A take on the supervision of digital transformation

/ Jonas Sturies

Digital transformation is by far the most prominent issue on the 2020 agenda of BaFin, the supervisor responsible for Germany’s banks with less than €30 billion in assets (above, ECB is in charge). Will the key topics identified as of now for those banks in future also attract increased attention by supervisors in other jurisdictions and of bigger banks?

ECB’s 2020 supervisory priorities only mention information technology in the context of cyber risks. Germany’s Federal Financial Supervisory Authority (BaFin) – in stark contrast – places digital transformation both concerning business models as well as concerning supervisory work prominently on their 2020 agenda. Probably, the key topics identified for less significant German institutions as of now, will increasingly gain importance for similar institutions in other jurisdictions as well as for larger banks in the future.

Regarding sustainable finance, supervisors are in line. But policymakers seem to have different priorities – see for yourself in this annotated summary of BaFin’s 2020 supervisory priorities:

I. FinTech

Basic attitude towards innovation: In 2020, BaFin wants to be ‘technology-neutral and open to innovation‘, but at the same time assess the ‘obligation to obtain permission for new business models more intensively‘ and ‘also consistently enforce this obligation in the digital area‘. Open-mindedness for innovation is absolutely necessary – otherwise, companies subject to BaFin supervision will be trapped in the status quo, while players from other industries or jurisdictions will enjoy a competitive advantage.

Artificial intelligence:There is no question in my mind that artificial intelligence needs to be regulated. It is too important not to. The only question is how to approach it‘ – this is actually no quote of BaFin but of Alphabet’s CEO Sundar Pichai. In 2020, BaFin wants to find an answer for the German financial sector. To this end, they plan to carry out market analyses on data usage and its significance for competition (a fairly simple analysis to bridge the time until the BaFin analysis is ready can be found here). BaFin wants to create legal certainty for users of AI, but as a supervisory authority for financial institutions they also stress the limits of their competence in view of new (big tech) market participants.

Blockchain: Since the beginning of 2020, the safekeeping, administration and securing of cryptoassets or private keys is subject to authorisation under the German Banking Act (KWG) for providers based in Germany or offering services geared to the German market. Since this new requirement arises from German, not from European law, providers from other EEA states can not passport. To the knowledge of the Federal Government, as of August 2019, only three providers are active, but in future twenty applications for authorisation under the new rules are expected annually. In 2020, BaFin’s Securities Supervision Division will focus on the legal classification of the different blockchain instruments and on transparently communicating their regulatory assessments.

Cyber risk: In the past, IT security incidents at German institutions were mostly triggered by internal weaknesses rather than external attacks – In 2020, BaFin will continue to push for the strengthening of IT systems. They explicitly mention the possibility of security incidents at cloud providers – this means that outsourcing arrangements might increasingly come under scrutiny. BaFin’s Insurance Supervision Division announces surveys on the extent to which the insurance industry is able to correctly price cyber risks when issuing cyber policies.

II. Prevention of money laundering

BaFin’s Division competent for resolving banks is also responsible for AML. For 2020, they have identified the dissemination of cryptographic data and the provision of money remittance services by banks and payment institutions as an area to focus their attention to. Special attention will be paid to institutions whose suspicious transaction reports differ most from those of their peer group. The (partially) automated processing of suspicious transaction reports is planned to be strengthened.

III. Profitability

BaFin is examining whether institutions are increasingly taking on higher risks in order to achieve the necessary returns despite low interest rates, gloomy economic forecasts and digital transformation. In particular, they announce to focus on the following in their assessment of the supervised entities risk management:

  • Credit risks: Throughout the document, BaFin emphasises possible risks in connection with developments in real estate financing and possible value adjustments in real estate loans or corporate bonds – cross-sector examinations of investment strategies and lending standards will be conducted in 2020.
  • Business model risks: Both the Banking and the Insurance Supervision Division plan to assess strategies of financial service providers towards digital transformation.
  • Legal risks: The investigations of the tax and criminal prosecution authorities into the Cum-Ex tax fraud scandal are explicitly mentioned. BaFin mentions the possibility that the scandal might lead to revised fit-an-proper assessments of managing directors and supervisory board members of supervised entities.
  • Compliance risks: Unlike ECB, BaFin is tasked to protect consumers. In this respect, BaFin’s Insurance Supervision Division plans to pay particular attention to compliance with the regulation on sales remuneration (§ 48a VAG). The Securities Supervision Division will focus on the extended reporting requirements for financial products and transactions. In 2020, the Securities Supervision Division will also be busy with preparations for the commencement of supervision of financial investment brokers from January 2021. In advance, supervisory requirements are to be harmonised with regard to all persons involved in the sale of financial instruments – this will not be possible without changes to the German Securities Trading Act (WpHG).

BaFin will evaluate the stress test conducted in 2019 and initiate appropriate supervisory measures. In 2020, BaFin will also calculate and communicate the future institution-specific minimum requirements for own funds and eligible liabilities (MREL) for the majority of the institutions concerned. Furthermore, settlement planning and reporting will be advanced.

IV. Sustainable Finance

The European Commission seems to have the objective to reduce the cost of capital for the financing of environmentally and socially sustainable projects. The ECB however plans to only allow this if there is clear evidence that such sustainable loans are less risky than regular loans. How does BaFin position itself? As laid out previously in their document on dealing with sustainability risks, Sustainable Finance for BaFin does not mean that the costs of sustainable loans should be reduced, but that environmental, social and governance risks (ESG) have to be integrated into banks’ risk management – funding sustainable projects won’t get easier, but funding unsustainable projects will likely get harder. Corresponding concepts are planned to be drawn up in 2020 and addressed from 2021 onwards.

Jonas is a lawyer at Schalast in Frankfurt advising on the regulation of technological innovation.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.