«They say things are happening at the border, but nobody knows which border» (Mark Strand)
by Valerio Lemma
Abstract: This analysis concerns the regulation of fintech banks, having regard to the possibility of a business model in which the production and delivery of banking products and services are based on technology-enabled innovation. We will go deep into European Central Bank’s definition of ‘fintech bank’, in order to understand the role and the scope of supervision.
Indeed, this paper highlights the possibility that the software of fintech banks will unbundle banking into its core functions of settling payments, performing maturity transformation, sharing risk and allocating capital. Hence, we will consider both the benefit of machine-learning techniques in respect of credit scoring, and the risk of using self-executing software that may affect the supply and demand.
Summary: 1. Introduction. – 2. The ECB and the definition of ‘fintech bank’. – 3. The regulatory relevance of fintech. – 4. New ways of (dis)intermediation. – 5. Concluding remarks.
1. The direct effects of innovation on banking are catching the attention of the European policymakers, and they are challenging the choices of the EU regulators, as the rules of the EU capital market provide for the public intervention in the real economy and financial market (having regard to Articles 41 and 47 of the Italian Constitution, as well as Article 127 of the Treaty on European Union).
In the banking industry, there are evidences that the application of the fintech innovations interacts with the business model of a credit institution, and therefore it requires assessing and managing the risks that could arise because of the use of algorithms, software and platforms designed and run by third parties. To this end, obviously, the policymakers are called to prevent that the benefits (of fintech) will resolve to the detriment of the overall financial stability or the common welfare.
As a preliminary remark, we set a boundary of this analysis with respect to the awareness on opportunities and benefits that may arise from the application of mechanisms able to drive the credit institutions both towards the maximization of their outcome and away from the most dangerous transactions. In this respect, it is worth beginning from the micro prudential aspects of the application of algorithms and of the use of big data, as their impact on financial processes, procedures, and services may reduce their operational risk profile (being it dependent on the type of technology underlying the business model). However, this would result in a new kind of risk, due to the capacity of software to reach the aforesaid goals, as well as in a combination of outsourcing risks and cyber-security issues.
2. European Central Bank’s definition of ‘fintech bank’ goes beyond the identification of a new type of market player that falls within the scope of its special guidelines, and suggested that this player presents the features of the credit institution set forth by the Regulation (EU) no. 575/2013 and the fintech firm provided by the Financial Stability Board.
The material effects of this definition refer to the identification of a new phenomenon, due to the possibility that technological evolution and financial innovation allow a greater efficiency in the circulation of capital, as well as the convenience of services alternative to banking, financial services and insurance.
In this respect, it is worth considering that the monitoring of this phenomenon suggests the existence of “a business model in which the production and delivery of banking products and services are based on technology-enabled innovation”, and this leads to the identification of a decentralized network, in which supervised entities and other firms may satisfy a portion of the demand for investment, credit, or risk mitigation.  Thus there is the need to focus on the role of law in the implementation of minimum standards and the development of supervisory remedies.
Up to date, scholars have made empirical observations of fintech firms able to supply financial services supporting lower (operating) expenses and transaction costs, due to the flexibility of their organizational structure.  Therefore, our research concerns a comprehensive assessment of the applicable regulatory framework, in order to verify the opportunity to extend the scope of supervision and the tasks of the national and supranational authorities.
Any economist may argue that in capital markets the parties are fungible, however, from a policymaking perspective any regulator shall consider that, in dealing with savings, individual rights do matter. In this respect, we have to assume that the role of private law will continue to refer to the safeguard of transparency, having regard to the protection of the good faith from the bargaining power. This implies the responsibility of individuals and the use of contractual sanctions able to avoid that a transaction jeopardizes the welfare. Nowadays, we are facing a new phenomenon that recognizes specific value to certain attributes of the personality (that can also be shared or traded without being a direct and immediate burden for the person), and promotes both the ‘objectivation’ and the ‘contractualization’ of such attributes. Moreover, there are problems of the individuals’ capacity to be in the position to negotiate them, to understand what they are negotiating, and to withdraw from such negotiations (or the relevant agreements). So, policy makers are called to set up a system of safeguards and backstops able to protect the weak parties from such shortfalls as the exploitation of fintech tools, misconduct in managing personal data and abuse of power due to profiling. In this situation, we cannot accept the thesis that reduces the relevant shortfalls to data limitations only, nor to the mere incapacity of analyzing all the data collected. Accordingly, it is not efficient a system that is based on the consensus, as the weak party may provide his/her acceptance without understanding the actual implications of such act.
As the presence of many tech-fueled firms operating in the capital markets is an outstanding evidence, we are assuming that the mere application of software does not have effects on the qualification of the activity, as banking or finance refers to the exploitation of an organizational structure of people and own funds, and therefore to a license related to the reserve of activity provided by the current regulatory framework. On the contrary, we would consider that these firms cooperate through networking web-based platforms, and they satisfy the demand of capital, maturity transformation and risk mitigation, usually by means of special purpose vehicles (SPVs) or contracts that directly connect demanders and suppliers. This cooperation would lead to new areas of competition and to the systemic importance of certain providers (with respect to cloud, business analytics and interface programming), and the use of common approaches to decentralization could imply pro-cyclicality (that should be regulated).
Because of the above, our preliminary remark considers that, within the internal market, any entity needs a license to collect savings or grant credit, so that we are going to investigate the regulatory effects of a software that creates a network of independent companies able to replicate the activity of a credit institution. As it has been stated that «to its advocates, this wave of innovation promises a fintech revolution that will democratise financial services», the regulatory analysis of fintech must identify the backstops and the safeguards able to protect individual rights within a rapidly expanding environment where certain firms perform activities (outside the boundaries of the traditional supervision) that concerns savings, credit and money.
3. Policymakers are in front of a turning point: promoting the deregulation of banking or applying the traditional principles to regulate fintech, and then to set the obligations of fintech firms vis-à-vis the individuals and any other supervised entity. In other words, the need for an inclusive market cannot jeopardize the competitive design of an industry that includes both traditional and high-tech businesses.
In this respect, the analysis of the scope of the prudential supervision may include any combination of transactions that can be executed by means of a platform and a software in order to let the capital circulates. Indeed, there are no doubts that such way of execution can be considered as any alternative to banking, and as such might be part of the same relevant market. In this respect, any asymmetry in regulation jeopardize the level playing field that ensure the fair competition for banking and financial services.
This leads this part of the research to consider the juridical difference between in-house performing of banking and the new opportunities due to networking, provided that the latter would require a set of parties and enterprises, whose responsibilities can be placed out of the subjective perimeter of the fintech bank.
In considering the relevance of networking (as a way to non-bank financial intermediation), we focus on the importance of the bilateral agreements that lies under any link of these networks. over both the right to audit (for the supervised entities’ internal and external auditors) and the duty to provide ‘own funds’ to cover the expected losses (calculated on the basis of the relevant operational risks). Hence, our suggestion to update the current schemes provided by private law, which rely on assets and liabilities that are not virtual (and so cannot exploit the possibility offered by digitalization with respect to sharing, common usage, duplicability, intermediation, etc.).
This also highlights that the current challenge in the banking industry is occurring – not only for capital, but also – for technology and connections. In this perspective, the functioning of the financial markets may be influenced by fintech goods (e.g. cryptocurrencies), information (e.g. big-data) and services (e.g. analysing, programming and coding). Furthermore, in this context, the web-based platforms would be the competitors and the territories where such competition occurs, as they are able to support the trading of big-data, application programme interfaces (APIs), algorithms, and decision-making software. It follows the need for disclosure and transparency, as well as the oversight of any form of the firms’ delegation of their decision-making process to artificial intelligence (programmed by third parties).
It is clear that fintech is based on networks that allow the wide-spreading of big data and technology, and this is the way to cross jurisdictions and offshore of activities substitutional to banking and finance. From this perspective, even if all the above is suggesting that a new form of capital circulation arises, there are no reason to avoid the supervision of this sort of ‘open banking’ has to be supervised (as a part of the wider definition of banking). Thus the need for questioning the assumption that an intermediary (having a legally protected interest in funding and lending from the people) is the only firm that has an incentive to develop the organizational structure required for assessing the creditworthiness and managing the relevant risks of lending.
All the above emphasizes the need for regulating the innovations in banking, as this trend goes straight to the development of fintech bank. In this respect, regulators cannot neglect the importance of any huge aggregate amount of data, as well as any third party owning or managing data processing services (art. 4, paragraph 1, point 18, of EU Regulation no. 575/2013, as amended by EU Regulation no. 2019/876 and art. 3, paragraph 1, point 17, of Directive 2013/36/EU).
It is worth recalling the advice of the European Banking Authority (EBA) with respect to the necessity of regulating the use of high-tech tools by credit institutions, obviously according to the general principle of proportionality (with respect to the size, structure and operational environment of the institution, as well as the nature, scale and complexity of its activities).
From a regulatory perspective, the use of high-tech tools arises the risks associated with ‘cloudy chains’ and the ‘cooperation among providers’. Indeed, a decentralized organization may exploit the application of fintech solutions, and this may lead to the use of business analytics able to improve the rational decision making process and the possibilities for correct behavior and safe management.
We are not considering how the transaction costs enter into this analysis. It is sufficient to assume that the impact of technology on the negotiation of demands and supplies is relevant. This means also that the application of fintech to such combination has to achieve an economically significant scale, with respect to risk-taking, decision-making and record-keeping. In this respect, we would also assume that the leveraging of digitalization would promote a change in the operational structure of firms, and the questions would refer to the way that the regulator will choose to go straight to this point.
A significant remark on this point refers to the possibility of setting up new regulatory standards for firms involved in the functioning of cryptography, blockchain applications and distributed ledgers used in the market for capital. Indeed, regulatory standards should ensure gains in the accuracy, efficiency and security of processes across payments, clearing, and settlements.
4. It is worth investigating whether there are new ways for (dis)intermediation. This analysis would not refer to the possibility of escaping from the prudential supervision, but to the opportunity of reaching an equilibrium able to sustain the wealth, the growth, and the stability of the financial market, as well as to safeguard individual rights and the common welfare. We are going to continue what was anticipated above with respect to the role of regulators in seeking to ensure that standards provided for protecting individual rights are effective.
In addition, it is useful to highlight that in March 2018 the EBA published its ‘Fintech Roadmap’, setting out the priorities for further work on financial innovation. The content of such publication confirms that the European approach still considers innovation an important separate matter,  as it established the relevant supervisory authorities providing for the institution of a Committee as an integral part of these authorities (and, in addition to the ESMA’s Committee, it also required the Committees of EBA and EIOPA, as stated in article 9, paragraph 4, of both Regulation (EU) no. 1093/2010 and no. 1094/2010).
Notwithstanding the above, we may observe that the role of supervision is still limited to observing the organizational structure and the business program designed by including certain self-executing activities that are available in the banking sector (and this observation occurs mainly when granting authorisation under Directive 2013/36/EU, Directive (EU) 2015/2366, and Directive 2009/110/EC). In this context, the supervisors may not be able to control the work that is behind the structuring of such self-execution tools, which is the reason for the risk that supervisors will delay their intervention on the new, developing industry of software developers and device manufacturers. 
In particular, we recall the EBA’s analysis of the national regulatory status of innovative business models or self-executing delivery mechanisms. A close look at EBA’s methodology suggests that national regulators are not in the best position to consider high-tech activities and services (including the ones of an ancillary/non-financial nature), and global supervisors are still involved with the mere monitoring of fintech.
In brief, the analysis of fintech is showing that the financial system is wider than the markets that are supervised. The possibility to identify a ‘market for fintech’ refers to the demand made by credit institutions, financial firms and insurance companies. The focus on this demand suggests the need for regulating internal controls over fintech providers, designed to avoid that a business model (drawn on certain machinery management mechanisms) allows the use big data and advanced analytics to collude. Thus, our interest leads us to the possibility of supervising programmers and coders, which cannot be considered as mere third-party, but as the professionals able to support the execution of the core reserved activities. This helps in recognising the rising of a new industry, whose radical innovations challenge the capacity of the current supervisory authorities to regulate and control this high-tech business.
We are aware that the traditional models of transactions and the basic rules of private law do not consider the sustainability of development and financial stability as duties of the party. Hence, we cannot deny that regulation and control would result in losses (of efficiency) and an increase in the level of the systemic risks (despite the relevant public intervention). This does not cast the doubt that the harmonization of all rules across EU countries is delayed by the practical difficulty of setting regulatory standards concerning technology, given their different economies, judicial systems, social, and cultural backgrounds.
However, regulatory differences in private law (and its enforcement) can not only suggest a sort of ‘forum shopping’ (in choosing the jurisdiction and the law applicable to the contracts), but also delay technology diffusion as in the case of conflicting competition, financial, and intellectual property laws. These elements create uncertainties and raise transactional costs, as public or private remedies should avoid that the outcomes of a single transaction jeopardize the common welfare. This does not undermine the enforcement of private law but highlights it. Indeed, the alternative would drive individuals within a hierarchy with a regulation of the juridical relations of the groups based on pure orders and their executions.
5. Above and beyond, it is important to highlight the possibility that the software of fintech banks will unbundle banking into its core functions of settling payments, performing maturity transformation, sharing risk and allocating capital. Because of this unbundling, a chain may be weaved and a new sequence of non-bank financial intermediation is activated. Therefore, the industry may lead to a structure that promotes the outsourcing of each function to an independent fintech firms, such that they are able to act as innovative trading platforms alternative to payment service providers, aggregators and robo-advisors and lenders.
According to the above, however, the need for new form of supervision over programmers and coders arise. Even if the current EU legal framework provides the principles of proportionality and flexibility, the regulation of fintech banks cannot retrain from consider the innovative business model and delivery mechanisms. Otherwise, there will be doubt about the effectiveness of any supervisory methodology that considers only the capital and organizational adequacy, without taking into account the role of algorithms, software, platforms and big-data (with respect to article 12(4) od CRD IV).
Obviously, our conclusion will focus on the prudential regulation and in particular on the broader ongoing digital transformation across institutions’ credit risk management functions. We are aware that the fintech banks will exploit also machine-learning techniques in order to improve their capabilities in both credit scoring and monitoring of quality of existing debtors, however this may imply that all the banks using the same software may align their offering, so that the effect may be similar to the one of certain unfair market practices aimed at reducing competition. In order to confirm this risk, we can rely on ‘best practices’ regarding innovation facilitators, intended to provide indicative support for supervisors and to promote convergence in the design of the fintech tools and the operation of innovative mechanisms. However, at current stage of the supervisory practices, it may not be possible to perform a comparative analysis of the innovation facilitators, which would identify the premises required for establishing the safeguards useful to ensure a competitive approach to the market.
In this respect, the innovative use of technology by supervised entities may lead to a close relationship between micro-prudential supervision and the protection of competition, which can be put at risk by a misuse of big-data and business analytics too.
In conclusion, the role of the supervising authorities seems to be fundamental for ensuring the functioning of a safe and competitive market for capital. In particular, we cannot exclude that the current trends would lead to dependencies on fintech providers, such as device manufacturers, programmers and coders. Indeed, all the above leads us to highlight that banking and finance requires specific backstop in order to set up business models able to promote an efficient use of the fintech innovations, as it is the use that maximize anyone’s position without reducing the wellness of the other market participants. Indeed, it seems necessary to extend the supervision to the logic behind the software used by fintech banks, and then to the humans that lie under the design of algorithms, the evolution of big data and the intertwining of the networks.
Valerio Lemma is Full Professor of Law and Economics at the Law Faculty of Università degli Studi Guglielmo Marconi in Rome, and Coordinator of the Master programme in «Financial market regulation» at Luiss University.
 See Capriglione, F. 2018 “Considerazioni a margine del volume: il tramonto della banca universale?”, “Rivista Trimestrale di Diritto dell’Economia”, n.1/2018, p. 22 ff.; Masera, R. 2014 “CRR/CRD IV: The Trees and the Forest” PSL Quarterly Review, vol. 67 n. 271
 See FSB. 2019 “Implementation and Effects of the G20 Financial Regulatory Reforms. 5th Annual Report” highlights that “the global financial system has continued to grow and the supply of financial services has also become more diversified, including through the expansion in NBFI and through financial technology (FinTech) innovations”.
 See Guide to assessments of fintech credit institution licence applications 2017 p. 4
 As was highlighted before, we are in the presence of a system in which a process takes place that can provide further (and additional) funding than that allowed by banking (subject to the constraints of prudential regulation); together with the possibility of increasing the resources available to meet the needs of the real economy (without undermining the global financial stability); see Lemma, V. 2016, “The Shadow Banking System. Creating Transparency in the Financial Markets”. London. p. 38
 See Belleflamme, P. and Lambert, T. and Schwienbacher, A. 2013. “Individual Crowdfunding Practices”. “Venture Capital: An International Journal of Entrepreneurial Finance”, p. 313
 See ECB. 2018. “Guide to assessments of licence applications. Licence applications in general” that expressly clarifies that “Licensing of credit institutions is essential for the public regulation and supervision of the European financial system. Confidence in the financial system requires public awareness that banks can only be operated by entities that are licensed to do so. … At the same time, licensing should not hinder competition, financial innovation or technological progress. … This Guide applies to all licence applications to become a credit institution within the meaning of the Capital Requirements Regulation (CRR), including, but not limited to, initial authorisations for credit institutions, applications from fintech companies, authorisations in the context of mergers or acquisitions, bridge bank applications and licence extensions.”
See also ECB. 2018. “Guide to assessments of fintech credit institution licence applications” whose background refers to the fact that the ECB considers fintech banks to be those having “a business model in which the production and delivery of banking products and services are based on technology-enabled innovation”.
 See Allen, F and Babus, A. 2008, “Networks in Finance”, “Wharton Financial Institutions Center Working Paper” No. 08-07.
 See Cranston, R. 2002. “Principles of Banking Law”. Oxford; See also Capriglione, F. 2019. “Fonti Normative” In Manuale di diritto bancario e finanziario, Padova; Giorgianni, F. 2005, “Definizione di attività bancaria e analisi del linguaggio” Rivista del diritto commerciale e del diritto generale delle obbligazioni, pt. 1, p. 897 ff.; Molle, G. 1978. Review at “Francesco Capriglione, Intervento pubblico e ordinamento del credito” Banca borsa e titoli di credito, 1978, p. 123
 See Carney, M. 2017. “The Promise of FinTech – Something New Under the Sun? Speech given by the Bank of England Chair of the Financial Stability Board Deutsche Bundesbank G20 conference on Digitising finance, financial inclusion and financial literacy”, Wiesbaden 25 January
 See FSB. (2017). “Chair’s letter to G20 Finance Ministers and Central Bank Governors ahead of their Baden-Baden meeting”, 17 March
 See Ubertazzi, L. C. 1997 “Riservatezza informatica ed industria culturale” AIDA, pt. 1, p. 529 ff..
 See Pollack, M. 2007 “A Listener’s Free Speech, a Reader’s Copyright” Hofstra Law Review, Vol. 35, p. 1457 ff. ; Levy, J. 2011 “Towards a Brighter Fourth Amendment: Privacy and Technological Change” Virginia Journal of Law and Technology.
 See Sepe, M. 2019. “Abusi di mercato” in Manuale di diritto bancario e finanziario, p. 792 ff.
 See EBA. 2017 “Final Report. Recommendations on outsourcing to cloud service providers”, p. 5 ff.
 See Mülbert, P. O. 2010 “Corporate Governance of Banks after the Financial Crisis – Theory, Evidence, Reforms” ECGI – Law Working Paper No. 130/2009.
 See Schelling, T. C. 1980, “The strategy of conflict”, Cambridge-London, p. 3
 See FSB 2019, “Fintech and market structure in financial services: Market developments and potential financial stability implications”, February, pp. 4 and 17
 See EBA. 2018. “The EBA’s fintech roadmap. Conclusions from the consultation on the EBA’s approach to financial technology (fintech)”. 15 March
 See Capriglione, F. “L’unione bancaria europea”, Torino, 2013; Ibrido, R. 2017 “L’unione bancaria europea. Profili costituzionali” Roma, 2017. See also Babis, B. 2014 “Single Rulebook for Prudential Regulation of Banks: Mission Accomplished?” European Business Law Review
 See Delimatsis, P. 2012 “Financial Innovation and Prudential Regulation – The New Basel III Rules” TILEC Discussion Paper No. 2012-016
 In general, see Brandtzæg, P. B. and Heim, J. and Karahasanovic, A. 2011 “Understanding the new digital divide—A typology of Internet users in Europe” International Journal of Human-Computer Studies, p. 123 ff.
 See Keidar, R. and Blemus, S. “Cryptocurrencies and Market Abuse Risks: It’s Time for Self-Regulation” Lexology.
 In brief, the EBA’s findings do not show a fully level playing field in this area, which has uncovered the need to carry out specific amendments in the context of the mandate conferred by Directive (EU) 2019/878 amending the fourth Capital Requirements Directive, for the development of new guidelines to specify a common assessment methodology for granting authorisations all over Europe; see Arnaboldi, F. 2019 “Progress on the First Two Pillars of the Banking Union” “Risk and Regulation in Euro Area Banks”, London, p. 89 ff.
 Let us recall Ellis, E. 1999 “The principle of proportionality in the laws of Europe” Oxford, and in particular Tribimas, T. 1999 “Proportionality in community law: searching for the appropriate standard of scrutiny”.
See EBA, Fintech: Regulatory Sandboxes And Innovation Hubs, JC 2018 74, p. 10
 See EBA Report on innovative uses of consumer data by financial institutions, 28 June 2017