Tuesday, November 15, 2016

Facebook obtained its e-money license : is it the gamechanger for the bigtech disruption of finance ?

About three weeks ago, Facebook has obtained it's e-money license in Ireland. This was in the making since early 2014 and it begs the question whether or not this will mark a big shift in the banking landscape.

Bigtech going for finance?
One could argue that the move by Facebook is another of many steps of big tech players moving into the financial arena and disrupting the financial sector. Where Google has lead the pact from London (with a license in 2007), Amazon chose Luxembourg (license in 2010, passport-out in 2012). With Facebook going down the same path, could we expect Apple or Microsoft to also set up their e-money institution?

My guess is that the bigtech will indeed all move towards some form of e-money license in Europe. It will allow them a direct billing and payment relationship with their customers as well as a role in terms of payment provider for their platforms and services. This is not to say that they will move there fast. If I'm correct, my Google account payments still do not flow via their e-money institution but via a normal bank.

Now, if this happens indeed, will the bigtech further move into financial services or just stick with digital cash and consumer credit?

Bigtech won't dive deep into finance
I don't expect the bigtech to move into full finance for many reasons. We've seen some of the current players moving still quite slowly and sticking to the straightforward business of e-money.

Moving towards other business lines leads to increased complexity and regulatory burden. Bear in mind that the future revenue opportunities for financial institutions as a whole are quite limited and not so attractive. Finally, financial institutions are often held to a higher standard with respect to maintaining their customers privacy, whereas customer data are the lifeblood for Bigtech.

Further move towards less-cash society
The main impact of bigtech going e-money will therefore be the acceleration of our move to wards a less-cash society in which strong brands, platforms and retailers issue their own payment instruments and digital cash. From the outset, Facebook cash could become a big hit as it has the user base, a regular usage pattern for its users and the possibility to best integrate it's e-money functions within their own platform

Only time will tell whether Facebook is also viewed by the public - reputationwise - as a partner to be trusted with your money. But we can rest assured that their offerings will certainly contribute to a less-cash society.

Thursday, June 23, 2016

The DAO - Ethereum incident: if you can't stand the heat, stay out of the kitchen !

Ok, I admit: I may be a payments or banking dinosaur and an old school kind of guy. I have personally witnessed the emergence of new payment methods (POS, I-pay, VbV, purse, online-purse, Paypal, EMV, etc) as well as the failure of banks (Icesave, DSB). And I have a keen interest in the history of banking and finance.

With this background I have been intrigued by the Ethereum-DAO incident and its further follow up. What now seems to happen is that an undemocratic, interest driven community that hasn't secured or enforced proper governance and safeguards, is taking the right in their own hands when some digital assets of theirs appear to move in different places than envisaged.

Lay-out of options to solve the issue
Pondering the issues at hand was stimulated by this very good presentation by Gavin Wood last Monday at the Dutch Blockchain Conference. See below



In the presentation Gavin Wood presents 3 options:
- do nothing
- soft fork by community
- hard fork by community.

How logical the 'community' approach appears to be, I couldn't escape at noticing that the concept of community is limited to those directly involved as owners/investors in ether. All of those people were aware that they're investing in a very speculative, new technology and digital asset.

Gavin introduces the concept of moral consensus by the people, rather than the machine, to solve the issue. This consensus is not really the people, he explains, but the miners. In my view this means that the bottom line is that the interested actors take the right into their own hands to cheat the attacked back out of his possessions.

What's missing: the legal consensus
What's truly missing in the discussion is a fundamental fourth 'community' option:
- owners of 'stolen' ether  call the police (in whichever jurisdiction) so that a judge may determine whether or not this is a theft or otherwise.

Any system existing on earth, is always under some jurisdiction which allows formal legal arbitrage on differences of opinions as to whether this is theft. And lacking the proper arbitrage rules in this obviously not so smart contract, this is the domain where the Ether and DAO community should revert to.

Any other road than turning to the formal/legal mechanisms to solve this issue, constitutes a power batlle between interested parties. One party claimed to offer autonomous smart contracts without human intervention (but slides back as soon as they lose money on it) and another party took them up on the offer and fights back to keep the first party to their offer.

If you can't stand the heat, stay out of the kitchen
From a macro point of view, I don't see a reason why a response in forking by the ethereum community is justified. We're just witnessing a private, risky enterprise doing not-so-smart-things with not-so-smart contracts. This will mean that a limited remit of private investors (that know that they are risk investors) lose their assets to someone else.

As tough as it may be to see someone mess up your assets/system in front of your own eyes, it is hoewever the ultimate consequence of a philosophy in which one proclaims that is exclusively the machine that drives the asset moves.

So as this all happens, you just better buckle-up, take the hit and make sure there are no more accidents waiting around the corner. And if you're not up for it, it's time to leave the play under the motto: If you can't stand the heat, better stay out of the kitchen. When seen from a financial history perspective this whole incident is just one silly drip in the ocean of follies that has ever occured.

Up next: proof it or put in arbitrage
In a practical sense, the lesson is easy. Either have full formal proof of smart contracts, allowing you to  check all possible states of the implementation, or include an arbitration and third party mediation into the smart contract.

It's not a new concept: I've been speaking with Ian Grigg numerous times on the relevance of arbitration for smart contracts (see also his blog on this). So with this incident, the lesson will surely sink in somewhat faster.


Friday, January 08, 2016

A new FAQ for PSD2 would be very useful to harmonise interpretations across Europe

Summary
The second Payment Services Directive, published end of December last year, is an important and welcome next in the further integration of payment services in Europe. In order to achieve a true European level playing field ‘on the ground’, a clarifying FAQ for those who prepare its implementation today would be very welcome.

A FAQ that explains how the PSD2 definitions will apply in all Member states to the variety of business models and transaction mechanisms observed, will enhance the purported level playing field. This harmonised guidance is just as important as the FAQ/guidance provided for the first PSD. Both regulators and the market have further developed since PSD1 and it is essential to recognise some of the underlying dynamics and developments of the payments market.  

1. Out of scope, limited network or regulated?
At present, member states use the harmonised PSD-rules to determine whether or not a certain business model defines as a payment activity or can be categorised as an exemption. Both in terms of content and process, the approaches vary considerably between supervisors. The feedback of supervisors varies from an elaborate argumentation to merely the brief outcome of an internal review process. 

Also in terms of content, the approaches vary. Business models that are out of scope in one member state may be exempt or require a license in others. The lack of a central register of supervisory statements on those matters makes this hard to identify, but the PSD2 will change this. All business activity exempted under article 3k and 3l, must be notified and the exemption decision will be published in a central register.

The practical consequence is that market participants can more easily determine which business models are exempted in which countries. This means that the supervisors must ensure that their qualifications are well-grounded and harmonised. One of the major challenges in this respect is to take into account the technological and market developments.

2. Technological developments: open and device-agnostic
Just one look at a user’s technical environment demonstrates that the major trend in payment technology development is the move from closed, bespoke systems and standards to more open structures. Whereas previously payment providers would control (sometimes own) all technological instruments to be used in a payment transaction, this is no longer the case.

The future infrastructure setting is one in which consumers and merchants will use their own technical device, and providers need to ensure that it can be used safely. We can now see card-based payments, where no plastic is used anymore, as the payment is made via a virtual card application in the mobile phone or PC. At the same time, in the back-office, the systems are opening up to the outside world via Application Programming Interface’s (APIs). Rather than having one instrument that operates as a shopping and a payments tool simultaneously, we can see that the value chain of search, shop and pay can be arranged via modularized interfacing of channels and technologies.

Therefore, when assessing the qualification of the technologies in todays payments, an open and functional approach is required. The classical approach, in which one tries to find the main device (such as a card) that services as the payment instrument and then builds the further classification of a system around that instrument, will no longer work. There will be all kinds of devices and technical tools and while some may classify as payment instruments, others may not.

Fortunately, the definition of payment instrument in the payment services directive enables this functional approach. The definition mentions both ‘a personalized device’ and/or a ‘set of procedures’ to be viewed and defined as the payment instrument:
"payment instrument" means a personalised device(s) and/or set of procedures agreed
between the payment service user and the payment service provider and used in order
to initiate a payment order;

3. Where is the commerce and where is the payment transaction?
As technology slices up the commercial value chain, we should note the relevance of the last element of the definition of payment instrument: ‘to initiate a payment order’. There is a clear difference between the commercial use of devices for purchases (apps, shopping carts on the web, nfc-identification devices) and the later moment in which aggregated purchases are actually being paid. This can be compared to the difference between the shopping cart/button on a website and the payment button.

The main question to ponder is therefore: does the technology service allow the user to make a payment to any other payee in Europe (under the SEPA-rules) and is the transaction actually a payment order, or is it merely a shopping transaction, with payments being arranged later on.

I wouldn’t be surprised if in the next years, we will witness a shift away from devices as the actual payment instrument. It may be more suitable to put the (user) accounts centre stage as the actual payment instrument. When applied by retailer organisations, such a choice will enable them to build a multi-channel sales-channel in which the device used is irrelevant. The sales channel aggregates purchase transactions towards the user account at the retailer. In cases where the retailer merely aggregates these purchases and initiates a direct debit for the total sum to be paid, this remains an administrative account as the actual payment account in the process is that of the bank. Only in cases where actual payments orders are initiated from such an account, it would become the payment account as well as the payment instrument for the commercial transactions.

It is crucial to distinguish the commercial from the payment process domain when evaluating apps and identification tools on the market. The actual payments can be expected to become the afterthought of commerce, rather than a primary service. These can flow via a payment account in the background, which is provided by retailer, bank or payment service provider. It is that account that will then function as the payment instrument in the commercial transaction and not the purchase device/application used. Supervisors should thus not immediately label ‘the card’ or any specific technical tool in a commercial business model as the payment instrument.

4. Areas and definitions of interest for the application of the PSD2
We’ve seen that the democratisation of technology allowed non-bank payment service providers to enter the payment space. Among those will also be retailers that can leverage the technology to provide a better customer experience. If those retailers are to use a services and customer contract with a monthly SEPA-direct debit agreement in the background, the payment services directive will not be relevant for them.

Similarly there is the question whether the payments services directive would have to apply to intermediary web-based platform companies that help users transact among themselves. Such business models could be in or out of scope based on the interpretation whether:
- the payments are seen as a regular occupation or business activity (art 1,2b),
- the agency model applies,
- the new definition of acquiring applies,
- the limited network exemption applies.

I hope that the collective of regulatory players involved in the transposition and application of the PSD2 will succeed in addressing those scoping and definitions issues early-on. In this respect the publication of a FAQ on those issues, may be a very effective tool to clarify and ensure the level playing field.