On 15th September 2023, my colleagues and I were delighted to join the FinTech Nation 2023 event in Dublin, hosted by the Fintech and Payments Association of Ireland.

The event was attended by over 250 representatives across fintech and financial services to discuss key trends, share thoughts on the regulatory landscape, and explore opportunities for collaboration to foster growth within Ireland's rapidly expanding fintech sector.

At BJSS, we are thrilled about our recent office launch in Dublin. We look forward to further connecting with the local community and strengthening partnerships to bolster our support for the Irish market.

The session was opened by Dara Calleary, Minister of State Trade, Promotion, Digital and Company Regulation, who outlined Ireland’s clear strategy to drive productivity through digital adoption and innovation.

Here are some of the key themes that we took away from the vibrant discussions at the event.

  1. Ireland has a strategic advantage with deep national technology and markets expertise, representation from multinational companies and a strong position in the EU.
  2. Having a clear regulatory stance is key to underpinning innovation whilst ensuring consumer protection. The Irish regulators set high standards for new entrants to the market, adapting learnings to balance innovation with consumer protection.
  3. Resilience and security are top of mind for consumers and there is increased scrutiny from regulators on how firms demonstrate sound practices regarding cyber threats, operational resilience and handling sensitive data.
  4. As everywhere, responsible AI is a hot topic and businesses in Ireland are closely watching the EU’s stance here. The EU’s AI Act is a world first and aims to regulate safe use of this rapidly advancing technology.
  5. The payments landscape is changing fast – embracing this innovation whilst balancing financial inclusion and access to cash remains an evolving challenge

Ireland's Strategic Advantage

The Republic of Ireland is no stranger to technology innovation, being home to seven tech unicorns (privately owned start-ups valued at over $1billion) including names such as Fenergo, Wayflyer and TransferMate. Despite being a relatively small country of just over 5 million people, Ireland is the 4th largest exporter of financial services in the EU and is 7th globally.

Ireland’s combination of deep national expertise and multinational investment is underpinned by a determined government agenda to drive productivity through digitalisation across business, infrastructure, boosting skills and supporting public services. This is reflected in the European Commission Digital Economy and Society Index (DESI), ranking 5th overall for 2022 and Ireland’s active role in the EU D-9+ (an informal alliance of Digital Ministers from the digital frontrunner EU Member States).

digital-economy-and-society-index

While acknowledging growth prospects, it was noted that overcoming challenges, such as enhanced access to funding for innovation and scaling digital enterprises, is imperative.

Clarity On Regulation

A key topic of discussion was the regulatory environment. Whilst there was no dispute that financial services, including fintech firms, need regulation to ensure consumer protection and systemic stability, there was a consensus that Ireland has seen increased regulatory scrutiny and more rigorous supervision.

This aligns with an overarching trend seen throughout the European Union. The advantages of clear regulatory guidelines, particularly for emerging technologies like AI and digital assets, are evidently appreciated. The contraction of the Irish banking market over recent years (moving from 12 major retail banks to 3) has seen the rise of challengers which has naturally brought greater scrutiny with it.

There is now more focus on balancing innovation and consumer protection, a natural recalibration from an earlier innovation culture in light of recent high profile fintech bad news stories (e.g. the fall of the crypto exchange FTX). The transparency in regulatory expectations is beneficial in the long term. Nevertheless, it could be balanced by providing clearer upfront communication to newcomers in the financial services sector regarding the rigorous standards set by regulators. These standards encompass demonstrating business sustainability, stability, and robust risk management, including the requisite expertise for key senior positions like CTOs and CIOs. This up-front communication could help to set more realistic expectations for obtaining authorisation.

The cost of the perceived ‘regulatory burden’ to launching business is reflected in changing approaches for start-ups (scaling back the number of markets on a range of products for initial launch) rather than big bang roll-outs of the past. This is evident in how venture capital evaluates new propositions, emphasising the need for robust business strategies and comprehensive plans. The focus on strong business models and operational viability is viewed positively, contributing to a stronger foundation for future growth and stability.

Transparency and open dialogue between regulators, new entrants and incumbents is seen as vital for maintaining momentum in the face of rapid technology development.

Staying Resilient In The Face Of Cyber Threats

The financial services industry is currently facing the perfect storm of an increased pace of technology change, heightened regulatory scrutiny and the proliferating risk of cyber-attacks. The immense change through the Covid-19 pandemic as our lives became more digital also reflected increased opportunities for bad actors to strike; the recent rise in ransomware attacks is an example. Fintech companies are particularly prone to this vulnerability due to the swift evolution of their product development. In fact, about 70% of outages stem from alterations in systems, underscoring the critical importance of vigilance in managing these changes.

As a result, regulators require a step up from regulated firms on how they can demonstrate resilience, anticipate and manage cyber threats when they arise, protect sensitive data and ensure continued operation of essential services. This extends to firms being able to ensure their critical providers (such as cloud service providers) meet resilience measures.

Firms taking a risk-based approach are required to map out controls for their essential services and robustly and regularly monitor and test their operational resilience. A checkbox approach to meeting regulations such as the Digital Operational Resilience Act (DORA) is not sufficient; firms must show that they have assessed their risks and prioritise their actions accordingly. Whilst this may sound simple in concept, the practical management of this takes significant effort and resources, so designing controls into systems that can adapt as threats change over time is essential. DORA will require EU firms in scope to meet a legally binding set of prescriptive requirements that require unprecedented additional provisions in testing, reporting, and critical third-party risk management.

The Central Bank of Ireland offers guidance on how to approach this and is open to engage with the industry ahead of the DORA January 2025 deadlines for implementation.

Fortunately, there are a range of tools and strategies that can be used to combat cyber threats, such as developing clear policies and procedures with clear accountability to respond to incidents. Advances in technology to perform heuristic monitoring on a continuous basis can be utilised to be able to neutralise threats quickly. Automation can be optimised to efficiently patch systems whilst keeping essential services running. Next generation security technology is leveraging capabilities such as AI to identify and combat threats, although it’s continually having to evolve to counter increasingly sophisticated bad actors who can take advantage of the same advances to fake identity and impersonate people.

Harnessing The Opportunity Of AI Responsibility

Naturally, no technology forum could pass without mention of Artificial Intelligence and this event was no exception. Whilst AI has been in use in the industry for a number of years, the big leap recently has been to make the tools for generative AI generally available, both at a consumer and enterprise level. In an audience used to change, this was viewed as a paradigm shift and a transformative moment for society of which we don’t yet know the full impact. The attention across all industries, geographies and walks of life, coupled with the astonishing pace of change is clear.

The exploration of the role of humans in light of AI developments piqued the audience’s attention. While we can see ever-improving performance of generative AI, it does not necessarily provide the truth. Generative AI relies on prediction based on vast quantities of data; it does not (yet!) think for itself, as it is more of a consensus engine. Humans cannot absolve themselves of accountability for decision-making and great attention must be paid to how models are built, what data they are trained on, and the risk of the impacts of those decisions based on context.

As a consequence, we have a very fluid, developing legal environment. AI law is in its beginnings and untested when it comes to much of these areas, such as copyright. Large language model providers are investing heavily into model training and checking the provenance of input data to protect against fake news and disinformation – we could potentially see the rise of AI vs. AI to protect humans.

The EU has taken a world-first stance in defining responsibilities in the use of AI with the EU AI Act, which carries much higher implications than other existing regulation (such as bigger fines and higher obligations compared to GDPR). The AI Liability Directive proposal (September 2022) aims to "adapt private law to the needs of the transition to the digital economy" and would make it easier for claims to be brought for harm caused by AI systems and the use of AI.

This all makes for an exciting landscape, but one where the responsible adoption of this technology will be paramount.

Keeping Pace In Payments Without Excluding Consumers

Around 20% of the fintech industry in Ireland is in payments and success stories like Stripe are testament to the depth of expertise in this field. Recently there has been a proliferation of new entrants and innovation in this area.

Challenges to be solved include an over-reliance on major card schemes, the lack of a unified European digital alternative to cash, and ensuring that the benefits of quicker and cheaper methods of payment trickle down throughout the economy. There is concern that all members of the ecosystem are served and set up to provide access to payments in a safe, secure and reliable manner.

Important questions arise: Are consumers and small businesses being served effectively and charged fairly? Do regulated firms possess the capacity to handle rapid changes and innovation while upholding systemic stability? Likewise, are central banks applying these principles to wholesale transactions that serve financial institutions and government payments?

It's crucial to evaluate all components within the ecosystem, such as real-time gross settlement solutions, to guarantee both efficiency and safety across the financial system. This evaluation should be inclusive, accommodating both new entrants to the market and the established traditional banking entities.

Hot topics range from instant payments, digital central bank currencies and open finance. In the context of the EU this is accompanied by a busy agenda from Brussels to drive change.

Instant Payments

With the mandate on Instant Payments, the EU is looking to drive up the provision and adoption of instant credit transfers within the Single Euro Payments Area (SEPA) to be consistently available 24 hours a day, 365 days a year. Additionally, the goal is for the recipient's payment service provider (PSP) to notify the payer's PSP of fund receipt within a ten-second timeframe.

This will help achieve the EU’s goals for competition, innovation and integration to allow consumers to make payments in person or via e-commerce (including on their mobile phone) across the European Union just as safe as in their home country. Launched in 2017, there is still progress to be made to deliver this consistently across member states (in early 2022, only 11% of Euro credit transfers in the EU were instant). Through 2023, the European Commission has stepped up the focus to accelerate adoption of instant payments, ensuring widespread accessibility at affordable rates, enhancing consumer trust through robust security measures, and streamlining the process to facilitate seamless adoption.

So, what does this mean for payments providers? The push for change can be challenging for established players grappling with a multitude of simultaneous regulatory shifts. Organisations burdened with intricate legacy systems necessitate substantial time, effort, and investment to successfully implement the necessary changes.

Fintech providers excel in innovation, typically providing an enhanced user experience by leveraging modern tech platforms. They can swiftly integrate and deploy new features, yet they may face challenges due to potentially limited regulatory experience.

In addition to the EU-wide legislation, the Central Bank of Ireland (CBI) has issued its National Payments Strategy Terms of Reference. This strategy focuses on financial inclusion, to ensure the resilience and safety of digital payments and protecting continued access to cash.

This is a space to watch over the coming months as the regulators drive forward their ambitious change agenda.

Central Bank Digital Currencies

Like many other central banks globally, the European Central Bank (ECB) is exploring the impact of the decline in the use of cash and the uptick in digital payments on monetary stability. Digital payments are backed by commercial banks (‘private money’) and are subject to the provider redeeming their value, whereas cash is an asset backed by the central bank (‘public money’). The evolving behaviours of consumers and small businesses raise important considerations for central banks regarding monetary stability. Many economies worldwide are actively exploring digital currencies, essentially digital counterparts of central bank-backed cash, in response to these shifts. A message that was clear from the CBI is that this is not intended to replace cash, but to offer a digital alternative alongside it that can be used throughout the Euro area.

However, one of the key challenges here is in framing the use cases for consumers and business to make this compelling for them. For a consumer, the concept of private and public money is quite abstract; if digital payments are convenient and safe to use now, why introduce another system? Bringing the use case to life is something that central banks are working through in their consultation projects across the industry.

The central bank is working in close consultation with the European Banking Federation, representing the views of financial institutions from across member states. There is an understanding of the drivers for the exploration, however there are still many discussions to resolve on the practicalities of how a digital Euro could work. The division of labour between the central bank and the industry is still being worked through, such as provision of settlements vs. design of the payments system itself. Given an already busy European regulatory agenda, the industry is keen to re-use and adapt existing infrastructure as much as possible rather than building from scratch. The changes required for this infrastructure would not be trivial and the industry is conscious of many parallel demands for large scale change. In addition, the holding of deposits is a matter of concern to banks given potential impacts on their balance sheets. As with all propositions of this nature, citizen privacy and the need for security are front of mind.

From the view of fintech, this represents an opportunity for newer entrants to innovate new offerings for consumers (e.g., provision of digital wallets, intermediary roles for managing payments) and could be seen as a chance to revise the role of cards in digital payments. Looking to examples in the Open Finance space, there is a good precedent on the art of the possible, such as offering consumers ways to view their aggregated financial activity. However, the payment initiation process across the EU is not uniform (in contrast to the UK which has a unified protocol).

Amidst the ongoing surge in innovation and exploration of novel technologies, a unanimous agreement emerged emphasising the importance of preserving access to traditional cash. Traditional cash remains a prevalent payment method at point of sale by volume across European states. Although the approach may differ from state to state, there's a collective recognition of the imperative to maintain access to and acceptance of cash.

About BJSS

BJSS is invested in the Irish market, serving both domestic companies and multinational corporations headquartered in Ireland. We offer a range of comprehensive services, including Strategy & Transformation, Cybersecurity, and Data & AI. We also have strong partnerships with the major cloud providers

BJSS is a trusted partner for organisations seeking to thrive and innovate within the dynamic Irish market.