AdobeStock GINGER Tsukahara 534089558
1. Digitalisation
Innovative business models and the use of new technologies bring both opportunities and risks for the companies supervised by BaFin, and for consumers.
Artificial intelligence: rigorous governance is key
The use of artificial intelligence (AI) is already established in many processes in the financial industry – and it is on the increase. For example, banks use AI in their lending processes, and insurers use it to automatically generate claims settlement offers. However, the decision-making processes of many AI models are somewhat opaque. That is why, from a supervisory perspective, AI models should only be used when such a lack of clarity can be avoided. Rigorous governance is key here in order to avoid covert discrimination, misuse, a lack of clarity and copyright infringements.
Currently, the field of generative AI is developing with remarkable speed. Because such applications work on the basis of probabilities, there is a risk that they make false statements that are hard to identify as such, or that they present incorrect information as fact. This gives rise to liability and reputational risks, particularly when generative AI is used without additional filters or human controls. While the use of generative AI is not yet widespread in banks’ standard operations, institutions are closely examining the potentially very broad applications. The upcoming cross-sectoral European AI Act sets out a framework for the responsible use of AI.
Open finance: secure third-party access within the financial industry
A broad definition of open finance includes, firstly, access to the customer data of regulated companies within the financial sector by customers and third parties.1 This refers to the exchange of data in the financial industry outside the area of payments. Examples include securities account data or insurance data. Secondly, open finance also includes the possibility of initiating transactions at the customer’s request through the involvement of third parties by means of technical access interfaces. In contrast, embedded finance models enable the integration of financial services into products and services provided by third parties. Because the open finance approach is intended to facilitate broad access to data in the financial industry, it also opens up additional possibilities for the use of big data and AI applications
Open finance aims to promote innovation and competition by providing access to data in the financial sector. A key component of open finance is reciprocity in access to data. Not only the supervised companies that offer products have data at their disposal: open finance service providers in particular also hold data, and they too must be obliged to make this data available. Depending on the rules to be set out, a level playing field should be created for all providers.
For supervised companies, open finance will also bring risks, particularly with regard to IT security. Open finance is likely to impact established business models and fragment existing value chains. Open finance also carries the risk of fraud for consumers due to the use of IT interfaces, for example when third parties access online customer portals or misuse data.
Quantum computing
Quantum computing involves a substantial increase in computing power. This disruptive technology promises solutions to mathematical problems previously regarded as unsolvable. It now seems quite likely that quantum computing could be used throughout the financial sector in a few years. But there is a risk that quantum computers may be able to decipher encryption methods that are currently deemed secure, thus allowing them to exploit security gaps. In addition to this, malicious third parties could intercept large amounts of critical data with the intention of later decrypting it using a quantum computer (“harvest now, decrypt later”).
Cryptoassets: risks remain – in spite of MiCAR
Assets can be traded via cryptographic tokens. The daily trading volume has fallen from an all-time high in April 2021 to less than a tenth of this volume at the end of September 2023 (see Figure 1). The development of market prices has only been a minor factor influencing this decline. This indicates a drop in liquidity and a loss of momentum on the crypto market. Trading volumes were affected by a fall in demand due to the increase in interest rates in addition to scandals and the failure of large crypto providers, which damaged trust in the market.
Figure 1: Development of trading volumes in cryptoassets
Source: BaFin; data from coinmarketcap.com (as at 12 October 2023).
The tokenisation of assets and, in general, the innovative use of distributed ledger technology could make the financial sector more efficient. At the same time, the markets for cryptoassets and transactions with cryptoasset service providers engender risks: there is a risk of contagion for the traditional financial system – particularly when cryptoassets are used as collateral or, in the case of banks’ proprietary investments, when they have to be backed by own funds. Cryptoassets are risky for consumers because they are highly volatile and carry a risk of high losses.2
The European Markets in Crypto-Assets Regulation (MiCAR), which entered into force on 29 June 2023, is creating new structures both for the supervision of issuers and service providers and for their market access. MiCAR regulates a new market segment with a new type of offeror. It is currently unclear how many offerors will operate in this segment and fall under BaFin’s supervision in the future.
BaFin's line of approach
- BaFin is deepening its knowledge about the specific use of AI in the financial sector through close dialogue with the industry. The aim is to better understand the risks involved with the use of AI, particularly generative AI, to allow for more precise assessment of these risks.
- BaFin is analysing the potential impact of open finance on the German financial sector and its strategic relevance for the financial sector and for supervision.
- BaFin is establishing the organisational framework to commence risk-oriented market surveillance of instruments that fall under MiCAR. In accordance with MiCAR, BaFin will supervise issuers of asset-referenced tokens and e-money tokens from 30 June 2024 and cryptoasset service providers from 30 December 2024.
- MiCAR is an important first step towards the regulation of cryptoasset services and their providers. It also provides for the further development of regulatory requirements, for example with regard to pooling, lending and staking, i.e. loaning cryptoassets for a fee. BaFin will play an active role in this process. BaFin is committed to the further development of the supervisory regime and the establishment of adequate standards. It also advocates for these goals vis-à-vis international standard-setters, in particular the Financial Stability Board (FSB) and the International Organization of Securities Commissions (IOSCO).
- 1Definition according to the proposal for a regulation on a framework for Financial Data Access (FIDA).
- 2 See Risks arising from inadequate money laundering prevention.
More articles
Risks in BaFin's Focus 2024
Foreword by the President
Main Risks in BaFin’s Focus
1. Risks arising from significant increases in interest rates
2. Risks arising from corrections on the real estate markets
3. Risks arising from significant corrections on the international financial markets
4. Risks arising from defaults on loans to German companies
5. Risks arising from cyberattacks with serious consequences
6. Risks arising from inadequate money laundering prevention
7. Risks arising from market concentration due to the outsourcing of IT services
Trends
2. Sustainability
3. Geopolitical turmoil
