Digital transformation and financial system turbulence : What lessons for regulators and supervisors ?

Introduction

[Go to slide 2]

Dear Professors, dear students.

I am very pleased to have the opportunity of sharing with you some of the lessons that we at the Banque de France and the ACPR, under our financial stability mandate, have learned from the recent turbulence that has affected the international financial system.

This turbulence, which has impacted both traditional financial players in the wake of the SVB bankruptcy and players in the "new digital finance" ecosystem in the wake of the FTX bankruptcy, results from the realisation of risks, whose impact has been amplified or whose spread throughout the financial system has been sped up, by digital innovations that are transforming at high speed, or even shaking up, the way in which finance works.

While the effect of this turbulence on the financial system as a whole and the real economy seems to be contained for the time being, the impact of digital innovations raises questions as to the regulation and supervision practices of both traditional finance and the emerging digital finance. I propose presenting these questions to you one after the other, together with the answers that I believe to be appropriate.

1. Traditional finance put to the test by the digital world: what lessons can be learned from recent bank failures?

[Go to slide 3]

Silicon Valley Bank (SVB), which was virtually unknown to the general public before its collapse last March, was a - if not THE - tech bank and as such had a specific business model, based on two pillars:

- its sources of funding were heavily dependent on uninsured deposits, stemming from a highly concentrated customer base of entrepreneurs and venture capitalists in the tech and digital world.

- a very high share of these deposits was invested in long-term government bonds, issued by the US federal government or federal agencies, at fixed rates, since these securities are intended to be held for the long term.

In 2022, the change in the US economic and financial environment transformed SVB's business model into a source of vulnerability to liquidity and interest rate risk. This vulnerability, combined with major failures in the bank's management and governance system, proved fatal. Indeed, in this new environment marked by rising interest rates and slowing growth, the cash flow needs of tech companies led them to withdraw a portion of their deposits, causing a liquidity problem for SVB, which forced it to sell part of its government bond portfolios. These forced sales, which were not anticipated by the bank, resulted in the crystallisation of unrealised losses, real losses in other words, as the securities sold shed value with the increase in key interest rates decided by the US central bank (the FED). The subsequent downgrading of SVB's rating by Moody's and the aborted capital increase by the bank fueled a negative spiral between liquidity and solvency, which led to its bankruptcy on 10 March 2023. Tech players, fearing the loss of their deposits, which greatly exceeded the minimum guaranteed by the US guarantee fund, withdrew them all the more massively and in record time - in one click - as they represent a financially and digitally “educated” clientele.

Does this "one-click" bank run, which neither banking regulation nor supervision by the authorities responsible for enforcing it were able to prevent, means that the digitalisation of our economies and of finance is making this regulation and supervision fundamentally inadequate?

1.1 The current framework has not been invalidated by the current crisis...

I will give a negative but cautious answer to this question. In other words, I will answer with a "no, but". The "no" seems justified to me for the following three reasons:

- Since 2019, SVB has benefited from a very light regulation compared to the rules laid down by the Basel Committee to limit the liquidity and interest rate risks inherent to the transformation activity carried out by banks. As regards the first risk, these rules require that banks comply with short and long-term liquidity ratios, and as regards the second risk, that the sensitivity of banks' balance sheet to various interest rate shocks be monitored. In the United States, these rules were not applicable to SVB, as certain exemptions, introduced in 2019 under the proportionality principle, apply to banks that are considered to be less important, this concept being understood in a broad sense since it includes banks with a balance sheet total of up to USD 250 billion.

- The post mortem analyses carried out and published by the FED suggest that, had SVB been subject to these rules, it would not have complied with the short-term liquidity ratio as defined by the Basel Committee. Moreover, SVB's heavy reliance on tech companies' deposits should have alerted its supervisor if the additional monitoring tools required by international standards had been put in place. The same FED analyses estimate that SVB's interest rate risk sensitivity was around 35% before the crisis, well above the 15% alert threshold set out in the international rules and supposed to trigger supervisory action.

- Monitoring compliance with regulations calls for strict, intrusive and reactive supervision, which, according to the FED, was not the case.

Let me reassure you on one point: the European situation is radically different. The Basel Committee's rules are applied in Europe in their entirety and to all banks. By the way, I would like to add that Europe is in the process of finalising the transposition into European law of the latest reinforcements of the Basel III agreements, ahead of the other major jurisdictions. As regards supervision, the euro area has a single supervisor, the European Central Bank, which has intrusive supervisory powers and regularly mobilises sophisticated tools such as stress tests and on-site inspections.

1.2 ... but it must be deployed and applied in a consistent manner

[Go to slide 4]

While the case of SVB illustrates the consequences of poor implementation rather than an ineffective regulatory and supervisory framework, this does not mean that it would not be appropriate to amend this framework in the light of experience. Hence the "but" after my "no" to the question I asked about the relevance of regulation and supervision.

There are indeed several issues that deserve to be addressed, and will undoubtedly be the subject of intense discussions among supervisors in the months to come.  I would simply like to mention three of them here.

The first issue concerns the supervision of interest rate risk: should the current framework for supervising interest rate risk evolve towards a more systematic and mechanical application of rules? At the ACPR we believe not. The heterogeneous nature of interest rate risk requires fine-tuned supervision. This is what the current "enhanced supervision" approach is about: it imposes standardised risk measurement tools, while recognising the specificities of the financing models of the different jurisdictions, such as the granting of long-term fixed-rate loans, or regulated savings, in France.

The second issue concerns the treatment of unrealised losses on debt securities carried at amortised cost - I am referring to the unrealised losses that materialised when SVB had to sell part of its government bonds portfolio: should these unrealised losses be recognised in the current prudential framework, beyond their simple disclosure in the financial statements? More precisely, should these unrealised losses be fully reflected in the banks' equity capital? On this subject, we believe that we must take the time to identify precisely all the advantages and disadvantages of such a solution, which may appear simple but has multiple side effects. On the one hand, the impact of these unrealised losses is already taken into account in the short-term liquidity ratio, the LCR. On the other hand, systematically accounting for debt securities at their market value would lead to a rise in the volatility of equity capital, with the risk of generating pro-cyclical sales phenomena. In particular, this would have a downward impact on equity capital during periods of rising interest rates - as we are currently experiencing - with the harmful consequences that you can imagine for the financing of the economy and for the public debt market: a fall in the supply of long-term fixed-rate loans and disorderly sales of debt securities.

The third issue concerns supervisory practices. Sound regulation implemented at the global level is a good thing. But it cannot be at its best without strict, intrusive and reactive supervision. The tools provided by the Basel Committee for the supervision of liquidity risk, in particular those used for monitoring the concentration of financing or the maturity gaps between assets and liabilities, already enable supervisors to have a detailed view of the risks specific to each bank and to react appropriately. Could they be strengthened by introducing, for example, new alert thresholds? Could we also consider introducing such thresholds on the level of unrealised losses, which would trigger supervisory action?

Will these adjustments to regulation and supervision be sufficient to prevent failures in this new age of one-click bank runs? While Basel Committee members undertook, when finalising the Basel III agreements in 2017, to only consider new changes to the rules once they had been implemented at a global level (a commitment known as the “hard stop”), should the recent emergence of digital transformations in the financial sector and their rapid evolution not prompt us to be more vigilant and to anticipate the next move? I believe so. It is essential that the role played by new technologies and social networks in speeding up liquidity stresses be properly taken into account by regulations. At the same time, in the digital age, with easier access to information, and rumours, and the ability to conduct banking operations instantaneously, we will have to examine the regulatory assumptions, in particular with regard to the flight of some deposits.

2. Digital finance: a regulatory challenge

[Go toslide 5]

I will now turn to digital finance and its regulatory and supervisory challenges.

2.1. Rapidly growing markets but increased risks

This digital finance relies on new players, new assets and new infrastructures. Among these new players are big techs, which should not be reduced to the GAFAMs alone. These have made targeted and fragmented inroads into financial services. These incursions include the provision of cloud services to financial institutions, which are progressively migrating their IT systems and infrastructures to these new solutions in order to reduce costs, increase the flexibility and security of their infrastructures, and improve customer experience. Furthermore, big techs are setting up their own financial activities, in a fragmented and unregulated manner, in the form of technical services (e.g. Apple Pay digital wallet, Google Pay, etc.), or in the form of financial products and services (savings products, loans, issuance or trading of crypto-assets, etc.) which are developed in-house or in collaboration with traditional players. For example, Apple offers a savings account in partnership with Goldman Sachs, while also offering its own fractional payment service.

What are the risks associated with these inroads into financial services? The provision of cloud services carries a systemic risk of operational resilience and some providers are already "Too Big To Fail": the interruption or failure of a few of the big techs’ systems could indeed impact financial stability and the economy in general, given the very high level of concentration of providers¹ and the dependence of financial institutions using their services. Moreover, some of their financial activities, which are closely linked to those of traditional financial players but are carried out outside the regulated framework - and therefore without any constraints! - carry a strong risk of moral hazard which could again prove detrimental to financial stability. One example among others: if they were to provide both brokerage services and credit scoring services, these companies could be inclined to generate more business in order to collect commissions, while reducing the attention paid to credit quality, in the absence of risk participation.

But alongside the big techs, other players, at the crossroads of IT and finance - maybe you will soon join one of them, once you have graduated from your engineering school - are profoundly transforming the latter. They offer a wide range of services, particularly focused on crypto-assets. I would like to remind you in passing that the term "crypto-currency" is misleading and often used incorrectly, as no crypto-asset currently fulfils the three functions of money, i.e. a medium of exchange, a unit of account and a store of value. This crypto-asset market has grown exponentially since the Covid-19 pandemic. However, in 2022, the succession of spectacular crises including the collapse of the ill-named (algorithmic) stablecoin Terra USD and the collapse of the FTX platform, brought to light the vulnerabilities of this emerging ecosystem and the nascent bridges between crypto-assets and traditional finance. The collapse of FTX led to the bankruptcy of two banks - Signature and Silvergate - while, conversely, the failure of the Silicon Valley Bank threatened the deposits of Circle (the USD Coin issuer) which were placed there. Some of these vulnerabilities are specific to the crypto sector, such as the high volatility associated with the lack of economic fundamentals underlying some crypto-assets; others are shared with the traditional financial system, such as operational risk and in particular cyber risk. All of them may jeopardise the stability of the financial system as a whole.

How then should these new players be regulated?

2.2 The existing framework - Europe is leading the way thanks to DORA and MICA

The European regulatory authorities reacted swiftly to regulate the new risks that big techs’ inroads into the financial sector carry, with the Digital Operational Resilience Act (DORA) on operational resilience, and the Digital Markets Act (DMA) on fair and non-discriminatory access to platforms. DORA in particular represents a major and innovative step forward, with the establishment of an oversight framework for monitoring third-party service providers that are identified as critical for European financial institutions. These providers shall be required, under possible on-call duty, to collaborate with client institutions to enable them to comply with their own obligations in terms of IT security and business continuity.

As regards crypto-assets, although the size of the ecosystem remains relatively small to date, which limits the contagion effects on traditional finance, the instability of the sector shows that establishing a reliable regulatory framework is necessary to ensure its long-term growth. France has been a forerunner in this respect since 2019 with the enactment of the PACTE law and the introduction of the status of Digital Asset Service Provider (DASP). Europe is also leading the way in this field with the Markets in Crypto-Assets (MiCA) regulation, which has just been adopted in its final version.

Elsewhere, approaches are still being developed: some countries are hesitating between regulation and an outright ban, while others, such as the United States, are taking a fragmented approach to regulation, which is not always respected by the players. In any case, given the global dimension of this market, it is important that international regulation be implemented as rapidly as possible. In this respect, it is essential that it results from the high-level recommendations drawn up by the Financial Stability Board on crypto-assets and stablecoins. The recent Basel standard, published at the end of 2022, which regulates banks' exposure to crypto-assets is also a very encouraging first step in shielding the banking sector from contagion risks.

2.3 Pursuing regulatory efforts and harmonising supervisory practices

[Go to slide 6]

Regulatory efforts must therefore be pursued and new initiatives have already been identified: regulations on Artificial Intelligence, open finance data sharing, and electronic identification. It is clear that we are walking a tightrope: we must not restrict financial innovation in order to benefit from the contributions of digital finance and big techs, while anticipating the possible bypasses that these players will no doubt exploit, to the detriment of financial stability. To this end, the community of regulators has a clear guideline: "same activity, same risk, same rules".

With this objective and this guideline in mind, what regulatory changes concerning big techs can we hope to see to ensure financial stability and fair competition with other players? First, the strengthening or introduction of a prudential framework and requirements harmonised at the European level regarding payment services and non-bank loans, which are the areas where big techs are developing more specifically. Second, the introduction of a new framework for the non-financial conglomerates that are developing in the financial sector (also known as mixed activity groups). More specifically, this could involve requiring that financial and related activities be grouped and segregated under a specific structure and, in the event of a systemic footprint, applying the banking framework to these "financial sub-groups" as long as the activities are similar in nature to those of banks.

As regards crypto-assets, while MiCA is a regulatory milestone, it needs to be rapidly complemented with additional requirements to extend its scope, in particular to address two issues that are heightening the existing risks posed by crypto-assets. First, it will be necessary to address the challenge raised by the concentration of crypto-asset service activities within so-called crypto-conglomerates. The challenge is to guarantee investor protection, for example by imposing segregation of client funds, rules of good conduct and risk management for intermediaries, and even the unbundling of activities. Next, we need to devise rules to regulate the decentralised finance ecosystem (DeFi). Last April, the ACPR published a discussion paper for consultation that presents the challenges posed by this regulatory development, which could take a hybrid form between traditional financial regulation and regulation inspired by other economic sectors. I'll say no more about it and leave you to discover it, hoping to have aroused your curiosity.

Conclusion

To quote your director,² "to specify, design and implement (and I would like to add, to master) the intelligent and connected systems that will transform our society on a daily basis", as future trained engineers, I know that the few elements I have just outlined will resonate with you. These intelligent and connected systems - some would say complex - are already present in the banking and financial sector. Digital transformation is both an opportunity for the financial sector and a risk. It is an opportunity if and only if it is framed by fair regulation and strong supervision, for the benefit of all. Central banks and supervisors have a major role to play, and new talents, and here I am thinking of you, will be welcome to contribute to meeting these expectations, both among the players of the digital transformation, and among central banks and supervisors such as the Banque de France and the ACPR.

¹The four largest providers (Amazon Web Services, Microsoft Azure, Google Cloud, Alibaba Cloud) control 70% of the market (FSI Insights on policy implementation, Big Tech interdepencies, by Juan Carlos Crisanto et al, July 2022).
²Le mot du Directeur | ESIGELEC