These days, there's a rumour going around that an Australian guy would actually be Satoshi, the inventor of bitcoin. Next morning, this guys house was raided by the police, in search of all kinds of evidence.
To me, it seems sufficient evidence to assume that the true Satoshi will choose never to reveal his or her identity. If all kinds of law enforcers incorrectly wish to blame the inventor instead of the users of his invention, you better steer clear of such hassle.In addition I could well imagine Sathoshi to be a bit of a hermit.
In that sense, even getting a Nobel price or the Turing Award would make no difference. We won't know who Satoshi is, which means we may get stuck with all kinds of impersonisations of him. Which reminds me of the movie: Being John Malkovich (see trailer here) .
In the movie, people may enter the brain and become John Malkovich for some time, until being spit out and landing at the side of a road. My best guess is that we will witness similar events for those who wish to be Satoshi.
Thursday, December 10, 2015
Thursday, October 08, 2015
Now that the voting on the PSD is done, the real work starts...
The second Payments Services Directive, also known as PSD2, will be officially established today. In the plenary session discussion yesterday all political groups backed the achieved consensus and highlighted the benefits to consumers, the increased security of payments, further innovation in the payments area and lower cost overall.Some work ahead...
We should realize however, that with the promulgation the real work will start for a whole range of involved players. First and foremost, there is a lot more work ahead for regulators and supervisors in the transposition process, but in particular also for the European Banking Authority. The PSD2 that seeks to open up access to banks and customer bank accounts for new players, leaves quite a bit of work to be done by EBA.
EBA should:
- develop rules on level of guarantee/professional indemnity insurance for payment initiation service providers and account information service providers,
- set up standards for cooperation and data exchange between local supervisor and resolve disputes on different applications of the PSD2,
- set up a central register of payment institutions and agents licensed under the directive,
- develop regulatory standards that define when the appointment of a central local contact point can be demanded by local supervisors and what its functions should be,
- be informed immediately in the case of emergency situations (such as large scale fraud),
- coordinate requirements as to the security frameworks applied,
- specify the requirements of common and open standards of communication to be implemented by all account servicing payment service providers that allow for the provision of online payment services,
- develop guidelines on a harmonised set of information to be provided during the application for a payment institution license,
- publish local exemptions under article 3k and 3l in the public register,
Clarity for industry on EU-application of definitions and scope
When the first PSD was delivered, it turned out that quite some players in the market required timely insights as to the future scope of the directive and how it would impact them. The European Commission then published an FAQ that further outlined how definitions should be understood.
It seems to me that it would be worthwhile to perform a similar exercise right now as there are quite some areas that can give rise to questions. As an example: the recital on the agency exemption leaves open the existence of agents for both buyer and supplier as long as the agent does not enter into posession of the funds. Yet, the definition of acquiring appears to be purposefully wide, meaning that such commercial agents might after all be viewed as acquirers.
The sooner this clarity is provided, the better it is, as the lead time for setting up and getting a license as a payment institution is similar to the lead time that now exists for transposing the PSD2.
I therefore hope that, for the sake of a proper EU level playing field, the collective of regulatory players involved in the transposition and application of the PSD2, will seek to address those scoping and definitions issues early-on.
Wednesday, March 04, 2015
ECBs renewed virtual currencies report: implications for the Third Payment Services Directive
This week the European Central Bank (ECB) revisits the subject of virtual currencies (VCS) in a renewed virtual currencies report with a further analysis. I have read the publication with interest to discover that the previous position on the subject essentially remains the same:
- virtual currencies don't come near money or legal tender concepts,
- the uptake of virtual currencies is still very limited
- the wait and see approach of the ECB will be continued.
The typical paragraph that summarises this approach is:
The usage of VCS for payments remains limited for now, which implies that there is not yet a material risk for any central bank tasks, including promoting the smooth operation of payment systems. However, a major incident with VCS and a subsequent loss of trust in VCS could also undermine users’ confidence in electronic payment instruments, in e-money and/or in specific payment solutions.
Whereas at first sight the report doesn't lead to a lot of new insights, the broader scope of its definition of virtual currencies does beg a number of fundamental questions with respect to the future regulation of payments. These questions lead me straight into a renewed regulatory approach, to be used in the Third Payment Services Directive.
An improved definition
The major improvement of this Eurosystem-report over the previous one lies in its correction of the definition used for virtual currencies. In an earlier blog I commented that the definition was too vague:
“A virtual currency is a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community”.
With this report, the definition of virtual currencies has formally changed into:
"a digital representation of value, not issued by a central bank, credit institution or e-money institution, which, in some circumstances, can be used as an alternative to money."
I am quite pleased with this change as it allows for a better understanding and classification of the subject of virtual currencies. Interestingly, the elimination of the element of decentralized issuance leads to a far broader range of virtual currencies than previously discussed. And this leads to an interesting follow up question.
Virtual currencies are suddenly everywhere...
The table below lists the major payment options in the Netherlands, with the virtual currencies listed at the far right. When looking at the turnover figures, one can understand why the Eurosystem will be primarily monitoring the virtual currency scene. The most interesting observation is however that all the blue coloured segments of the table are now also considered to be virtual currencies.
- virtual currencies don't come near money or legal tender concepts,
- the uptake of virtual currencies is still very limited
- the wait and see approach of the ECB will be continued.
The typical paragraph that summarises this approach is:
The usage of VCS for payments remains limited for now, which implies that there is not yet a material risk for any central bank tasks, including promoting the smooth operation of payment systems. However, a major incident with VCS and a subsequent loss of trust in VCS could also undermine users’ confidence in electronic payment instruments, in e-money and/or in specific payment solutions.
Whereas at first sight the report doesn't lead to a lot of new insights, the broader scope of its definition of virtual currencies does beg a number of fundamental questions with respect to the future regulation of payments. These questions lead me straight into a renewed regulatory approach, to be used in the Third Payment Services Directive.
An improved definition
The major improvement of this Eurosystem-report over the previous one lies in its correction of the definition used for virtual currencies. In an earlier blog I commented that the definition was too vague:
“A virtual currency is a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community”.
With this report, the definition of virtual currencies has formally changed into:
"a digital representation of value, not issued by a central bank, credit institution or e-money institution, which, in some circumstances, can be used as an alternative to money."
I am quite pleased with this change as it allows for a better understanding and classification of the subject of virtual currencies. Interestingly, the elimination of the element of decentralized issuance leads to a far broader range of virtual currencies than previously discussed. And this leads to an interesting follow up question.
Virtual currencies are suddenly everywhere...
The table below lists the major payment options in the Netherlands, with the virtual currencies listed at the far right. When looking at the turnover figures, one can understand why the Eurosystem will be primarily monitoring the virtual currency scene. The most interesting observation is however that all the blue coloured segments of the table are now also considered to be virtual currencies.
We can see that in particular the giftcard and transport payments (which are out of scope of the payment regulations for a number of reasons) do amount to quite a substantial payments volume. Literally these payments are now also considered to be payments with virtual currencies. And from an analytical perspective, this is a logical consequence.
Regular (e-)
payments
|
OV-Chipcard
|
Mobile
telephone
|
Retailer
Giftcards
|
Bitcoin /
alt-coins
|
16 million
per day
|
5 million per day (includes loads)
|
Premium
services
|
500.000 -
1.000.000 per day
|
Less than 1000 trx per day in NL
|
€ 903
|
€ 2 - € 20
|
€ 2- € 5
|
€ 12
|
€ .?
|
Payment
Services Directive (PSD)
|
Exemption
under PSD1
|
Explicit
exemption of PSD1
|
Out of scope when issued as a single retailer
|
Out of scope of PSD
|
Effectively we can now better appreciate today's payments world, seen from the eyes of the consumer. Because the consumer is not bothered by the details of Payment Services Directives and obscure exemptions of mobile payments. The consumer will use the mobile or ticketing payment means as a matter of convenience (or: obligation) and will have to undergo the payment experience as a fact of life.
Particularly in the Netherlands this leads to the interesting situation where a sloppy and easily hackable implementation of NFC is being widely used for public transport payments, alongside a safer NFC implementation of banks that is still working on its nationwide roll-out. Users use them both.
Similarly interesting was the occurrence, last month, of a virtual currencies bank run. As retailer V&D threatened to go out of business, one could witness the sale of its pre-paid gift cards on Marketplace (the Dutch ebay) for considerable discounts. At the same time everyone in the Netherlands dug up and spent their old gift cards, before it was too late.
What the third Payment Services Directive will have to look like
If we take the wider definition of virtual currencies that the ECB uses, it becomes clear that the user experiences with virtual currencies (and losses: for example the sudden vaporisation of retailer gift card value after a period of 18 months) happen alongside the heavily PSD-regulated instruments and mechanisms.
Based on some prudential rules we now burden some forms of payments with a whole lot of rules, while we neglect all schemes that are out of scope (but may still have relevant consumer effects). This difference is - in my view - too big and requires a changed approach to be used for the Third Payment Service Directive (PSD3).
Under the Third Payment Service Directive, we should recognise that payments can and will be made and offered by everyone to everyone. The PSD3 should thus define a light-weight conduct supervisory framework for all payment mechanisms, regardless of the institutional status of the issuer. Alongside this wide conduct framework, we keep the current prudential framework intact, which outlines the prudential rules applicable to the different institutional payment setups (e-money, payment institution, bank).
The new conduct based framework would apply to payment mechanisms and e-money alike and have as a goal that the user is always properly informed on the basic terms and conditions, redeemability etcetera. The control-mechanisms should not be supervision based, but could be reputation-based for example, allowing the market to monitor and redress, rather than costly supervisors. Only in exceptional circumstances would a European conduct supervisor step in.
In sum: more analysis ahead
The broader scope of the Eurosystems definition of virtual currencies begs a number of fundamental questions with respect to the future regulation of payments. In particular the area of non-regulated payment schemes at the fringes of the PSD might deserve more attention than they do receive right now.
Not only could the question be whether or not a separate regulatory conduct-framework should apply, the European Retail Payments Board might also decide to expend its analysis towards these mechanisms, particularly when they reach a volume/scale which is equivalent to that of the regular payments.
Particularly in the Netherlands this leads to the interesting situation where a sloppy and easily hackable implementation of NFC is being widely used for public transport payments, alongside a safer NFC implementation of banks that is still working on its nationwide roll-out. Users use them both.
Similarly interesting was the occurrence, last month, of a virtual currencies bank run. As retailer V&D threatened to go out of business, one could witness the sale of its pre-paid gift cards on Marketplace (the Dutch ebay) for considerable discounts. At the same time everyone in the Netherlands dug up and spent their old gift cards, before it was too late.
What the third Payment Services Directive will have to look like
If we take the wider definition of virtual currencies that the ECB uses, it becomes clear that the user experiences with virtual currencies (and losses: for example the sudden vaporisation of retailer gift card value after a period of 18 months) happen alongside the heavily PSD-regulated instruments and mechanisms.
Based on some prudential rules we now burden some forms of payments with a whole lot of rules, while we neglect all schemes that are out of scope (but may still have relevant consumer effects). This difference is - in my view - too big and requires a changed approach to be used for the Third Payment Service Directive (PSD3).
Under the Third Payment Service Directive, we should recognise that payments can and will be made and offered by everyone to everyone. The PSD3 should thus define a light-weight conduct supervisory framework for all payment mechanisms, regardless of the institutional status of the issuer. Alongside this wide conduct framework, we keep the current prudential framework intact, which outlines the prudential rules applicable to the different institutional payment setups (e-money, payment institution, bank).
The new conduct based framework would apply to payment mechanisms and e-money alike and have as a goal that the user is always properly informed on the basic terms and conditions, redeemability etcetera. The control-mechanisms should not be supervision based, but could be reputation-based for example, allowing the market to monitor and redress, rather than costly supervisors. Only in exceptional circumstances would a European conduct supervisor step in.
In sum: more analysis ahead
The broader scope of the Eurosystems definition of virtual currencies begs a number of fundamental questions with respect to the future regulation of payments. In particular the area of non-regulated payment schemes at the fringes of the PSD might deserve more attention than they do receive right now.
Not only could the question be whether or not a separate regulatory conduct-framework should apply, the European Retail Payments Board might also decide to expend its analysis towards these mechanisms, particularly when they reach a volume/scale which is equivalent to that of the regular payments.
Tuesday, January 06, 2015
Reflection on almost 100 years of retail payments in the Netherlands
These next few days we will be processing the last Chipknip transactions in the Netherlands. This marks the end of a period of almost hundred years of consumer payments in the Netherlands. Here is a brief reflection on this period. My hope is that we retain our innovative mindset and that we abandon old school practices like: competition on technology and inward-thinking-based marketing practices.
The beginnings
It all started out with a certain demand of the public and small retailers, around 1900. It took however more than ten years before the city giro of Amsterdam (1916) and the national giro of the Netherlands (1918) were set up. In the period leading up to this moment, the cashiers were asked whether they wished to improve their services, as this might lead to the parliament to conclude that no national giro was necessary. Their response was too meagre as a result of which they created their biggest rival: the national giro system, operated by government.
This system effectively created a benchmark for the private industry by offering (some time after it's start) payment services for free to the public. Today we would call this the Internet model, but in those days, this lead to repeated discussions on the undue competition element. Bankers and cashiers assumed that the national giro was cross-subsidized by government; while effectively the reverse became true. The national giro acted as a cash cow that covered some of the other costs for the Ministry of Transport (including the costs of post offices etc).
The city giro Amsterdam has stood out mostly for its innovations: the use of modern bookkeeping machines, the introduction of photo-imaging (in the 1930s) to process payments easier as well as the early introduction of a payment card to the public. The national giro, in turn, was early to create a mechanism of inpayments that could be used by government services, that used similar (punch card) standards.
In this respect it should be noted that the national giro, during the previous century, was plagued by several operational distortions, leading to 'giro stops'. One big one occurred in the 1920s and shut the system down for almost a year, other ones happened after the second world war. These stops instilled a big trauma into the organisation with the effect that when in 1965 a change was made to using punch cards and mainframes, this was done with meticulous scientific precision in order not to fail. Ever since, the postal giro (later Postbank) would be very keen and strong in the area of operational logistics and control.
Competition on standards and technology
For the most part of the evolution of Dutch payments, there were differences in technology used. A first attempt to bridge these differences occurred after the second world war when a commission on the integration of giro traffic tried to bridge the bankers vs giro gap. This didn't work out.
In the mid 1960s the bankers were keen to find funding in the retail market and realised they needed a better clearing system to process faster payments. While they were in the process of deliberating this move, the postal giro offered them to join/use the same standards as they were, in order to achieve uniform processing. For strategic reasons, the banks decided not to do this and chose a slightly modified technology and numbering system of their own. Remember: this was of course the age of shielding off markets by technology.
The net effect for the consumers and companies was less positive however. In the end it took some 30 years to create bridging standards/protocols to integrate the different payment standards of bank and giro. And even when the digital, networking time started (in the 1980s) banks and giro found it hard to abandon the classic competition by technology paradigm. For the EFTPOS network they did use a common standard and this also seemed to work for the Chipknip e-money products. Yet, due to misunderstandings and distrust at the board room level, the Postbank decided to jump the Chipknip ship to start the separate Chipper product. Again, the effect was that consumers and retailers were burdened with dual standards in a market that is too small to do so.
Inward based marketing of the big banks
With the deregulation of financial markets and the privatisation of the Postbank, all providers of payments were commercial companies. The Dutch banks grew bigger and with that their bureaucracies. Postbank gradually lost its touch-and-feel as a former public entity and became a bank like all others. The best event that symbolises this is the abolition of the Postbank brand by ING.
The net effect of becoming bigger and more ambitious is that straightforward customer research and marketing gets stampified. This is a word that I coined to denote the fact that in those big banking bureaucracies the responsibilities of employees - with the only exception of the board - becomes limited to the size of a postal stamp. The result is that these companies (marketing) departments require more time for internal debate, offcie politics and consensus-finding which they can't spend at finding out how to best serve the customer.
The consequence of this stampification is that the banks lose touch with their customers and reality. Our last retail payment product, the Chipknip, showed this most clearly. The ridiculous local battle between two competing e-money schemes (although perfect from a competition perspective) created so much nuisance for retailers that this inspired them to get back at the banks. Infuriated by high terminal switching costs, they found the newly set up competition authority at their side to fight the banks cartel behaviour.
As such our retailers were quite successful: the banks were being fined and a part of the fine was channeled towards them (via a Covenant) to improve the EFTPOS situation in the Netherlands. This Covenant was even prolonged to ensure a continued collective rebate for retailers on EFTPOS fees. Effectively we could thus see the retailers as being the clear winners in the last 15 years of retail payments here in the Netherlands. [And as with today's MIF-debate we can wonder whether the benefits they derived from emptying the pockets of banks did really end up in the consumer pockets by lower prices.]
Back to inward-based-marketing: the best (and typical) example is the way the Chipknip product was initially taken off the market. Banks informed the customers that they all had to unload their Chipknips at specific loading/unloading points. This lead to a big confusion and questions on twitter. Eventually some individual banks decided to give the money back on the basis of the internal administration so that customers didn't need to bother going to an obscure loading point. And then, quickly, all banks decided to do this.
I sincerely hope that we will no longer witness these old school thinking marketing methods in the new year. Banks need to find a way to innovate and listen to clients and society or they will be trapped in old behaviour that is only comprehensible from a stampification point of view but not understandable for customers outside the bank.
Outlook
If history is anything to go by, we may well see a repetition of the SEPA-dynamics in the banking domain. What I mean with that is the following: as banks are busy lining up their internal systems in order to conform with a whole range of upcoming new EU regulation (keywords: PSD2, MIF, AML), the non-banks will be able to build all kinds of new products at the fringes of the payments market.
Most of these new products won't be made from a payments perspective but will solve a user problem. Creating a payment button in these products doesn't require much more than a direct customer relation and a European direct debit agreement. So we might well see the banks moving into a back-seat role of providers of the payment rails for non-bank providers of user services.
Wednesday, November 26, 2014
Where and how to look for innovation in payments ?
This week I had the pleasure of joining a panel on retail payments innovation as a part of a seminar by van Doorne and Innopay on the Payment Services Directive and the future changes for the payment industry. Panel chair Gijs Boudewijn challenged me to formulate some thoughts on the future direction of retail payments. I answered that the best place to look would be in places and via perspectives that we could be overlooking right now.
1. Is it access to the account or a traceable id that matters?
There is a lot of discussion on the text of the second Payment Services Directive and on the legal and technical mechanisms that are required to make access to the account work. Due to their origin, these discussions are quite bank centric and the implementation issues surrounding this topic will drain a lot of resources of many players involved.
While being busy with this PSD2 issue, we may overlook the fact that all one really needs is a simple chip-id. In the Netherlands for example, one could use the chip-id of public transport ticket issuer TLS as a basis for use in hip and new proprietary retailer/consumer applications. These would combine the chip-id with an intelligent voucher/billing/customer system that utilises SEPA-direct debits in the back-end. It would provide a smooth customer and retailer experience while the bank only sees regular transactions.
My proposition here is that if we're all looking towards access to the account as the hot spot for innovation, we may be looking in the wrong direction. It might be more about the traceable id.
2. The retailers have landed in an interesting position
In his tomorrows transactions blog Dave Birch referred to an analysis by Peter Jones from PSE on the impact of the interchange fee regulation, published in the Journal for Payments Strategy and Systems. The main conclusion of it was that financially the retailers are the winners by getting a cap on their fees. I agree with that and would be inclined to broaden this perspective.
By tradition banks were the players with the monopoly on payments technology and security knowledge. Even in the 1980s, the collective of retailers in the Netherlands had done a feasibility study to set up their own Point of Sale system. This showed they could set it up for € 5 million euro but they didn't want to take the risk of it failing. So they left it to the banks (to complain about high fees later).
Since that time, the knowledge on processing and payments has become available to a wide range of players, to the extend that banks are now lagging in expertise and capability (while being locked into old technology solutions). The consequence is that retailers will be well able to develop or use in-house apps, customer relation services and payment mechanisms that use the bank infrastructure, without being subject to the rules of the Payment Services Directive.
The main development is therefore that the obliged intermediary role of banks in providing payment mechanisms is gone and will erode. Retailers can regain their customer relationship by themselves or in cooperation with any other ICT-provider that allows them to identify the customer and provide a processing infrastructure. Some interesting innovations can therefore be expected at the outer boundaries of the PSD, as a consequence of the possible exemptions.
I expect both physical and e-retailers to use the non-bank, non-payment space that the PSD defines to achieve exactly what they're after: increased customer retention, increased conversion and a smooth payment experience. Bottom line: we might better be looking outside of the PSD to see innovation in action.
3. On ledgers and tokens
As a final thought I would encourage everyone to try a different mindset for the developments that we are witnessing. Because in essence, anything that happens (in payments/retail) boils down to either tokens (coins, notes, points) or ledgers (private or public). Now let's see what happens if we apply this framework.
We might then appreciate the bitcoin emergence as an innovation in the area of collective ledger provision with distributed trust. We could reposition Linked-In as a privately owned, open and self-administered ledger, that logs individuals achievements that are relevant in the work domain. The same would hold for Facebook and many other e-commerce companies. We would call banks the keepers of the trusted and well protected financial ledgers and would also note that in the public domain, a whole range of ledgers are being interconnected for the sake of security, anti-fraud measures etc.
We could also look at the world of tokens, in its many variations. Tokens of shopping behaviour (saving points), tokens of access (tickets), tokens from government (coins and banknotes), tokens of appreciations (awards, prizes) and tokens that prove identity or personal characteristics. Some of those tokens might be valuable and lead to a change of some of the ledgers, while others would have a role in their own right (voucher for a free coffee).
While it is clear that there are quite a few interesting new developments in the ledger-space, could it be that it is the token-domain where the true action is going to be ?
Payments as an afterthought
In sum: the non-bank, identity-based, non-regulated commercial domain might well be the area where we can see innovations that show us how today's technology can be made to work best so that payments become the afterthought that they are.
1. Is it access to the account or a traceable id that matters?
There is a lot of discussion on the text of the second Payment Services Directive and on the legal and technical mechanisms that are required to make access to the account work. Due to their origin, these discussions are quite bank centric and the implementation issues surrounding this topic will drain a lot of resources of many players involved.
While being busy with this PSD2 issue, we may overlook the fact that all one really needs is a simple chip-id. In the Netherlands for example, one could use the chip-id of public transport ticket issuer TLS as a basis for use in hip and new proprietary retailer/consumer applications. These would combine the chip-id with an intelligent voucher/billing/customer system that utilises SEPA-direct debits in the back-end. It would provide a smooth customer and retailer experience while the bank only sees regular transactions.
My proposition here is that if we're all looking towards access to the account as the hot spot for innovation, we may be looking in the wrong direction. It might be more about the traceable id.
2. The retailers have landed in an interesting position
In his tomorrows transactions blog Dave Birch referred to an analysis by Peter Jones from PSE on the impact of the interchange fee regulation, published in the Journal for Payments Strategy and Systems. The main conclusion of it was that financially the retailers are the winners by getting a cap on their fees. I agree with that and would be inclined to broaden this perspective.
By tradition banks were the players with the monopoly on payments technology and security knowledge. Even in the 1980s, the collective of retailers in the Netherlands had done a feasibility study to set up their own Point of Sale system. This showed they could set it up for € 5 million euro but they didn't want to take the risk of it failing. So they left it to the banks (to complain about high fees later).
Since that time, the knowledge on processing and payments has become available to a wide range of players, to the extend that banks are now lagging in expertise and capability (while being locked into old technology solutions). The consequence is that retailers will be well able to develop or use in-house apps, customer relation services and payment mechanisms that use the bank infrastructure, without being subject to the rules of the Payment Services Directive.
The main development is therefore that the obliged intermediary role of banks in providing payment mechanisms is gone and will erode. Retailers can regain their customer relationship by themselves or in cooperation with any other ICT-provider that allows them to identify the customer and provide a processing infrastructure. Some interesting innovations can therefore be expected at the outer boundaries of the PSD, as a consequence of the possible exemptions.
I expect both physical and e-retailers to use the non-bank, non-payment space that the PSD defines to achieve exactly what they're after: increased customer retention, increased conversion and a smooth payment experience. Bottom line: we might better be looking outside of the PSD to see innovation in action.
3. On ledgers and tokens
As a final thought I would encourage everyone to try a different mindset for the developments that we are witnessing. Because in essence, anything that happens (in payments/retail) boils down to either tokens (coins, notes, points) or ledgers (private or public). Now let's see what happens if we apply this framework.
We might then appreciate the bitcoin emergence as an innovation in the area of collective ledger provision with distributed trust. We could reposition Linked-In as a privately owned, open and self-administered ledger, that logs individuals achievements that are relevant in the work domain. The same would hold for Facebook and many other e-commerce companies. We would call banks the keepers of the trusted and well protected financial ledgers and would also note that in the public domain, a whole range of ledgers are being interconnected for the sake of security, anti-fraud measures etc.
We could also look at the world of tokens, in its many variations. Tokens of shopping behaviour (saving points), tokens of access (tickets), tokens from government (coins and banknotes), tokens of appreciations (awards, prizes) and tokens that prove identity or personal characteristics. Some of those tokens might be valuable and lead to a change of some of the ledgers, while others would have a role in their own right (voucher for a free coffee).
While it is clear that there are quite a few interesting new developments in the ledger-space, could it be that it is the token-domain where the true action is going to be ?
Payments as an afterthought
In sum: the non-bank, identity-based, non-regulated commercial domain might well be the area where we can see innovations that show us how today's technology can be made to work best so that payments become the afterthought that they are.
Friday, September 26, 2014
Lawsuit in the Netherlands on Bitcoin as 'money' or 'current money'
First law suit on failed bitcoin delivery
The discussion starts with a law suit of two people engaged in a bitcoin transaction. Party B failed to pay up the whole amount of bitcoins, although it had received all the money for it. Party A, after two weeks partially annulled the agreement (for the part of the bitcoins not delivered). However, this party later on decided to demand to be compensated for the financial loss that resulted due to the increase in price of bitcoins over the course of the year (after the moment of canceling the contract).
Party A based its reasoning on the fact that our law allows for something as 'current money' to be used in order to pay a sum of money. This terminology was explicitly chosen by our legislator (instead of the legal tender concept) to allow non-State forms of money to be condoned in our country in situations where it was commonly used and accepted by all the people.
Should this argument succeed and bitcoins be considered such 'current money' the consequence could have been that an additional compensation claim could be made under our civil law. The judge however outlined that Party A should be compensated for the price rise of Bitcoin between the moment of concluding the contract and of canceling it (some € 1700). No compensation was due however for the remainder of the time, as it was party A that had initiated the canceling of the contract.
In addition the judge outlined that Bitcoins cannot be considered current money that is condoned by the State. Our Ministry of Finance has outlined that it doesn't fit the definition of legal tender, nor that of electronic money and that it should be considered a means of exchange. The nature of bitcoin (tradeable) doesn't work as an argument as also silver and gold are tradeable but not considered to be current money.
New law suit on status of bitcoin as money
A number of players in the Dutch Bitcoin community have chosen to challenge the above verdict of the judge and has raised more than € 15.000 to pay for expenses of a law suit. It challenges the first verdict in order to have the judge reconsider its position and outline that Bitcoin is money. As a consequence it feels that it must then also be treated as such by our administrative bodies, supervisors, tax authorities etc. This would mean that bitcoin operators could be payment institutions, supervised and exempt from VAT (which, as I understand, are the underlying goals).
While I am very sympathetic to the concept of challenging a status quo and laws, I fail to see how a verdict on civil contract law could spill over into:
- the definitions of payments, money and payment institutions under the Payment Services Directive (and Dutch law),
- the definitions of payments under the Sixth Tax Directive.
Having said that, it will surely be very interesting to see which approach will be taken by the law firm involved and see if they are able to convince the judge that at least in civil contracts bitcoins may act as money.
Last edit: October 1, to outline that it's not the whole Bitcoin community that seek to challenge the verdict.
Saturday, June 14, 2014
EBA concerned about anonimity and security for bitcoin
From May 15th until May 17th, the Bitcoin 2014 conference took place in Amsterdam. One of the break-out sessions was dedicated to the topic of Anti-Money Laundering on Transparent Networks. During this session, Dirk Haubrich of the European Banking Authority (EBA) outlined some of the issues and concerns of the EBA with respect to digital currencies and bitcoin.
In his initial statement Haubrich sketched the concerns of the EBA with respect to:
- the use of digital currencies to transfer the proceeds of crime and act as money transmission,
- the fact that anonimity is a burden to link the transactions to persons,
- seizing assets and restoring or undoing criminal or illegitimate transfers,
- the emergence of a hawalla-like new channel via which international transfers may occur to countries that are on the FATF-sanction list,
- the use of those currencies by terrorists and criminals,
- the integrity of creators of digital currencies.
Role of the EBA
As a part of the discussion, mr Haubrich outlined that the EBA has a specific remit in the area of consumer protection and financial innovation. It is from this perspective that the EBA issued its warning on virtual currencies in December 2013. The question whether or not to further regulate virtual currencies is now being investigated by a cross-sectoral working group of European supervisors. This group will publish its outcome in a couple of months.
When asked to discuss the major challenges for digital currencies, he outlined anonimity and it-security as major topics of concern. In combination with the aforementioned list of concerns, the overall impression was one in which further regulation appeared to be more likely than a continuation of the current hands-off approach.
In his initial statement Haubrich sketched the concerns of the EBA with respect to:
- the use of digital currencies to transfer the proceeds of crime and act as money transmission,
- the fact that anonimity is a burden to link the transactions to persons,
- seizing assets and restoring or undoing criminal or illegitimate transfers,
- the emergence of a hawalla-like new channel via which international transfers may occur to countries that are on the FATF-sanction list,
- the use of those currencies by terrorists and criminals,
- the integrity of creators of digital currencies.
Role of the EBA
As a part of the discussion, mr Haubrich outlined that the EBA has a specific remit in the area of consumer protection and financial innovation. It is from this perspective that the EBA issued its warning on virtual currencies in December 2013. The question whether or not to further regulate virtual currencies is now being investigated by a cross-sectoral working group of European supervisors. This group will publish its outcome in a couple of months.
When asked to discuss the major challenges for digital currencies, he outlined anonimity and it-security as major topics of concern. In combination with the aforementioned list of concerns, the overall impression was one in which further regulation appeared to be more likely than a continuation of the current hands-off approach.
Tuesday, June 03, 2014
Dutch central bank will strictly supervise banks / payment institutions that deal with virtual currencies (and companies)
Just one hour ago DNB, the Dutch central bank and bank supervisor, issued a warning on bitcoin. It was not the regular warning or disclaimer for consumers, but a warning for the payments industry. Essentially DNB concludes that virtual currencies (bitcoins and altcoins) are viewed as products with a very high risk profile. DNB also announces that it will strictly supervise banks and payment institutions:
DNB will therefore strictly assess the compliance with applicable law (a.o. Wwft and Wft) for those banks and payment institutions that decide to get involved - in whichever way - with virtual currency-companies or that decide to invest in virtual currencies themselves. In 2014, DNB will investigate whether banks and payment institutions are actively involved with new payment products such as virtual currencies and (it) will assess the degree to which these institutions control/manage their integrity risks. The control should include effective measures with respect to client acceptance and the monitoring of new innovative suppliers.
Guidance considerations
The brief statement of DNB contains some considerations that are the basis for this decision. A first consideration has to do with anonimity. DNB notes that transactions are being recorded in a public transaction ledger. Given that these transactions cannot be matched to physical persons and the virtual currencies are usable as a means of payment, they are an attractive chain of a money laundering process.
The current anonimity in virtual currency systems has consequences for banks and payment institutions. As a result of this anonimity, the buyers and sellers of virtual currencies become indirect relations of the bank. Thise indirect relations can also affect the reputation of the institution which leads to a 'derived' integrity risk. Without having that intention, banks and payment institutions could be facilitating money laundering.
DNB doubts whether banks and payment institutions are able - as a part of their controlled business operations and integrity of policies - to take the appropriate measures for transactions or clients that involve virtual currencies.
A meteorite or a pebble in the virtual currency pond ?
With the statement being just published it is too early to tell whether this is a meteorite that effectively wipes out the virtual currency business in the Netherlands or whether it is merely a pebble that aims to ensure that all virtual currency businesses doing business in the Netherlands ensure full identification and transaction monitoring.
My best guess is that the strong wording is used to stress the urgency and degree of concern that the Dutch bank supervisor has on this matter. So anyone operating in the Dutch environment better take this to heart.
DNB will therefore strictly assess the compliance with applicable law (a.o. Wwft and Wft) for those banks and payment institutions that decide to get involved - in whichever way - with virtual currency-companies or that decide to invest in virtual currencies themselves. In 2014, DNB will investigate whether banks and payment institutions are actively involved with new payment products such as virtual currencies and (it) will assess the degree to which these institutions control/manage their integrity risks. The control should include effective measures with respect to client acceptance and the monitoring of new innovative suppliers.
Guidance considerations
The brief statement of DNB contains some considerations that are the basis for this decision. A first consideration has to do with anonimity. DNB notes that transactions are being recorded in a public transaction ledger. Given that these transactions cannot be matched to physical persons and the virtual currencies are usable as a means of payment, they are an attractive chain of a money laundering process.
The current anonimity in virtual currency systems has consequences for banks and payment institutions. As a result of this anonimity, the buyers and sellers of virtual currencies become indirect relations of the bank. Thise indirect relations can also affect the reputation of the institution which leads to a 'derived' integrity risk. Without having that intention, banks and payment institutions could be facilitating money laundering.
DNB doubts whether banks and payment institutions are able - as a part of their controlled business operations and integrity of policies - to take the appropriate measures for transactions or clients that involve virtual currencies.
A meteorite or a pebble in the virtual currency pond ?
With the statement being just published it is too early to tell whether this is a meteorite that effectively wipes out the virtual currency business in the Netherlands or whether it is merely a pebble that aims to ensure that all virtual currency businesses doing business in the Netherlands ensure full identification and transaction monitoring.
My best guess is that the strong wording is used to stress the urgency and degree of concern that the Dutch bank supervisor has on this matter. So anyone operating in the Dutch environment better take this to heart.
Wednesday, May 28, 2014
The Euro Retail Payments Board: first meeting and outlook
On
Friday, the 16th of May, the Euro Retail Payments Board (ERPB)
held its first meeting (with this agenda) in Frankfurt. The ERPB is the successor to the SEPA Council, which aimed at realising the SEPA-project. Whereas the SEPA Council was co-chaired by the ECB and the European Commission, the chair of the ERPB is Yves Mersch, Member of the Executive Board of the ECB.
First
Meeting
The first
meeting was dedicated to agree to the mandate,
functioning and work plan of the ERPB. The ERPB Members decided to set up a working
groups on post-migration issues relating to the SEPA credit transfer and SEPA direct debit schemes as well as one working group on pan-European electronicmandate solutions for SEPA direct debits. In addition the ERPB acknowledged and asked the
Cards Stakeholder Group (CSG) to carry out a stock-taking exercise and devise a
work plan with respect to card standardization.
The
ERPB further discussed the expansion of the SEPA Direct Debit scheme (SDD)
with a non-refundable (one-off) direct debit. It was agreed that the EU
legislators would be asked to clarify legal refund-conditions when evaluating
the Payment Services Directive and that a possible scheme would be launched
only after this review was complete.
In
order to further investigate the future use of pan-European electronic mandatesfor SDD, the ERPB set up a separate working group. Finally, the EPC presented
the latest update on the migration to SEPA. Whereas the migration to
credit-transfers was very close to completion, there remained work done for direct
debits. The ERPB called upon all stakeholders in the euro area to complete
their migration to SEPA payment instruments as early as possible and before the
deadline.
Outlook for the ERPB
The
launch of the European Retail Payments Board marks a new
starting point for discussing the future of European payments with all
stakeholders involved. The inclusion of payment institutions and e-money industry can add considerable value given their different approach and background. These providers live and breathe Internet-based technology, seek EU-standardisation and do not have similar legacy-systems as the banks. I expect this to lead to fruitful debates and exchange of insights.
Some
observers may cite the lack of legislative powers as a disadvantage of the
ERPB. Others may wonder if it is possible to achieve results in a body that
only meets twice a year. I would submit however that in ten year’s time, the sceptics will look back in surprise to see how the ERPB has positively shaped
the outcome of the European debate on retail payments. The Dutch experience with similar standing committees (see this separate blog) demonstrates that there is a lot of unlocked potential that lies in the trust and
bonds that will be formed and shaped by this collective effort.
Wednesday, April 23, 2014
FCA kicks the Securepay-can down the road...
In March 2014, the FCA, the prudential supervisor for UK based payment institutions and e-money providers, outlined that it would not be strictly assessing the compliance with the Securepay Recommendations on the security of Internet Payments. This announcement was quite interesting as in February 2014, the Forum also published an assessment guide that assists payment service providers with the implementation of these Recommendations by February 2015.
FCA Statement:
We have decided to await the publication of guidance from the European Banking Authority on measures for the security of internet payments and will begin to assess firms’ implementation of these security measures when the updated Payment Services Directive requirements take effect.
The updated Payment Service Directive will enter into effect at the earliest by mid 2016. It will assign the European Banking Authority with the task of further developing guidance for the security of retail payments. The FCA has chosen to wait for this guidance rather than pre-empt it.
Kicking the security-can down the road
It is interesting to note that the FCA seeks a pragmatic middle ground. It carefully states that it finds security an important issue while at the same time outlining that it will wait for a solid legal basis to assess the security of retail payments. In doing so it effectively kicks the tricky security can down the road.
I can well understand the FCA desire to kick this can. The Securepay recommendations on security lead to quite some questions in their practical application for different technologies (see the blog here). On top of that, the detailed prescriptions on the basis of the new Payment Services Directive may lead to further rules that limit the choices that market entities can make to achieve a certain level of security.
Rather than confuse the market with layering requirements which quickly follow each other, the FCA apparently chose to wait and see, hoping that the final rules on security for retail payments may become more balanced.
It will be interesting to see if other supervisors follow suit.
FCA Statement:
We have decided to await the publication of guidance from the European Banking Authority on measures for the security of internet payments and will begin to assess firms’ implementation of these security measures when the updated Payment Services Directive requirements take effect.
The updated Payment Service Directive will enter into effect at the earliest by mid 2016. It will assign the European Banking Authority with the task of further developing guidance for the security of retail payments. The FCA has chosen to wait for this guidance rather than pre-empt it.
Kicking the security-can down the road
It is interesting to note that the FCA seeks a pragmatic middle ground. It carefully states that it finds security an important issue while at the same time outlining that it will wait for a solid legal basis to assess the security of retail payments. In doing so it effectively kicks the tricky security can down the road.
I can well understand the FCA desire to kick this can. The Securepay recommendations on security lead to quite some questions in their practical application for different technologies (see the blog here). On top of that, the detailed prescriptions on the basis of the new Payment Services Directive may lead to further rules that limit the choices that market entities can make to achieve a certain level of security.
Rather than confuse the market with layering requirements which quickly follow each other, the FCA apparently chose to wait and see, hoping that the final rules on security for retail payments may become more balanced.
It will be interesting to see if other supervisors follow suit.
Sunday, March 16, 2014
ECB provides outlook on retail payments in Europe at EPCA-conference
Pierre Petit, deputy director general (payments and market infrastructure) of the European Central Bank, has outlined the ECB’s views on European retail payments. He made his remarks at the EPCA Summit 2014, where he defined the role of the European Retail Payments Board (ERPB) and the follow-up on the SecurePay recommendations on access to payment accounts.
New players to be part of drive towards integrated European payments market
The ERPB is to become a forum for driving the further development towards an integrated European payments market in the post-SEPA situation. Petit confirmed that the first meeting of this group is to take place in May, and new industries such as e-money providers and payment services institutions are to join in these discussions, along with other representatives of both consumers and providers.
The ERPB will aim to further stimulate the development of the European retail payments market by working together on topics such as innovation and integration. The group will identify and address strategic issues and work priorities, including business practices, requirements and standards. Issues could include the development of a single e-mandate solution or the improvement of interoperability between national e-payment schemes.
Security requirements for payment account access services
The ECB announced that it would this month publish the responses and the results of the consultations on security for payment access to the accounts. The publication would be for information only, given that the European Banking Authority will be providing guidelines on security measures under the revised Payment Services Directive.
Although the ECB does not want to impose formal requirements as there is a risk that the EBA could take a different position, it is likely that the two-factor authentication model of the SecurePay forum will remain the norm for retail payments account access services and mobile payments.
Thursday, February 27, 2014
Mount Gox tumbles off the learning-curve
This week, Mount Gox, a very large provider of bitcoin services, couldn't live up any more to its services agreements with bitcoin users. It provided exchange and storage services for bitcoins, but due to a technical implementation flaw, the bitcoin holdings of users were compromised. Essentially it wasn't clear who really owned the bitcoins. The website went black and users can no longer claim their bitcoins.Tumbling off the learning curve
I view the failure of Mt Gox as a logical consequence of the learning curve that bitcoin holders and bitcoin companies face. The bitcoin, although considered decentralized, is just as centralised a system as any other value transfer mechanism. However, for ideological reasons, the developers chose to only describe the technical heart of the system (the algorithm) leaving the rest up to the market.
This open source code approach has some advantages, among which a very speedy development of applications. Yet, we are for some time now witnessing what it means if systems lack a central authority or scheme manager. There is no entity taking responsibility and chasing users or companies because they don't abide by:
- usage conditions (demanding user identification),
- security requirements and certification of tools,
- specific legal frameworks.
As a result we have seen a whole community of interested companies and users climbing up the payments, banking, investments and monetary learning curve. The inevitable consequence is that those who do not get it right, will pay a price, while the others continue to learn. Due to the digital nature of bitcoin, these developments unfold rapidly, allowing us a compressed overview of lessons from financial history.
Frijda's theory of money (1914)
The essential lesson at stake is that the usage of any value transfer mechanism does not just rest on its acceptance by users, but just as well on the rules and regulations that underly the value transfer. In 1914, the Dutch lawyer Frijda analysed this topic in his dissertation on the theory of money. At that time discussions emerged on the nature of banknotes. Did they have value because they were exchangeable for bullion, because they were defined as legal tender or because the public used and accepted it?
Frijda pointed out that the underlying legal framework that safeguards property in a society constitute a necessary precondition for the use of payment instruments. Without such safeguards, people will tend to stick to other stores of value rather than attaching value to local bank notes. Until today this effect is clearly visible: consumers tend to hold and use foreign cash or commodities if they live in country with a lot of curruption, a weak system of justice and an instable monetary climate.
Trust is built by institutions and markets
What makes money tick is a solid institutional basis, upon which trust can be further developed. The latter part can be done by a combination of regulation (supervision) and self-regulation (market action). Which brings us back to the Mt Gox case.
Following the events of this week, a statement was released by the bitcoin companies Coinbase, Kraken, BitStamp, Circle, and BTC China. The industry leaders committ to safeguarding the assets of customers, to applying strong security measures, to using independent auditors to ensure integrity of their systems and to have adequate balance sheets and reserves to be able to ensure continuity.
In sum we can now see both a gradual development of both the institutional framework for virtual currencies and the market-driven self-regulation. This reflects the fact that - whether you like it or not - trust for financial services is always built on institutions, regulations and self-regulation.
Wednesday, February 19, 2014
The bitlicense: current state of thinking in New York
A week ago, the New America Foundation organised a meeting (Cryptocurrencies, the new coin of the realm) on the topic of virtual currencies and regulation in New York. Some news bulletins picked up on the meeting and the future New York Bitlicense regime. The good thing is that the New America Foundation has streamed the whole event, so it allows me (and you) to listen first hand to the speech by Benjamin M. Lawsky, Superintendent of Financial Services, New York State Department of Financial Services (DFS).
I will outline some of the highlights of his contribution below as I think that the New York discussion represents a good example of the issues at stake when it comes to regulation of Bitcoin. I expect to further touch on those issues in my contribution to the Bitcoin Pre-conference expert session of the EPCA-summit in Brussels (March 12-13).
Open source code currencies and open source code regulation
In his speech, Lawsky outlines the current remit of the NY department of Financial Services. It acts as the supervisor for money transmission companies in New York. The DFS-starting point is therefore that in some instances dealing with virtual money may effectively constitute money transmission, which needs to be regulatred. This is similar to the approach in the FINcen guidance of one year ago.
The New York regulator chose to emulate the open source code approach of virtual currencies. And thus, Lawsky refers to the DFS-approach as 'open source code regulation': regulation based on a public exchange of thoughts, allowing the best insights to be used. Given their current remit, the main idea is to see where the money transmitter rules need to change in order to suit the nature of virtual currencies.
As for the further process in 2014, Lawsky explained that the DFS will move towards further regulation this year and will most likely hold a market consultation for the proposed regulatory framework for companies that want a so-called 'bit-license.'
What will the bitlicense be like?
When listening to the speech, my impression is that the core fundamentals of the bitlicense will be:
- very strong customer disclosure, requiring companies to outline that transactions are irreversible and that the digital currency may be very volatile,
- a strict adherence to know-your-customer requirements, essentially demanding that anti-money laundering rules are adhered to,
- a robustness/capital requirement, ensuring that the company will be able to withstand some of the market shocks that may occur when dealing with volatile digital currencies/commodities,
- safety and soundness requirements, ensuring a certain quality of operations and consumer protection.
As for the nature of capital and collateral requirements, the DFS is still wrestling with the concept of virtual currencies. This has to do with the angle and object of regulation. While it is easy to require capital safeguards for banks that deal with attracting and lending money, this is harder to apply for companies that issue, distribute or redeem virtual currencies.
Similar questions arise when defining the scope of transaction monitoring. Should only the purchase and redeem-transactions be subject to rules or does the supervision extend to a full transaction logging of all transactions with the virtual currency? Should those transactions be in a public ledger and to which extend can they be anonimized?
Step-up regulatory approach with a safe harbour
Although the DFS is still contemplating its exact licensing regime, I expect it to also contain a safe harbour provision. This would allow companies that comply with customer disclosure and know-your-customer rules, to continue to operate, while further obtaining the full bitlicense. Such a regime would assist in lowering the barriers for virtual currency platforms/traders/exchanges and create an easy entry towards the proper regulatory regime.
Lawsky outlined that the regulator prefers companies to be in his state and regulated, rather than driven off-shore. A safe harbour rule helps achieve that and fits a model where a light-weight, low-barrier entry model is developed to prevent legitimate providers from leaving the jurisdiction, while creating a sufficient barrier for the illegitimate players in the market. This is also a realistic approach considering the alternative channels for illegitimate behaviour: cash and banks. In the words of Lawsky:
I commend the DFS for their open minded approach to the topic of regulation of virtual currencies. I do disagree however with one of the remarks of the Superintendent. He outlined that regulators are in new and unchartered waters when it comes to virtual currencies.
I don't think they are.
Since day and age, people have used all kinds of symbols, coins and means of representation of goods that worked fine for transferring ownership of property. We created a number of laws and institutions to ensure these property rights and a fair treatment of parties to certain contracts. In doing so we were able to move from coins to paper-based money to deposit accounts. At the same time we created digital representations of shares, bonds, IOUs and agreed that ledgers at private companies and government institutions could officially represent a claim on goods, services, bits of land, anything.
Then, when it comes to new forms of money, we also have recent experience. In the late 1990s we witnessed a very similar type of discussion on bank supervision and specialised supervision regimes for new forms of 'electronic-money' as it was called in those days. It took some time and deliberation to get to grips with pre-paid digital representations of fiat-currencies, but we found our way in the end.
The challenge: finding the right regulatory framework
The true challenge is to first consider the fundamental nature of virtual currencies and then determine the appropriate regulatory framework. In essence, the DFS is doing the reverse as their starting point is their existing legal competence as supervisor of money transmitter businesses. While there is a lot of logic to it, it might be useful to reconsider alternative types of regulation that exist.
It's my hunch that perhaps an exchange/trade oriënted regulatory framework might make more sense as the basis for regulation, than the money transmitter framework. So that is what I will explore in my next blog.
I will outline some of the highlights of his contribution below as I think that the New York discussion represents a good example of the issues at stake when it comes to regulation of Bitcoin. I expect to further touch on those issues in my contribution to the Bitcoin Pre-conference expert session of the EPCA-summit in Brussels (March 12-13).
Open source code currencies and open source code regulation
In his speech, Lawsky outlines the current remit of the NY department of Financial Services. It acts as the supervisor for money transmission companies in New York. The DFS-starting point is therefore that in some instances dealing with virtual money may effectively constitute money transmission, which needs to be regulatred. This is similar to the approach in the FINcen guidance of one year ago.
The New York regulator chose to emulate the open source code approach of virtual currencies. And thus, Lawsky refers to the DFS-approach as 'open source code regulation': regulation based on a public exchange of thoughts, allowing the best insights to be used. Given their current remit, the main idea is to see where the money transmitter rules need to change in order to suit the nature of virtual currencies.
As for the further process in 2014, Lawsky explained that the DFS will move towards further regulation this year and will most likely hold a market consultation for the proposed regulatory framework for companies that want a so-called 'bit-license.'
What will the bitlicense be like?
When listening to the speech, my impression is that the core fundamentals of the bitlicense will be:
- very strong customer disclosure, requiring companies to outline that transactions are irreversible and that the digital currency may be very volatile,
- a strict adherence to know-your-customer requirements, essentially demanding that anti-money laundering rules are adhered to,
- a robustness/capital requirement, ensuring that the company will be able to withstand some of the market shocks that may occur when dealing with volatile digital currencies/commodities,
- safety and soundness requirements, ensuring a certain quality of operations and consumer protection.
As for the nature of capital and collateral requirements, the DFS is still wrestling with the concept of virtual currencies. This has to do with the angle and object of regulation. While it is easy to require capital safeguards for banks that deal with attracting and lending money, this is harder to apply for companies that issue, distribute or redeem virtual currencies.
Similar questions arise when defining the scope of transaction monitoring. Should only the purchase and redeem-transactions be subject to rules or does the supervision extend to a full transaction logging of all transactions with the virtual currency? Should those transactions be in a public ledger and to which extend can they be anonimized?
Step-up regulatory approach with a safe harbour
Although the DFS is still contemplating its exact licensing regime, I expect it to also contain a safe harbour provision. This would allow companies that comply with customer disclosure and know-your-customer rules, to continue to operate, while further obtaining the full bitlicense. Such a regime would assist in lowering the barriers for virtual currency platforms/traders/exchanges and create an easy entry towards the proper regulatory regime.
Lawsky outlined that the regulator prefers companies to be in his state and regulated, rather than driven off-shore. A safe harbour rule helps achieve that and fits a model where a light-weight, low-barrier entry model is developed to prevent legitimate providers from leaving the jurisdiction, while creating a sufficient barrier for the illegitimate players in the market. This is also a realistic approach considering the alternative channels for illegitimate behaviour: cash and banks. In the words of Lawsky:
Let's be frank: a lot more money has been laundered through banks than through virtual currencies'Boldly go where no man has gone before?
I commend the DFS for their open minded approach to the topic of regulation of virtual currencies. I do disagree however with one of the remarks of the Superintendent. He outlined that regulators are in new and unchartered waters when it comes to virtual currencies.
I don't think they are.
Since day and age, people have used all kinds of symbols, coins and means of representation of goods that worked fine for transferring ownership of property. We created a number of laws and institutions to ensure these property rights and a fair treatment of parties to certain contracts. In doing so we were able to move from coins to paper-based money to deposit accounts. At the same time we created digital representations of shares, bonds, IOUs and agreed that ledgers at private companies and government institutions could officially represent a claim on goods, services, bits of land, anything.
Then, when it comes to new forms of money, we also have recent experience. In the late 1990s we witnessed a very similar type of discussion on bank supervision and specialised supervision regimes for new forms of 'electronic-money' as it was called in those days. It took some time and deliberation to get to grips with pre-paid digital representations of fiat-currencies, but we found our way in the end.
The challenge: finding the right regulatory framework
The true challenge is to first consider the fundamental nature of virtual currencies and then determine the appropriate regulatory framework. In essence, the DFS is doing the reverse as their starting point is their existing legal competence as supervisor of money transmitter businesses. While there is a lot of logic to it, it might be useful to reconsider alternative types of regulation that exist.
It's my hunch that perhaps an exchange/trade oriënted regulatory framework might make more sense as the basis for regulation, than the money transmitter framework. So that is what I will explore in my next blog.
Tuesday, January 28, 2014
Towards a more flexible approach of authentication
In July last year, the European Commission published a proposalfor a revised Payment Services Directive (PSD). The proposal draws on the work of the SecuRePay forum of supervisors and requires ‘strong customer
authentication’ when a payer initiates an electronic payment transaction.
Strong authentication
Strong authentication is defined as a procedure for the validation of the identification of a natural or legal person based on two or more elements categorized as knowledge, possession and inherence. These elements are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.
The concept of strong authentication is in itself nothing new. What is new however, is its appearance as a detailed regulatory requirement. So far, both the Payment Services Directive and the Electronic Money Directive contained a more generic requirement for licensed operators to demonstrate that their governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate. This allows for a system wide supervisory review of risks and security measures.
The current approach in both the envisaged PSD and Recommendations of the supervisors in Europe is however to take out and stress one element of the risk/security puzzle. This approach may turn out to be counterproductive and be an impediment to achieve retail payments that are as secure, efficient and as frictionless as possible.
Strong authentication
Strong authentication is defined as a procedure for the validation of the identification of a natural or legal person based on two or more elements categorized as knowledge, possession and inherence. These elements are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.
The concept of strong authentication is in itself nothing new. What is new however, is its appearance as a detailed regulatory requirement. So far, both the Payment Services Directive and the Electronic Money Directive contained a more generic requirement for licensed operators to demonstrate that their governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate. This allows for a system wide supervisory review of risks and security measures.
The current approach in both the envisaged PSD and Recommendations of the supervisors in Europe is however to take out and stress one element of the risk/security puzzle. This approach may turn out to be counterproductive and be an impediment to achieve retail payments that are as secure, efficient and as frictionless as possible.
Different market approaches to customer
authentication
Traditionally the banking sector and card schemes have played a major role in the payments industry. For a long time they acted as the main channel through which new technological developments were introduced. In this process, strong authentication in a range of countries became a standard for use in payments. Further security measures for use in transactions over the Internet were then being developed as an add-on to the basic design.
More recently, Electronic Money Institutions (EMIs) and Payment Service Providers (PSPs) have entered the payments value chain using the Internet as their basic transaction processing initiation channel. As a result, their approach to payment security tends to be based on a variety of methods, to be able to counter a range of attacks associated with this inherently unsafe environment. PSPs have had to move very quickly up the e-payment security learning curve and found out that they must remain vigilant with respect to new threats. PSPs are consistently using additional information (geo-location information, IP address matching, IP address pattern detection, industry blacklists, comparison against a customer’s existing “profile” etc.) to validate the interaction with a user.
There is still much to gain by combining the expertise of both the “classic” and more recently-established providers of payment services. Customers will be using all kinds of devices as a service entry point; this requires a flexible approach to authentication. Rather than two-factor authentication we could speak of multi-factor authentication, which would include the specific user-payment service provider interaction context. But that is not all.
Traditionally the banking sector and card schemes have played a major role in the payments industry. For a long time they acted as the main channel through which new technological developments were introduced. In this process, strong authentication in a range of countries became a standard for use in payments. Further security measures for use in transactions over the Internet were then being developed as an add-on to the basic design.
More recently, Electronic Money Institutions (EMIs) and Payment Service Providers (PSPs) have entered the payments value chain using the Internet as their basic transaction processing initiation channel. As a result, their approach to payment security tends to be based on a variety of methods, to be able to counter a range of attacks associated with this inherently unsafe environment. PSPs have had to move very quickly up the e-payment security learning curve and found out that they must remain vigilant with respect to new threats. PSPs are consistently using additional information (geo-location information, IP address matching, IP address pattern detection, industry blacklists, comparison against a customer’s existing “profile” etc.) to validate the interaction with a user.
There is still much to gain by combining the expertise of both the “classic” and more recently-established providers of payment services. Customers will be using all kinds of devices as a service entry point; this requires a flexible approach to authentication. Rather than two-factor authentication we could speak of multi-factor authentication, which would include the specific user-payment service provider interaction context. But that is not all.
Stuck with two-factor customer
authentication?
The analytical flaw that underlies the SecurePay recommendations is its strong focus on too detailed a part of the business and security process: customer authentication. Of course this is quite an important element of the transaction process, but the overall security of (mobile) retail payments is always achieved by a proper combination of security measures.
Customers, devices, processes and issuers should all be authenticated properly. And any risk control structure does not just rest on authentication but on a wide array of logical and functional controls. These controls may sometimes be labeled: 'fraud detection' but the quality of the risk prevention that they achieve can be just as good as one of the classic factors, that are not in the definition of strong authentication.
It is evident that new authentication measures and security challenges are being used and developed to achieve a level of security in retail payments which is contingent on the risks that are relevant in the user-transaction-device context. We can witness this in the bank, card, Internet and mobile payment domain. As these developments occur, it is unwise to freeze one detailed building block of security measures into a regulatory requirement. This will skew the market into less efficient and more cumbersome customer experiences, while technically not necessarily safeguarding a strong level of security.
In particular the mobile domain allows for a wide array of additional capabilities to achieve the security levels that supervisors desire. It would therefore be wrong to make the low-value threshold of the PSD the dividing line between strong and alternative customer authentication measures. A better approach is to link the degree of authentication to the degree of risks and the further security measures that are in place. This will allow the market to develop solutions that achieve both ease of use to the consumer and the desired level of security.
A more future-proof approach
It is not unlikely that the envisaged inclusion of a detailed requirement on strong customer authentication may distort the current market developments rather than allow for further innovation and market development. A more future-proof approach is desirable.
In my view such an approach would be to allow for a broader 'multi-factor authentication' which includes authentication based on the user-interaction context. In addition it would be good to recognise that the quality of some of the security measures which are often labeled: 'fraud detection' may have become such that they achieve a similar level of security as the traditional authentication factors.
We should also allow alternative authentication mechanisms to be used, dependent on the risk involved, rather than a certain value threshold. It would then be up to the supervisors to make the context-based and risk-based assessments on the whole array of security measures as a part of their supervisor reviews.
This approach should ideally be complemented by excluding todays specific definitions of strong authentication from the wording of the Payment Services Directive and replacing them with a generic reference to the relevant security recommendations.
The result would then be that we will have a clear and flexible security requirements framework in Europe that sets the boundaries within which the market can futher innovate and develop.
The analytical flaw that underlies the SecurePay recommendations is its strong focus on too detailed a part of the business and security process: customer authentication. Of course this is quite an important element of the transaction process, but the overall security of (mobile) retail payments is always achieved by a proper combination of security measures.
Customers, devices, processes and issuers should all be authenticated properly. And any risk control structure does not just rest on authentication but on a wide array of logical and functional controls. These controls may sometimes be labeled: 'fraud detection' but the quality of the risk prevention that they achieve can be just as good as one of the classic factors, that are not in the definition of strong authentication.
It is evident that new authentication measures and security challenges are being used and developed to achieve a level of security in retail payments which is contingent on the risks that are relevant in the user-transaction-device context. We can witness this in the bank, card, Internet and mobile payment domain. As these developments occur, it is unwise to freeze one detailed building block of security measures into a regulatory requirement. This will skew the market into less efficient and more cumbersome customer experiences, while technically not necessarily safeguarding a strong level of security.
In particular the mobile domain allows for a wide array of additional capabilities to achieve the security levels that supervisors desire. It would therefore be wrong to make the low-value threshold of the PSD the dividing line between strong and alternative customer authentication measures. A better approach is to link the degree of authentication to the degree of risks and the further security measures that are in place. This will allow the market to develop solutions that achieve both ease of use to the consumer and the desired level of security.
A more future-proof approach
It is not unlikely that the envisaged inclusion of a detailed requirement on strong customer authentication may distort the current market developments rather than allow for further innovation and market development. A more future-proof approach is desirable.
In my view such an approach would be to allow for a broader 'multi-factor authentication' which includes authentication based on the user-interaction context. In addition it would be good to recognise that the quality of some of the security measures which are often labeled: 'fraud detection' may have become such that they achieve a similar level of security as the traditional authentication factors.
We should also allow alternative authentication mechanisms to be used, dependent on the risk involved, rather than a certain value threshold. It would then be up to the supervisors to make the context-based and risk-based assessments on the whole array of security measures as a part of their supervisor reviews.
This approach should ideally be complemented by excluding todays specific definitions of strong authentication from the wording of the Payment Services Directive and replacing them with a generic reference to the relevant security recommendations.
The result would then be that we will have a clear and flexible security requirements framework in Europe that sets the boundaries within which the market can futher innovate and develop.
Tuesday, December 10, 2013
Is a 'democratic' crowd based cryptocurrency just as fair as the traditional ones?
Having gone through my daily portion of Bitcoin-reads (and being somewhat sceptic), it struck me that one of the compelling arguments of collective currencies: 'money to the people' is highly flawed. It is the strong resentment against governments and financial institutions that makes many people believe that it would be good to take the power of money-creation out of governments' hands. But what would happen if we would indeed forget for a moment about the governments?
Crowd based currencies: exclusive and leading to private gains
As nice as it appears, these new currencies will then not be as evenly spread as the current ones in existence. There is quite bit of knowledge and expertise involved in obtaining, developing and working with new crowd-based currencies. So the 'democratic' nature of these currencies is not as democratic as we may think. The amount of people that may vote and can use cash is considerably wider than the amount of people able to use or make virtual currencies.
As nice as it appears, these new currencies will then not be as evenly spread as the current ones in existence. There is quite bit of knowledge and expertise involved in obtaining, developing and working with new crowd-based currencies. So the 'democratic' nature of these currencies is not as democratic as we may think. The amount of people that may vote and can use cash is considerably wider than the amount of people able to use or make virtual currencies.
We should realise ourselves that in essence, any currency, whether it is a government-owned or private in nature, leads to a certain distribution of value and wealth for the issuer and among the user base. And the question that is not being asked, at present, is whether the new crowd-based currencies will distort the distribution of value and wealth in society? Nor do we ask ourselves the question if we would prefer to be subject to the consequences of behaviour of (collective) private entities, manipulating a currency while we can't influence them, instead of a government structure (however flawed it may appear).
The redistribution of value that can occurs with these new currencies may look democratic, but that is a wolfe in sheep' s clothes. Effectively the new currencies are and will be the domain of private individuals trying to seek private gain rather than anything else. And there is no guarantee whatsoever that this constellation will have the interests at heart of all people in society. It will be Darwins' survival of the fittest all over again, which will exclude certain groups of citizens from participating fully in society. As democratic as a crowdbased currency looks: you will still be a puppet but on a different string, with unknown gains being made by unknown players in the value chain of this collective currency.
Currencies should be as fair as possible
Thus, the claim that crowd-based exchange mechanisms or digital currencies are more democratic than the existing ones must be strongly rejected. They are not and they lead to a very uneven an undemocratic redistribution of value in society. The central question in this debate should be which institutional design prevents the most harm from being done.
Thus, the claim that crowd-based exchange mechanisms or digital currencies are more democratic than the existing ones must be strongly rejected. They are not and they lead to a very uneven an undemocratic redistribution of value in society. The central question in this debate should be which institutional design prevents the most harm from being done.
Despite all the existing flaws that may be present in our governments or current monetary situation, the truly democratic currencies and those that may do the least harm are those operated by the governments that we can vote in or out.
Wednesday, August 21, 2013
Bitcoin legal classification in Germany: much ado about ... ?
These days I noticed an interesting discussion in my Twitter time line and on the web on the fact that the German government has 'recognized' Bitcoins (even as legal tender, as cnbc reported for some time). There were many reports on the matter, outlining that Bitcoin is apparently gaining further acceptance among regulators. But as the reports were a bit confusing I felt it would be good to track the sources.
German MP Schäfflers enquired about tax-treatment for Bitcoins
It turns out that a German MP, Frank Schäfflers, has been asking his Ministry of Finance how the taxation rules applies in situations where people use Bitcoin as an instrument of trade/payment. And later on he asked a follow up question whether or not the use of Bitcoins as a payment mechanism would be exempt from VAT (as is the case with German legal tender). Here is the link to the source documents.
The German Ministry of Finance outlined in its response that:
- commercial transactions where bitcoins are being used for payment, have the tax regime on the basis of the transactions' commercial nature; so the use of bitcoins doesn't disturb the regular taxation rules,
- goverment agencies are still discussing how to tax the value increase of bitcoin holdings over a year,
- bitcoins are not legal tender, nor e-money, but a form of private currency which classify as 'Devisen oder Rechnungseinheiten': under the German supervision law (article 11, sub 7).
The Rechnungseinheiten can be translated as unit of accounts, but the explanation of the German Ministry of Finance is that this definition covers - amongst others- all private currencies or units of accounts which are not based on legal tender. Essentially is a catch-all definition to capture any sort of privately agreed payment mechanism that can be used in multilateral clearing or settlement.
The regulatory logic: classification rather than recognition
While to the observer it may appear that the German regulator is leapfrogging into the modern world by outlining the status of bitcoin, the reality may be less exciting. The German Ministry of Finance merely outlined how, given the existing rules on taxation and payments, bitcoins qualify under their supervision law. This is rather a technical exercise and it can be seen that only for income tax issue (what to do with bitcoin holdings that change in value), they haven't yet got an answer.
So yes, the bitcoin has a legal status, but then again: any new development, instrument or technology already is subject to the law book. The fact that the Ministry has now pinpointed the article of the law book where they think the object fits, may therefore not be so spectacular.
If we look at the Netherlands, a similar situation appears. Anyone is free to determine whether to exchange services by paying for them or by using other forms of payment. . I could buy a bread in exchange for washing a car. And if the bakery would accept bitcoin rather than washing their car, it would work as well. The use of bitcoin can be considered payment in kind. Given this regulatory payment mode, our legal system is already recognising alternative forms of payments.
The same holds for the taxation part. The VAT rules on services do not change if the payment leg of my transaction is different. And the income tax rules don not change either. The Dutch rules state that if you hold something which has value, it must be registered on the tax declaration. In this declaration, the bitcoins in a wallet thus show up as the money in my bank account does.
As for the legal tender part of the discussion: I view that as an overrated concept. While in earlier times, the concept of legal tender meant that the other entity in a transaction had to accept the notes and coins, this obligation has been struck out of our Dutch law book many years ago. But it still lingers in the mind of many people and may of course in some other countries still be more relevant.
Future developments
What I find most interesting about the news is the quick and fast coverage that new forms of payments and regulation get in the media and with the public. We can see that the developments are positioned as the story of the recognition of bitcoin by the regulator or as the coming of age for bitcoin. Regardless of the angle of these reports, it is clear that things are happening and moving in the area of private, digital, distributed currencies. And it will be interesting to see this area develop further.
German MP Schäfflers enquired about tax-treatment for Bitcoins
It turns out that a German MP, Frank Schäfflers, has been asking his Ministry of Finance how the taxation rules applies in situations where people use Bitcoin as an instrument of trade/payment. And later on he asked a follow up question whether or not the use of Bitcoins as a payment mechanism would be exempt from VAT (as is the case with German legal tender). Here is the link to the source documents.
The German Ministry of Finance outlined in its response that:
- commercial transactions where bitcoins are being used for payment, have the tax regime on the basis of the transactions' commercial nature; so the use of bitcoins doesn't disturb the regular taxation rules,
- goverment agencies are still discussing how to tax the value increase of bitcoin holdings over a year,
- bitcoins are not legal tender, nor e-money, but a form of private currency which classify as 'Devisen oder Rechnungseinheiten': under the German supervision law (article 11, sub 7).
The Rechnungseinheiten can be translated as unit of accounts, but the explanation of the German Ministry of Finance is that this definition covers - amongst others- all private currencies or units of accounts which are not based on legal tender. Essentially is a catch-all definition to capture any sort of privately agreed payment mechanism that can be used in multilateral clearing or settlement.
The regulatory logic: classification rather than recognition
While to the observer it may appear that the German regulator is leapfrogging into the modern world by outlining the status of bitcoin, the reality may be less exciting. The German Ministry of Finance merely outlined how, given the existing rules on taxation and payments, bitcoins qualify under their supervision law. This is rather a technical exercise and it can be seen that only for income tax issue (what to do with bitcoin holdings that change in value), they haven't yet got an answer.
So yes, the bitcoin has a legal status, but then again: any new development, instrument or technology already is subject to the law book. The fact that the Ministry has now pinpointed the article of the law book where they think the object fits, may therefore not be so spectacular.
If we look at the Netherlands, a similar situation appears. Anyone is free to determine whether to exchange services by paying for them or by using other forms of payment. . I could buy a bread in exchange for washing a car. And if the bakery would accept bitcoin rather than washing their car, it would work as well. The use of bitcoin can be considered payment in kind. Given this regulatory payment mode, our legal system is already recognising alternative forms of payments.
The same holds for the taxation part. The VAT rules on services do not change if the payment leg of my transaction is different. And the income tax rules don not change either. The Dutch rules state that if you hold something which has value, it must be registered on the tax declaration. In this declaration, the bitcoins in a wallet thus show up as the money in my bank account does.
As for the legal tender part of the discussion: I view that as an overrated concept. While in earlier times, the concept of legal tender meant that the other entity in a transaction had to accept the notes and coins, this obligation has been struck out of our Dutch law book many years ago. But it still lingers in the mind of many people and may of course in some other countries still be more relevant.
Future developments
What I find most interesting about the news is the quick and fast coverage that new forms of payments and regulation get in the media and with the public. We can see that the developments are positioned as the story of the recognition of bitcoin by the regulator or as the coming of age for bitcoin. Regardless of the angle of these reports, it is clear that things are happening and moving in the area of private, digital, distributed currencies. And it will be interesting to see this area develop further.
Wednesday, May 08, 2013
The proposed EU-directive on Bank Accounts: wrong tool
Today, the European Commission will announce a proposal for a Directive on Bank Accounts that covers the following areas:
- comparability of bank account fees: the aim is to make it easier for consumers to compare the fees charged for bank accounts by banks and other payment service providers in the EU;
- bank account switching: the purpose is to establish a simple and quick procedure for consumers who wish to change from their current bank account to a different one, with the same or a different bank or other financial institution;
At face value, the goals of the Commission with this Directive seem laudable. But what would interest me most is the degree with which the Commission has done its regulatory homework. Quite some time ago, there were EU-initiaves and rules on 'better regulation', which meant that a solid cost-benefit analysis would be required by the Commission before proceeding with further regulation. In the process of discussing switching cost, the Commission did not follow these rules however (see blog).
I remember that at the time I was amazed by the ease with which the Commission bypassed the work done by an EU expert group on user mobility in bank accounts (of which I was a member). The consequence was that, without having proper data as to the degree of problems experienced, the nature of the problems in different countries, the discussion remained a yes/no discussion. So I was quite interested to see if in the mean time there is more hard evidence on the table to determine the nature of the problem that needs to be solved (and to see if it is a European or a national problem).
A quick look at the impact assessment tells me that not much has changed. It is essentially a fast forward reasoning towards the norm that unless everyone in Europe switches bank accounts quite a lot, the market is evidently failing and thus regulation is necessary. Furthermore there is a blind eye as to the different types of service providers: the document assumes all players to be banks with a full service package. In terms of analysis, it is skewed as it misses one alternative explanation for low bank switching rates. That explanation could be that, from a consumer budget point of view, it is more economical and rational to use the scarce time to chip off a small percentage of other purchases (mortgage or lending percentages, tablet-purchases or mobile phone subscriptions) than to spend a lot of time comparing and switching banks and earning very little revenue in the process (see also the presentation here that discusses which assumptions lead to which regulatory preference).
Seeing the current state of discussions (a directive proposal) it seems hard to imagine that the plan would be withdrawn or modified seriously. Still, it would be useful if the Commission had done their homework a bit better and at least had chosen a proper regulatory tool. If indeed the provision of bank accounts accross the EU is a concern, why not choose Universal Services Obligation as the regulatory mechanisms, that is most suited?
We used this mechanism before in Europe, to designate the amount of public telephone's that had to be available to the public. And setting it up for banking isn't hard to do (read this Tilburg University Report) but it does require one thing: a better cost/benefit analysis:
Furthermore, designating all banks to take care of the product dimension of a Universal Services Obligation (e.g., consisting of only a basic bank account service) may be the most effective way of implementing it, provided that the USO has a minimal scope. However, with regard to the geographical dimension of a USO, designating all banks leads to unnecessary cost duplication, so that it is worthwhile to consider other options, such as self-regulation and a franchising mechanism in combination with an auction. In addition, technological developments in a sector are very relevant when assessing the need or desirability of universal service obligations. By interfering in these processes without having made it clear in advance that there is a problem, such developments may be distorted; hence the importance of carrying out a cost-benefit analysis as a starting point.
I think the citizens of Europe are best off with goverments that only regulate when the facts are evident and the tools of regulation are properly geared to the problem at hand. At this point in time, with this Bank Account Directive, I believe we are heading for another emotion-based, cost-increasing all-in Eu-wide regulation, which underlying problems (if any) could have been solved much cheaper and easier by using other more appropriate regulatory tools.
PS. The post is updated at 1823 to include some of the impact assessment data.
- universal access to bank accounts: the aim is to allow all EU consumers, irrespective of their country of residence or financial situation, to open a payment account, which allows them to perform essential operations.
With the proposal the Commission continues its standard policy towards the financial sector: ride the road of regulation as long as the sector is still unpopular with the public. It has done so with regulation 2560 (on fees) which had to motivate banks to speed up intercountry payment processing in Europe and it has in a similar vein used the regulatory process for the Payment Services Directive. Repeatedly we see the banking sector respond with initiatives to improve operations and just as repeatedly we see the European Commission and Parliament find that this was not sufficient and move forward with regulation.
I remember that at the time I was amazed by the ease with which the Commission bypassed the work done by an EU expert group on user mobility in bank accounts (of which I was a member). The consequence was that, without having proper data as to the degree of problems experienced, the nature of the problems in different countries, the discussion remained a yes/no discussion. So I was quite interested to see if in the mean time there is more hard evidence on the table to determine the nature of the problem that needs to be solved (and to see if it is a European or a national problem).
A quick look at the impact assessment tells me that not much has changed. It is essentially a fast forward reasoning towards the norm that unless everyone in Europe switches bank accounts quite a lot, the market is evidently failing and thus regulation is necessary. Furthermore there is a blind eye as to the different types of service providers: the document assumes all players to be banks with a full service package. In terms of analysis, it is skewed as it misses one alternative explanation for low bank switching rates. That explanation could be that, from a consumer budget point of view, it is more economical and rational to use the scarce time to chip off a small percentage of other purchases (mortgage or lending percentages, tablet-purchases or mobile phone subscriptions) than to spend a lot of time comparing and switching banks and earning very little revenue in the process (see also the presentation here that discusses which assumptions lead to which regulatory preference).
Seeing the current state of discussions (a directive proposal) it seems hard to imagine that the plan would be withdrawn or modified seriously. Still, it would be useful if the Commission had done their homework a bit better and at least had chosen a proper regulatory tool. If indeed the provision of bank accounts accross the EU is a concern, why not choose Universal Services Obligation as the regulatory mechanisms, that is most suited?
We used this mechanism before in Europe, to designate the amount of public telephone's that had to be available to the public. And setting it up for banking isn't hard to do (read this Tilburg University Report) but it does require one thing: a better cost/benefit analysis:
Furthermore, designating all banks to take care of the product dimension of a Universal Services Obligation (e.g., consisting of only a basic bank account service) may be the most effective way of implementing it, provided that the USO has a minimal scope. However, with regard to the geographical dimension of a USO, designating all banks leads to unnecessary cost duplication, so that it is worthwhile to consider other options, such as self-regulation and a franchising mechanism in combination with an auction. In addition, technological developments in a sector are very relevant when assessing the need or desirability of universal service obligations. By interfering in these processes without having made it clear in advance that there is a problem, such developments may be distorted; hence the importance of carrying out a cost-benefit analysis as a starting point.
I think the citizens of Europe are best off with goverments that only regulate when the facts are evident and the tools of regulation are properly geared to the problem at hand. At this point in time, with this Bank Account Directive, I believe we are heading for another emotion-based, cost-increasing all-in Eu-wide regulation, which underlying problems (if any) could have been solved much cheaper and easier by using other more appropriate regulatory tools.
PS. The post is updated at 1823 to include some of the impact assessment data.
Subscribe to:
Posts (Atom)