regulator report

Crypto, cyber-attacks, and CBDCs: OneSpan releases global regulator report

OneSpan announced Tuesday the release of its yearly Global Financial Regulator Report. The report, searchable by country and with a helpful executive summary, highlights the topics of A.I., cryptocurrency adoption, data protection, and digital identity standards in what has become a roaring twenties of digital finance.

The update was crafted through data collected by financial intuitions the world over. Alongside, OneSpan published a survey of 172 senior banking leaders from firms with assets up to $100 billion about what products they are working on, what they are concerned with, and what’s coming next.

 VP of Global Regulations and Standards Michael Magrath said that 85% of banking leaders reported they are looking for more than just a compliance platform provider, but a full-time advisor that can help wade through the ever-changing landscape.

“One of the reasons why we did this report; at OneSpan, we really work in terms of an advisory capacity to our customers,” Magrath said. “The big global banks are aware of these things, but our research shows the smaller banks with less than $5 billion in assets, they’re struggling to keep up with changes.”

Magrath said that usually, this report is about 100 pages of updates on how regulations have developed: In 2021, it’s a 300+ page book. 

Safeguarding data in a new age

The report found that more than half of banks reported challenges reducing cyberattacks, and nearly half of firms are concerned with safeguarding sensitive data and adapting to consumer privacy laws. To keep pace, almost half of firms develop identity verification and biometric tools, and 41% focus on emerging technologies like remote online notarization. 

“Catalyzed by the pandemic, the new digital banking age has left regulators with a nearly impossible task: to create an extensive and safe regulatory framework without stifling innovation,” OneSpan Interim President & CEO Steven Worth said.

“However, our research found that half of global senior banking leaders have hit hurdles because of regulatory compliance. OneSpan’s Global Financial Regulations Report will arm banks and financial institutions with information they need to both be compliant and sustain their competitive position.”  

Many are looking toward new tech like cryptocurrencies and Central Bank Digital Currencies (CBDCs) soon when it comes to the banking leaders. 84% of institutions are prepping for CBDCs, and some countries, like the U.K.’s Britcoin, are on a clear timeline toward adoption.

In addition, 67% reported that regulation in cryptocurrencies would help them onboard crypto products or make participation in the market more appealing. 

Though the change may be occurring at a greater pace abroad, the report found that regulatory bodies in the U.S. are not up to speed compared to the rest of the world.

While the U.K., Europe, Canada, and Latin America have released guidance, updated expectations for open banking, know-your-customer (KYC), or even central bank digital currencies, the U.S. is lagging. 

For example, 60% of banks believe their home countries are ready to develop a CBDC in the next two years. In addition, 41% of firms are looking toward application shielding to protect mobile user accounts in preparation for new types of currencies.

In the U.S., regulators have only hinted towards a Fall 2021 release date for CBDC research. Lack of regulatory insight means more headaches: nearly half of all respondents (48%) reported that compliance with industry regulations had created roadblocks during digital transformation.

How the U.S. has fallen behind

The pandemic pushed U.S. banking, like so many industries, toward digitalization. But while countries like Canada are developing voluntary open banking trust networks, the U.S. has not adopted a similar Federal mandate toward digital finance protection, privacy, or framework. 

“We’ve got a long way to go, and a lot of [interstate laws] are just creating a compliance nightmare for industry. It just kind of really increased costs for companies to comply with 50 different states’ data protection laws,” Magrath said. “The survey found 40% of U.S. banks reported that they are more likely than banks in other parts of the world to face challenges aligning technology roadmaps with compliance.”

While not venturing into politics, Magrath said it isn’t even a party-dependent issue but a steady aversion to funding new compliance or passing updated regulations.

“But the surprising thing is that it’s not like all of the bills that are that have been introduced related to privacy and data protection are from one party,” Magrath said.

“Some are led by the Republicans, some are led by the Democrats. I think right now, getting anything done in Congress is a challenge, which you know if you follow Washington at all: that’s really the stumbling block here.”

It’s not all bad, however. One example of open banking modernization Magrath has seen in the U.S. is a synthetic identity fraud check implemented over the summer by the Social Security Administration.

Magrath said that when signing up for a banking account under the new program, banks can message the SSA to verify socials to combat the digital identity fraud that has been “running rampant” recently. 

More of that needs to happen through a combination of industry innovation and government compliance.

As digital identity has evolved, governments are just now realizing that they have a significant role to play in the new digital economy: from birth, governments are the original issuers of identification, like S.S. cards and I.D.s. 

Magrath is an active member of the Pan Canadian Trust Network and said the work done to develop a private-public partnership is a model that the U.S. can follow.

A Canadian financial trust network built through industry and government work aims to launch next year. 

“I mean, up in Canada, this is what they’re doing in the provincial governments, the federal government, the banks, and then you have vendors like OneSpan are actively participating to develop really components of a digital identity trust framework, stemming from identity proofing and verification to privacy provisions,” Magrath said. “All of that’s being rolled out.”