The new Fintech 2021 guide covers 38 jurisdictions. The guide provides the latest legal information on regulatory sandboxes; robo-advisers; online lenders; payment processors; marketplaces, exchanges and trading platforms; high-frequency and algorithmic trading; financial research platforms; insurtech; regtech; blockchain; and open banking.
Last Updated: March 18, 2021
Reconsidering Financial Privacy as the Custody of Informational Assets
The rise of fintech through the use of technologies to create and deliver financial products and services in centralised and decentralised systems has resulted in many benefits across the spectrum of assets and activities. It has caused advancements in processes throughout the life cycle of finance, from the moment the customer thinks about an investment, payment or other action until the last piece of servicing is done by a financial institution even years later and by an entirely unaffiliated entity. Operations, risk management, compliance and regulation, including investigations and enforcement, have all seen impacts large and small. In 2019, when the first edition of this guide was published, this opening essay sought to define fintech and the role of lawyers in representing fintech companies. The opening essay to the 2020 guide focused on DeFi and a methodology for determining the legal classification of various assets and items as well as the activities that characterise it.
Financial privacy as a goal
This year, the focus turns to the need for financial privacy as a core issue for fintech firms and their counsel. Financial privacy is about the custody of customer informational assets, which are a distinct asset class but inextricably related to the customer’s financial assets. All customer assets, financial and informational, deserve proper protections in order to create and enforce financial security and economic inclusion. As such, financial privacy should be a foundational goal of fintech. The next great fintech companies will incorporate it into everything they do for their customers. Consider this a call to arms!
Much has been written and said about financial privacy in a variety of contexts. Some start with data security as the foundation, others express the notion of “privacy by design” and try to define that term. Still others strongly advocate for privacy but with broad exceptions for national security and the tracing of criminal activity. Questions of privacy vis-à-vis different constituencies also come into play, with the idea that rules should be different when protecting a customer’s information from third parties, from other customers, from competitors, from the fintech company and its service providers, and from the government.
Rights and core values
Let us rethink these ideas by starting with the concept that financial privacy is a right and a core value, perhaps not immutable but certainly deserving of exceptional protections because the financial institution is holding customer informational assets. This conclusion follows naturally from the way we treat financial services regulation overall: the core values concern protecting investors and other market participants from loss and theft of assets, from fraud and inadequate disclosures, and from a myriad of bad actors and activities. In jurisdictions around the world, these principles form the basis of financial services regulation and impose important duties on all participants with respect to their interactions with customers, each other and the markets in general. We need look no further than custody rules and anti-fraud and market abuse standards of most jurisdictions to see the vital importance placed on protection of customer activities and assets. After all, people’s hard-earned money is at stake.
Given the regulations and resources devoted to protecting investors against fraud, manipulation, loss of assets and overall unfairness, we can conclude that these are core values. Privacy should receive at least equal treatment. After all, without privacy of information and identity, all of these other protections are for naught. Put another way, the anti-fraud and abuse regulations and custody rules are an extension of privacy because those things cannot matter in the absence of privacy. As such, information is another asset deserving of at least equivalent, if not heightened, protections.
Protection in the equity markets
Rules and regulations in the equity markets illustrate the point. They focus heavily on protecting both financial and informational assets. There are rules prohibiting disclosure of customer identity, size of customer trading interest, trading on information improperly obtained from clients and others, and other sorts of identity-revealing practices, and those rules apply before, during and after each trade. Moreover, the assets acquired from trading must be properly secured at an appropriately regulated custodian with obligations to protect those assets from theft and loss. Without all these protections, equity markets would fall apart because no one would feel confidence in the process or the outcomes. Protection of informational assets is just as important as protection of the securities traded.
Financial security and participation in the economy
There is no reason that heightened privacy should be limited to equity trading nor custody requirements to financial assets. When financial services companies protect informational assets, the result is more fairness, better products and services, and an improved financial system. More importantly, it helps create financial security for customers. Financial security comes from knowing that your assets, whether informational or otherwise, are safe. For example, if the customer’s identity and financial information were known, they could be the subject of physical attack, extortion, hacking and confidence games. If the customer’s financial assets are not safe, they are subject to theft and loss. There can be no financial security without the securing of both financial and informational assets.
Going one step further, I submit that when people feel financially secure, they participate in the economy to a greater degree. Not only do they have the money to shop and vacation, but they think about starting their own business or investing in ventures started by others. This type of economic inclusion is an integral part of the virtuous cycle that grows an economy and a country and it all stems from securing informational and financial assets to at least the same degree.
A call to arms
Why a call to arms? There are two reasons. First, issues of privacy and data are much in the news in other contexts, including questionable usage by companies and platforms of customer information, attacks from hackers and breaches of cybersecurity, and worries about artificial intelligence and machine learning. Financial privacy should be part of these discussions to ensure proper protection of customer informational assets.
Second, governments are demanding more financial information and reporting about customer activities without a warrant or due process. Their justification is the need to track the proceeds of criminal activity and funding of terrorism. While undoubtedly important goals and I personally am virulently opposed to criminal activity and terrorism, governments cannot forget that informational assets are no less important or valuable to customers than financial assets. A government cannot simply seize financial assets without appropriate proofs and process. The same principles should apply to informational assets. A better balance needs to be struck between legitimate law enforcement and improper government surveillance.
As these two separate but parallel sets of discussions occur, fintech should respond to both in ways that buttress rather than undercut the foundational principle of financial privacy to reinforce financial security and economic inclusion. As a result, I propose that fintech firms use privacy (protection of informational assets) as the foundational principle for servicing their customers. Design as many elements of your activities and user experience as possible with privacy as the starting point, not as an afterthought or add-on. Develop privacy-enhancing tools that your customers can use both on your platform and as they reach the wider internet and world of digital commerce, communications and recreation. Consider different approaches and techniques that provide more protection through research and development efforts. Create a fintech privacy foundation with the explicit goals of advancing a privacy agenda and working on the tools that will power privacy in an era of bigger data, quantum computers and public blockchains. We need to work together as an industry to protect informational assets.
We face acute challenges in the area of privacy as a result of advances in technology. Fintech and the broader financial services industry are not immune from these issues. It is time to expend more effort on privacy as a foundational principle of financial services in order to ensure the financial security and economic inclusion that comes with it.