciplines – all for the public good in Ireland.

Conclusion

So let me conclude.

Fintech is an increasingly important of our financial system, as tech and finance become increasingly inseparable.

That may well accelerate in the coming years, along with the digitalisation of the rest of society – with more widespread and deeper usage of AI and tokenisation representing the potential next frontier.

As I have said technology itself is not necessarily good or bad – what matters is how it is deployed. This includes how innovative firms run their businesses, and manage the risks facing them, their customers and the system.

And while such changes to our system, and the potential changes to come, may be fundamental, they will not alter our supervisory fundamentals – though it may alter how we need to deliver them.

For protecting consumers and the system – through good governance, risk management, and resilience – will always remain key. So too will the fact that it is the responsibility of firms themselves to manage the evolving risks landscape they operate in.

And so while we recognise the benefits of innovation – and that it is in the public interest for the financial sector to innovate – it is also our job to make sure risks are being well managed.

Essential to ensuring that technology is a source for good in the financial system.

Thank you

 

 

 


[1] With thanks to Cian O’Laoide, Simon Sloan, Steven Cull and Mary-Elizabeth McMunn for their help preparing these remarks.

[2] Innovation and Trust Speech

[3] See Kranzberg “Technology and History: ‘Kranzberg’s Laws’”, Technology and Culture, Vol. 27, No 3