Interview by Katia Lang (CEO TFT)
Suchitra Nair, Director at Deloitte and the EMEA Centre for Regulatory Strategy, talks about how regulation will impact tech innovation and offers her opinion on barriers, the future of tokenisation and the balance between innovation and market/investment security in the age of blockchain. TFT’s CEO Katia Lang sat down with her at the recent Fintech Connect 2018.
KL: What is your role at Deloitte and what challenges does it seek to address?
SN: I am the lead on technology innovation and regulation in Deloitte’s EMEA Centre for Regulatory Strategy. Our team looks at the relationship between technology innovation and regulation from many different angles and writes thought leadership papers for the benefit of our clients and for the broader fintech ecosystem.
We examine what effect regulation and/or other barriers have on the adoption of innovative technologies such as Blockchain, AI and cloud computing technologies. We also look at how regulation may open up the market and facilitate technological innovation and competition. For example, PSD2 and open banking is a classic example where the regulator has given authorised third parties the right to access customers’ banking transactional data, subject, of course, to customers allowing it. Another example is the regulatory sandbox – in the UK for instance, the FCA created an opportunity for firms to test their business model to understand both the regulatory and commercial impact. Such an approach fosters competition. In fact, having written a paper on the FCA sandbox, we know that there are instances of a few businesses that would not have existed, had they not been through the sandbox.
Another aspect of my role is to think about how technology innovation may shape regulation and supervision in future. For example, if firms and third party app providers are doing more on behalf of the consumer using personal data. Customers are happy to share their data for specific purposes but increasingly, we see from reports in the mainstream press that consumer expectations around the use of their data may not match those of the firm. As a result of technological innovation, regulators are taking a closer look at issues such as ethics and pricing.
Our team also regularly engages with industry, whether through one-to-one conversations with firms or through industry forums. I also work closely with Innovate Finance, which is the trade association for FinTech.
KL: Distributed ledger technologies (DLTs) can create ICOs, which many say is a questionable thing, and now DLTs are creating a new wave of tokenisation or digitalisation of assets. Is regulation a barrier to tokenisation? How would tokenisation be regulated when, for example, even real estate securities can be digitised?
SN: I don’t think that regulation is the main barrier to tokenisation – A major custodian did a trial over two years ago with a distributed ledger firm. At a conference, they shared many of the lessons learnt and challenges around scale, existing processes and security. This was interesting because they didn’t highlight regulation as a significant barrier.
The challenge has always been to achieve a more cost effective, more efficient, more secure solution than the existing one. Sometimes it isn’t the technology or regulation that’s preventing these solutions from coming to the market, but the underlying processes in terms of how industry practices work, that slow down the data flow. So, even if you tokenise the security the issue remains that someone has to maintain custody of it i.e. you need a custodian. Effectively, you’re not reducing the cost of becoming more efficient because, even though the title may have moved to the blockchain, the physical document has to move and also needs to be validated. However, many people are looking into this now and a solution may not be too far off.
Regulation will be applicable to the regulated activity. Using a token as a technological enabler will not change the regulatory requirements or expectations. There is of course a broader debate happening around how a token will be categorised and regulated if it is a crypto asset. If the token is similar to a security, it is likely to be regulated in some markets such as the US and UK.
KL: So, the tech itself didn’t resolve the issue? Isn’t it then about building something on top?
SN: I think people are still trying to develop a viable use case for a “permissionless DLT” in financial services so the question of can we have enough security to do really critical trades, i.e. trades that can move the market and affect price volatility and shares etc. remains. Security, scalability and governance are real concerns with some types of permissionless distributed ledgers.
On the other hand, “permissioned distributed ledgers” are getting more traction, where you have a small group of selected validated players using the technology. They may be able to transact quicker over a distributed ledger and people are getting more comfortable with that but, to make it successful, a number of other elements need to be addressed, especially governance and security. Simple things such as if someone loses a private key, then who is going to re-issue it? If there is an error on the distributed ledger which is meant to be immutable i.e. you can’t change the records, then how can you rectify a genuine error in the first place? These things can happen when you get humans interacting in the system. Eventually, from a regulatory perspective, the focus will be on the regulated activity that you perform, and whether you can perform it in a safe and secure way, irrespective of the technology that you use.
KL: What, therefore, needs to happen in the future for tokenisation to become mainstream and for everyone to be able to create a liquid asset and bring liquidity to the market?
- As I said before, regulators are typically “technology neutral”. If you are merely tokenising something and using a distributed ledger to move that token around then the regulator will look for robust controls and governance. The regulator is also interested in large third-party technology providers providing critical activities for regulated firms. For example, if a distributed ledger company became the platform for millions of regulated trades going through, then it becomes systemic and if there is a failure or significant error, then the whole market may move in terms of price. Market integrity and stability are key for the regulator, so, at this time, regulation per se is not a barrier. As soon as one or two players start becoming critical to the regulated ecosystem then they will gain regulatory scrutiny – we are already seeing this in the case of third party cloud providers.
The sheer implementation challenge to move to a new technology at scale cannot be ignored in this debate. For example, when you practically tokenise thousands of pieces of paper whether they are real estate deeds or equity shares in a company, the execution risks and costs are significant. When it’s a permissioned ledger, visibility and governance of the risk are potentially better, but it gets trickier when it’s a permissionless distributed ledger due to the number of players. In either application, governance and accountability need to be clearly defined not only for the activity but also for maintaining the underlying technology on an ongoing basis – this clearly can be challenging in a permissionless, decentralised system.
KL: So, will decentralisation prove to be a problem rather than a solution?
SN: I think it is difficult to generalise here as, from a regulatory perspective, it is the use case – the regulated activity and the scale of it – that will drive the regulatory requirements and expectations.
It is important to recognise that some regulators are themselves experimenting with distributed ledger technology to use it as a supervisory tool for areas such as digital regulatory reporting. Therefore, they are not viewing the technology or decentralisation as a “problem”.
The technology clearly has to prove itself to be superior to the existing infrastructure and operate in a safe and secure way. Once we find reliable solutions to these issues, distributed ledgers and AI technology will undoubtedly transform the way banking and finance currently work.