Check against delivery.

Esteemed guests, speakers and panellists,
dear colleagues,

I wish you a very warm welcome to our 5th Consumer Protection Forum. This event will bring us a step closer to finding an answer to the pivotal question, "is the digitalisation of the financial world a blessing or a curse for consumers?"

I'm sure some of you (and I'm not looking at anyone in particular here) will remember the wizard Catweazle, a British television hero from the 70s. Escaping from the Normans in 1066, Catweazle yells his famous spell – "Salmay, Dalmay, Adonay" –, jumps into a river and reappears in a pond in England in the 1970s. To Catweazle, the electrical advancements of this time are magical: the telephone becomes "the telling bone", while light bulbs are "the sun in a bottle" and capture light using "electrickery".

Electrickery has now spawned digitalisation, which in turn has brought about profound changes to the financial markets and all of our lives. Do I wish I lived in a time before the internet, online banking, digital currencies, robo-advice, big data and the like existed? Absolutely not.

I certainly see opportunities and advantages in the continual digitalisation of the financial industry. But I also see risks – especially for consumers. The question of whether digitalisation is a blessing or a curse for consumers can only be answered with an eye towards these risks – and towards how the people concerned and we supervisors deal with said risks.

As an integrated supervisory authority, we are in the perfect position to address this issue comprehensively. And so we have invested across our authority so that we can first monitor the risks of digitalisation from different perspectives and then combine our insights to form an overall picture.

This presents us with quite fundamental challenges: that of arriving at the office in the morning and having to evaluate by midday things that didn't even exist the previous evening, for example. It is common knowledge that clocks tick more quickly in the digital world than they did in the analogue one. Every second, digitalisation presents us with new services, products, trends – and risks. We have to understand these developments and legally classify them, and then look at how we can act to strengthen companies and protect consumers. In solvency supervision, we are interested in how stable the companies are, of course; digitalisation poses new threats to companies' stability.

Whether it's internal IT glitches or attacks from cyberspace, the explosiveness of IT risks can be huge. Banks therefore have to provide sufficient capital backing for these risks as pillar I risks, just as they would with other operational risks. Moreover, they have to manage these risks and put in place IT security, and this is why we have just fleshed out our requirements for IT security in banks. For us, as supervisors, security is now as important as institutions' capital resources – with respect to customers, as well.

It goes without saying that we place similar requirements on insurance undertakings, too, because they, likewise, need to not only provide sufficient solvency capital as a cushion against IT risks, but also manage these risks prudently – they owe this to the policyholders. And that which applies to the heavyweights of the financial market is just as true for nimble fintech companies. No matter how much technology is involved, or what that technology is, BaFin works on the principle of "same business, same risk, same rules."

IT security has to be top priority for all providers on the financial market, because people trust them with their money and their personal data.
While solvency supervision indirectly also protects consumers, we, as protectors of consumers, have customers and investors directly in our focus. With the German Retail Investor Protection Act (Kleinanlegerschutzgesetz), the legislature has handed us a set of tools that allow us to prohibit products or impose restrictions on their distribution – this is what happened with contracts for difference, which we issued further guidance about yesterday.

This is a sharp sword that we use only as a last resort, after careful consideration. If there is no legal basis for taking such a step, at the very least we explain the risks to consumers or warn them explicitly. For instance, just recently we issued a warning about the many risks posed by initial coin offerings, which are a highly speculative but apparently very popular method of financing for companies and projects.

The digitalisation of the financial market is changing products, processes and business models. And it has a social aspect too. What does it mean for us if decisions are made less and less by people and more and more by computers? What do I do as a customer at a bank if, according to a computer, 95% of men with the same age, height and glasses prescription as me have such and such characteristics and do not get credit but I believe that I am in the other 5%? What if the data held about me are outdated and this means that I fall through the cracks?
These problems already exist, but they will be exacerbated by continuing digitalisation – in particular if the underlying algorithms contain self-learning mechanisms, otherwise known in the field, appropriately, as "machine learning". The key question is how to ensure that financial services, which are increasingly based on a combination of artificial and human intelligence, can be – and they have to be – supervised appropriately in the future.

To give another example, how can the average Joe keep control of his own data in these times of the Second Payment Services Directive, when it does just seem so tempting to use account information services to keep an overview of one's financial situation. Of course, the consumer has to specify login data and give their consent for this. But do they really understand what intimate information they are divulging and to whom?

On the subject of divulging data: digitalisation makes it possible to collect and analyse vast quantities of data. Thanks to technological advancements, insurers are able to identify, assess and tariff risks with ever-increasing precision. And from a regulatory point of view, this is thoroughly desirable. If we take this thought to its logical conclusion, however, the phenomenon of big data analytics has the potential to test the very core of the concept of the community of the insured.

Let's take health insurance as an example: technological gadgets mean that, theoretically, insurers would already be able to measure activity, heart rate, calorie expenditure and other sensitive data and use them to calculate insurance premiums and discretionary benefits.

Quite apart from the fact that it is far from proven that such data acquisition would actually achieve the desired potential for savings and thus allow discounts to be granted, a young, health-conscious customer will get old one day too and will then be more susceptible to severe illnesses. We should be careful not to lose sight of the valuable concept of solidarity.

This solidarity has to manifest itself in two different ways: firstly, in the necessity for it to be possible for risks to be borne and offset in the community of the insured in accordance with the law of large numbers – and at appropriate prices; secondly, in the offsetting of risk across generations, in particular for long-term risks and insurance policies. In practice, this sets limits on variations in premiums – even if such variations might be justified in theory.

There is also a certain risk of refusal. On the one hand, young people in particular voluntarily put a great deal of personal information on display on the internet. On the other hand, they do not want to be constantly analysed and monitored by an insurer, a bank or another service provider. Cool apps are just one side to the story.

Certainly once the algorithms start providing data that lead to services becoming more expensive or being denied altogether, even the most ardent technophiles might reconsider their attitudes towards big data.

Ladies and Gentlemen,

Digitalisation will raise a whole host of additional fundamental questions over the coming years: what is the significance of data ownership in times of hyper-connected platforms and access options? How can we supervise business models that by definition are designed to be decentralised – starting with peer-to-peer models and not ending with blockchain? How do we protect the users and customers of such business models? And what happens to the traditional providers on the financial market if players whose source of income is outside the financial industry offer financial products with the primary objective of generating data, without being driven by earnings?

Clearly, we do not yet have final answers to these or to similar questions. But the fact that this issue will bring about fundamental changes – for consumers as well – is obvious.So take my remarks not as the anti-modernist utterances of an ageing supervisor but as a prompt for careful contemplation about digitalisation – today, but not just today. Anybody who deals with digitalisation in their work bears some responsibility. We should be careful to ensure that the whole thing doesn't end up out of our control, like in the play The Physicists by Dürrenmatt.

Dr Pleyer, I look forward to your tour d'horizon through this exciting and challenging subject. The German Federal Ministry of Finance and BaFin work side by side in the field of digitalisation and have the same goal: to curb risks and protect consumers, without relieving them of their responsibility. Dr Pleyer, the stage is yours.