The Transparency Machine

Most blockchain ideas that I hear about make no sense. In general, they do not involve blockchains (just some sort of shared database) and where they do actually involve blockchains they are used to emulate shared databases to deliver a slower and more expensive service. How is it then that even a blockchain grouch such as me thinks that the technology has something to offer?

Well, first of all, let’s stop talking about blockchains and use the more general terms shared ledgers to cover the spectrum of relevant technologies and enterprise shared ledgers to cover the particular use case of sharing data between organisations (and regulators etc) in a permissioned manner. I think that the use of enterprise shared ledger (ESL) software will transform business more than enterprise resource planning (ERP) did a generation ago because it will go beyond automating existing process and will instead create new ways to do business.

Transparency is a route to trust. Click To Tweet

Consider the recent case study of Wirecard. The auditors reported that the company was solvent because they thought that there were bank accounts with billions of euros in them. It turns out that there were not. What a simple problem to solve! If only there was some form of immutable record of transactions that companies could use to store account balances digitally-signed by their banks and that investors, customers, suppliers and regulators could use instead of auditors to determine that the assets of companies exceed their liabilities! Transparency is a route to trust.

Transparency

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

Put the transactions on a blockchain and no more fraud then? It’s not that easy. Some of the information in the ledger is confidential: it should only be accessed by the customers, the banks involved in the transactions and perhaps the market where the transactions take place. There are many applications where the transactions must be private. Therefore we need mechanisms to exploit the beneficial transparency of the shared ledger in such a way as to preserve necessary privacy.

What sort of mechanisms? Well, many years ago Eric Hughes, the author of the “cypherpunk manifesto” in the early 1980s, wrote about “encrypted open books”, a topic that now seems fantastically prescient. His idea was to develop cryptographic techniques so that you could perform certain kinds of public operations on private data: in other words, you could build “glass organisations” where anyone could run software to check your accounts without actually being able to read every item of data in them.

It sounds completely crazy and in fact it is a perfect example of what I’ve previously labelled counterintuitive cryptography. The idea of open book accounting is to use homomorphic encryption to store records in a form where they can only be read by authorised parties but can nonetheless be subject to some basic computation while still encoded. In other words you can determine that (encrypted 2) + (encrypted 2) = (encrypted 4) without ever being able to read the “2” or “4” .

This means that you can prove certain assertions about data without ever revealing what the data actually is. One obvious use of this, and as far as I can remember this was central to Eric’s discussion of the topic, is to take a list of the encrypted assets of the company together with a list of the encrypted liabilities of the company and compute that the company’s assets exceeds liabilities. Thus you can, essentially, audit that the company is solvent without being able to read what any of the assets and liabilities actually are.

(In practice, for this to work, the assets and liabilities have to be encrypted by some trusted third party. If I show you my encrypted Barclays bank statement then you have to know it is authentic so it would need to be digitally signed by Barclays, but that’s a topic for another day.)

When you combine the idea of open book accounting with Ian Griggs’ idea about triple entry accounting that dates from around the same time, you can see the basis for a new and more efficient financial infrastructure that is simultaneously the doom of auditors everywhere. If you are interested, there is a very comprehensive review of the origins and taxonomy of the intersection between open book, triple-entry and shared ledgers in a paper from Juan Ignacio Ibañez, Chris Bayer, Paolo Tasca and Jiahua Xu.

Remember in a triple entry system each of the parties to a transaction has a record of the transaction but there is a corresponding entry in a shared ledger that is computationally infeasible to falsify. The entries in my ledger are private to me and the entries in your ledger are private to you but the entries in the shared ledger are available to a much wider range of stakeholders but encrypted so that anyone can use calculations to determine that our assets exceed our liabilities, crucially without being able to read either. Pretty cool.

Transparency and Translucency

The impact of encrypted open books and triple entry working together in this way could be huge, because the transparency and automation means that we will no longer need to wait until the end of the reporting period to conduct an audit and produce results with the help of skilled financial professionals. Instead we will find ourselves in an era of ambient accountability, where the technological architecture means constant verification and validation. If you want to check whether a bank is solvent before you deposit your life savings there you will do it using an app on your smart phone not by looking at a year old auditor’s report covering some figures from a year before filtered through levels of management.

(Ambient accountability is a term that I borrowed from architecture to describe this infrastructure. It describes perfectly how transparency can transform the financial services industry and serves as a rallying cry for the next generation of financial services technology innovators, giving it a focus and raison d’être beyond shifting private profits from banks to technology companies and other third parties.)

Since the regulators will be able to use the technology, they will be able to spot unusual or inappropriate activity. What’s more, the information stored in the ledgers in encrypted form has been put there by regulated institutions so should there be a need to investigate particular transactions because of, for example, criminal activity then law enforcement agencies will be able to ask the relevant institutions to provide the keys necessary to decrypt the specific transactions. In this way the shared ledger can bring the technology of open book accounting to bear to exploit the beneficial transparency of the shared ledger in such a way as to preserve necessary privacy.

In a paper I co-wrote a few years ago with Richard Brown, then at IBM, and Consult Hyperion colleague Salome Parulava [published as “Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis.” Payment Strategy and Systems 10(2): 118-131 (2016).], we borrowed the term “translucent” from Peter Wayner to mean transactions that are transparent for the purposes of consensus (in other words, we can all agree that the transaction took place and the order of transactions) but opaque to those not party to the trade or the appropriate regulators under the relevant circumstances.

I gave this talk introducing these concepts at NextBank Barcelona back in 2015 (building on the talk about “The Glass Bank” that I first delivered back in 2011) and I’m very interested to see the continuing developments in the field. To give just one example, Richard Brown is now the CTO at leading Enterprise Shared Ledger (ESL) software provider R3. R3 recently released their Conclave product that takes an interesting step in this direction, allowing organisations to exploit Intel SGX secure hardware to remotely verify what other organisations can and cannot do with shared data.

It seems clear that for financial markets this kind of controlled transparency will be a competitive advantage for both permissioned and permissionless ledgers: as an investor, as customer, as a citizen, I would trust these organisations far more than “closed” ones. Why wait for quarterly filings to see how a public company is doing when you could go on the web at any time to see their sales ledger? Why rely on management assurances of cost control when you can see how their purchase ledger is looking (without necessarily seeing what they’re buying or who they are buying it from)?

A market built up from “glass organisations” are trading with each other, serving their customers, working with regulators in entirely new ways, is a very attractive prospect and suggests to us that new financial market infrastructure may be on the horizon and that the lasting impact of shared ledger technology will not be to implement existing banking processes in a new way but to create new kinds of markets and therefore new kinds of institutions.

In this world, whether it is Wirecard, Enron, Tether or anyone else, nobody will be required to rely on the word of auditors because they can simply calculate for themselves whether the company is solvent or not. No more relying on tips and whispers to find out whether the money in some remote bank account is sufficient to cover the liabilities in other jurisdictions: cryptographic proofs will replace auditing and apps will replace auditors.

[An edited version of this piece first appeared on Forbes, 17th January 2021.]

China and America both need new fintech regulation

In a recent episode of Professor Scott Galloway’s podcast, he talked with one of my favourite writers: the eminent historian and Hoover Institution senior fellow Niall Ferguson. The subject of the conversation was the relationship between the United States and China. Their fascinating and informative discussion ranged across many fields, including financial services and fintech. Ferguson touched on a particular aspect of what he calls “Cold War 2” in context of finance, saying that American regulators “have allowed the fintech revolution to happen everywhere else” by which I think he meant that the nature of financial regulation in America has been to preserve the status quo and allow the promulgation of entrenched interests while the costs of financial intermediation have not be reduced by competition. He went on to say that “China has established an important lead in, for example, payments”, clearly referring to the dominance of mobile payments in China and the role of (in particular) Alipay in bringing financial services. He made this comment around the same time that the Chinese government pulled the plug on the Alipay IPO, what would have been the biggest IPO in history.

Weareno1

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

As an aside, if you want to understand some of the big picture around the coronavirus, currency (and what I call “The Currency Cold War” in my book of the same name), then you might want listen to this Coindesk podcast with Ferguson and the journalist and author Michael Casey. They talk about the current state of the world and what it could mean for money. As the author of one of the best books on the history of finance, The Ascent of Money, Ferguson has a very wide and well-informed perspective on the issues and, indeed I quote him more than once in my book!

At a time when America is finally beginning to at least think about opening up financial services to allow real competition, China is heading in the opposite direction by clamping down on fintechs. Click To Tweet

Ferguson’s point about payments is particularly interesting to me. One way to provide more fintech competition to the incumbents would be to provide a more relaxed environment for payments. America lacks a regulatory construct equivalent to the EU’s “Payment Institution” and it really needs one if it is to move forward. The EU regulatory framework has just been battle-tested with the collapse of Wirecard following massive fraud. No customer funds were lost in the collapse of the badly-regulated non-bank because the customer funds were ring fenced in well-regulated bank and, as I will suggest later, this might be the right regulatory balance for new US regulation.

One place to look for this new regulation might be the OCC, which has developed the concept of the Special Purpose National Bank (SPNB) charter. I don’t want to sidetrack into the controversy around these charters, except to note that the OCC expects a fintech company with such a charter to comply with capital and other requirements that seem unlikely to generate the innovation and competition that America wants. This was obvious from the comments on the original proposals, when fintechs made it clear they would be reluctant to invest in such an OCC license unless such a licence would require the Federal Reserve to give them access to the payments system (so they will not have to depend on banks to intermediate and route money for them). The fees associated with such intermediation are significant (ie, top five) operating cost for many fintechs.

I agree wholehearted with Prof. Dan Lawry of Cornell Law School, Lev Menard of Columbia Law School and James McAndrews of Wharton Financial Institutions Center who in their response to the OCC’s proposal labelled it “fundamentally flawed” and called for the organisation to instead look at strengthening the regime for non-bank financial institutions. The focus on banking regulation, though, seems entrenched. I notice that Congresswoman Rashida Tlaib (MI-13), along with Congressmen Jesús “Chuy” García (IL-04) and Chairman of Task Force on Financial Technology Rep. Stephen Lynch (MA-08), have just introduced the Stablecoin Tethering and Bank Licensing Enforcement (STABLE) Act, which similarly propagates this outdated (and inappropriate) regulatory perspective by requiring any prospective issuer of a “stablecoin” (let’s not even get into what is or is not a stablecoin) to obtain a banking charter.

There is an alternative. The idea of another kind of federal charter that would allow regulated institutions access to payment systems, but would not allow them to provide credit, seems much more appealing for not only stablecoin issuers but almost all other fintechs as well. Such a charter would separate the systemically risky provision of credit from the less risky provision of payment services, a very different concept to the SPNB charter. The economist George Selgin, Senior Fellow and Director of the Cato Institute’s Center for Monetary and Financial Alternatives, recently posted a similar point on Twitter, arguing for the Federal Reserve to give fintechs direct access to payment systems (instead of having to go through banks). This was the approach taken in the UK when the Bank of England decided to give settlement accounts to fintechs, where examples of fintechs who took advantage of this opportunity to deliver a better and cheaper service to customers range from the $5 billion+ Transferwise money transfer business to the open banking startup Modulr (which just recieved a $9 million investment from PayPal Ventures). Interestingly, Singapore has just announced that it will go this way as well, so that non-banks that are licenced as payment institutions will be allowed access to the instant payment infrastructure from February 2021.

My good friend Chris Skinner was right to say that many US fintechs will follow the likes of Varo, apply for new licenses and become more and more like traditional banks, but that’s because the traditional bank licence is all that is on offer to them. But this is an accident of history that jumbles together money creation, deposit taking and payments. It’s time to disentangle them and to stop, as Jack Ma (the billionaire behind Alibaba and Ant Group) recently said, regulating airports the way we regulate train stations. He said this was shortly before Chinese regulators halted Mr. Ma’s IPO, following his comments  questioning financial regulation, clearly signalling that their relaxed attitude toward the growth of China’s financial giants is coming to an end.

The Chinese regulatory environment is changing. Whereas China was happy to see its techfins grow in order to help them scale while American enterprises were kept at bay, it is now beginning to rein them in. The new players are now having to build up capital and review business structures as those regulators focus on issues such as data privacy, banking partnerships and lending. With respect to that latter point, note that the concerns around the Alipay IPO were related to lending and leverage, not payments. Although heading towards half of Ant’s revenues came from the lending, facilitated by their vast quantities of data, but they only came up with 2% themselves (if they were were a bank, they would be required to provide something like a third) passing the rest of the exposure onto banks.

Meanwhile, in September, the European Commission (EC) adopted an expansive new “Digital Finance Package” to improve the competitiveness of the fintech sector while ensuring financial stability. The proposed framework includes a legislative approach to the general issue of crypto-assets, called Markets in Crypto-assets (MiCA). I’ll spare you the whole 168 pages, but note that it introduces the concept of crypto-asset service providers (CASPs) and defines stablecoins as being either “asset-referenced tokens” that refer to money, commodities or crypto-assets (although how this can be called “stable”, I am not at all clear) or “e-money tokens” that refer to one single fiat currency only.  E-money tokens (eg, Diem) are a good way to bring innovation to financial services because they are a way to bring genuine competition.

I think the EU may be charting a reasonable course here. China needs to regulate lending more, the US needs to regulate payments less. America needs more competition in the core of financial services and now is a good time to start. With the Biden administration on the way, they can tackle this core issue that, as The Hill says, the U.S. government has “ignored and neglected” the need for a regulatory framework that will support American technological innovation around cryptocurrency, setting aside an embarrassing and “outdated regulatory approach to fintech”. Prof. Lawry suggest a simple and practical response for the US regulators, which is to amend the state-level regulatory frameworks around money services businesses (MSBs), which they say “are the product of a bygone age”, and learn from M-PESA and Alipay where a 100% reserve requirement seems to have proved very successful. There is no evidence that such a requirement stifles growth. Congress need only introduce a uniform requirement that MSB hold a 100% in insured deposits at a bank that holds account balances at the Federal Reserve, which is in essence the same as an EU Electronic Money License and therefore ought to lead to mutual acceptance.

In short, China needs tighter regulation of non-bank credit, America needs lighter regulation of non-bank payments. The way forward is to separate the regulation of payments from the regulation of credit from the regulation of investments. This is the way to get competition and innovation in financial services.

May I interest you in a credit card *bleep*

In August this year, eight teams gathered for the three-day final of DARPA’s AlphaDogfight trials. The teams had developed Artificial Intelligence (AI) pilots to control F-16 fighter aircraft in simulated dogfights. The winner beat the human USAF pilot in five dogfights out of five. I’m not really sure what this means for the defence of the free world, partly because I don’t know anything about air combat (other than endless games of Falcon on my iMac years ago) but largely because it seems to me that there is a context error in the framing of the problem. Surely the future of air warfare isn’t robo-Maverick dogfighting with North Korea’s top fighter ace but $100m Tempest fighters (which as Sebastian Robin pointed out in Forbes earlier this year, might make more sense as unmanned vehicles) trying to evade $1m AI-controlled intelligent drones and machine-learning (ML) swarms of $10,000 flying grenades that can accelerate and turn ten times quicker. The point about budget is important, by they way. Inexpensive Turkish drones have been observed in Syria and Libya destroying enemy armour that costs ten times as much.

As is often said then, we plan for the battles of the next war using the weapons of the last one. This is true in finance just as it is in defence. A couple of years ago, John Cryan (then CEO of Deutsche Bank) said that that the bank was going to shift from employing people to act like robots to employing robots to act like people. They put this plan in motion and earlier this year announced big staff reductions as part of a radical overhaul of operations. At the same time, the bank announced that it will spend €13bn on new technology over the next four years. These investments in infrastructure “are already making some humans at Deutsche unnecessary”. The bot takeover in banking is already happening.

It is not surprising to see this takeover happening so quickly, because there are many jobs in banks that are far simpler to automate than that of a fighter pilot. In India, YES Bank has a WhatsApp banking service that uses a chatbot (a conversational AI with extensive financial knowledge) to help customers to check balances, order cheque books, report unauthorised transactions, redeem reward points, connect with help desks and to apply for more than 60 banking products. And this is only the beginning. The Financial Brand reported on research from MIT Sloan Management Review and the Boston Consulting Group showing that only one in ten companies that deploy AI actually obtain much of a return on ROI. This is, as I understand it, because while bots are good at learning from people, people are not yet good at learning from bots. A robot bank clerk is like a robot fighter pilot, an artificial intelligence placed in the same environment as a human: when organisations are redesigned around the bots, then the ROI will accelerate.

Maverick

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

The robots will take over, in banking just as in manufacturing. So will you be served by a machine when you go to the bank five years from now? Of course not. That would be ridiculous. For one thing, you won’t be going to a bank five years from now under any circumstances. You’ll be explaining “going to” a bank to your baffled offspring just as you were explaining “dialling” a phone to them five years ago. But you won’t be going to your bank in cyberspace either. Your bot will. As I pointed out in Wired this time last year, the big change in financial services will come not when banks are using AI, but when customers are.

The big change in financial services will come not when banks are using AI, but when customers are. Click To Tweet

Think about it. Under current regulations, my bank is required to ask me to make decisions about investments while I am the least qualified entity in the loop. The bank knows more than I do, my financial advisor knows more than I do, the pension fund knows more than I do, the tax authorities know more than I do. Asking me to make a decision in these circumstances seems crazy. Much better for me to choose an approved and regulated bot to take care of this kind of thing. And if you are concerned that they may be legal issues around delegating these kinds of decisions to a bot, take a look at Ryan Abbott’s argument in MIT Technology Review that there should be a principle of AI legal neutrality asserting that the law should tend not to discriminate between AI and human behaviour. Sooner or later we will come to regard allowing people to make decisions about their financial health as dumb as letting people drive themselves around when bots are much safer drivers.

The battle for future customers will take place in landscape across which their bots will roam to negotiate with their counterparts – ie, other bots at regulated financial institutions – to obtain the best possible product for their “owners”. In this battle, the key question for customers will become a question of which bot they want to work with, not which bank. Consumers will choose bots whose moral and ethical frameworks are congruent with theirs. I might choose the AARP Automaton, you might choose the Buffett Bot or the Megatron Musk. Once customers have chosen their bots, then why would they risk making suboptimal choices around their financial health by interfering in the artificial brain’s decisions?

Imaging the world of the future as super-intelligent robots serving mass-customised credit cards and bank accounts to human customers is missing the point — just as imagining the world of the future as F-16s with robot pilots duelling M-29s with robot pilots is — because in the future the customers will be super-intelligent robots too.

[An edited version of this article first appeared on Forbes on 24th November 2020.]

Five Red Flags From Inside Wirecard

Wirecard has gone down as one of the biggest corporate frauds in history. The German fintech “unicorn” (I hate this word, because Wirecard was actually real, while unicorns are not merely rare, they are mythical) that was once worth nearly $30 billion went bust after a $2 billion hole in its accounts that had been missed by the auditors was finally uncovered.

Bettermyth

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

The CEO is under arrest and the COO (the mysterious Jan Marsalek) is nowhere to be found apart from on Interpol’s “most wanted” list. Pretty scandalous and clearly evidence of systemic failure in regulation and auditing. But I couldn’t help thinking to myself “hey, I know people who worked for Wirecard, and they were intelligent people” and then I began to ruminate on the issue of “how was it that they didn’t know what was going on”? Then I started to speculate “if I was in their place, would I have noticed”? And then, most importantly, I started to wonder what the people I know could share so that we don’t get fooled again.

Strategy and Stealth

In companies that grow quickly, through acquisition rather than organic growth, it is often the case that the corporate structure is a fossil history of the evolution of the corporate beast. In a good company, the corporate hierarchy and holding structure will be periodically re-organised to reflect the functions, the geographies or the services of the business. Wirecard was organised by entity, and there were far too many of them. A culture of confidentiality meant that there was no transparency across entities or indeed within many of them.

Within this fossilised structure, there was a “need to know” mindset more more suited to the production of Patriot missiles than the issuing of payment cards. Personally, I think “need to know” is a huge red flag of all and its one of the aspects of the company that Laura and others were surprised by when they first came into the business. As she said to me, executives simply cannot function without an ability to “connect the dots” between business and strategy.

Earnings and Ethics

Everyone from the board to BaFin was focused on the impressive (but as it turned out, imaginary) earnings and the CEO’s growth predictions. But ethics can’t always take a back seat to earnings and corporate boards should remember that they have a role in making sure the fundamentals of a business are in place and those fundamentals are not simply number. It’s a red flag when a board doesn’t demand integrity in processes and procedures.

Management and Metrics

Wirecard management was wholly focused on outputs and there was no attention to inputs. This was a symptom of a more general problem of a lack of process, ethical or otherwise, that pervaded the organisation. With no internal platforms for ERP or CRM, reporting was based on the exchange of spreadsheets and scribbled notes. With no attention paid to due diligence or deal structure in the sales pipeline, with no measurement of reporting on customer satisfaction and retention and with no clarity on how the performance of individual units was related to overall corporate strategy even senior and experienced managers were in the dark on business performance. That’s another red flag right there.

People and Positions

Organisational hierarchy should locate roles that are needed to execute the corporate strategy but a number of people have told me that in Wirecard the organisational hierarchy was built around individuals and personal relationships and loyalties. This is never healthy in the long run. First of all it makes it very difficult to attach a balanced scorecard to any of the roles so that performance can be assessed and employees can be supported. Secondly it means that the organisational hierarchy is often suboptimal and not able to support the business in meeting its goals.

Loyalty is of course important, but it is only more important than corporate structure in the Mafia. Well-run companies deal with this problem to a great extent by balancing internal promotion with external hiring so that roles have a mix of new and old blood, crosschecking and different ideas, bringing in a fresh pair of eyes here and there to challenge existing mental models and stop groupthink in its tracks. Wirecard had too may senior management positions filled by long time employees, and that’s a red flag in a business that wants to mature.

Mission and Meaning

There were no corporate goals other than sales targets and those are not a mission statement nor are they values.  Insofar as the company did have a high-level strategy it was aspirational rather than actionable and left even senior employees wondering about their purpose and direction. Another friend I spoke to was Karl Mohan, who was Wirecard’s General Manager for Australia and New Zealand. He used the word “gobbledegook” and I think that’s an accurate description of management goals that are not based on realistic corporate strategy. In order to create a long-term, sustainable corporate culture you need to have a strategy but you also need to have values that are clear and understandable to all stakeholders. Laura told me that in Amazon, for example, there are 14 corporate values that are part of the employees’ everyday vernacular and they really do drive the right behaviour and the right results.

A lot of this comes down to having the right kind of leadership for organisations in different stages of growth. This is hardly a secret and there are thousands of business books about this. There are many aspects to good leadership and many great leaders we can all learn from. Frankly, I’m no expert on leadership but I do know that a CEO’s manic obsession with share price is not a sign of good leadership but a form of obsessive-compulsive disorder (the same as you often see in people who hold Bitcoin) and a definite red flag.

Won’t Get Fooled Again

What should you take away from this sorry tale of corporate collapse? Don’t imagine that you are so smart that you would not have been fooled by the Wirecard CEO’s shenanigans! Most people you work with aren’t crooks, even in investment banks, so you have will have had little experience of dealing with fraudsters. Therefore when you see bad practice, you tend to ascribe it either to management incompetence in established companies or youthful excess in startups. But you might want to keep these red flags in mind when you next see a management memo that doesn’t make sense, a strategy deck which is only sales targets or a reporting system made from spreadsheets and Post-Its. They might be indicators of the kind of run-of-the-mill managerial incompetence that we are all familiar with, but… they might not.

[This is an edited version of a piece that first appeared on Forbes.com, 17th November 2020.]

Breaking up Big Tech is so last century

What should regulators do about the power of the big technology companies? In America, the Justice Department has just filed massive anti-trust suit against Google, which many think marks the beginning of a new era of regulation for “Big Tech” and the the House Judiciary Committee’s antitrust panel have just completed a 16 month investigation into Amazon, Apple, Google and Facebook. That panel found that Big Tech has what is calls “monopoly power” in key business segments and has “abused” its dominance in the marketplace. It was a thorough condemnation of the internet giants. The panel complains that there is “significant evidence” to show that BigTech’s anticompetitive conduct has hindered innovation, reduced consumer choice and even weakened democracy.

So, what is to be done? I had the honour of chairing Professor Scott Galloway who is the author of “The Four”, an excellent book about the power of internet giants (specifically Google, Apple, Facebook and Amazon – hence the title), at a conference in Washington a while back. He set out a convincing case for regulatory intervention to manage the power of these platform businesses. Just as the US government had to step in with the anti-trust act in the late 19th century and deal with AT&T in the late 20th century, so Professor Galloway argues that they will have to step in again, and for the same reason: to save capitalism.Galloway

With Professor Galloway in Washington, DC.

Professor Galloway argues that the way to do this is to break up the internet giants. Should Congress go down this route? Well, one of the panel’s own members, Ken Buck (Republican), while agreeing with the diagnosis, said that the Democratic-led panel’s proposal to force platform companies to separate their lines of business (ie, break them up) is not the right way forward. I agree. Forcing Amazon to spin out Amazon Web Services (to use an obvious and much-discussed example) won’t make any difference to Amazon’s role in the online commerce world.

Breaking up big companies seems to me an already outdated industrial-age response in the post-industrial economy. Click To Tweet

Google is not U.S. Steel, data is not the new West Texas Intermediate and Facebook is not the new Standard Oil. However, the idea of focusing regulation on the refining and distribution of one of the modern economy’s crucial resources has logic to it. We need this regulation to protect competition in the always-on world of today and there are plenty of alternatives to breaking up technology companies, as Angela Chen explained very well in MIT Technology Review last year. Perhaps the most fruitful way forward is an approach based on a future capitalist framework along the lines of what Viktor Mayer-Schönberger and Thomas Range called in Foreign Affairs a “progressive data sharing mandate”.

There are many informed observers who say that America should to look see what is going on in Europe in order to formulate this kind of approach: Here in Forbes last year, Robert Seamans and “Washington Bytes” highlighted data portability as a potentially valuable approach and pointed to the UK’s open banking regulation as a source of ideas. I think this makes a lot of sense and that a good way to explore what some form of data-centric remedy might look like is indeed to take a look at Europe’s open banking regime. More specifically, start with what it got wrong: because in that mistake are the seeds of a solution.

Cake

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

Back in 2016, I wrote about the regulators demanding that banks open up their APIs to give access to customer data that “if this argument applies to banks, that they are required to open up their APIs because they have a special responsibility to society, then why shouldn’t this principle also apply to Facebook?”. My point was, I thought, rather obvious. If regulators think that banks hoarding of customers’ data gives them an unfair advantage in the marketplace and undermines competition then why isn’t that true for Big Tech?

When I said that the regulators were giving Big Tech a boost in “Wired World in 2018”, no-one paid any attention because I’m just some tech guy. But when Ana Botin (Executive Chairman of Santander) began talking about the lack of any reciprocal requirement for those giants to open up their customer data to the banks, regulators, law makers and policy wonks began to sit up and pay notice. She suggested that organisations holding the accounts of more than (for example) 50,000 people ought to be subject to some regulation to give API access to the consumer data. Not only banks, but everyone else should provide open APIs for access to customer data with the customer’s permission.

This is along the lines of what is being implemented in Australia, where open banking is part of a wider approach to consumer data rights and there will indeed be a form of symmetry imposed by rules that prevent organisations from taking banking data without sharing their own data. The Australian Competition and Consumer Commission (ACCC) has already had enquiries from international technology companies wanting to participate in open banking. The banks and many others want this method of opening up to be extended beyond what are known as the “designated” sectors, currently banking and utilities, so that if a social media company (for example) wants access to Australian’s banking data it must become an “accredited data recipient” which means it turn that it must make its data available (in a format determined by a Consumer Data Standards Body).

A symmetrical approach along these lines would not stop Facebook and Google and the others from storing personal data but it would stop them from hoarding it to the exclusion of competitors. As Jeni Tennison set out for the UK’s Open Data Institute, such a framework would allow “data portability to encourage and facilitate competition at a layer above these data stewards, amongst the applications that provide direct value to people”, just as the regulators hope customer-focused fintechs will do using the resource of data from the banks.

SIBOS 2020

This year, the SIBOS event was totally online.

At this year’s SIBOS (it’s a sort of Burning Man for bankers), the CEO of ING Steven Van Rijswijk re-iterated the need for reciprocity, saying that he wanted the regulators come up with an equivalent for banks so “the data flow can go two ways”. Well, this may be on the horizon. As the Financial Times observed, an early draft of the EU’s new Digital Services Act shows it wants to force Big Tech companies to share their “huge troves” of customer data with competitors. The EU says that Amazon, Google, Facebook and others “shall not use data collected on the platform . . . for their own commercial activities . . . unless they make it accessible to business users active in the same commercial activities”.

It seems to me that U.S. regulators might use this approach to kill two birds with one stone: requiring both Big Banking and Big Tech to provide API access to customer’s data. Why shouldn’t my bank be able to use my LinkedIn graph as input to a credit decision? Why shouldn’t my Novi wallet be able access my bank account? Why shouldn’t my IMDB app be able to access my Netflix, Prime and Apple TV services (it would be great to have a single app to view all of my streaming services together).

Symmetric data exchange enforcing consumer-centric data rights can lead to a creative rebalancing of the relationship between the technology and banking sectors and make it easier for new competitors in both to emerge. Instead of turning back to the 19th and 20th century anti-trust remedies against monopolies in railroads and steel and telecoms, perhaps open banking adumbrates a model for the 21st century anti-trust remedy against all oligopolies in data, relationships and reputation. The way to deal with the power of BigTech is not to break them up, but to open them up.

[This is an edited version of an article that was first published on Forbes, 12th October 2020.]

National Wealth Service

In the UK, last year’s report on “Consumer Priorities for Open Banking” by Faith Reynolds and Mark Chidley (which is, by the way, an excellent piece of work and well worth reading) set out just why it is that open banking by itself delivers quite limited benefits for consumers. They point towards a future of open finance (and, indeed, open everything else as well) and talk about an industry that uses the new technologies of artificial intelligence, APIs, digital identity and so on to take a more complete view of a customer’s situation and provide services that increase the overall financial health of that customer. I thought this was a very interesting way of creating a narrative for the next-generation fintech and regtech propositions.

Oct1 financial health

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

We are beginning to see initiatives focused on financial health and wellness. My good friend Rik Coeckelbergs, founder of “The Banking Scene” in Belgium, talks in those terms also. He recently wrote that a bank must support its customers in having “a financially balanced life, helping them to reduce financial stress by improving their financial wellbeing”. The more I think about it, the more I agree with Rik that this should be one of the societal responsibilities of banks as heavily-regulated players crucial to the nation’s well-being. Just as electricity companies are regulated to not only produce electricity but not to pollute their environment or kill consumers because of poor safety, so perhaps it is time to apply some similar thinking.

Two-thirds of executives surveyed said financial health was important but less than fifth were reporting on it. Click To Tweet

Where should we start? As the CFSI reported, while more than two-thirds of executives surveyed said financial health was a “strategic priority”, less than a fifth were actually reporting on customer financial health, which would seem to be a good trigger for practical initiatives and a way to encourage regulators, partners and customers themselves to ask questions about improvements in financial wellbeing. That’s not to say that nothing is happening, of course! For example, JPMorgan Chase have committed to give $125 million over the next five years to non-profits working around the world to improve the financial health of underserved communities and efforts such as this deserve applause.

Writing more recently in the Harvard Business Review, Todd Baker and Corey Stone explore some interesting ideas around this. They say that the prevailing paradigm (of markets and choice) has created a regulatory system that “largely places responsibility — absent the most egregious abuse — on the individual consumer”. They argue for a radically different regulatory structure to more directly connect the success of financial services providers to their customers’ financial health, a where-are-the-customers’-yachts approach where banks prosper when their account holders prosper. They draw an interesting analogy by comparing this approach with experiments in the American health marketplace that pay providers for improving patients health, “rather than paying them simply for treating patients regardless of the outcome of the medical intervention”.

My good friend Ron Shevlin wrote a great piece about this in Forbes arguing that financial health platforms will emerge to provide this next generation of financial services and pointing out that it will provide some terrific opportunities for fintechs. He suggests that aggregators such as MX, Plaid, Yodlee or Finicity could be a real catalyst in making something happen. I agree: if we can connect the potential for open banking to provide the data to the potential for new players to use that data, we can expect to see real innovation. This kind of thinking delivers a useful narrative for stakeholders to communicate around the post-pandemic financial services they must necessarily develop to support communities in their recovery from the COVID chaos and beyond.

I think this is really important. Refocusing the sector on delivering financial health, rather than financial services has implications that go way beyond choosing better credit cards or spending less on coffee and more on pensions. The American Psychological Association considers financial stress to be one of the top stressors in America and research shows clearly that financial stress and economic hardships link to a variety of very negative physical and mental health outcomes, ranging from abuse and neglect to household dysfunction and heart disease. There is no doubt about it: improving financial health improves health in general.

In order to do this, financial health providers will need a better picture of individuals and their circumstances. They need the raw data to work with. Just as the doctor needs X-rays, bloods and histories, so the AI that powers an effective financial health provider needs your transaction records from your checking account, your mortgage, your pension, your insurers and everywhere else. In the current economic downturn, to highlight the obvious example, many people make a lot mistakes in managing their finance through stressful and unfamiliar circumstances. But as was pointed out in the Wall Street Journal recently, most of these mistakes are very basic. It does not take a giant supercomputer and all of the data in the word to stop people from falling into common traps around the way they borrow, save, spend and invest.

I wouldn’t go so far as to say that we need a National Wealth Service in the UK, but we might imagine a situation where employers strive to improve employees wealth, just as they provide health benefits now by funding financial counseling as an employee benefit. The cost of providing such services, in a world of AI and machine learning, is affordable and delivers something of real value to the normal person who is, frankly, as ill-equipped as I am to make decisions about pension plans and savings and so on.

This is why I so sure that the connection with open banking, open finance and open data means the potential for a real revolution in consumer finance and this time it will be a  revolution that will make life better for the average consumer.

[This is an edited version of an article that first appeared on Forbes on 1st October 2020.]

What fintech revolution?

You may have missed World Fintech Day this year. It was 1st August, a date chosen by (amongst others) my good friend Brett King. It was a day to take some time to congratulate an industry that has achieved… well, what exactly? What is there to celebrate when the truth is that we haven’t yet had a fintech revolution or anything like one. The “challenger banks” are just banks, they haven’t brought new business models or changed market dynamics.

If you think I’m being harsh, take at look at this survey of almost 800 companies that has just ranked financial services as one of the least innovative sectors of the economy! We all expect the pharmaceutical companies, to pick an obvious example, to be more innovative than banks. And according to this survey, they are. But even the textile industry is more innovative than banking, where business models and the cost of intermediation (which I would see as being a key measure of productivity) haven’t changed for generations. Yes, fintech has brought financial services to hundreds of millions of people in developing markets, but it has yet to transform developed markets.

Even the textile industry is more innovative than banking, where business models and the cost of intermediation haven’t changed for generations Click To Tweet

Why has nothing happened?

Well, there’s a story that I tell at seminars now and then about a guy who was retiring from a bank after spending almost his entire working life there (I heard the story a couple of times from a couple of different people but as far as I know its earliest written form is in Martin Mayer’s excellent book “The Bankers“).

The guy in question had risen to a fairly senior position, so he got a fancy retirement party as I believe is the custom in such institutions. When he stepped up on stage to accept his retirement gift, the chairman of the bank conducted a short interview with him to review his lifetime of service.

He asked the retiree “you’ve been here for such a long time and you’ve seen so many changes, so much new technology in your time here, tell us which new technology made the biggest difference to your job?”

The guy thought for a few seconds and then said  “air conditioning”.

It’s a funny story, but it’s an important story because it includes a profound truth. Robert Gordon’s magisterial investigation of productivity in the US economy “The Rise and Fall of American Growth”, shows very clearly that the introduction of air conditioning did indeed lead to a measurable jump in productivity, clearly visible in the productivity statistics. Of course, other technologies led to improvements in the productivity of banks and the wider financial services sector. Computers, for example. But it took a while for them to transform anything (we all remember Robert Solow’s 1987 “productivity paradox” that computers were everywhere except for the productivity statistics) and the figures seem to show that those improvements slowed to a standstill a couple of decades ago.

Pinkcard

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

In the last decade, the smart phone revolution does not seem to have been accompanied by any increase in productivity at all and it’s not just because half the workforce are playing Candy Crush and the other half are messing around on Instagram instead of doing any useful work. It is, as Gordon notes, because the technologies are being used to support existing products, processes, regulation and institutional structures rather than to create new and better ways of delivering financial services functionality into the economy. So while there are individual fintechs that have been incredibly successful (look at Paypal, the granddaddy of fin techs that is going gangbusters and just has its first five billion dollar quarter), fintech has yet to fulfil its promise of making the financial sector radically more efficient, more innovative and more useful to more people.

I can illustrate this point quite simply. While I was writing the piece, I happened to be out shopping and I went to get a coffee. I wanted a latte, my wife wanted a flat white. While I was walking toward the coffee shop, I used their app to order the drink. The app asked which shop I wanted to pick up the drinks from, defaulting using location services to the one that was about 50 yards away from me. Everything went smoothly until it came to payment. The app asked me for the CVV of my selected payment card, which I did not know so I had to open my password manager to find it. After I entered the CVV, I then saw a message about authentication. What a member of the general public would have made of this I’m not sure, but I knew that they message related to the Second Payment Services Directive (PSD2) requirement for Strong Customer Authentication (SCA) that was demanding a One Time Password (OTP) which was going to sent via the wholly insecure Short Message Service (SMS). Shortly afterwards, a text arrived with a number in it and I had to type the number in to the app. The internet, the mobile phone and the app had completely reinvented the retail experience whereas the payment experience was authentication chromewash on top of a three digit band-aid on top of a card-not-present hack on top of a 16-digit identifier on a card product that was launched in a time before the IBM 360 was even thought of.

Thomas Phillipon of the Stern School at NYU carried out a very detailed analysis of the US financial sector back in 2014 and found that the unit cost of financial intermediation was around 1.87% on average (which is a lot of money). This adds up to a significant chunk of GDP. Indeed, calculations seem to indicate that the finance sector consumes about 2% excess GDP. What’s more, these costs do not seem to have decreased significantly in recent years, despite advances in information technology and despite changes in the organization of the finance industry.  Earlier World Bank work looking at the impact of bank regulations, market structure, and national institutions on bank net interest margins and overhead costs using data from 1,400 banks across 72 countries tells us why: tighter regulations on bank entry and bank activities increase the cost of intermediation.

To put it crudely, Moore’s Law and Metcalfe’s Law are overcome by the actual law and the costs of KYC, AML, CTF, PEP, Basle II, MiFID, Durbin and so and forth climb far faster than costs of transistors fall. This observation in fact shows us the way forward. As technology has driven down the costs of computing and communications, the costs of shifting bits around has collapsed. But financial services is — as it should be — heavily regulated and the costs of that regulation have rocketed. The net result is that fintech has not brought about a revolution. If there is going to be such a revolution, if new technology is allowed to create new business models and new market structures, and if those new structures are to reduce the costs of intermediation, then we need the regulators to create the space for innovation. And perhaps, just perhaps, they have: open banking is the first step on an open data road that may ultimately not only revolutionise payments, banking and credit but… everything.

Banking Bubbles no attribution

@dgwbirch The Glass Bank (2020).

We all understand that the future competitive landscape is about data, so the regulators can make an more innovative platform for enterprise by opening up access to it and then providing new kinds of institutions to curate it (such as the Payment Institution in the European Union and the Payment Bank in India). This kind of regulatory innovation may allow fintech to deliver what it promised and lay the groundwork for some actual challengers. So, this World Fintech Day, let’s celebrate fintech for what it is going to bring as we move forward into the open banking era, not for what it has achieved so far.

[An edited version of this piece first appeared in Forbes, 1st August 2020.]

PSD3 call me

The new paper from the European banking industry, produced by the European Banking Federation (EBF), European Association of Co-operative Banks (EACB) and the European Savings and Retail Banking Group (ESBG) sets out the industry’s vision for the EU payments market in detail. There’s lots of interesting stuff in there, but I was particularly interested in their views on the regulatory environment.

I couldn’t help but notice this paragraph on page six…

“From a data privacy perspective, global BigTech’s existing data superiority combined with access to payments data should be concerning and could lead to unintended negative outcomes for EU citizens.”

This is not a new position. It’s been obvious to any serious surveyor of the European payments landscape that it has been tilted. This is what I wrote for Wired magazine back in 2017:

“Non-banks are about to get a huge boost from European and UK regulators, thanks to the European Commission’s Second Payment Services Directive (PSD2)”.

I’m hardly the only person to have realised that PSD2 would mean that the playing field is tilted against banks and in favour of Big Tech. In fact I gave a keynote address on this topic at PaymentsNZ a couple of year ago, so if you are interested in a more detailed explanation of why the current regulatory environment is unsatisfactory, put your feet up and watch this:

The question is what to do about it now. Fortunately, I wrote about this in some detail more than a year ago, so if the European banking industry needs some help in formulating specific policies to lobby the legislators for, I stand ready to point the way. Last year, following the Paris Fintech Forum where this topic was discussed, I commented on the suggestion from Ana Botin of Santander that organisations holding personal data ought to be subject to some regulation to give API access to the consumer data. Not only banks, but everyone else should provide open APIs for access to customer data with the customer’s permission. This is what the European banks are asking for in their vision document. They want “concrete support” from policy makers to help achieve their objectives, including this levelling of the playing field between banks and Big Tech competitors, brining in a mutually-beneficial approach to data sharing address the inherent asymmetry in the post-PSD2 environment.

So, yes, Open Banking. But open everything else as well. Particularly Open Bigtech. This sharing approach creates more of a level playing field by making it possible for banks to access the customer social graph but it would also encourage alternatives to services such as Instagram and Facebook to emerge. If I decide I like another chat service better than WhatApp but all of my friends are on WhatsApp, it will never get off the ground. On the other hand, if I can give it access to my WhatsApp contacts and messages then WhatsApp will have real competition.This is approach would not stop Facebook and Google and the other from storing my data but it would stop them from hoarding it to the exclusion of competitors.

Forcing organisations to make this data accessible via API would be an excellent way to obtain the level playing field that the European banks are calling for. This would  kill two birds with one stone, as we say in English: it would make it easier for competitors to the internet giants to emerge and might lead to a creative rebalancing of the relationship between the financial sector and the internet sector. So, if the European Union wants to begin thinking about PSD3, in my opinion it writes itself.