Speech by Acting SFST at Hong Kong Securities and Investment Institute Business Ethics Forum 2016 (English only)
John (Chairman of the HKSI, Mr John Maguire), Moses (Chairman of the independent Insurance Authority, Dr Moses Cheng), King-chi (Honorary Fellow of the HKSI Miss Au King-chi), Paul (Honorary Fellow of the HKSI Mr Paul Chow), ladies and gentlemen,
Good morning. It is a great pleasure for me to join you and many old friends at today's Forum. The HKSI first launched this Business Ethics Forum 10 years ago to promote business ethics and integrity in the financial services industry. I was talking to John just now and this year you have chosen a theme that is particularly relevant to today's financial world, as it talks about "Ethics in Action: Empowering Businesses through Financial Innovations".
Financial innovation is, nowadays, often linked with technology. And we have Fintech events of one sort or another just about almost every week in Hong Kong. Just last week, during the Fintech Week, we had a full week of Fintech workshops, demos, pitching events and so forth, and I was also there for two days. We had over 2,500 attendees and some of you might have been there, especially for the SFC Fintech contact day organised by the Securities and Futures Commission (SFC) last Monday. There was a full day of discussion on "know your customer" (KYC) and on Regtech. KYC is of course a bread and butter issue for all of you. Regtech is something also relatively new for me too. Regtech refers to the application of technologies to the financial regulatory arena. Some call Regtech Fintech 2.0. So you can see the importance of these Fintech developments.
In the past decade or so, we have come to witness how digital technologies, like data streaming, have changed the landscape in the cultural and entertainment arena, publication business, and storage and playback of music and movies, and so forth. That has raised the question on intellectual property rights (IPR) and also how ethical or unethical use of digital media could affect the IPR owners on the rightful return on their works. Many observers expect new technologies such as blockchain and big data analytics to bring about an even bigger revolution. This revolution in the financial services industry would transform the conventional business model. They may even disrupt the business of some suppliers and actually cause grave business ethics concerns.
One of the most important social impacts brought about by Fintech is probably expanded financial inclusion. Fintech offers the world a powerful solution to help expand access to financial services. This is very important because there is an estimate of about 2 billion adults who are still excluded around the world from the formal financial system. Without the need for branches or retail outlets in brick and mortar, digital banking or financial services can make these services available to more people at much lower costs, especially those scattered around rural and remote areas. Simple but critical financial services such as saving and micro-finance can help those individuals manage their finances better and ultimately offer them a way out of poverty.
This is why this year when China was in the chair for G20, it launched the G20 project of Global Partnership for Financial Inclusion. It promulgated a set of eight High-Level Principles regarding digital financial inclusion. Digital financial inclusion is a phenomenal step to leapfrog in providing financial services to the neglected masses. The eight Principles also lay down guidelines on watching out for risks associated with the implementation of financial inclusion. They emphasised that for a responsible financial institution or industry, it should pay due care to these Principles to ensure proper financial literacy and protection of consumers.
The application of digital technology creates a potential to make a wider range of financial services available to a much larger segment of people around the world. The increase in the economies of scale reduces the costs of financial services. Fintech facilitates the more inclusive offer of financial products and wealth management options, ranging from low-cost savings accounts, money exchange and remittance service to investment management.
In some economies, Fintech enables broader access to micro loans and micro insurance to fill an important gap. Digital tools may also be deployed to help consumers develop good financial habits. For example, SMS or short message services - I am sure now we use many times a day - can remind consumers of saving goals, track spending versus savings, etc. These are particularly useful in areas with a generally low level of financial literacy.
While Fintech gives cause to celebrate the introduction of new financial products, new services, new delivery and improved access to clients, it is important that we do not lose sight of the ethical and investor protection aspects when we ride the wave of Fintech developments. In other words, we need to balance the social benefits brought by Fintech versus the possible proliferation of Fintech-generated ethical or regulatory concerns. Central to many innovative Fintech business models is the application of big data analytics and cloud computing. Broadly speaking, big data refers to data sets that are large or complex, ranging from traditional collected data to a rich set of new data collected on social media, from use of apps and from the GPS data associated with consumers. In turn, big data analytics refers to technologies developed to process and generate meaningful conclusions, usually market-related or business-related, based on such structured and unstructured data sets.
Big data analytics is widely applied in Fintech businesses to make credit decisions or offer product suggestions based on a person's behaviour online and offline. I think many of us are just not aware that such a huge amount of data is often collected on us, stored and analysed, creating a major issue of data privacy and data protection. Big data analytics, on the one hand, makes it possible to provide highly customised financial solutions for consumers. For example, wearable technologies like Fitbit's enable policyholders to show to insurance companies that they are staying active and they, in turn, can expect to get discounts on insurance premiums for their insurance policies for being very active or very healthy, and so forth.
But the bigger problem is how else would the service providers use such personal data when they analyse their customers' health conditions, personal habits and other personal particulars or orientations. The use, misuse or leak of such information may have dire consequences for the individuals concerned, affecting, for example, insurance and loans eligibility, premium level, and interest rate level, or even day-to-day lives including job prospects for these persons who are the subjects of data collection. Companies and organisations need to establish effective policies and procedures to handle such information to ensure proper protection of personal privacy and fair treatment of customers. And being ethical is more than just being law-abiding. It means that financial institutions should fulfil their fiduciary responsibilities. It means ensuring that their customers' welfare and privacy are not compromised. And it means that there is no unfair discrimination against targeted groups of customers.
Data security is another area of vulnerability in the digital world, especially when cloud computing and storage are key drivers of many Fintech applications nowadays. Generally speaking, cloud computing refers to Internet-based computing that provides data and processing power to other computers and devices on demand. According to the FBI in the US, actually "there are only two types of companies: those that have been hacked and those that will be". By the very nature of their business, Fintech companies typically collect and store, and retain, sensitive personal data from a large group of consumers, and that is why we have the big data. This makes them most vulnerable to cyber attacks, including ransomware.
Last March, the US Consumer Financial Protection Bureau (CFPB) settled its first-ever data security enforcement action against an online payment company, making it clear that Fintech companies are liable for their data security practices. For that particular case we must know that the payment company was pursued not for an actual data breach, but for making a misrepresentation on cyber security to the customers. Specifically, the CFPB found that the company's data security practices fell far short of its claim to be "safe" and "secure", and "exceeding" industry standards. So we see from the case that Fintech companies, including start-ups, due to the large amount of data that they collect, are indeed required to observe strict standards for data collection and data storage.
Cyber security is also taken very seriously in Hong Kong. In May, the Hong Kong Monetary Authority (HKMA) launched a Cybersecurity Fortification Initiative which aims to raise the level of cyber security among banks in Hong Kong. Under the scheme, there will be a Cyber Resilience Assessment Framework, a new Professional Development Programme and a Cyber Intelligence Sharing Platform. All these are the building blocks that are expected to be in place by the end of this year. Actually, various regulators are also looking at this issue, and cyber security will be a subject that needs to be addressed across sectors and across financial services.
After data privacy and data security, let me turn now to my last point. What does the Government or the public sector do to promote Fintech developments in a responsible manner? While enhanced standards on business ethics can surely complement existing rules and regulations for the industry, the Government's role is to provide an enabling and proportionate legal and regulatory framework. This is for Fintech to develop in a sustainable manner. We need to be able to assure consumers and investors that they can feel confident in using new products and services without worrying that their rights to data privacy and security are compromised. At the same time, it is equally essential to help our Fintech sector to better understand the regulatory requirements in Hong Kong when they put efforts into formulating innovative financial services solutions.
Our financial regulators, namely the HKMA, the SFC and the Office of the Commissioner of Insurance, have therefore established their respective dedicated Fintech liaison platforms to enhance communications with the Fintech industry. The liaison platforms are tasked to communicate with the industry, handle enquiries and provide information on related regulatory requirements to companies that wish to engage in financial innovation in Hong Kong.
The launch of HKMA's Fintech Supervisory Sandbox is another measure to facilitate experimentation of innovative financial services in a risk-controlled environment for the mutual benefits of consumers and our Fintech innovators. Under this Sandbox arrangement, a bank is allowed to conduct a pilot trial of its initiatives involving actual banking services with a limited number of participating customers without the need to achieve full compliance with the HKMA's usual supervisory requirements. The banking industry generally welcomes this arrangement. Shortly after its launch, quite a few banks have already made enquiries. In fact, two banks have already made use of the Sandbox arrangement to conduct pilot trials for new products, and they are virtually putting this out to the commercial market.
On the payments front, the HKMA has so far issued 13 licences for stored value facilities which will be subject to proper regulation under the Payment Systems and Stored Value Facilities Ordinance. Among the licensees, there are both local and overseas companies in the retail payments field. They comprise established tech giants as well as new operations. It is indeed a good mix reflecting how the market thrives under a well-regulated and well-defined regime, which will strengthen public confidence in the use of such products and services, and help foster innovation and development in the local retail payment industry.
Ladies and gentlemen, the world of Fintech indeed ushers in a new vista of business opportunities, some of which were totally unforeseen only a few years ago. Tech development, along with the availability of cloud computing and cloud storage, has made Fintech developments more reachable, even for start-ups. But whether the service providers are traditional financial institutions or newcomers, we all need to be conscious of the risks and also responsibilities associated with the provision of these services for consumers and also for institutions.
To sum up, our financial services industry will be much more vibrant and sustainable when it offers products and services in a responsible and ethical manner. The very fact that you are here today for the Business Ethics Forum suggests to me that you would agree with me on this point. Let me conclude by wishing you the best with your proceedings today. Thank you very much.
Ends/Friday, November 18, 2016
Issued at HKT 13:01
Issued at HKT 13:01