Trust, digitalisation and banking: from my word is my bond to my code is my bond?

Keynote speech by Pablo Hernández de Cos, Chair of the Basel Committee on Banking Supervision and Governor of the Bank of Spain, at the Eurofi 2022 Financial Forum, Prague, Czech Republic, 9 September 2022.

BCBS speech  | 
09 September 2022

Introduction

Good morning, and thank you for inviting me to speak at Eurofi's 2022 Financial Forum, in association with the Czech Presidency of the Council of the European Union. It's a pleasure to be in Prague with you today.

While the transition from pandemic to endemic remains challenging and uneven across countries, much has changed since the previous Eurofi High-Level Seminar in February. The dual shocks of the war in Ukraine and resurgent inflation have darkened the outlook. Growth is losing its momentum. 

Against this backdrop, elevated financial vulnerabilities will continue to test the resilience of the global banking system – with the challenges coming most notably from increased debt levels, stretched real estate valuations and links with non-bank financial intermediation. In addition, the ongoing digitalisation of finance and climate-related financial risks loom increasingly large in the risk priorities of banks and supervisors over the medium term.

So there is no shortage of topics and work for the Basel Committee; each of them would deserve a speech on their own. I should reassure you though that, given our time constraints today, I will focus my remarks on a single theme, namely, the digitalisation of finance.

Digitalisation of finance

Interest in technology-driven innovation in financial services continues to grow at an almost exponential rate. I counted almost a dozen sessions related to digitalisation that are taking place at Eurofi's conference this week. Topics such as fintech, cryptoassets, big data and artificial intelligence (AI)/machine learning (ML) may have seemed arcane a decade ago, but are becoming increasingly mainstream nowadays. This interest has been backed by significant investment. Total global investment activity in financial technology between 2018 and 2021 totalled almost $700 billion, with over 17,000 deals made during this period.1 And these figures are likely to be an underestimate, as they do not include in-house investments by established financial institutions and big techs.

The spurt in interest and activity in financial innovation needs to be put into context, however. Finance and technology have a long and symbiotic relationship. Technology has been used in finance for more than 150 years.2 The completion of the transatlantic telegraph cable in 1866 saw finance gradually shift from analogue to digital. This was followed by a second wave of technological innovations in financial services, starting with the advent of the automated teller machine in 1967. So today's wave of technological pervasiveness – including the emergence of new actors and channels for the provision of finance – is in many ways a continuation of this history.

I have previously discussed the Committee's work related to various aspects of financial innovation, including with regard to its impact on banks' business models and the prudential regulation of banks' exposures to cryptoassets.3 The Committee is also pursuing a wide range of analytical and supervisory initiatives related to AI/ML, data governance, distributed ledger technology and operational resilience, which I hope to be able to cover in future speeches. So I will today provide a few reflections on two related themes that span the panoply of topics related to the digitalisation of finance.

Trust and banking

The first relates to trust and banking. The banking system exists on a web of trust. Indeed, the etymology of the word "credit" stems from the Middle French term for belief or trust.4 Trust outranks virtually every other factor – including price and service quality – when it comes to consumers' choice of banks.5

Trust also forms the bedrock of cross-border supervisory cooperation and fuels the "soft law" nature of the Basel Committee's decisions, where members are committed to implement globally agreed standards in their domestic jurisdictions.6 I would be remiss if I did not mention at this stage my trust in the European Union (EU) to implement the outstanding Basel III standards in a full and consistent manner, and as soon as possible.7 As a Governor of a EU central bank, I would add that further delays and deviations to implementing these standards would not only expose our banking system to additional risks and fragilities, but could also call into question the EU's commitment to global cooperation and, in the long run, weaken the trust that Committee member jurisdictions have in one another.

We also know that trust is fragile and can easily dissipate. The saga of bank misconduct practices following the Great Financial Crisis prompted a wide range of reviews and soul-searching about conduct and culture in banking, and highlighted the difficulty in restoring trust. We must never take it for granted.

The old adage of "my word is my bond" continues to be important today, but trust cannot and does not rely solely on words. Ethics and morals should be the primary foundation for instilling and preserving trust, but are (sadly) insufficient by themselves. A trustful and trusted banking system also depends on a scaffolding of regulatory safeguards, including with regard to conduct, safety and soundness, and market integrity.8 Incidentally, this applies as much to banking as to other critical industries, including aviation, food and pharmaceuticals, to name just a few.

While these safeguards may impose some costs, these are vastly outweighed by the benefits of trust at both a micro and macro level. For example, in 1866, the inflation-adjusted cost of a return delivery of financial assets with Wells Fargo's iconic stagecoaches was more than $23,500.9 Fast forward to today, and money can be transferred at a fraction of this cost and in a sliver of the time, in part due to the trust that we place in technological advancements in today's banking system.

At a macro level, it has been estimated that a 10 percentage point increase in the share of trusting people within a jurisdiction raises annual GDP growth by about 0.5 percentage points.10 Moreover, in a globalised world, the benefits of trust spill over across borders: another study finds that an increase in trust by one standard deviation is positively associated with a 90 to 150% change in bilateral trade.11 And, in the case of banking, these benefits are in addition to the direct impact of regulations such as Basel III, where the net benefits are estimated to be overwhelmingly positive to society.12

Why do I mention all of this? A narrative accompanying some of the emerging streams of financial innovation is centred around the concept of "trustlessness". This is often touted as a superior and more efficient model than today's system of banking, allowing individuals to transact in a quasi-pseudonymous manner, with trust being substituted by automated verification mechanisms.13 "Trust me, I'm a coder" is almost a mantra in this world.

While such a vision may be conceptually appealing to some, it falls short of providing the robustness, seriousness and societal benefits from regulations, supervision and the rule of law. A trust-free banking system would essentially require society to place its faith in a set of codes and complex models, which we know from history can be subject to errors and model risk. Moreover, advances in financial technology bring with them greater risks to banks' operational and cyber resilience. Breaches in such areas could potentially weaken the fabric of trust in banking. The Committee's principles for operational resilience, finalised last year, aim to strengthen banks' ability to withstand operational risk-related events that could cause significant operational failures or wide-scale market disruptions. I strongly encourage banks and member jurisdictions to proceed with implementing these principles.14

Just as few would be willing to board an airplane that does not meet regulatory standards and that has not been inspected by qualified supervisors, I suspect that not many individuals would want to deposit their money in a banking system void of any regulatory and supervisory safeguards.

You may have noticed that I have been referring to "banking" and not "banks". What matters when it comes to securing trust in banking is not so much the specific entities involved, but rather the extent to which entities that provide banking services are subject to relevant regulatory and supervisory requirements.

It is why I chair the Basel Committee on Banking Supervision, and not Bank Supervision. And it is why the Basel framework has been designed in a way to provide sufficient flexibility for authorities to determine the appropriate scope of application.

As we continue to see the emergence of new banking channels, services and entrants, it will be important for authorities to continue to review the appropriate scope of the regulatory perimeter and the type of regulations to apply. This task, which will need to be pursued at both a domestic and global level, should ensure that activities with the same risks are subject to the same regulations. Indeed, the Committee's Core principles for effective banking supervision embeds such a notion.15 And the Committee's recent high-level considerations on proportionality provide an additional lever for authorities that seek to implement the Basel framework for different types of institution in a proportionate manner and in a way that does not undermine financial stability or the safety of financial institutions.16  

AI, models and judgment

My second and related observation is about the role of human judgment in banking.

As AI technology continues to evolve, it is changing the banking industry in a number of ways. Digitalisation is posing a number of risks to banks, including: 

  • Disintermediation: This is when customers bypass banks and go directly to other financial service providers, such as online lenders. This means that banks lose out on revenue and customers.
  • Increased competition: There are new entrants to the market who are providing digital-only banking services. This increased competition puts pressure on banks to lower prices and offer more innovative products and services. 
  • Loss of customer trust: With the increase in data breaches and cyber attacks, customers are becoming more aware of the risks associated with digital banking. This loss of trust could lead to customers moving away from banks altogether. 
  • IT infrastructure: Banks need to have robust IT infrastructure in order to be able to provide digital banking services. This can be costly and there is always the risk that something could go wrong, leading to disruption for customers. 
  • Regulatory pressures: Banks are subject to strict regulation, which can make it difficult for them to keep up with the pace of change in the digital world.

The text I just read (italicised above) was not written by me or any human being, but was instead entirely generated by an AI bot – Generative Pre-trained Transformer 3, or GPT-3, based on a few simple prompts.17 I will leave it to you to judge the quality of both the drafting and the content of the text (and, dare I ask, how it compares with the rest of my speech), but I think it nicely highlights the advancements and promises of AI/ML. It is therefore not surprising to see growing interest by banks and supervisors in the use of AI/ML technology to increase operational efficiency and improve risk management.

But AI/ML also brings a range of risks and challenges, including the "explainability" of models. Understanding the outputs of models – including potential biases, limitations and robustness – is a key element of effective decision-making, risk management and supervisory oversight. Compared with traditional models, AI/ML models are more difficult to understand due to complex non-linear interactions among variables, making it more challenging to confirm their conceptual soundness. And the quality of modelled outputs are only as good as the inputs. Models can reflect biases and inaccuracies based on the data used, and potentially result in unethical outcomes if not properly managed. In a world with a seemingly ever-growing degree of uncertainty, the limitations of AI/ML models in anticipating and reacting to "unforeseen" and "unprecedented" events are likely to become of greater importance.18

The risks to banks from AI/ML are further exacerbated when model development is outsourced. As AI/ML deployment often involves the use of large data sets, interconnectivity with third parties, and the use of cloud technologies, it can also create multiple possible points of cyber risk. In addition there may be greater data governance challenges for banks given the higher volume, velocity and variety of data commonly used to support AI/ML models. I should note here that banks maintain the responsibility and accountability for appropriate due diligence and oversight when relying on third-party service providers.

To offer a simplistic example of the limitations of such models, when prompted to describe Eurofi, the GPT-3 bot generated a paragraph about Eurofi being the "perfect choice" for a "top-quality, reliable and affordable car", thanks to its "over 30 years of experience in the automotive industry"! While the generated text is entirely legible, its content is clearly incorrect – unless David Wright and Didier Cahen know something that we do not about Eurofi's activities!

Given the challenges associated with AI/ML, both supervisors and banks are assessing existing risk management and governance practices to determine whether roles and responsibilities for identifying and managing risks remain sufficient. As with other complex operations and technologies, it is important that banks have appropriately skilled staff, which can include model developers, model validators, model users and independent auditors. This is why the Committee published a series of newsletters earlier this year covering its work to date on AI/ML and third- and fourth-party risk management and concentration risk.19

Building on the discussions on the supervisory implications of the use of AI/ML so far, the Committee is working to develop further insights on this topic. Continuing discussions will focus on three areas: 

  • First, the extent and degree to which model outcomes can be understood and explained.
  • Second, AI/ML model governance structures, including responsibilities and accountability for AI/ML-driven decisions including banks' third and fourth-party risk management and concentration risk-related arrangements.
  • Third, the potential implications of broader usage of AI/ML models for the resilience of individual banks and more broadly, for financial stability.

Conclusion

Banking has always involved human relationships. The etymology of "bank" originates from the Late Latin for bench, referring to the place where money handlers sat in the market to transact in person.20 While advances in financial technology that seek to enhance the efficiency, inclusiveness and quality of services should be welcomed, they will not replace the critical role of human judgment in banking and supervision. And they cannot substitute for the importance of ongoing cooperation among Basel Committee members with a view to safeguarding global financial stability.

Thank you.

References

Archer, S (2016): "An original Wells Fargo stagecoach would have cost as much as a new car today", Yahoo! Finance, 17 June.

Arner, D, Barberis J and R Buckley (2015): "The evolution of fintech: a new post-crisis paradigm?", University of Hong Kong Faculty of Law Research Papers, no 2015/047, October.

Basel Committee on Banking Supervision (2012): "Core principle for effective banking supervision", September.

--- (2021): "Principles for operational resilience", March.

--- (2022a): "Newsletter on artificial intelligence and machine learning", March.

--- (2022b): "Newsletter on third- and fourth-party risk management and concentration risk", July.

--- (2022c): "High-level considerations on proportionality", July.

Butter, F and R Mosch (2003): "Trade, trust and transaction costs", Tinbergen Institute Working Paper, no 2003-082/3, November.

Galloway, S (2022): "Trustless", available at https://www.profgalloway.com/trustless/, 17 June.

Hernández de Cos, P (2019): "Financial technology: the 150-year revolution", November.

--- (2021a): "Crossing the Basel III implementation line", remarks at the Eurofi High-level Seminar, 15 April.

--- (2021b): "Basel III implementation in the European Union", remarks at the Eurofi High-level Seminar, 10 September.

--- (2022a): "Implementing Basel III", remarks at the European Economic and Social Committee public hearing, 8 February.

--- (2022b): "Computers and money: the work of the Basel Committee on cryptoassets", May.

Ingves, S, (2014): "Basel III implementation : Progress, pitfalls and prospects", November.

KPMG (2022): "Pulse of fintech H2'21", January.

Lomas, N (2019): "Facebook's AI couldn't spot mass murder", Techcrunch, 21 March.

Maimaitiming, S (2021): "The future is trustless. What do we need instead?", Sipios business blog, 11 October.

Merriam-Webster (2022): Definition and etymology of credit, available at www.merriam-webster.com/dictionary/credit (checked on 10 August 2022).

Pyatt, E (2009): "Banks and benchs – a complicated linguistic transaction".

Schmid, C (2020): "Why trust is still the strongest word in banking", additive Insights, 5 November.

Smith, C (2020): "Trust and total factor productivity: What do we know about effect size and causal pathways?", International Productivity Monitor, no 38.


1 KPMG (2022).

2 Hernández de Cos (2019) and Arner et al (2015).

3 Hernández de Cos (2022b, 2019).

4 Merriam-Webster (2022).

5 Schmid (2020).

6 Ingves (2014).

7 See Hernández de Cos (2022a, 2021a, 2021b) for more on Basel III implementation.

8 Galloway (2022).

9 Archer (2016).

10 Smith (2020).

11 Butter and Mosch (2003).

12 Hernández de Cos (2021a).

13 Maimaitiming (2021).

14 BCBS (2021).

15 BCBS (2012).

16 BCBS (2022c).

17 Derived from Neuro-Flash (neuroflash.com).

18 These limitations are not just limited to banking or finance. Consider the tragic limitations of AI bots in clamping down on terror and mass murder streaming on social media. In 2019, following the livestreamed terror attack in Christchurch, Facebook noted that the video did not trigger its automatic detection systems, because that would have required it to "provide [it] with large volumes of data of this specific kind of content, something which is difficult as these events are thankfully rare" (Lomas (2019)).

19 BCBS (2022a, 2022b).

20 Pyatt (2009).