A recent paper from the Financial Stability Institute (FSI) reviews various big tech regulatory initiatives developed in China, the European Union (EU) and the United States (US). The emergence of large technology firms (big techs) represents a major source of disruption to the financial system and the economy. Big techs have expanded the available range of financial products and services, often with enhanced customer experience. However, the ease and speed with which these companies can scale up their activities and expand into finance may generate pronounced concentration dynamics. This could significantly affect the adequate functioning of the financial system and may damage market contestability and eventually increase operational vulnerabilities due to the excessive reliance of market players on the services provided by big techs.
Different jurisdictions have moved to adjust their policy frameworks to cope with the risks presented by big techs. In particular, a number of policy initiatives have emerged in China, EU and US over the last few years in the areas of competition, data protection and data-sharing, operational resilience, conduct of business and financial stability. These initiatives generally seek to achieve a balance between addressing the different risks posed by big techs and preserving the benefits they bring in terms of market efficiency and financial inclusion.
Thus far, competition has been the policy area where the most initiatives have been conducted and a paradigm shift is emerging. Given the large potential for big techs to abuse their technological and data superiority to quickly dominate different market segments and adopt anticompetitive practices, preserving market contestability has become a top priority for authorities in China, the EU and the US. Competition policy proposals include not only the augmentation of traditional ex post enforcement tools but also the creation of new big tech-specific ex ante regulatory regimes.
A number of data protection and data-sharing initiatives have been proposed. Policy initiatives across the three jurisdictions place special emphasis on personal data use and data protection. Moreover, there are relevant initiatives, particularly in China and the EU, with respect to users’ data portability. This, together with emerging policy and market developments on data-sharing, seems to be paving the way to a generalized use of personal data for the provision of financial services by different types of entities.
Policy initiatives are addressing the operational resilience of big tech firms. These typically apply to big techs either as providers of financial services or as third-party service providers of financial firms. The operational resilience requirements in both cases intend to capture all sources of operational risk (in particular, information and communication technology risks) and expect adoption of sound risk management practices, swift response in case of disruption and continuity of critical services.
Some jurisdictions have taken meaningful policy efforts to address potential conduct issues and financial stability challenges but they do not follow an homogeneous pattern. A key development in the conduct of business area is the EU’s proposed Digital Services Act (DSA). This establishes extensive requirements for very large online platforms connected with the functioning and use of their services. As such, the DSA represents a comprehensive effort to deal with how big techs treat their customers and the information they receive.
Regarding financial stability, the main regulatory development is the China financial holding company (FHC) regime. This requires all entities holding two or more types of financial institutions to be structured and licensed as FHCs (if size thresholds or other conditions are met). This effectively mandated big techs to reorganize their financial business and represents a novel entity-based regulatory approach that entails a comprehensive oversight of the activities performed by big techs through all their financial subsidiaries.
Additional regulatory responses might be needed to comprehensively address big tech risks and achieve policy consistency at the international level. Recent initiatives in China, the EU and the US constitute important steps in addressing risks posed by big techs. However, if big techs continue to gain prominence in the financial system, additional policy responses might be necessary. It is also very likely that new policy actions will largely need to follow an entity-based approach and require close cooperation between competition, data and financial authorities. Moreover, given the cross-border scope of big tech activities, enhanced international regulatory cooperation is essential.