Executive Summary

Regulation of financial services in an on- line environment is characterised by uncertainty. Whether it be determining whose rules apply, how they apply to e- commerce, how the regulators will approach the supervision of on- line delivered financial services or, indeed, how any of these factors may change as the market develops – thinking is embryonic, guidance is patchy and precedence is minimal.

The industry craves certainty without increasing the burden of regulation, and we have identified a number of areas where concern exists and/ or action is required.

Global financial services businesses are concerned by the lack of consistency in the different regulatory frameworks around the world. Regulators must strive for common standards and approaches at a global level so as not to create a global imbalance in innovative uses of the Internet.

Jurisdictional boundaries are still seen as a major impediment to e- commerce business as they create uncertainty in terms of both contract law and financial services regulation. Failure to break down these barriers, or create safe harbours, and agree on globalised standards for the industry will result in ecommerce businesses having to put barriers and firewalls around the technology to insulate products and services aimed at one market and one set of market players from those aimed at the rest of the global marketplace. Some legislators have started to address the jurisdictional difficulties, although these are still at the highest level of concern for the industry as it seeks to develop the use of global Internet activity.

Global financial services businesses are also concerned that there is little coherence in the different regulatory frameworks around the world. Regulators must strive for compatibility and consistency between approaches at a global level if the innovative use of the Internet in financial services is not to be stifled. This is a huge challenge and one where there are no easy answers. However, the effort being made in enforcement and law agency co- operation is disproportionately greater than the effort being made to allow legitimate financial services providers to access the global marketplace and this requires redress.

To succeed in the information age, the e- business must build trust as this increases confidence, reduces inhibitions and barriers and hence allows people to transact business more freely. Excellence in information technology is key to this being achieved.

The financial services industry can avoid excessive regulatory scrutiny – and generate significant buy- in by consumers – by setting itself high standards in IT capability and effectively implementing these through a process of self- regulation. It is for each organisation to implement appropriate infrastructure to enable trust to be established, and it is for the regulators to demand the policies which will ensure that trust is not abused. Consequently, regulatory reform is likely to revolve around striving for excellence in IT to ensure high availability of services, thus protecting confidence in the markets and achieving confidence in the security and reliability of electronic delivery systems.

Where financial services companies are providing services over the Internet, regulators are increasingly seeking satisfaction that firms are managing risks properly. It is vital, therefore, that the financial services industry sets itself high standards in IT capability. This means appropriate planning, testing and implementation of IT systems.

The Regulators Must Have The Technology As Well

Not only can Internet technology be used as a means to improve compliance monitoring within regulated firms, but it can – and, indeed, will – be used to improve supervisory processes within the regulatory bodies themselves.

The more forward thinking regulators have already started to incorporate technology- based monitoring into their supervisory activities through the application of compliance software, the receipt of ‘real time’ information and the use of the Internet for correspondence and regulatory reporting.

The majority of information received by regulators is historical, usually focused around month end returns. Specialist tools can now be developed, using the new generation of Internet languages, to receive and monitor ‘real time’ or near ‘real time’ data and to identify trends or exceptions. Such tools can be automated to a very high degree. In the medium term, these will offer a powerful regulatory tool to monitor an individual company’s compliance with certain rules in ‘real time’.

It is important to get the partnership right between regulators and regulated firms so that the Internet is a monitoring tool which also, subsequently, provides a gateway to regulators for supervisory purposes. However, ‘real time’ monitoring more generally could lessen the cyclical reporting burdens and constraints for companies, reducing the need for inspection visits and audit reviews.

Financial services businesses must anticipate these developments by improving their own on- line internal monitoring. Therefore, if and when on- line monitoring does arrive, they will be fully able to operate effectively in this new environment. This has the added benefit of enhancing the effectiveness of internal regulation, with knock- on benefits for the company’s reputation, client relationships and regulatory relationships.

Concerns And Risks

Time to market is often critical for on- line financial services businesses. Speed should not, however, be at the expense of prudent management of the business and executives should satisfy themselves that new on- line businesses have the necessary infrastructure in place and that they themselves have the competence to manage an e- business.

There is increasing evidence that newly conceived on- line businesses are being taken to market more and more quickly due to competitive pressures. But, do these new on- line businesses have the necessary infrastructure in place? In other words, are there appropriate middle and back- office and compliance functions to monitor, support and service rapidly built front- end operations? Management should challenge their collective knowledge and experience, taking action where necessary, to ensure that sufficient executive competence exists to understand and manage the issues and risks arising from e- business. Experience of successful management of an existing bricks and mortar business is unlikely to be sufficient in this respect.

New entrants themselves potentially pose the greatest risk. Technology is breaking down barriers to entry into the industry and challenging traditional methods of conducting investment business. Major new global industry participants have already appeared and, in the US, where the Internet market is more advanced, there are now large financial services businesses built purely on the back of on- line activity. This trend is likely to continue to bring greater risks and regulatory challenges, as the number of new entrants increases and the relative experience in the industry decreases.

The management challenge also exists in current businesses adding an on- line capability to an existing service, which do not have to endure a long drawn- out authorisation process. It is essential that the IT capability is properly managed – and there are plenty of cases where this has not been the case – but what about after- sales support and compliance? Increasing volume, for which the Internet is a catalyst, puts pressure on risk management and settlement functions and it is essential that these parts of the business are equipped to deal with these challenges. Equally important is the compliance function which must deal with new issues and challenges in the on- line arena as well as developing updated monitoring techniques. Such techniques must ensure that ineffective and antiquated practices are not being relied upon to support new, faster and cross- border delivered services. We believe that compliance software has a major part to play in the competent on- line financial services business of the future.

Systems downtime is one of the biggest risks for consumers when transacting with an on- line provider. Without effective business continuity planning, both consumers and the industry face the risk of financial loss.

Accessibility of services is absolutely vital in all areas of the financial arena. For example, an e- bank, which cannot maintain services to customers because of unreliable systems, is of no more use than a traditional bank without branches. Similarly, an on- line stockbroker or exchange that cannot display prices is failing in a critical area of its responsibility to members or customers.

Lack of service is not just inconvenient – it can cause actual financial loss, particularly where consumers are reliant on an on- line trading system. This provides further evidence, and a specific example, of the need for systems competence and an effective IT strategy.

Other significant risks faced by the consumer in an on- line world are the issues of privacy, suitability, the increasing evidence of an information and expectation gap and fraud. Any lack of regard for these in future regulatory policy may lead to financial loss to the participants in this industry, as detailed below.

Privacy: Due to the global nature of the Internet, information is transmitted across many borders and jurisdictions. If companies on the Internet are to gain the confidence of customers and, indeed, if governments wish to see the success of this phenomenon, protection of users, in particular with regard to privacy, confidentiality and anonymity should be assured.

Suitability: Concern stems from the fact that data profiling of customers, based on on- line behaviour, is being used by online brokers to make recommendations that may not be ‘suitable’ to the customers’ financial situation, objectives and needs.

Information gap: Aggressive advertising has fuelled the misconception of easy wealth and the risk of being left behind in the new on- line era. Therefore, financial institutions must ensure that they are providing information to customers that is clear, user- friendly and not misleading.

Fraud: The Internet increasingly puts investors at risk through exposure to cyber- crime, mis- selling and direct marketing of unregulated financial services.

Future Challenges

Regulatory development is likely in three key areas: conduct of business and market conduct rules, prudential supervision and compliance monitoring and supervision techniques.

Conduct of business and market conduct rules: The greatest challenge in terms of rule making certainly applies in the retail sector, where conduct of business rules have been drawn up essentially to cope with the pre- electronic age. Regulators throughout the world are already addressing changes needed to the conduct of business rules, but there is a long way to go in terms of considering what notifications, risk warnings, ‘reasons why’, projections, cooling- off periods and suitability requirements should apply in respect of transactions through the Internet.

Equally, the use of artificial intelligence to respond to investors’ queries and applications presents a further challenge to ensure that those artificial intelligence systems are adequately programmed and regularly updated to take account of developments in the market.

Prudential supervision and compliance: Regulators have always been concerned about risks other than purely financial risks such as credit and market risk. It has long been a requirement that financial firms should have adequate systems and controls. However, firms and regulators are now specifically developing tools to capture the risk of financial loss that such risks, including operational risk, create. The dependency on IT systems, which e- business can only exacerbate, is a source of such risk.

Electronic reporting and monitoring: The regulators are already looking at ways of utilising the speed and flexibility of the Internet for monitoring purposes and the regulated community should be doing the same in order to enhance existing monitoring programmes and to ensure that their own e- commerce activity is monitored in the same way as other activities.

Fundamentally, however, the Internet is a new means of distribution rather than a new marketplace – consequently, in terms of the way that regulators regulate, the existing body of regulation is valid and applicable, and the need for specific regulatory rule changes is minimal. Action is required on the governance of firms in the industry, as explained above, which will be addressed most efficiently by the industry itself.

Consumer education is increasingly seen as a vital regulatory tool in the effort to ensure consumers receive the same level of protection in an on- line environment as they do elsewhere. The industry has a stake in this issue and should take further responsibility for ensuring that its clients are properly equipped to buy on- line.

The current focus of many retail regulators is ‘policing the perimeter’ rather than changing the way that legitimate Internet activity is regulated – keeping the wrong people out rather than looking at what people are doing ‘inside the fence’. The regulators’ tactic of choice, which we support, tends to be consumer education – to equip consumers with the knowledge required to buy sensibly over the Internet. The regulators and the regulated alike should accept responsibility for consumer education more widely. Investors should be:

  • Equipped to differentiate between reputable and disreputable financial services providers
  • Encouraged not to make spontaneous investment decisions
  • Provided with sufficient information to make informed investment decisions
  • Enabled to identify who they are dealing with and whose regulatory protection they can rely on

There is increasing evidence that the industry is taking responsibility for consumer education. More needs to be done, however, which might include industry funding of education in this area – even to the extent of hyperlinks to regulators' web sites or to technology that gives relevant warnings. There is also commercial benefit to the industry – a well advised customer buys sensibly and will return – repeat business is key in this market.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.