State or self-regulation: Which way for fintechs?

A man uses a smartphone. PHOTO/edgar r. batte

What you need to know:

As FinTechs continue to disrupt the financial services sector in Uganda, regulators must be alive to the threats posed by this disruption; as the Pegasus hack has demonstrated.

Telcom giants MTN and Airtel Uganda together with Stanbic Bank on October 5 suspended bank-to-wallet mobile money transactions. This followed a cyber attack on Pegasus Technologies, a third party aggregator of digital payments. The exact extent of the loss is yet to be ascertained, but more than the actual money lost, the biggest dent caused by the hack is eroding customers’ trust in digital financial services. Yet ironically, therein lies the opportunity for financial sector regulators to take a more active role in regulating FinTechs.

From Kodak, to the Bell phone, to the video cassette recorder, whenever disruptive innovation occurs, the incumbent is caught off-guard. Just like market incumbents, regulators too may be ill-prepared to respond to the challenge posed by market disruption. As FinTechs continue to disrupt the financial services sector in Uganda, regulators must be alive to the threats posed by this disruption; as the Pegasus hack has demonstrated.


Fintech regulation

A finTech is a medium through which a financial service can be provided. In Uganda,  financial services regulation is based on four objectives: combating anti-competitive behavior, curbing market misconduct, promoting information asymmetry and preventing systemic risk. The moment the activities of a finTech trigger any of these objectives, the case is made for regulatory response.

The attitude of regulators has been keeping finTechs at arm’s length and not viewing them as providers of the services that they have oversight. Given their nimble size and agility, finTechs operate like the regulation is only there to oversee the larger TechFins (technology companies that offer financial services). With FinTechs now offering financial services platforms from payments, savings, credit and insurance, the siloed attitude toward regulation is not sustainable.

In the absence of state regulation, should the players be left to operate without any kind of regulation? 

In nascent industries where the pace of innovation is faster than regulation , the private sector uses self-regulation to set industry standards, develop and apply codes of ethics and ensure consumer confidence. Daniel Castro (2011) “Benefits and Limitations of Industry Self-Regulation for Online Behavioural Advertising” refers to self-regulation as a “regulatory process whereby an industry-level organisation, as opposed to a governmental or firm-level organisation sets and enforces rules and standards relating to the conduct of firms in that industry”. Through their umbrella association, the Financial Technology Service Providers Association (FITSPA), FinTechs have come up with an Industry Code of Conduct that all members of FITSPA are expected to uphold.

When catastrophes occur within an industry, self-regulation can be used to respond to such catastrophes. The Pegasus incident and other cyber-fraud attacks that have occurred in Uganda, makes the case for FITSPA as an industry association to take a more active role in compelling its members to implement, test and strengthen their anti-cyber fraud safeguards. This would in turn reduce information asymmetry; if for instance, FITSPA engaged an independent organisation to evaluate its members’ compliance with its counter-fraud standards. Following the evaluation, the member would be given a certification that consumers would trust.

Self-regulation also acts as a check on over-regulation that tends to increase the cost of compliance, which cost is borne by the consumer. Yet over-regulation per se does not necessarily translate to tangible benefits, but stifles innovation and raises barriers for new players to enter the market.

Some argue that FinTechs self-regulation does not have the force of law as state regulation. But in a scenario of latent or no state regulation, self-regulation is the best alternative for FinTechs to build public trust and combat negative public perceptions in the industry. In any event, self-regulation can be more effective in rulemaking than state regulation. This is because players with expertise and experience in the industry come together to make these rules. These players would also be better placed to detect, monitor and enforce compliance.

Without some form of state endorsement, self-regulation may have an adverse effect of regulatory uncertainty. Proactive regulation is such that the regulator uses the tools within their enabling laws and regulations to support the development of the market. This will require a mentality shift from reactive regulation where regulators use regulation to sanction; to proactive regulation where regulators use regulation to support innovation and development of the market. An endorsement of industry association’s standards is one way in which regulators can exercise proactive regulation.

Others might say that regulating activities of FinTechs will stifle innovation, outreach and is akin to trying to regulate ATMs or cheques which would be onerous. However, technology poses unique risks like cyber security, data protection and privacy that only regulation can address. In addition, due to the scalability of technology, its potential for systemic risk is higher than traditional mediums of providing financial services. With the absence or latency of state regulation, self-regulation is the immediate alternative for FinTechs to ensure public confidence in the industry.

Self-regulation: Cyber fraud safeguards

The Pegasus incident and other cyber-fraud attacks that have occurred in Uganda, makes the case for FITSPA as an industry association to take a more active role in compelling its members to implement, test and strengthen their anti-cyber fraud safeguards.

The author is a partner at Citadel Advocates.