We have all seen this movie before: innovators create a new technology and the public voraciously consumes it. The new product or service falls outside of existing regulation, so the companies who own the technology freely decide how they grow market share and profit. At some point, regulators realize there’s a gap between what is happening and what should be happening and pass legislation or enforce existing laws to close it. Think of the early days of our sharing economy – Airbnb operated outside of local ordinances while cities pursued collecting hotel taxes from hosts. And remember a few years ago when you took an Uber ride without knowing if your driver was an employee or an independent contractor?
In 2020, the pandemic generated a huge opportunity for growth in fintech, which will not go away post-Covid-19. Increased consumer demand created an ideal market for digital finance companies. The need for contactless payment systems was immediate and companies like Square rose to meet the challenge. With people afraid to go anywhere, even their banks, they turned to mobile banking tools. Given the roller-coaster stock market, everyone wanted to get in on making stock trades and some investing apps became household names. Looking at you, Robinhood.
Now, everything points to continued strong growth for fintech in 2021 and beyond. Expect to see a parallel growth in regulation and compliance enforcement. Here is where we are likely to see changes and what it means for fintech entities.
BUILD IT OR BE HACKED
As the recent SolarWinds hack into our government agencies shows, cybercriminals continue to be a material threat via our online lives. More and more they are turning their attention to the possibilities available at fintech companies. This is not surprising as the lure of gaining access to customers’ financial information must be highly tempting.
The first step in protection from cybercriminals is for individual fintech consumers to change their behavior and better protect themselves. For example, no more passwords like 1234. (Yes, that’s still happening.) The second step is for businesses to develop strong protocols to prevent hackers from getting access to company networks, especially on a mass scale. Think better data encryption and more formidable firewalls. To build more protected systems, smart fintech companies will appoint a Chief Information Security Officer early on. It is easier to create impenetrable infrastructure when your business is newly forming, and it’s done voluntarily.
If companies don’t develop strong defenses, policymakers will put forth regulation and require them to do it. One area ripe for oversight is fraud and identity. As our financial lives move even more online, verifying identity is critical. Companies may be required to offer two-factor authorization for customers for logging in to digital financial products.
New regulations are also predicted in network security. Companies will need to employ more robust enterprise systems to safeguard their customers’ sensitive financial data. This is especially likely given the added exposure of employees working from home. Addressing this risk by requiring workers with access to financial data to log in through a Virtual Private Network (VPN) is likely.
WHO OWNS THE DATA?
We have heard a lot this past year about protecting user’s privacy and regulating big tech companies. Going forward, this spotlight will shine on fintech companies too. Simply by their nature, digital financial products require customers to share a lot of data to use the services or products. For example, think about the information a user would give to a fintech who offers a budgeting app. By analyzing users’ spending plans, companies would know their customers’ hobbies, restaurant preferences, and travel habits, as well as income levels.
Data such as what is described in the example above is easily monetized by a company by selling it to marketers. Without protections in place for users’ privacy, some companies will go this route despite potential customer backlash and without even letting customers know their data was sold. However, the need for user privacy controls isn’t going away, so expect to see more in this area soon.
CONSUMER PROTECTION FROM THEMSELVES
Consumers do not always do a good job educating themselves and making wise choices. Therefore, sometimes laws are needed to protect people from themselves, especially investors.
Once again, Robinhood comes to mind as it’s facing a charge of misleading users on how it makes money and aggressively marketing to inexperienced investors. Some blame the accessibility of investing apps like Robinhood and M1 Finance for promoting reckless behavior and building up cult-like followings. What is glaringly obvious here is a lack of governance of technology that makes trading widely available and very easy.
In traditional investing processes, customers have the resources to learn about investing before making purchases. Trades are completed either through a personal advisor or an online firm such as TD Ameritrade or E*TRADE, which offer education along with investing. This provides investors opportunities to get advice about their choices. Now mobile investing apps have become mainstream and suddenly trading is available to everyone with a phone and without any guidance.
Not only has fintech made it easy for everyone to make trades without investing experience or knowledge, but there is also a darker theme emerging. These apps operate in a manner similar to digital games with sounds and graphics such as “digital confetti” falling when a trade is made. This triggers the user’s brain to make more trades and get more rewards. The result is the investing tools encourage users to make impulsive trades.
Some say this technology has turned investing into gambling. The result of providing all this access to unaware consumers means oversight. Regulators, including the incoming Chairman of the SEC, Gary Gensler, will be drafting rules to ensure consumers are at least somewhat protected from making their own mistakes.
IN CRYPTO WE TRUST
And then there’s cryptocurrency. Today, cryptocurrency investing is widely available, and this has not gone unnoticed by regulators. The SEC issued a letter in late 2017 in which it addressed initial coin offerings:
“…any such activity that involves an offering of securities must be accompanied by the important disclosures, processes and other investor protections that our securities laws require. A change in the structure of a securities offering does not change the fundamental point that when a security is being offered, our securities laws must be followed.”
Now, as existing cryptocurrencies like Bitcoin surge on the market, the SEC is following up with enforcement when fintech companies don’t follow their rules. A recent example of this is the SEC filing a lawsuit against Ripple for selling the digital currency called XRP. The SEC contends XRP is a security and Ripple didn’t register it properly before selling it. Ripple contends XRP is digital money and doesn’t fall under the regulation governing securities.
Given the popularity of cryptocurrency along with its increasing value, more oversight to protect investors is highly likely, along with bills such as this one to make cryptocurrency transactions less anonymous.
This year will see continued growth in fintech. Increased consumer demand that began due to the pandemic will continue to grow and is creating an ideal environment for IPO’s by fintech companies. As these newly public companies gain more exposure, regulation and controls are sure to follow.