Regulating Digital Technology: Real World Challenges and Opportunities

ETHOS Issue 21, July 2019

1. What Aspects of Evolving Social Norms Should Be Taken into Consideration as the Use of Digital Technologies Broadens?

HARDOON: I will discuss digital technology in the context of financial services, i.e., FinTech, which broadly refers to the application of technology to financial services. FinTech has been an important theme in financial regulation over the past two decades, and it continues to evolve.

Digital disruption can potentially transform the financial industry for the better. But these same technologies can also potentially be misused. For this reason, MAS has partnered with the industry to encourage innovative use of these technologies while putting in place the right conditions for their ethical usage.

The aim is two-fold. We want to encourage financial institutions to innovate and experiment using the latest technologies. At the same time, we want them to bear in mind a set of principles that promote Fairness, Ethics, Accountability and Transparency (FEAT) in their use of Artificial Intelligence and Data Analytics.

KUNDU: A number of areas will need to be handled judiciously. One is privacy: the individual’s right to their own data should be recognised. Another is the need to treat both consumers and employees fairly. This includes avoiding unintended bias—it may be fine if there are legal, appropriate and purposeful reasons for certain kinds of bias (e.g., intentionally not lending to those who may not have the means to pay back), but not if such bias has crept in unintended due to an opaque, poorly-understood algorithm.

We have to watch for predatory pricing, such as practices that may produce positive surplus for consumers in the short term but which destroys competition or are not in customers’ interest in the medium to long term.

Using disruptive technology is no different from any other business decision. Just as companies are held accountable for the environmental impact of their actions, they should also expect to understand, track and ultimately own up to the impact of their technology use—e.g., on consumers’ health, stoking of conflict in society, and so on.

Companies should also take care to not remove human agency altogether through the introduction of disruptive technologies, at least until such time as the particular technology and its applications have matured fully.

Finally, disruptive technologies and the innovations they bring should more clearly demonstrate their broader positive impact on society (e.g., enhancing financial inclusion is arguably a much bigger “call to arms” for FinTech innovation than new services or user interfaces).

2. What Is the Right Approach to Regulating Digital Technologies?

HARDOON: As a regulator, MAS views regulation as playing a central role in promoting innovation and technology. In fact, achieving continued innovation means that we must get regulation right. Fundamentally, it is about ensuring that risk is managed, while facilitating innovation.

As a starting point, this sometimes means not rushing to regulate. Introducing regulation prematurely may stifle innovation and potentially derail the adoption of useful technology. Materiality is key here. This means we want to allow regulation to kick in only when the risk posed by the new technology becomes material, and arrive at regulation that is proportionate to the risk posed.

Where appropriate, we have different regulatory levers and approaches to support the industry’s adoption of FinTech. First, since technological innovations create new opportunities as well as new risks, MAS strives to provide timely clarification to the industry on where the risks could lie, and how existing regulations could apply to such new technologies. Second, we regularly review our regulatory framework to ensure it is fit for purpose. An example of where we are taking such steps is in the payment services area, where we are experiencing a surge in innovation. The new Payment Services Act, which will come into force early next year, is an activity-based regulatory framework that allows MAS to more effectively regulate all relevant segments of the payments ecosystem in Singapore, including new services enabled by evolving technologies.

The potential benefits of FinTech are immense. While our story of FinTech regulation is still unfolding, there are three areas where good progress has been made in the last ten years: in the setting of standards for distributed ledgers, in making cloud computing services safer, and in the area of artificial intelligence. FinTech developments are forcing regulators to review the way regulation is done. If FinTech is unbundling the financial services value chain, then regulators may have to, where appropriate, “unbundle” or “re-calibrate” their regulations too.

Regulators must run alongside innovation, keeping pace with developments, assessing the risks, evaluating whether it is necessary to regulate or leave things to evolve further and where appropriate, provide monetary incentives to support the development of an innovative ecosystem. MAS regularly engages the ecosystem to learn and understand about new technologies. MAS also conducts and participates in proof-of-concept projects with the industry to better understand certain technologies. We will continue to calibrate our response, whilst maintaining the ethos that regulation should not front-run innovation, and having regulation that facilitates innovation.

KUNDU: Regulations need to strike a balance: between the freedom to experiment and explore, and the certainty of not falling foul of rules inadvertently, particularly as early experiments become mainstream. They should establish a level playing field between incumbents and challengers (both within and outside the industry). Regulatory requirements should be commensurate with the potential material impact of a breach or level of risk. There should be alignment—between different regulations in a country (such as banking and privacy regulations), and also where possible between countries: which is particularly relevant for MNCs.

In some countries, banks are struggling with increasing restrictions on accessing data across borders. The rationale for “data sovereignty” rules is well understood, but to the extent that these might impede innovation and stifle other government objectives (e.g., enabling cross-border investment and trade, and preventing money laundering and terrorism financing through data sharing), there may be room for refinement.

The FEAT (Fairness, Ethics, Accountability and Transparency) principles for the use of Artificial Intelligence in Financial Services by MAS illustrate much of what industry would like to see in the regulatory space. FEAT principles were preceded and followed by meaningful industry consultation and co-development; are principle-based instead of rule-based, with practical illustrations of how the principles should be interpreted; recognise the need to balance risk and innovation; offer a level playing field for both incumbents and new entrants; are flexible on how the principles can be implemented (e.g., creating a new AI governance framework or embedding into existing risk frameworks); they allow industry response to be calibrated based on materiality of impact.

3. How Should a Good Regulatory Sandbox Be Designed to Encourage Useful Experimentation and Innovation with Digital Technology?

HARDOON: To date, there are at least two distinct models of sandbox: (1) product testing sandboxes and (2) policy testing sandboxes.

The sandbox by MAS takes the second approach. The sandbox facilitates live experimentation of innovative financial services and business models within pre-defined boundaries. It is a mechanism to evaluate whether particular rules of regulations should be changed on specific use cases. This helps MAS identify regulations that may no longer be relevant due to the use of new technologies in the financial sector.

Operating and maintaining a sandbox is not without cost. In one developing economy, the process involved extensive public consultation and market landscaping. It also involved significant internal consultation, estimated at around six days each for 10 to 15 members of senior management and a three-day workshop for around 18 staff members. One regulator in an advanced economy has the equivalent of 10 full-time staff supporting the sandbox function. Another has just one full-time staff member running the sandbox, consequently resulting in significant bottlenecks. Given this constraint, jurisdictions should not rush into creating sandboxes. There are clear cases where sandboxes have slowed down or impeded innovations because of limited manpower to support its operations.

KUNDU: A good regulatory sandbox needs to provide a meaningful platform for the industry to prove or disprove technologies or business models. It should have a number of features, such as having clear objectives (not “solutions looking for a problem”). Ideally, it should focus on opportunities that involve multiple players in the industry (including a partnership between incumbents and new entrants) and/or government, and involve real-world rather than hypothetical or synthetic data.

A good sandbox should be appropriately scaled: if it is too small, for instance, the experiment could have very little value outside the sandbox. There should be clear supervisory and regulatory guidance throughout the sandbox trial, based on continuous communication and partnership between the regulator and sandbox participants.

Finally, the sandbox should focus not just on proving concepts but on creating confidence about the ability to scale up and “productionise” the new technology application or business model.

4. What Do Industry and Regulators Need To Understand about Each Other’s Respective Standpoints in the Digital Economy?

HARDOON: MAS is in a unique position. It is not only a regulator, but also an industry developer. Deepening innovation and digital transformation for the financial industry remains important, as is the consideration of risks when adopting new technologies.

As a regulator, we continuously strive to deepen our understanding of emerging technologies, including the risks and opportunities they present. I view regulatory sandboxes as a means to enhance collective understanding of such new technologies that impact the future of financial services. Therefore, working jointly is important especially when we do not have all the answers in advance. One of my favourite adages is particularly apt here: “when in doubt, ask”.

KUNDU: In some ways, regulators may benefit from staying true to their original objectives even when looking at digital disruption. For example, in the financial services context, this would have historically included: stability of, and trust in, the financial system; safety and soundness of firms; financial inclusion, fair treatment for customers; (responsible) growth of the industry in the country.

But while there is value in staying firm on the objectives, regulators will need to think about some additional factors as well. This includes such factors as a dramatically greater pace of change, with increasing complexity and concentration of risk.

Indeed, the very definition of who should be regulated in a given “industry” have changed completely. Sectors like media and retail are already unrecognisable compared to a decade ago; others like automobiles and transport are being rapidly transformed.

In this environment, networks and platforms have become vital. This means we need to go well beyond individual firms to looking at an entire ecosystem of partnerships, for instance.

Needless to say, data has become central to the business. Policymakers and regulators will need teams with a different set of skills, including a manifold increase in competencies related to technology and data.

On the tech front, there is a risk of good intentions papering over an inadequate risk culture—many digital innovators may have limited experience working in regulated industries; while their approaches may be good for challenging or disrupting old assumptions, some can also be naive about the risks they are creating for themselves and society.

5. In an Environment of Rapid Digital Disruption, How Can Governments Create Policies that Deliver Both Stability for Ecosystems as well as Responsiveness to Change?

HARDOON: This question captures succinctly, the “new” model regulators operate in. My view, as I’ve explained, is that: One, that regulation should not front-run innovation: introducing regulation prematurely may stifle innovation and potentially derail the adoption of useful technology. Two, regulators must run alongside innovation, keeping pace with developments, assessing the risks, evaluating whether it is necessary to regulate or leave things to evolve further and where appropriate provide monetary incentives to support the development of an innovative ecosystem. Three, accepting that we do not have all the answers in advance. Therefore, keeping abreast with developments, engaging the industry and staying nimble are key to operating in this new normal.

KUNDU: Looking beyond individual industry regulators, some additional “whole-of-government” considerations would be useful.

First, within a country, regulators across industries may need to work much more closely. The same companies will enter, and perhaps seek to dominate, multiple industries. Cross-cutting concepts around ownership and custodianship of data will become more critical. The pool of skill-sets available to regulators will become smaller. As a result, cross-agency collaboration will become key.

There will also be much greater need for cross-border alignment and cooperation (though this is easier said than done!). It is particularly important for small open economies like Singapore.

There has to be a willingness to make, accept and then correct mistakes. Regulators are likely to end up making decisions that become irrelevant or even counter-productive over time due to changes in technology. In this light, regulators could look to provide guidance in the first instance, rather than impose binding regulation.

Finally, it is important to recognise that digital disruption will have a negative impact in some areas (the most obvious being the destruction of existing jobs). “Win-Win” situations will not always be possible. There has to be as much thought on supporting those left behind and correcting for the negative impact of disruption. In this, governments may even need to make the (largest) disruptors take a share of the responsibility.