Payment system regulation as barrier to payment system innovation

The new payment systems regulator is tasked with increasing innovation. This means increasing competition, which means reducing barriers to entry.

There was a good article back in the September “Financial World” magazine arguing that transparency is a key to regaining confidence in the banking system. I agree strongly, and I’m not the only one.

More transparent record keeping would allow law enforcement to trace the transfer of funds and identify those responsible for the illicit use or theft of virtual currency.

[From Virtual Currencies, Real Theft – Javelin Strategy & Research Blog]

Indeed it would, and some might argue that that transparency be extended to legacy infrastructure as well. (It’s not really the topic of this post but remember than transparency need not subvert privacy. You could have pseudonymous dark pools but force the release of linked identities given a warrant, for example.) If, however, transparency is taken to mean thorough KYC/AML/ATF procedures (henceforth known as CDD, or customer due diligence) that identify all participants to a transaction to all observers, then it will force criminals, terrorists and corrupt politicians to abandon electronic means of exchange and go back to cash. If that happens, then we are all worse off. Having some traceability is better than having none at all, as I’ve argued before. And it’s not as if having rigorous CDD solves the problem.

Worse still, the increased cost associated with a tougher stance on KYC does nothing to make the system any more secure, and may in fact drive up risk rather than reduce it.

[From Cost of KYC too high says Swiss start up » Banking Technology]

I suppose you could argue that what is driving the players at the moment is not risk but liability. So long as they can shift the liability onto someone else, no-one really cares who you are. The system is broken.

The two set up 68 accounts in 19 different cities using 24 aliases to handle the transfer of funds and sent the bulk of the money to individuals in Nigeria, who set up the operation. Money was also wired to addresses in the UK, Ecuador, India, the United Arab Emirates, and the US, none of which has been recovered.

[From Mother/daughter team jailed for million-dollar internet dating scam • The Register]

Hold on. 68 accounts using 24 aliases? What was the point of the billions of dollars spent on KYC, AML and ATF? And why am I going on about this anyway? Well, in her keynote at Payments Innovation 2014, Mary Starks (the acting MD for the UK’s new Payment System Regulator) said that on the whole regulators “don’t do innovation”. I was on the panel with her, so I made what I think was a reasonable point that the best regulatory approach to innovation is competition, and that a focus on reducing the barriers to entry to payments markets that do not involve systemic risk is probably sufficient. We don’t need to imagine what people might come up with, we just want to make it easy for them to do so.

When it came to the discussion that followed, I used CDD as an example of such a barrier. The costs and complexity of CDD can make it very difficult for new entrants, especially those dealing with low-value payments, the excluded and specialist niches to get off the ground. One of the reasons for this is that there is no infrastructure for them to plug in to, so everyone has to build everything from scratch.

Surely all of this dialogue about passports and utility bills, declarations and signatories and KYC and AML is pushing a demand for a new digital infrastructure to cure all of this mess.

[From Digital identities demand a digital infrastructure | Banking View]

Karen Wendel from Identrust talked about the infrastructural approach in her presentation as well, and this all links to the discussions about the idea of a financial service passport (or a “pay name”) at techUK last year. I really think that the idea of pseudonymous, strongly-authenticated CDD identities is an idea whose time has come. I should be able to participate in a transaction as John Doe, provided that I can prove that someone (e.g., my bank) knows who John Doe actually is. You don’t need to know who I am to do business with me, so long as you know that _someone_ knows who I am.