Ruth Wandhöfer is global head of regulatory and market strategy for treasury and trade solutions at Citibank. She is considered one of the foremost authorities on Sepa and is chair of the European Expert Group on the transposition of the PSD, as well as other regulatory bodies. Ruth is a winner of the 2015 Women in Banking and Finance Achievement Award.
At Sibos 2015 in Singapore, I asked Ruth about her role at Citibank, as well as her opinion about blockchain technology.
Could you talk a little about what you do at Citibank?
It’s quite a broad role in that I look after regulatory and market strategy for the transaction banking business. I have four pillars in my role:
- I speak to regulators and ensure that best practices in regulatory approach are spread across the world.
- I work with industry bodies to provide our technical and regulatory inputs to regulatory and market change processes, like the Sepa instant payments process.
- I work with our clients, a big group of which are financial institution clients, and share industry insights with them to help the ecosystem get the right rules and procedures in place for the business.
- I work with corporate clients who are challenged by the plethora of regulatory changes, and what it means for not just transaction banking, but also credit, liquidity structures, and so on.
At Sibos this year, there has been a lot of talk about innovation, and innovating faster and more efficiently, and I’m surprised at the level of interest shown by FIs in this conversation. How can the regulatory environment potentially help with innovating faster?
Some innovation is mandated by regulation. If you look at real-time payments, a lot of it has come from regulatory push. It’s interesting to see that the whole fintech space has accelerated over the last few years, partly helped by banks and others providing a lot of venture capital. Banks have been nudging in, and we’re starting to see solutions that are useful at individual bank levels, that will help improve processes, risk and data management. All of them are innovative processes that can be absorbed and embedded because they will make the banks safer, and regulators will be in favor of that.
There are other innovations. I’m sure blockchain is one of the biggest topics (at Sibos). One of the startups I mentor is Tradle, which provides a blockchain-based KYC solution, which could be interesting for retail banking, wholesale banking and governments as the technology matures. I think the fintech companies are now explicitly looking at the problems that need resolving and developing the right solutions, and banks are investing in these landscapes.
I would say, particularly on blockchain, the technology is clearly still immature and not scalable in the way we would like to see it. This is why more innovation and research is going on, with more financial resources being placed there, because banks have clearly realized that this is the future. We’re certainly not at the end of a final product we can just plug in.
So, do you think PSD2 is another regulation that can actually help with innovation? It has the potential to bring fintech startups and banks together.
PSD2 is already an old regulation before it has even been implemented. What the EU tries to do is create a strict conduct of business, rule, and regime for all payments providers similar to the old one but with more rules. There’s an existing barrier to entry into the market, which isn’t logical to innovators who want to just launch their business. But if they launch a business that would touch upon PSD elements, it would have to be regulated and that would be a costly and complicated process.
The third party providers being introduced into the equation is a post-event effect because the regulation is only establishing a framework for something that has already been happening in the market for some years. This is a catch-up game. My prediction is that once we have more real-time solutions, we probably wouldn’t need third parties, and definitely not for payments initiation.
Again, the ball is played back to the banks. Banks should look at innovating more with the data they have, and the fintech industry should produce solutions around this. It’s not necessary to have third parties accessing banks’ customer data because of the difficulty in legalities around what happens if the customer’s consent has been removed and the bank hasn’t been informed, for example. The bank will always be liable for funds being lost or information being shared, so there’s an intrinsic issue that liability remains with the account-holding banks.
What kind of fintech startups do you mentor?
I mentor four startups now. They all have different business models and not everyone is using blockchain technology, which is the topic du jour. I think there are very interesting new models using social media platforms for a very different type of services that are payments-related, yet which could become scalable very quickly. With my regulatory knowledge, business knowledge, and my contacts with regulators and governments, it’s helpful to assist these startup companies to find the right path, and to chaperone them in some difficult conversations with supervisors.
Especially with Tradle, given some of their regulatory context, the way that I prepped them and how we interacted helped them gain such traction with banks that they now have two bank pilots and another pilot with a platform provider. We’re also going to talk to the Singapore government this week.
In fintech, one of the major disruptions is happening with cross-border payments and money transfer. Regulation is murky on this considering the number of countries involved. How would the whole regulatory structure work when banks try to do what fintech startups are doing?
This is a tricky one because if fintech companies were to provide remittance solutions themselves, they would also have to follow the regulations because no one can operate non-regulated when moving money. They’ve been moving stuff without being regulated at all, and actually there’s a regulatory void that shouldn’t be there. This should be addressed by new regulations or the implementation of regulations such as PSD2. Anyone dealing with money or moving money has a regulatory regime, at least under European rules. Not every country has created rules. I know that countries such as South Korea have actually said that we want to lower the regulatory barrier and allow fintech companies to provide payments and money, remittances, but they’ve done exactly the reverse.
There is an issue if there’s a hack in the system, or a customer has lost funds, or has been charged too much. In Europe and the US, we have a very strong consumer protection culture. China is coming around to it and is introducing ecommerce legislation before it does ‘e-money’. You will see that things are allowed until something goes wrong, and then regulators will focus on that. That’s why it’s interesting for banks to see how some of the technology could help us so that the regulatory entities would continue to provide service in a more efficient way.
Do you think there are some parts of the world doing regulatory changes more effectively than others?
I would say Singapore is one of the most avant garde in terms of efficient regulatory approaches. Singapore is a country that has a clear focus on economic growth and becoming the financial center of Asia. This drives policy decisions and regulations. In the EU, there was politically a lot of focus on consumer protection, which can sometimes lead to inefficient outcomes and an almost ‘overprotection’. In the US, they’re starting to look at Europe for consumer protection, and it will be interesting to see how this plays out.
I would say China is at a very early stage. If you look at players such as Alibaba, they’re not regulated at all, and they take deposits, they provide investment solutions, and they move money. They would, under European law, already fall under at least five or six legislations, but they’re now not regulated at all. But there will also be no second Alibaba. The question is always of supervision and how they collaborate with the government in a timely manner to make sure that everyone is reassured.
Do you think there are any challenges you have in compliance that fintech startups can solve?
Yes, and I would say KYC is one of the big ones. If you create a model where you push KYC data onto the blockchain rather than calling up the client every time, wholesale banking clients themselves will push the information in. Let’s say a director has changed in a company, and normally a bank would get to know of it through a quarterly review process, calling the company and asking if anyone has changed, asking if they can send a fax with the new passport, picture, and so on. This would all go away if the company could update the data themselves and the bank has access to it. The bank would still verify if the data was correct, but it wouldn’t need to follow up and ask for the data in the first place, and this makes a real difference.
What are the three major fintech trends you think will affect the industry in 2016?
The more fintech firms understand the pressure banks are under, and banks are able to engage with fintech firms directly, the more you will get a collaborative approach targeting the right projects. Many fintech companies have realized that the payment value chain and the banking value chain are very attractive, and that they don’t need to necessarily compete with the banks.
These solutions would enable the bank to broaden what they can do with clients from a risk and credit perspective, simply by the mere function of data analytics, therefore better risk management. You could suddenly increase your pool of lenders or borrowers because you have better data. They now talk about digital intelligence that can help on risk management, KYC, cyber security and AML.
I spend a lot of time in the industry on security of payments at the European level as well as globally, and there are areas where we can do much to reduce cyber threats. Blockchain has been discussed in this context, and anything where you create a higher barrier to break the code and therefore make it a much more costly process to attack. I think this applies to clearing banks, central banks, individual banks, corporates, and of course consumers and governments. This is a big area where we can collaborate and address the key issue.
How has Sibos 2015 in Singapore been for you?
Clearly, the real-time theme is now a real theme because we have real evidence. In fact, back to the cybersecurity mentioned earlier, the real-time monitoring of all transactions becomes ever more important. Resilience on IT capabilities in real-time monitoring is another point that needs to be in place. You always have an implicit risk of fraud that’s much higher with real-time. You need real-time sanction checking, real-time KYC and constant monitoring for any issue that could emerge, so this is quite important.
We see a lot of fintech conversation here. I can see why working directly with fintechs is so exciting, and some of the people with great ideas are now feeling more empowered to come out with them because fintech has become much more mainstream. Swift and its community has definitely helped facilitate this to success. I’ve already mentored two startups here at Sibos in one day.
It’s amazing to see the network. It’s great to see a shift in mindset, and how we all – as traditional bankers – are seeing new perspectives and thinking of opportunities. This is absolutely right, because opportunities are presenting themselves now.