- Check against delivery -

Ladies and Gentlemen

how do we ensure that the right players are regulated in the right way even in times of progressing digitisation? Excellent question! Regulation is a network of requirements intended to protect the integrity and stability of the financial market as well as consumers.
Whether requirements apply, and which ones, essentially depends on what sort of business model a player has. A regulator can set thresholds below which the impact of regulation doesn’t really bite.

That is a classic means of promoting the economy and that’s perfectly okay. If, however, any particular company enters the space of regulated business, in my view consistent regulation needs to apply according to the fundamental principle “same business, same risk, same rule” – of course considering proportionality.

How do we deal with a phenomenon like for instance the blockchain? Will it force us to think in more decentralised terms? In any case, regulation should be neutral and not discriminate against digital processes as such. As new risks emerge – to financial stability as well as consumers – we have to adapt.

Digitisation continually raises new questions, demanding an enormous level of agility of both regulators and supervisors. To keep up with the digital innovation on the financial market we have to invest in people and review our administrative set-up – which we do.

Digitisation offers no doubt considerable opportunities – but a host of opportunities for cyber-attacks as well. Cyber risk is the dark side of the same coin and adds a new nuance to risk management. What worries me is that IT security is frequently considered only from a cost angle.

But confidence in financial services providers today means above all confidence in the security of IT and the protection of personal data. Guaranteeing this security on a lasting basis is an immense challenge – for both traditional providers and fintechs.

As supervisors we insist on this security and demand that undertakings also insist on this security from their IT services providers and suppliers which we do not supervise ourselves. We all have a long and steep learning program ahead of us all.

It gets particularly challenging, of course, when cyber-attacks target critical infrastructure. The failure of such infrastructure can impact large parts of the financial system – with devastating consequences for financial stability. We are developing methods and standards which help us to minimise the risks of contagion.
 
Digitisation also breeds aspirations, Ladies and Gentlemen. If the physical location of a company or a sector is no longer the decisive issue, individual countries might be tempted to break ranks with the phalanx of regulators and supervisors and bring questions of location to the fore. The last thing we need is a regulatory race to the bottom.

The community of supervisors and regulators now need to stand together and develop common international standards. The Financial Stability Board and other global and European regulators have started this work.

Given the nascent and dynamic nature of technological developments, it is quite challenging for us regulators to get the timing right: we shouldn’t try to be quicker than market developments themselves, stifling innovation and producing regulation prematurely.

On the other hand, we are carefully examining new threats to financial stability and shouldn’t wait until the next global crisis comes about – this time possibly triggered by technology and new business models. We will give our very best to find the thin line in between.