INTERNATIONAL - Global bank chiefs descended on a summit in Washington with a warning for regulators: opening the financial system to thousands of fintech start-ups and Silicon Valley titans may unleash a wave of cybercrime. Word is, governments are starting to see those dangers too.
“The regulators have woken up,” Barclays chief executive Jes Staley told an audience at the annual meeting of the Institute of International Finance. “They will have to extend their reach if they are going to protect the integrity of the payment systems and financial data of consumers, who will soon be asking their data to be shared with this aggregator or that.”
Starting in January, virtually every lender in the European Union will have to provide outside firms with regular access to their customers’ accounts and data under a law known as the Payment Services Directive 2, or PSD2.
The legislation is designed to help challenger banks, up-and-coming fintechs and tech giants such as Apple and Alphabet’s Google compete with traditional lenders and payment-processing firms. The tech companies just need to persuade bank-account holders to grant permission.
“When you download information to that nice fintech company with no firewalls, what is going to happen to that client’s data?” Staley said, calling PSD2 and open banking one of the biggest experiments in financial history. “The way regulators intersect with technology and payments has to move to make the system safer” from cybercrime.
His comments were echoed by executives at Deutsche Bank, UBS and Royal Bank of Scotland (RBS). Timothy Adams, president of the IIF, said members of the group’s board were telling him that the group should stop talking about Basel capital standards in its meetings and discuss cyber issues instead.
“PSD2 is the big one. We are not confident that our customers’ data will be protected from hackers and thieves,” RBS chairperson Howard Davies said in an interview.
“We cannot refuse to hand over data, because that’s what the legislation says, but we will have to try to educate people to understand the vulnerability that they will have if they give an aggregator licence to scrape all their data.”
The main point of contention for bankers was that their new competitors are not held to the same data protection, cyber-security or capital standards as banks. Time and again, executives complained of an uneven playing field and warned that regulators were sleepwalking into a fraud crisis.