Role of Cloud Services, AI and Technology in Shaping the Macro Architecture of the Financial System

Background

The financial system has undergone a significant transformation in recent years, driven by rapid advancements in cloud computing, artificial intelligence (AI), and other emerging technologies for payments. These have had a profound impact on how banks do business, people interact with banks, and customers make payments for goods and services. Advancements in digital technology have also resulted in a notable shift towards a society that demands less cash.  Instant payments, online banking and computer-assisted response to customer queries are now being taken for granted. As the preferred form of customer interaction with banks become more online, the emergence of digital banks will be difficult to resist. This shift is already taking place. As brick-and-mortar banks try to compete with digital banks, they will be forced to employ greater automation of their services.

As the use of Cloud Services, AI and newer forms of money as payment instruments become the new normal, the architecture of the financial system will evolve. As regulators, central banks need to be able to understand what new risks these technologies can bring to the financial system and how they can regulate and mitigate those risks. This can take time as the existing regulatory rule books and supervisory practices have been shaped by past experiences. This blog provides some views on these issues taking a central bankers’ perspective.

Cloud Services

We often hear the phrase that financial institutions are moving to the Cloud. For many of us who are not IT professionals, we need to understand what this jargon means. In a nutshell the term Cloud refers to the practice of moving the customer data and computing power to a third-party service provider rather than having the data stored in-house. This shift has been driven by two self-reinforcing developments. On the supply side, large companies like Amazon and Alphabet (Google) had to install excess computational resources to meet their peak demands, but over extended periods of time these resources have been under-utilised. Embracing a business model that can monetise these resources has been the driving force to offer services on the Cloud.

On the demand side of this business, banks have been concerned about the mounting costs of the computing infrastructure they have to maintain, which is not their core business. Moreover, computer infrastructure becomes obsolete roughly every 5 years requiring costly upgrades. Shifting these resources to a third-party service provider is being seen as a good trade-off. The emergence of the Cloud Services can be attributed to these two forces. In essence this means that computing and data storage are becoming like a utility just like an electrical power utility or water utility service provider. It is a system where users pay for what they use, be it electricity, water or computational resources. In recent years, the use of Cloud Services has been further bolstered by a large increase in the bandwidth for communication while at the same time prices for these services have fallen.

From a regulatory perspective, one must assess these developments in terms of what new risks such business models can bring to the financial system. Central bankers should not become innovators, but central banks should be open to innovation when these developments improve operational efficiency and/or support inclusive growth without amplifying risks to the financial system. A case in point is the development in payments technology, which has led to seamless connectivity of multiple point of sale devices, including through use of smart phones, and allowing people living in remote areas to access banking services.

That said the wider adoption of third-party Cloud Services by banks raises some policy questions. We all know that if we are not happy with the services of internet service providers or mobile phone operators, we can switch seamlessly to other providers of these services. Would that option also be available to banks if they decide to switch their Cloud Service provider? If the answer is yes, how smooth will such a transition be? If the answer is no, central banks have work to do. For example, even very large companies can go through periods of difficultly with bankruptcy being a worst-case outcome. As regulators, central banks will always have to worry about these tail risks as these events can result in a systemic financial crisis if access to the Cloud Services is disrupted even for a short period of time.

Ensuring the security of the data stored by Cloud Service providers is also very important from systemic risk perspective as there must be reassurance that customer data will not be compromised. But we know that these issues also arise when banks store customer data in-house. Stronger encryption, better cyber security measures and firewalls that BigTech firms can employ are likely to lower these risks compared to individual banks’ own efforts. Yet, if a cybersecurity attack does happen, a large share of the financial system’s data can be compromised, which in turn can have adverse consequences for the financial system. This is a risk we should be wary of. Having globally consistent regulatory guidance for financial institutions when negotiating contracts for data storage on the Cloud with service providers can mitigate some of these risks.

Artificial Intelligence

Let me now turn to the role of AI in shaping the future of the financial system. Artificial Intelligence is being touted as the next disruptive technology that will alter how we will do our jobs in the future. The use cases for AI are wide and growing. Simple everyday applications for use in speech recognition, language translation and facial recognition are easy for most of us to comprehend. Essentially, AI involves the development of algorithms that are modelled after the decision-making processes of the human brain. It uses large amounts of data to train these AI tools and applications to make human-like decisions.

In financial institutions, AI tools are being seen to be useful in carrying out AML/CFT checks. Our domestic payment systems are moving towards instant transfers. For cross-border transactions, the need to ensure AML/CFT checks are done typically in the order of seconds will require some form of computer assisted decision tools. It is quite likely that AI or Machine Learning (ML) tools will be used increasingly to fulfil this task.

There is also much talk of using AI/ML tools to leverage how we regulate and supervise banks. In this connection, the words RegTech and SupTech are being often used by the industry. It is not clear to me if these tools leverage AI technology to perform the tasks that supervisory authorities have been doing so far. Let me emphasise that the human judgement in assessing financial risks and vulnerabilities is extremely important. I do not see any good reason why supervisory authorities will reduce their reliance on human judgement in terms of how we regulate and supervise banks as well as assess vulnerabilities and risks to the financial system. These judgements will be aided by newer technologies as they emerge, but we will continue to rely on our assessments to manage these risks.

This brings us to the more technical discussion of whether the AI tools we are talking about for financial applications are more like an Expert System. In broad terms, an Expert System uses information stored in a knowledge database to solve problems that would usually require a human expert, thus preserving a human expert’s knowledge. That terminology will provide some comfort to regulatory authorities as this is more like using the symptoms to provide diagnosis and remedial therapy in medicine. Several of the bank failures in the past could have been avoided if the symptoms led to early diagnosis followed by prompt supervisory enforcement actions. RegTech and SupTech can be useful tools for early diagnosis, but human judgement will continue to play an important role in the decision-making process among supervisory authorities.

Turning to the risks, regulators need to be mindful of how the Cloud Service providers will ensure that the customer data they hold will not be used in their own interests to train AI applications. After all, any AI application needs large amounts of data, and that data is readily available to BigTech firms that provide Cloud Services. Moreover, Cloud Service providers are also developers of large language models in AI, and it is quite possible that the financial data set they hold in the Cloud will be used to train such models. While the service level agreement might state that the data will be encrypted and not be available to service providers, there are cases where there have been lapses in data protection. The rich financial data set that BigTech firms hold can be used several years down the road to build AI applications that will be able to make credit allocation decisions, which is the main business of credit intermediaries.

Banks and regulators should be aware of these challenges and risks to bank business models. Some central banks are already taking note of these risks, including the risk of potential transfer of the confidential customer financial records to foreign jurisdictions. The Reserve Bank of India, for example, has announced the setting up of a public cloud infrastructure that may allow oversight function and ensure that the financial data remains within the country. This is one way how the appropriate checks and balances can be enforced by the regulatory authorities to avoid or reduce the risks identified above.

Newer Forms of Money

The architecture of the current monetary system is anchored to a government issued fiat currency, and any payment instrument in this system is linked to a fixed amount of this anchor. This monetary system relies largely on commercial bank money to fund real economic activities. Central banks exercise control over the money creation process of regulated entities using a variety of instruments at their disposal. They include setting reserve money requirements, carrying out open market operations and using macroprudential tools.

But technological advances have now opened the door to a shift away from this conventional account-based monetary system. Specifically, newer forms of money that broadly fall under the category of cryptocurrencies are trying to alter the existing monetary architecture. These newer forms of money are not based on the identity of ownership we are familiar with in an account-based monetary system. Rather, they employ methods from cryptography and store the claims to our ownership in a distributed ledger in a tokenised form with identity established through a private key. Central banks have few levers to control the supply of the newer forms of money and the extent of its reuse as collateral to take leveraged positions on crypto exchanges.

From a central bankers’ perspective, the policy question is what implications these developments may have in exercising control over macroeconomic variables that they are entrusted with under the central bank act. For example, large e-commerce firms could employ emerging technologies to create private digital money that circulate within their ecosystem over which central banks have little oversight and control. The e-commerce firms could also engage in providing credit to firms selling products on their platform using their private digital money. This can create a siloed credit intermediation ecosystem outside of the regulated financial system with central banks facing serious challenges to exercise control on credit creation needed to deliver on their mandate.

The emergence of stablecoins as an alternative payment instrument is also a development that is being closely monitored by central banks. Stablecoins are part of the broader trend of asset tokenisation and offer peer-to-peer transferability on public blockchains. Unlike commercial bank money (bank deposits), stablecoins provide more limited redemption rights. This has the potential to exacerbate runs on stablecoins in period of stress unless regulatory mechanisms provide adequate backstops to mitigate this. That is not the case in the current regulatory architecture for stablecoins. Another channel through which risks to the financial system can arise from stablecoins, particularly in countries with weaker macroeconomic fundamentals and institutions, is their potential to serve as a cross-border payment instrument denominated in USD or EUR. In these countries, the circulation of USD or EUR denominated stablecoins can contribute to currency substitution leading to loss of monetary sovereignty. It can also increase capital flow volatility by circumventing capital controls. Addressing these risks and challenges will require greater regulatory alignment and cooperation across global supervisory authorities.

Conclusion

The digitalisation of finance will lead to less human interaction in the banking industry, which in the past had been relationship-driven with a human face. This transformation has the potential to disrupt the nature of financial services that banks provide to customers, and with that the macro architecture of the financial system. As regulators, we need to be mindful of these changes and prepare how we regulate and supervise a financial system that has more actors, including how the transmission of monetary policy may change or be impeded with a more heterogeneous set of financial actors and payment instruments.