After the tsunami…


Eric de Gay de Nexon, Head of Strategy, Market Infrastructures and Regulation, Societe Generale Securities Services, on regulating the development of new technologies and the digital transition.

The international financial industry might have been forgiven for thinking that the tsunami of regulation that has engulfed us over the past since the financial crisis struck hard was over, and that it might be safe to venture back into the water. But as in the iconic book and film Jaws, there is almost always something potentially very nasty lurking beneath the surface.

Many of us who thought we could simply put the new regulatory framework into practice and begin to assess its knock-on effects and correct any consequent problems have had to think again. We must now get ready for a new wave of regulations aimed at regulating the development of new technologies and the ongoing digital transition.

Here I am referring to such concepts as artificial intelligence, the access and the use of data, distributed ledger technology (DLT) and Blockchain, crypto-assets (central banks do not like the term crypto-currencies). We must also take into account other tokens, initial coin offersing (ICOs) and Crowdfunding, the Cloud and finally cyber security.

There is likely to be a wave of further regulation rather than another tsunami, aimed at regulating both the new uses made possible by advanced technologies but also the new digital assets which sometimes accompany them. This wave will have an impact both at the domestic and the international level. The underlying idea is not necessarily to regulate the new technologies at any cost along with the companies that develop and operate them and especially the uses that they enable. Regulators in this area are very often quite cautious since they are aware that these new applications can be useful to the development of the economy and the stakeholders concerned.

It is important first and foremost to clearly identify and understand the concepts underpinning these new uses: it is interesting, for example, to see how new bodies dedicated to advanced technologies are being set up by local but also international regulators. A good grasp of technologies as well as the uses that ensue is essential to ensure that they are consistent with the existing regulatory framework, or at least with its underlying principles of security, investor protection and financial stability. This should enable the existing framework to be adapted or supplemented if necessary.

In addition to a thorough understanding of digital developments, it is important to ensure that the regulatory changes planned are adequate: this requires a continuous dialogue with industry stakeholders, but also exploratory or test phases, sometimes in real life situations, but in an environment controlled by the regulator, what is usually called “sandboxes”. Some regulators are working on establishing them and the European Commission, in its action plan for FinTechs, envisages drawing up best practices regarding these.

Defining the nature of crypto-assets means being able to answer critical issues such as those relating to their eligibility for investment funds, the means used to protect investors, but also to value and hold these assets. All this may result in crypto-assets being purely and simply prohibited or, conversely, being accepted as a means of payment. Turning to the field of artificial intelligence, the European Commission has stated its wish to entrust a group of experts with the task of drafting a report featuring guidelines on accountability, algorithm transparency and other topics including ethical issues related to these technologies.

On cyber security, it must be remembered that this is a global challenge that extends beyond the IT field, and even beyond the sole perimeter of a company if considering the Cloud and more generally service outsourcing. Here again we can expect numerous initiatives, firstly at domestic level, but also at a European and international level since authorities across the globe have set this as one of their top priorities. These will be regulatory initiatives but also initiatives from domestic but also pan European supervisors as the ECB. The latter has in fact this year launched a consultation on market infrastructure supervision with respect to compliance considering cyber risks.

To conclude in brief, having considered all the facts and opinions, arguably only one thing is certain. The very raison d’être of regulators is to regulate. One way or another, we will inevitably see more regulation. One major task then facing our industry will be to establish a framework that will enable the risk and compliance issues associated with such regulation to be managed in the best interests of all those affected.