- EU authorities should urgently address financial regulation for FinTechs and shadow bankers
- An EU-wide regulatory framework is needed to encourage innovation while creating financial stability, orderly markets and safeguards for investors
- Fintech executives expect a regulatory backlash with consequences for the broader industry
At TriFinance, we have been monitoring the Wirecard scandal from very close. “FinTechs or ‘shadow bankers’ do not only challenge the Financial sector,” Jean-Philippe Thirion says, “they also put regulators and supervisors up to the test.”
Article by Rudi Sneyers & J-Ph. Thirion
In recent weeks, the German financial regulator BaFin has come under intense criticism for failing to investigate one of Germany’s worst-ever financial scandals.
June 25, FinTech company Wirecard filed for insolvency after its CEO Markus Braun was arrested for alleged market manipulation and fraud. After the auditor failed to find 1.9 billion euros in cash, equivalent to a quarter of Wirecard’s balance sheet, the Management Board issued a statement admitting that “there is a prevailing likelihood that the bank trust account balances in the amount of 1.9 billion EUR do not exist.”
Once Germany’s darling Fintech with a market capitalization of 24 bn euros, Wirecard overtook Deutsche Bank in market value in August 2018, also pushing Commerzbank out of the DAX. As we speak, the company is on its way to becoming a penny stock. Its shares have crashed 98 percent at the end of June. Meanwhile, the German government has called for regulatory reform.
FinTechs, Shadow bankers and Narrow bankers
Shadow banking is a generic term applying to any actor exercising a banking activity. For Jean-Philippe Thirion, Business Unit Leader at Financial Institutions Belgium, shadow bankers are particularly useful. Contrary to what the name suggests, they are not necessarily obscure players: “The shadow banking universe covers a broad spectrum of activities, such as lending, payments, asset management, insurance and support services in the area of big data and cloud computing,” he says. “Shadow bankers - or narrow bankers as we also call them - are not always FinTechs. A big pension fund can also be designated as a shadow banker or narrow banker.”
Wirecard, an extraordinary growth story
Wirecard was founded in 1999, in the late stages of the dotcom boom. After the entrance of the former CEO Markus Braun, an Austrian computer scientist, Wirecard began its relentless march to the top. In 2005, Wirecard entered the Frankfurt stock market through the acquisition of a defunct call center group whose core business was managing payments for online gambling and pornographic websites. Through the take-over of XCOM in 2006, Wirecard entered the banking sector. Licensed by both VISA and Mastercard, the renamed Wirecard (Bank) AG became allowed to both issue credit cards and handle money on behalf of merchants, an unusual hybrid of banking and non-banking operations. Wirecard offers both business clients and consumers a full range of innovative technologies and flexible customizable services for cashless payments: online, mobile and at the point of sale.
Over the past years, Wirecard expanded worldwide through a series of mergers and acquisitions. Thanks to its continuous drive for innovation and technological leadership, the company operates one of the world’s fastest-growing digital platforms in the realm of financial commerce and is perceived to be one of the world’s leading technology companies for electronic payments. In September 2018, Wirecard became one of the 30 most valuable German companies listed on the Frankfurt stock exchange by joining the blue-chip market Deutscher Aktienindex (DAX).
Unfortunately, the promising future of this FinTech star abruptly came to an end and turned into a true nightmare: Wirecard claimed to have €1.9 billion of client funds in accounts at two of the largest banks in the Philippines that, however, certified they had no knowledge of such accounts. In addition, Wirecard’s collapse incited the UK’s Financial Conduct Authority to freeze its UK subsidiary. That blocked millions of customers at other FinTechs from accessing their money for four days because they relied on Wirecard technology.
We believe that the regulatory authorities must urgently address the need to appropriately regulate companies which increasingly act as a bank without being considered as such
Jean-Philippe Thirion, Business Unit leader Financial Institutions
A disgrace for Germany as a financial center
How did the German financial regulator handle this situation?
German politicians, who qualify this scandal as ‘a disgrace for Germany as a financial center’ plan to question the European Central Bank on why Wirecard had been classified as a technology company rather than a financial institution that would have been subject to stricter scrutiny.
German regulators are obviously under scrutiny for the way they handled the Wirecard case. The German Government is currently questioning whether the authorities that have regulated the industry up to now should continue to do so in their current form. There is little doubt that rules will become stricter in the future.
For now, the government has already declared to terminate its contract with the country’s accounting watchdog, the Financial Reporting Enforcement Panel (FREP), in German Deutsche Prüfstelle für Rechnungslegung (DPR). This is a private sector body with quasi-official power, which monitors the financial reporting of listed companies on behalf of the government
FREP was founded in 2004 in response to the Enron accounting scandal but has only limited resources. Under German law, BaFin can ask FREP to open an investigation into a company’s financial reporting but has no influence on the actual process. BaFin needs to wait for the result of a FREP investigation before it can start its own investigation.
But regulatory failure is not only a German problem. In most countries, the regulatory regimes for the payments sector are considered too lenient which is obviously dangerous when money is involved. A system whose safeguards have failed so dramatically should urgently be changed.
Tightening the regulation
Fintech executives expect a regulatory backlash after this scandal. They believe that regulation of the payments sector could be tightened in several ways.
- The main one is to find a better way for regulators to monitor the segregation of client money. This was a crucial issue in the Wirecard saga.
- Another area that could be tightened up at many payment companies is their governance. Companies could, for example, introduce bank-style requirements for truly independent directors who are approved and guided by regulators.
- The final way to improve regulation of the payments sector would be to impose greater scrutiny on larger, more important providers of payments services — just as there is for the biggest banks. Infrastructure providers may be providing services for lots of other FinTechs, not only themselves, so Wirecard could be considered as systemically important to the FinTech industry.
Emerging technologies create new risks
FinTech is considered to be beneficial for the long-term viability of Financial Institutions. It is very beneficial for competition, innovation and the enhancement of the overall quality and cost of financial services in terms of convenience, economies of scale and automated controls for internal control departments and supervisory authorities.
The rapid adoption of new technologies and the emergence of new business models pose an increasing challenge to Financial Institutions. Ecosystems and partnerships with third parties intended to accelerate the pace of innovation also involve new risks. In addition, emerging technologies create new risks that should be addressed, monitored and supervised.
We believe that these risks are situated in the area of operational risk (Reputational risk, Data security, Data privacy, and outsourcing risk among others) but also at the level of business risk and minimum solvency and liquidity levels on top of sound governance (including solid risk management and internal control functions).
The main risk factors are operational risk (Reputational risk, Data security, Data privacy, and outsourcing risk) together with Compliance Risk and Business risk requiring solid governance, risk management and internal control functions.
Focus points for European regulators?
The supervisory focus has been put on assessing how technology-driven innovation in financial services may affect the banking industry and the supervisory activities.
Both European regulators, EBA and ESMA, insist on stronger cooperation and harmonization at EU level in the area of digital financial services. They point out the importance of technological neutrality in regulatory and supervisory approaches and the need for a stronger dialogue between industry and regulatory authorities on activities related to innovation.
They also insist that innovation should at all times be encouraged. An EU-wide harmonized regulatory framework is necessary to allow innovative firms in the EU to reach the scale that they need and provide for the necessary safeguards to investor protection, financial stability and orderly markets.
Discussions and consultations are however still ongoing at the EU level about the adoption of a technology-neutral, activity-based and proportionate financial regulation.
These discussions and consultations are still work in progress while internationally aligned regulatory responses are urgently awaited in areas such as the use of crypto assets posing major concerns in terms of consumer protection and money laundering risk.
Other responses are mandatory to enhance consumer protection in fields like the (mis)use of artificial intelligence and machine learning algorithms both in robo advice and credit and insurance acceptance and monitoring.
Last but not least, new sources of systemic risk such as major cyber incidents should be addressed driven by sound risk management and governance practices.
Regulatory changes & Adaptation of governance and internal controls systems
Regulatory changes are urgently needed in order to avoid new scandals in the fintech industry. To be efficient and effective, appropriate responses are urgently needed at a European level.
The further evolution of the incumbent financial institutions towards new types of financial ecosystems will necessitate significant business model changes encompassing also the evolution of their operating models, especially the appropriateness of the governance and internal controls systems adapted to the size and complexity of the actors within such ecosystems.
These measures should permeate the culture of the concerned organization where the awareness of controls should mitigate the occurrence of significant operational errors (intentional or not).
TriFinance can assist organizations to embed optimal and appropriate governance models while improving the efficiency of the operational processes through process redesign or process improvements. Our experts strongly believe that operational risk management measures are valid if they also improve operational excellence.
Rudi Sneyers is Practice Leader Risk Management & Compliance at Financial Institutions TriFinance
Jean-Philippe Thirion is Blue Chip Boutique Leader at Financial Institutions TriFinance
- EBA, ESMA, Financial Times
- Wirecard image: Wikipedia/Thomas Springer.
- FinTech image: www.raisin.co.uk/