A rush of excitement is rippling through the coffee shops on K Street in downtown Washington, D.C., fueled by a once-in-eight years chance to rewrite financial regulations to protect the public without choking off financial pioneers.
A lot has been written about how fractured and unresponsive the present regulations are, and how over-cautious, even ignorant, some government regulators have shown themselves to be. A digital lender, for example, told me that he was curtailed by regulators who never even tried to understand what the new technology of big data is, and how it enables a new form of banking.
To get an idea of how financial regulation could work, have a look at what is happening in an even more critical regulatory environment: pharmaceuticals. Companies engage in clinical trials that allow regulators to inspect the relevant data, but also allow the companies to study their own innovation, tinker with it, and improve it as they move on.
Why not establish a “financial trial environment” where innovators will try out their concepts in a limited way, collect data, and then apply for regulatory approval for the subsequent launch of the product?
Such a financial trial environment would set up a limit on funds traded, number of traders, transaction limit, and time limit for the trial. The regulation would specify what data needs to be collected for an eventual go/no-go decision.
Drugs are tested for safety and efficacy. Same here. The concept-testing exercise would be used to analyze the risk of fraud and abuse, as well the added value of the concept. And, most important, budding innovators would not have to spend small fortunes on lawyers rather than on programmers.
Here, personnel are critical. Cybersecurity professionals command high salaries, and thus the profession attracts many people with a background in liberal arts or other non-technical fields. They get trained in running diagnostic and forensic software and eventually earn a certification that attests to their familiarity with these security tools. Alas, the issue with cybersecurity is the unexpected, the surprise attack, the unpredictable. And when this happens, the lack of computer-science insight comes to the fore.
It is quite alarming that so many front-line cybersecurity professionals lack the engineering foundation needed to weather a cybersecurity storm. Much as healthcare is administered mostly by nurses, while physicians are there to provide medical oversight and cut in when the patient takes a turn for the worse, so it should be for cybersecurity. When the unexpected happens, when something is not quite right, there should be a computer scientist on call to cut in.
When I suggest this to clients, they smirk. It comes down to a question of money, and in many cases to sheer scarcity. There are not enough computer scientists. The pesky thing about security is that, if nothing happens, all those security dollars are a waste. It is cheaper to pray that nothing will happen.
And that’s where regulation comes in. Not everywhere, not in small shops, but medium-to-large payment “factories” should be staffed with computer scientists who are well-trained to fend off a surprise cyberattack. Much as industries work under mandatory insurance and in mandatory emergency-response facilities, so should this “personnel rule” apply to prime targets for a cyberattack.
Last but not least: It’s customary today for fintech companies to hire retired regulators to help them cope. Makes a lot of sense. But it would be equally helpful if retired innovators would switch to the regulatory side. Not that I have any peers who express any desire to do this, but there must be a few who have made an exit, got tired of the 24/7 madhouse, or face an ultimatum from their spouse, and would like to bring their entrepreneurial mindset to the other side.
Regulators need courage. Why? Well, if they tighten a regulation, a new concept may not be offered, but no one will blame the regulator. But if by loosening a regulation, the public suffers a major blow, then all fingers are pointed at the culprit. It’s almost a no-brainer to take the safe route.
And I sincerely hope that it is not a wish too far to expect courageous regulators to unleash the innovation potential in this country. A frictionless, flexible payment system is the bloodflow of our global society. We need regulators because we don’t want to bleed to death, but to bleed to life!
—Gideon Samid • Gideon@BitMint.com