FinTech, cryptocurrencies, IT security – the Digital Revolution poses a considerable number of new challenges to banking regulation. In this interview, Felix Hufeld, president of Bafin, explains how the balancing act between security and the promotion of innovation can be successful.
Felix Hufeld is the president of the Federal Financial Supervisory Authority (Bafin). At the 23rd Handelsblatt Banking Summit in August 2018 in Frankfurt, he will provide insight into the complex tasks facing banking supervision in light of digitalization.
Interview with Felix Hufeld
Mr. Hufeld, the financial community is experiencing a Digital Revolution. What does this mean for banking regulation?
Supervisors and regulators have to deal appropriately with novel business models and the new, innovative enterprises on the market. On the one hand, we want to give room for innovation, but on the other hand, we have to provide security. Regarding the participants on the market, basically the same regulatory framework applies to everyone – depending on the type of business: “same business, same risk, same rule,” as well as the principle of proportionality. No matter if it is a FinTech company or an established financial institution. Consequently, our task as supervisory authority – according to our mandate, digitalization notwithstanding – remains the same. Supervisors have to ensure that the legal requirements which the supervised institutions are subject to are actually complied with in practice.
How likely do you think is a turnaround on interest rates in the euro area in the next few years?
I may not be clairvoyant and I do not want to speculate, but since this low-interest environment has been going on for a very long time, there is a strong statistical probability that interest rates will rise again at least in the medium run. Such can already be seen in the United States.
What would be the results of a possible rise in interest rates?
If we were with “Make-A-Wish,” the institutions should wish for a slow rise in interest rates, kept under control and in line with the trend of an inflation expectation of two percent, as prescribed by the European Central Bank. A sharp turnaround on interest rates would challenge many participants tremendously. This is exactly the scenario we considered in a low-interest environment, while conducting a recent survey on the resilience of German financial institutions together with the German Central Bank. According to that, a sharp rise in interest rates of 200 basis points would initially more than halve the total return on investment – i.e., the annual profit before taxation in proportion to the balance sheet total – reducing the projection from 0.51 % in 2016 to 0.23 % in 2017. Only in the following years would the rise in interest rates positively affect earnings.
Could cryptocurrencies endanger financial stability? Is there a need for regulatory readjustment in this area?
For supervisory purposes, the greatest problem we see at present with cryptocurrencies – i.e., crypto tokens like Bitcoin – is clearly the pseudonymity, that is to say, the lack of transparency regarding the participants. This can involve anything up to complete anonymity – and that is what makes such tokens attractive for abuse, such as for money laundering or for financing terrorist activities. But in terms of financial stability, I currently would not sound the alarm yet. At the moment, the equivalent value of the crypto tokens that are moved outside of Germany is not yet so great in comparison to the total economic output that we have to fear urgent risks to the financial markets. We would have to act if the overall financial stability was threatened or if criminal abuse was encouraged. We will therefore closely observe future developments. However, in the state of tension between openness to innovation and risk prevention it is important to maintain a well-balanced approach to dealing with the opportunities and risks of financial transactions involving tokens.
But as the Federal Financial Supervisory Authority, we also keep an eye on consumer protection. That is why last November, we warned against Initial Coin Offerings (ICOs) and pointed out the high price volatility of crypto tokens. But we will neither be able to protect every single investor from possible price losses, nor should that be the purpose of government supervision.
Furthermore, crypto tokens are a very international issue and as such should preferably be regulated on an international level. There already have been a few initiatives in this regard. I am thinking for example of the FinTech action plan recently published by the European Commission, which focuses on questions of regulation that concern blockchain technology, among other topics. This shows the efforts being made to create consistent legal norms across Europe and to ensure advantageous competitive conditions for the deployment of this key technology. Moreover, in February, the finance ministers and the heads of the central banks of Germany and France presented their own proposals to the Argentinean presidency of the G20.
Germany is one of the first countries to develop specific supervisory requirements for the risk management of IT and cyber risks. Why do we need such requirements?
Cyber risks not only endanger the confidentiality, integrity and availability of data and IT systems, they can also threaten the reputation of entire corporations and even financial stability itself. The aggressors often work in professionally structured, criminal networks – they could not care less about national borders. What makes the problem even worse: Many financial institutions have outsourced certain services in the last few years. They have only limited control over their IT security. But we cannot tackle such a complex challenge unilaterally; it is essential that we make progress on a global level as well.
Have there been any attacks on banks already?
Not just one, but several. One example that made headlines throughout the world was the cyber attack on the central bank of Bangladesh two years ago, which caused more than US$80 million in damages in the end. The only reason it did not result in multi-billion losses was that the attacker overlooked a careless mistake in the bank transfer. German banks have not been affected by such extensive attacks.
In conclusion, let us turn once more to the positive aspects of digitalization. Do you think new technology, such as artificial neural networks or RegTech, can help with the regulation as well?
What is colloquially known as “RegTech” and helps the companies effectively meet their regulatory obligations, obviously also has potential to be useful in our supervisory tasks. This certainly is true for data processing, for example. The way data are analyzed can open up new possibilities with the aid of innovative technological procedures – including big data processing. And I am sure that the analytical part of supervisory practice will be a lot larger in the foreseeable future than it is right now. In the end, however, human intelligence and the assessing judgment of experienced auditors will remain conclusive in future as well. But innovative financial technologies can relieve them of valuable preliminary work in the decision-making process.
For the original interview in German click here: Bankenregulierung – zwischen Innovation und Sicherheit