Jeffrey Bandman, former CFTC commissioner, and Hans Morris, of NYCA, talk about partnering with regulators as the path forward for fintechs.
Despite their role as fintech companies’ watchdog, there is a desire among global regulators to foster innovation and partner with new startups in the fintech space, says Jeffrey Bandman, formerly of the Commodities Futures and Trading Commission (CFTC). However, he acknowledged a shift in administration in the US, constrained budgetary resources, and navigating legacy infrastructure make the path forward for partnerships uncertain.
Han Morris, General Partner at NYCA, joined Bandman on a panel moderated by Peter Rudegeair of the Wall Street Journal at CB Insights’ Future of Fintech conference. Morris agrees that fintechs should look to partner with regulators and advises his firm’s portfolio companies to do so early.
“Virtually all the activity is regulated for good reason,” Morris says. Partnering early should allow companies to more easily gain regulatory approval and reduce future challenges.
Jeffrey Bandman noted that before leaving the CFTC, he was involved with an internal initiative known as the Lab that was formed to help develop and engage with fintech startups more closely. The CFTC not only used the initiative to think about fostering innovation among fintechs, but also to learn new ways the CFTC could leverage technology internally, with onboarding as a particular area of interest for the organization.
The CFTC has also been actively engaging with regulators around the globe to learn best practices on how they are partnering with fintechs and overseeing fintech’s development. The UK’s Financial Conduct Authority (FCA) stood out as the first regulator to set up a regulatory “sandbox” for startups to develop their technology.
But while the CFTC may be open to new business models and interested in fostering innovation, Bandman noted that regulators can’t move at the pace of startups. They can’t settle for getting 80% of regulation and just “failing fast” because it would damage the public’s trust in regulation.
Peter: Hello. Thanks for coming to the Regulatory panel. I knew this would be a sold-out event, and I can see that’s true. Joining me… Oh, first, my name is Peter Rudegeair, I’m a reporter at “The Wall Street Journal,” and I’m really excited to talk to both Hans Morris and Jeff Bandman. Hans, as some of you may know, is a very active investor in FinTech companies. He’s the partner at Nyca Partners, is that right?
Peter: And Jeff recently left the CFTC where he headed up FinTech kind of innovation efforts there. I’ve been writing about FinTech for maybe the past two-and-a-half years, and it’s been kind of striking the way, at least in the U.S., kind of one regulator after another has kind of opened an innovation office, had some kind of FinTech initiative, almost just going on a listening tour through Silicon Valley and different companies to try to understand this new phenomenon, which is attracting a lot of venture investment and scaling pretty quickly. What we haven’t seen much of is too many changes to the examination process or supervisory process or gleaning of insights, you know, from those conversations into changes the way regulators actually function. So I want to start with Jeff because he’s kind of come fresh from an agency that’s just done those, the CFTC. How did it come across that the CFTC decided they wanted to open their own innovation office? I think it’s called, what? The CFTC Lab.
Jeff: Yes. Thanks a lot, Peter. LabCFTC. Yeah, so the CFTC has been, I’d say, looking at the general, what we would now call FinTech and RegTech innovation landscape for the last couple of years. We started to look more closely at some of the ledger technologies as well as some of the cryptocurrencies that were sort of fell jurisdictionally underneath us. I’d say, initially, the angle that we took looking at it was sort of a do no harm aspect. We were trying to understand it. And I think our current acting chairman, you know, was very outspoken in saying that the regulator, you know, should kind of in in some ways follow the model that the Congress in the U.S. took towards the development of the internet in the 1990s, to let it develop. This year, with the change of administration, FinTech is a very high priority for Acting Chairman Giancarlo. And, you know, he wanted to take a more active stance. And I think, you know, that’s a very helpful lesson. These kinds of things really do start at the top in an organization. And so he said, you know, “What should the footprints of the CFTC be,” you know, “if we wanna go beyond doing no harm, if we wanna go beyond making sure our regulations aren’t actively obstructing the pace of innovation?”
And so we did a lot of outreach. We did a lot of research. Reached out to regulators in the U.S. and around the world, which was very, very helpful because a number of them had started innovation programs. I also reached out to innovators and investors and experts. That was actually how I met Hans very early in that process. So if you don’t like LabCFTC, thank Hans for that.
You know, in seriousness, we studied very hard because we really wanted to understand and engage more closely with the innovators. And really, I think, as we thought about it, we felt not only was it important to promote innovation in our markets and to make it easier for innovators to interact with the regulator, we also, ourselves, the regulator, could really benefit from having a more structured initiative in which to engage with innovators. And really, from two perspectives, both from the perspective of making it easier for innovators to introduce new products and services using some of these new technologies in our markets, but also to explore whether the CFTC as a regulator could itself be more effective and efficient by using some of these new technologies. And that’s what led us to launch LabCFTC.
Peter: Hans, I don’t know if you directly deal with any of these innovation offices at the regulatory agencies or if mostly that happens through your portfolio companies. But either way, you know, from those conversations with the regulators or with the companies, do you encourage this kind of exchange? What kind of, you know, hopes do you have just in the dialogue that it’s going to create?
Hans: So we do both. So, definitely we always encourage our portfolio companies to meet with relevant regulators. Sometimes that’s several regulators. And, yeah. I mean, it depends into, I think, you might break this down to a couple categories. In a few cases, the regulatory framework is very clear so you’re going to be a, you know, FINRA-regulated broker dealer. So you have to become a broker dealer, you have to look at them as a regulator, and you might have processes that you want to do that perhaps are innovative. And in general, I’d say, particularly in the last two or three years, all of the agencies, certainly at the federal level, have gotten open-minded about that. They’ve all set up offices. They have people to go to these conferences. It’s rare to find an issue, I’d say, that they’re completely unfamiliar with, which three years ago, that wasn’t true. So I think it’s important to get them to…
You know, if you’re, any of the people here, if you’re entrepreneurs, you should know who your regulators are. However, the places where it’s completely clear, I wouldn’t say they’re rare, but there’s many more examples where it’s not particularly clear, where you might be regulated by somebody with an issue or activity that might be subject to regulation. And, in that case, you really need to talk to a lot of people so that they view you as a good actor in the system and someone that is reliable and taking their issues seriously. And that’s an extremely important thing for an entrepreneur to do early on. If they start feeling that you’re being cute or going around them or not, you know, trying to take shortcuts on things that they think are important, they have really tremendous power, as I point out, virtually. Anyone in financial technology, all the activities are regulated, and they’re regulated for a good reason. It’s not, you know, false money. And no one wants illicit use of the financial system, no one wants to create issues that might put banks or other group regulated entities at risk, no one wants to expose data in an inappropriate way. So the consequences can be very severe if they don’t think that you’re a good actor even if they don’t necessarily regulate you.
Peter: Now, Jeff, when you were rolling out LabCFTC, you mentioned, I don’t know if you were physically going around the world, but at least talking to regulators around the world about their various innovation efforts. Were there any ones from particular companies that inspired what we saw at the CFTC? Are there others that are…might be serve as a model down the line for what either the CFTC or another regulatory agency could try to establish?
Jeff: Absolutely. That’s a great question, Peter. So there are regulators at, you know, literally around the world, and I was able to go, had a trip to Hong Kong, and met with a group of international regulators there who were really studying, in particular, distributed ledger technology. Also had a couple of trips to the U.K. You know, I’d say a number of the regulators, both of the U.K. regulators, the FCA has really been the leader and a pioneer, I give them a lot of respect, for introducing Project Innovate and establishing the first regulatory sandbox on…starting their programs in 2014. The Bank of England has a very impressive program, Monetary Authority of Singapore, both of the Hong Kong regulators. So we learned a lot from looking at them.
And as we studied them closely, and we had the benefit that, you know, regulator to a regulator, they would tell us, you know, privately, first of all, that, you know, everybody started small. And, you know, talking to a roomful of innovators and entrepreneurs, I mean, I think we can all understand, you know, you start small and you do your best with the resources you have. And people envision the U.S. government has, you know, infinite resources. But, in fact, each particular agency like the CFTC has limited resources and does its best. And so, you know, one of the things we learned at the CFTC was start small and then build from there.
Another thing that we learned, probably 90% or 95% of the programs are focused on, you know, making it easier for innovators to introduce, you know, goods, services, offerings in the space regulated by the regulator. And that’s certainly an important focus of the CFTC program. One of the things we actually learned, I’d say, it’s an opportunity for crowdsourcing in the sense that if we looked at our rule book on our own, we would probably find rules that are in need of attention. But by meeting directly and engaging with entrepreneurs, you find out, you know, people are working on actual business ideas and you find out which of the rules most in need of attention, that have the most regulatory uncertainty that’s standing in the way of progress that Hans alluded to.
The other thing, the other type of program, and really the Bank of England I thought is the best example of this, is for the regulator to learn more about the capabilities of some of these new technologies, to test them out, to get its…roll up its sleeves and get its hands dirty and find out what they do, and put them to the test. That can be a little bit harder to do in the context of a government organization just due to kind of other constraints that are well-meaning but can pose obstacles. But we really thought at the CFTC that it was important to emulate both. And really, as I said, at the outset, it benefits, we believe, the innovators in the market, but it will really also make the CFTC a better regulator.
Hans: But, you know, to get to maybe what we want to dig into here, which is, if you said, “Well, how much has really changed in the last four years, let’s say?” Not a lot. There’s a lot more openness and there’s an understanding of the issues, but if you say, “What’s the fundamental process that regulators go through so it would differ a little bit between agencies?” We’d say SEC, or OCC, or FDIC, when they do an exam they’re going in and they are looking at a long list of regulations that you’re responsible for. And they will look at your activities, and they will then request a massive amount of documentation. They will go through that. And then they will come in. They will say, “Well, your policies don’t match this requirement, and we found exceptions that don’t meet.” And you might get, you know, may have four or five things to get written up, and then you have to prepare a documentation of all your responses to that. And so the fundamental process is not data-driven per se. There’s data. There’s tons of data. But it’s not like, it’s all involved… Documentation is the core of much of the regulatory process, I’d say. The way they are governed, the way they manage things, and the way the regulated entities respond.
So when we say, “Well, how could…” I don’t think there’s anyone that I can think of that would stand up and say, “The way we regulate things in the United States is a really good system, and we should…all we have to do is just keep it as it is.” Everybody thinks it’s got flaws. But how to change it and how much has changed, it’s like less than, you know, one quarter of 1% has actually changed, a tiny amount. So I think if we want to dig into something…
Hans: That’s what everyone’s talking about, but, you know, what’s it going to take to make that happen?
Peter: So maybe let’s pick an area that, you know, has a well-established, you know, regulatory or set of rules around like any money laundering, KYC compliance, right? They had historically been, you know, very person-centric and, you know, people file suspicious activity reports for all sorts of reasons. There’s a lot of false positives there. There seems like there should be a lot of scope for data to kind of cut out a lot of that unnecessary work. You know, Hans, I think you looked at a couple of these companies, and while the technology might have real benefits, you know, you’re trying to convince a regulator that this is, you know, almost as good or even better than the human-centric approach.
Peter: How, you know, from those conversations or companies you’ve seen in the space, how open are they to, you know, new methods of trying to root this kind of thing out? What will it take to change their mind?
Hans: I think they are open-minded, but that’s, you know, that’s like saying, “Are you open-minded about a new subway system or something?” Saying, “Yes, I am.” You know, 12 years at the… So we have a rule about this. And we invested in one company which is called Merlon. And what did we like about Merlon? So Merlon is fixing what we think is a very specific part, and you can deliver ROI to the bank they want. So my view, if you come in and you say, “Here’s a brand new system…” How many people here are entrepreneurs? No one. One person.
Peter: I got you.
Hans: No, a few.
Peter: There’s a few more in the back, you know.
Hans: All right. Anyway, my view is if you’re talking about the enterprise system, particularly enterprise system related to risk or regulation or any of those core systems in a bank, or a broker dealer, or an insurance company for that matter, that, you can’t… If you say, “Rip out what you have and install something else,” is the equivalent of saying, “Do you want elective open-heart surgery today? Today is the day.” And you go, “I’m not doing that today,” you know. Instead, what you start with is something that’s on the fringe that will deliver real value today, but it could become the architecture of how you want the whole thing to look in the future.
So what I think Merlon does is it reduces the amount of time and improves the productivity and effectiveness of your analyst looking at transactions, suspicious transactions that get kicked out by one of these systems. And that might be thousands of these false positives get generated. You have hundreds of analysts going through all of these and deciding whether to follow a start. You can reduce that as positive ROI for the bank because your headcount doing that is material, and it’s a big risk. And what, I think, it will be two or three years, I’d say, of going to regulatory exams, showing them the difference between the Manta system, which would be the Oracle system that a lot of them use, and whether the transaction reporting that, and insight that Merlon can deliver is better, couple of years, maybe you can repel Mantas. But that’s what we’re talking about in terms of, like, the life cycle.
Peter: Years long?
Peter: Not months long?
Jeff: Yeah, so maybe to respond to some of those ideas, I mean, first of all, you know, now that I’m not a regulator anymore, looking to how to invest in Merlon after the panel, you know. All of us are interested. You know, so on these AML, KYC things, so I mentioned that my trip to Asia, it was very eye-opening for me. And actually, I have to say, I thought I was pretty open-minded about, you know, FinTech and RegTech and some of the benefits but, you know, I saw some of the new technologies that are being used for KYC and AML, you know, in Hong Kong, in China, in India, a lot of the innovation in that part the world. And I realized that some of these are new onboarding methodologies that didn’t involve, you know, you go to the office of somebody and you show something, that these were data-driven, and had other checks and used, you know, facial recognition software, and other biometrics that not only, you know, it wasn’t a case of, well, regulators, you know, had to make allowances to consider letting people use it. But these things actually had the potential to be superior to the onboarding AML and KYC, things we were using. And, you know, I think demonstrating that these new technologies and the impacts they can have for, you know, for onboarding, for efficiency, for inclusion, you know, I think that that sort of thing needs to be shown to the regulators and demonstrated kind of in a factually-based, data-driven way.
But, you know, I think to be realistic, you know, regulators do not, you know, move at the pace of startups. You know, I was at a regulatory policy conference a few weeks ago and somebody said, you know, “Why can’t regulators write rules in a way that, you know, lets them just fail fast? You know, get 80% of it right and fix it later.” You know, it just can’t work that way. And, you know, when I tried to sort of articulate why, well, you know, you there’s a public trust and a public responsibility, and the public expects you to be careful, and there’s also procedures around, you know, being transparent. These are the rules we’re going to apply. If we’re thinking of changing them, we let everybody know. You know, we give people an opportunity to comment and point out the flaws of them. So I do agree with Hans that things are moving slowly, but I think that there are benefits, you know, to the regulators being there to kind of, you know, poke holes and ask questions in order to kind of challenge these things and make sure they’re safe to implement.
Hans: And plus, I think, also, the regulators, they regulate in the United States, almost 6,000 banks, almost 6,000 credit unions. And all of the big banks like to introduce some new change is literally…and some big change is at least a year of planning to incorporate that, design it. And, you know, so it’s you can’t do fast things and turn around because there’s all these…companies have to respond. It’s hard for them to do that.
Peter: Yeah. Jeff, did you, you know, before you left the CFTC, were there actual changes to any process or regulation, you know, in response to some of the crowdfunding efforts you met, that you’re proud of? Or looking in the future, do you see particular areas the CFTC oversees so many different areas and firms that you think it’ll happen first?
Jeff: So there was one, and LabCFTC can’t take credit for this but, you know, I think the engagement over the last couple of years, you know, identified that there were some reporting and record-keeping rules that the agency had had from a long time that had been written frankly in the era, you know, when you had microfiche. You know, that there were rules about, you know, record storage and production that dated back to an earlier time, and so the agency through a formal notice and comment rule-making process actually proposed changes, got comment, to make these reporting and record-keeping rules that applied to, you know, broker dealers, and futures commodity merchants, and others that we regulate in the space to make the reporting and record-keeping rules more technology-neutral. That was based on public feedback. You know, after the rule was proposed, there was some further public comment. There was some adaptation, and so the proposal was last year, the rule was finalized this year. So I say that very much a response and a desire to be technology-neutral. And, you know, my hope would be that, you know, through this engagement, there would be other examples like that.
Peter: Would you describe that process as, you know, easy, arduous, somewhere in between?
Jeff: I’m sure for the people who are, you know, day-to-day working on it, it was probably arduous. I would say, you know, some of the rules that, you know, that I’ve witnessed or been personally involved in, you know, some of them take longer because they’re complicated, because they touched a lot of other rules, or because, you know, there’s a degree of controversy. In the case of this rule… And, you know, there was a cybersecurity rule that a staff I was managing actually proposed and then got adopted, also to try to respond to some of the cyber threats for market infrastructure. You know, these things were done in a very bipartisan basis. And, you know, I think was very encouraging. Even the launch and adoption of LabCFTC. You know, the CFTC right now has Acting Chairman Giancarlo. There’s one Democratic Commissioner, Commissioner Sharon Bowen. You know, they both supported it. They adopted a formal commission action, you know, supporting the initiative. So I really feel there is bipartisan support, and that certainly makes the process easier.
Peter: Hans, is there any low-hanging fruit here in terms of areas where that, you know, just bipartisan agreement on needing to foster things like access to credit or, you know, just for small businesses, underserved consumers that you would expect maybe it will be a lot easier for regulators embracing FinTech?
Hans: Well, I think that, like right now, in the political environment in Washington, I think you have several impediments. One is that you don’t have this leadership of the other regulators in place, and their staffs aren’t totally in place. And so that’s a necessary ingredient because it’s hard to make decisions if you don’t have the boss, the chairman saying, “This is something we want to do.” And relationships between the regulators makes a big difference too because it’s all…a lot of it is based on trust. If you say, “I’m going to take the lead on this issue,” another agency has to trust that you’re gonna do a good job and be careful about that. So I think it’s going to be hard, like right now, in the next couple of months, let’s say, until that firmed up.
I did think, and we were talking about this before, I thought the Treasury report that came out, that Craig Phillips really wrote is, I thought, a very reasonable, and well-written, and pretty… There was a lot in there that I think most people would agree with, honestly. And the suggestions he’s making, I wouldn’t say I agree with every single suggestion, but many of them are all good ideas so I think that’s interesting. And I think if you’re gonna rely on Congress to fix issues, I think it’s a pretty narrow space where you’re gonna get…if there’s not regulatory clarity today and you need legislation, there’s gonna be a pretty narrow list of things that could get addressed. So if we take something…
So in the Treasury report, they talked about renovation of the Community Reinvestment Act, so CRA. Then I think…I don’t think there’s anyone, maybe some of the community activist groups would say that it’s a great piece of legislation. They love it. But almost anyone that has to deal with it would say, “It doesn’t work. It doesn’t achieve the goals that it was designed to achieve today.” I mean, how many people think their branch and their community is how credit gets originated? It doesn’t. And so, could you do a better job? Could you come up with something that would help small businesses? Could you rethink the way data is treated and some of the questions that really are just ambiguous in the Fair Credit Rules, which say if I have something that lends to an outcome that discriminates against a group because I use data, is that…was that a disparate impact and that therefore was illegal? That’s not clear, and that might require legislation or some very brave regulator to clear that up across these different…across these banks and CFPB. And so I don’t see that getting…that’s not easy to clear up. But it’s something where there’s this, I think, quite a bit of political consensus in Washington that helping small businesses, and helping small banks help small businesses are good things and that…. So, I mean, we could dig into that in a little bit more detail if you want, but I don’t know. What do you think about that question?
Jeff: Yeah, well, I think that a lot of the kind of prerequisites for kind of strong regulatory cooperation are there. I think I agree very much that the agencies need to have their new leadership in place. I think also Treasury just hasn’t quite gotten to FinTech specifically yet. They said in the report, but I think October later this year is when they’ll focus on FinTech innovation. And typically, for formal inter-agency cooperation, typically you need some, you know, some coordination or convening role that’s performed by Treasury. But, you know, I can tell you there’s an enormous amount of, you know, interaction and cooperative discussion among the agencies, you know, speaking regularly to each other, thinking about ways that the agencies can cooperate, you know, in advance/ but, you know, I’m very sympathetic to innovators who, you know, they talk about kind of the patchwork of regulation. And, you know, that ultimately is, you know… Each agency can only regulate the things that are authorized by its statute.
And I’ve actually had people come to me and say, “Well, you know, this market,” you know, I won’t name it but, you know, “would benefit from oversight. Would the CFTC be interested in regulating it?” And, you know, it’s certainly a compliment that somebody actually wants you to come in and regulate their market but, you know, our jurisdiction is set by Congress. And if we were to try to kind of go outside those lines, you know, we just couldn’t do it.
Hans: But that’s one thing. One of the interesting things I think in the Treasury report was the asking the Treasury Secretary to have authority from Congress to designate someone on FSOC as the lead agency on an issue. That’s a big deal. I thought that was like one of the… That would solve a lot of problems. And that’s in there, and was, of course, act of Congress, but it’s still, I think, a big…it’s something that most people in this room might not have heard of, but that would be a big deal.
Hans: Because you could say you’re in charge.
Jeff: And actually, you know, in the FinTech area, if you look around at some of the other jurisdictions that have a single regulator or just two regulators, you know, they can really achieve much greater coordination because they have that. You know, in the U.K., you just have a small number of regulators. You know, in Singapore, kind of it all really rolls up to one single…to one regulator, monetary authority, which also has a sovereign wealth fund to invest. Now, you know, CFTC is never going to have that. That’s another way of promoting innovation. But, you know, having that coordination I think would be a great benefit.
Peter: Well, in terms of low-hanging fruits, how much, you know, can you expect these changes in CFTC or other regulatory infrastructure just to maybe help out on clarity or guidance on FinTech firms? So let’s take a topic like data collection, right? I think most bank regulators might get data, what? Like once a quarter, you know, maybe a few except for the close of the quarter if they’re not kind of in the offices. You know, if a lot of the companies that are on to invest and have much more real-time access to data, will kind of more real-time access to data, you know, at the regulatory community, you know, help, hurt? Is it just not feasible, or, you know, is that something that the regulatory community should be trying to foster?
Jeff: I think it’s coming. You know, I think that’s part of the transformative potential, particularly when people talk about ledger, distributed ledger, blockchain technology. The idea is that when people act, whatever type it is, whether it’s a loan or a credit decision, whether it’s trading activity or something else, you know, currently kind of the paradigm is, you know, activities take place and then that gets reported to the regulators. Sometimes it’s end of day. Sometimes it’s daily, weekly, monthly. Often it’s quarterly. And so by the time the regulator gets the information who’s in a position to take action or react, you know, it’s well after the fact. You know, I think with ledger technology, with the prospect of regulators having a regulator or auditor nodes, regulators can be seeing this stuff happen in real-time, as it unfolds, and could identify fraud or manipulation, could identify predatory lending practices, could see the build-up of risks.
Now, I think one of the challenges for regulators will be, you know, having the tools to manage real-time data, all the kind of bumps and inconsistencies and misplaced decimal points. You know, I think that, you know, some of the other tools in FinTech AI, natural language processing, machine learning may be a benefit. So, you know, but we could be heading towards a world where regulators are seeing information and reacting to it in real-time.
Peter: Hans, what do you think of a future like that?
Hans: I mean, I think it’s…I agree that that would be great. It’s so far off from where they are right now. And when they request information and the way they host and review information, like even like these…look at the horizontal reviews that are done or the OFR, which can request information to look at, let’s say, concentration limits on Wall Street. That, just getting the information from the banks, or the format, what exactly is going to be captured, that might take a year of negotiation or something. So they don’t use the cloud. I mean there’s so many things you could do much better but… So I applaud and I agree with the vision.
We had this one company that’s called LeapYear, and they use a thing called differential privacy to enable the person doing the data analysis. Basically, it has no idea what the underlying data is. You just see the results of the analysis. So we see that is offering opportunity to look at…analyze things in the cloud real-time. But that’s, I would say, that’s like the…that’s like saying, like, let’s merge with China or something when you put down. Basically, that’s a really big leap on that versus like, you know, using distributed ledgers. But anyway, I’m…
Peter: You folks are gonna get in the cloud first and that will [inaudible 00:29:06]
Hans: Yes, let’s start a little bit.
Peter: Okay. Well, right on cue. We are just about out of time. So I want to thank Hans and Jeff. We just scratched the surface of regulatory compliance but, you know, maybe in a year’s time, we’ll come back and see how some of this [inaudible 00:29:20]
Hans: They’re all different.
Peter: All different.
Hans: Thank you.
Jeff: Thanks a lot, Peter.