Plenty of ink has been spilled about systemic risks to the global financial system: public health, asset prices, and debt levels are just a few of the potentially destabilizing conditions that our institutions and markets must manage today. Now technology has made its way onto that list.
A recent report from the World Economic Forum and Deloitte reveals that systemic risk from the use of technology is a key concern to industry leaders. At the same time, technology can help to mitigate systemic risk. Sounds paradoxical, doesn’t it? When it comes to technology-driven systemic risk, the problem is largely in digital networks—and that’s where the solutions are likely to exist as well. Let’s break it down.
Digital networks introduce risk
New technology-powered entrants to financial services account for a disproportionate share of systemic risk because of their expansive and often unregulated digital networks.
Consider the inroads that big technology companies have been making in the financial services industry. Big Tech uses complex virtual operations to deliver services in payment processing, credit markets, and other areas where financial institutions historically held sway. Despite calls to designate Big Tech as systemically important, however, these entities remain lightly regulated relative to their financial industry counterparts.
Meanwhile, regulators are only beginning to look at decentralized finance (DeFi). These blockchain-based applications sprang up in the last couple of years as a way to trade cryptocurrency outside of the traditional financial system. DeFi networks may hold as much as US$247 billion in capital today—but there’s no central accountability, and their open-source protocols are predisposed to hacking and fraud.
Even traditional service providers are more digitally linked than ever. They’re boosting their investments in digital channels like self-service portals and mobile apps for customers. They’re also collaborating with technology companies and providing third-party developers with access to financial data via application programming interfaces (APIs). Internally, they’re adjusting to remote working arrangements that may be here to stay.
All this is making the entire ecosystem more vulnerable to events like cyberattacks and natural disasters. It’s hard to know just how vulnerable because the complexity increases with each node that gets added to the network and as interlinkages among network players multiply. That said, Mastercard’s RiskRecon unit estimates that “ripple events,” or breaches that spread through a network, have been going up 20% a year since 2008.
Digital tools plus a multilateral response can bring order to the system
Fight fire with fire. Take a hair of the dog that bit you. However you characterize it, the idea is that technology helped lead financial services into this morass, and it can help lead it back out again. Some innovations that come to mind include:
- Zero trust. Zero trust security is a technology architecture based on the principle “Never trust, always verify.” It replaces simple verification of entities with real-time access decisions based on continuous risk assessment. The result is a shift from the traditional approach of protecting the perimeter of a network to one where trust is established between individual resources and consumers, as and when required.
- Privacy-enhancing techniques. This category of technologies aims to resolve the tradeoff between data-sharing and privacy. For instance, institutions may use zero-knowledge proofs to access only the minimum information necessary for a given task while keeping all other data private. “Homomorphic encryption” encrypts data so that another party can analyze it without knowing the underlying information, and without anyone other than the intended party being able to read the results of the analysis.
- Digital identity management. Digital identity is information that computer systems use to make sure that organizations, people, applications, or electronic devices are what they claim to be. Digital identity systems can authenticate parties from inside or outside the organization. Self-sovereign identity takes this concept a step further by letting users control the credentials used to verify their identity.
For these and other solutions to be globally effective, however, industry players may may need to share information and an understanding of risk. Systemic risk thrives in the shadows of fragmented initiatives and information silos. A common set of governance frameworks, principles, and standards can throw light on the whole apparatus.
That can mean central banks, competition authorities, and other regulatory functions working together to reconcile existing rules. Another step may be to tailor regulation to new business models. Then there’s the possibility of standing up a dedicated regulatory body to address concentration risk—that is, the potential for a single node to threaten the entire network (such as a cloud provider going down and taking a swath of the global financial system along with it).
Unlock the full benefit of digital innovation
For all the promise that digital innovation holds, it can also bring new—and sometimes hidden—risks. Many of these risks are in the networks that technology makes possible, which broadens financial institutions’ exposure and amplifies vulnerabilities in the protections that are built into the global financial system. By the same token, though, technology can also mitigate financial and cybercrime. Participants in the global financial system can make it work by speaking the same language on risk and collaborating on a consistent approach to tackling technology-driven systemic risk.