But, Money Is Bytes: Need For Real-Time Activity-Based Supervision

In a rapidly evolving digital landscape, the recent incident involving the Reserve Bank of India's ban on a prominent bank from onboarding new customers due to governance violations—both digital and human—is a wake-up call.

The traditional perception of banks as impenetrable fortresses of financial security, data safety and consumer protection is giving way to a stoic realisation—they too are susceptible and hopefully accountable. But then, with the current hierarchy of power and influence and due to the regulatory moat where fintechs don’t have formal recognition and regulations by the RBI, banks seemingly get away. Even the paltry penalties that it imposes on the banks for mishaps are minuscule enough to be a capitalist deterrent.

In the ever-evolving landscape of finance, human fallibility often eclipses even the most sophisticated technological safeguards. Audacious and crippling breaches, born of human malice or carelessness, routinely shatter trust. Whether it's the clandestine manoeuvres of a rogue trader toppling an entire institution or a negligent employee compromising sensitive data with a ‘fat finger’, the human element remains the most enigmatic and formidable force in risk management. This harsh reality underscores the imperative for a comprehensive strategy for risk mitigation. It necessitates not only robust technological defenses but a profound and sustained commitment to education, awareness, and a culture of responsibility among those charting a course in the uncharted waters of the digital age.

Digital transactions now dominate the financial landscape. 'Digital lending' isn't a niche; it's woven into every thread of the financial sector. Not surprisingly, even payment entities lend to make profits that they cannot in the payments space. The conventional model of banking regulation, grounded in the oversight of technical infrastructure and physical entities, is, to put it simply, outdated. Regulators must recalibrate their perspective to prioritise a digital-first approach. The RBI has encountered hurdles in supervising digital lending apps, issues emblematic of the challenges that financial regulators worldwide face. This necessitates a fundamental shift from entity-based supervision to real-time, digital-first activity-based supervision.

What is money? In the age of accelerating digital adoption and the remarkable success of UPI, the very concept of money is undergoing a profound transformation. For an increasing number of Indian customers, money is what they see on their screens—a series of bits and bytes that represent their financial holdings and transactions. Whether it's accessing their banking apps to check balances or facilitating payments through UPI-based platforms, money has become a digital entry that effortlessly traverses the banking system. The days of relying solely on physical currency are dwindling; even in this context, the value of those physical notes and coins is meticulously recorded within the digital realm.

The imperative for an urgent shift from entity-based supervision to real-time, digital-first activity-based banking supervision cannot be overstated. Traditional regulatory models designed around overseeing legal entities have grown obsolete in the face of the dynamic, interconnected, and digitally-driven financial ecosystem we inhabit today.

The digital transformation of financial services has ushered in real-time transactions and data flows at unprecedented speeds. These transactions transcend traditional entity boundaries, posing a significant challenge to regulators. The rise of fintech companies, non-bank financial institutions, and new financial instruments has further blurred these boundaries. Often tech-driven, these players are at the forefront of the digital finance landscape.

As banking embraces digitalisation, the risks associated with cybersecurity and data breaches have intensified. These challenges demand rapid response capabilities from supervisors to safeguard the integrity of the financial system. In addition, modern consumers have come to expect seamless, real-time financial services, necessitating a shift in regulatory approach to meet these expectations while protecting consumer interests.

The urgency of this transition is underscored by several critical factors. Firstly, the ever-evolving landscape of cyber threats demands a proactive response. Delayed reactions to these threats can lead to significant damage. Secondly, the pace of fintech innovation requires regulators to adapt swiftly to accommodate change while ensuring compliance. Lastly, consumer confidence in a digital-first world hinges on robust supervision.

To operationalise this essential shift, regulators must consider several fundamental steps. These include the implementation of sophisticated data analytics and reporting systems capable of collecting and analysing real-time data from financial institutions. These systems should be equipped to flag unusual or high-risk activities. Real-time monitoring tools should be adopted to track transactions and activities within financial entities, enabling the quick detection of suspicious behaviour. Scalable regulatory frameworks must be developed, accommodating changing technology and market dynamics while encouraging innovation and mitigating risks. Finally, investment in education and training for regulators is essential, equipping them to understand digital finance, cybersecurity, and data analytics and building a workforce equipped to handle digital-first supervision.

The transition from entity-based supervision to real-time, digital-first activity-based banking supervision is a vital evolution aligned with the realities of the digital age. It is not a regulatory good-to-have, but a need.

Srinath Sridharan is author, policy researcher and corporate advisor. Anand V is cyber-security researcher and co-founder of DeepStrat.

The views expressed here are those of the author, and do not necessarily represent the views of BQ Prime or its editorial team.