Clifford Chance: Five fintech trends to watch in 2021

The COVID-19 crisis has brought technology to the fore in the financial sector and beyond, with businesses seeing two or three years’ progress compressed into two or three months. The pandemic’s impact on fintech businesses and regulatory agendas is ongoing, coupled with pressure from both consumers and businesses to get tech regulation right. What does this mean for global fintech in 2021?

From sustainable fintech and CBDC developments to greater scrutiny of data and increased antitrust enforcement, we predict five key developments.

1. Evolving risks for AI and data use

Increasing use of data and AI for financial, particularly consumer-facing, products means a need to understand and navigate the associated legal, regulatory and ethical issues across various roles and levels of seniority within an organisation. Global regulators are tackling these issues and continue to publish guidance and recommendations, with AI-specific legislation already in effect in some jurisdictions and expected in the EU during 2021.

What’s next?

• Data use by financial institutions and tech companies, including algorithmic decision-making, will continue to face scrutiny from regulators, affected individuals and privacy organisations. There will also be an increased antitrust enforcement focus on businesses using AI and data.
• 2021 will see several class actions and other claims relating to the use of personal data, with courts exploring class membership and measures of compensation. Claims arising from using or sharing data to tackle COVID-19 are also likely.
  • In the UK, Lloyd v George will be heard before the Court of Appeal in April 2021; and the Children’s Commissioner for England intends to bring an action on behalf of a 12 year old against corporates involved in TikTok, alleging misuse of private information and processing for its video recommendations.
  • In the US, there have been a number of civil cases brought under the California Consumer Protection Act (CCPA) since it became effective in January 2020. For example, in Shadi Hayden v Retail Equation, several plaintiffs brought a class action suit against a software company that works with retailers to create risk scores to identify potentially fraudulent consumer returns as well as several retailers who used its service. We expect that plaintiff attorneys will continue filing similar new cases in 2021.
• Regulators will expect organisations to focus on consumer impact and to use AI-based tools designed with a particular type of consumer in mind. This is one way of ensuring that the public can trust and scrutinise AI, which governments, regulators and industry bodies globally have identified as a priority.
• In the US, businesses are in the ramp up period for the new California Privacy Rights Act (CPRA), which amends and expands the CCPA. The passage of the CPRA may finally put enough pressure on the US Federal Government that Congress will pass new federal privacy legislation.

For more, watch our international expert panel discussions on Explaining AI and algorithms and Global data claims or read: Data Collective Actions and Data Litigation: A Toolkit for Defendants.

2. Payments

There was a renewed focus on the payments sector and its regulation in 2020. COVID-19’s impact on spending habits and the Wirecard scandal were just two of the contributing factors.

What’s next?

• Robust safeguarding arrangements help ensure that funds are returned to customers in the event of an insolvency of payment services firms. The events of 2020 have brought payments firms’ prudential risk management and safeguarding arrangements into the spotlight as a key supervisory priority for 2021.
• On the antitrust side, the creation of new “Big Tech” regulators and dedicated regulatory regimes such as the EU’s proposed Digital Markets Act, designed to rein in anti-competitive behaviour, will impact the ability of key tech players to wield market power in rolling out new financial products.
• The “buy now, pay later” model popularised by firms like Klarna has seen significant growth through the COVID-19 pandemic. As well as seeing increased M&A and listing activity in relation to such firms, this will mean greater regulatory scrutiny – expect to see more consumer guidance and regulatory enforcement, and, potentially, tighter regulation.

For more, watch our international expert panel discussion on Fintech success in the payments sector or read: Payments Trends 2020.

3. Operational Resilience

Operational resilience (ensuring continuity of key business services) remains a regulatory focus, and regulated firms’ arrangements have been brought into sharp focus in 2020 as a result of disruptions caused by COVID-19, particularly with respect to dependence on technology. Growing digitisation of customer experiences, greater automation and increased use of third-party providers all make firms increasingly susceptible to technology disruption events.

What’s next?

• Regulators will increasingly formalise existing operational resilience guidance into specific regulations. In the UK, the Financial Conduct Authority and the Prudential Regulation Authority are due to publish policy statements early this year on proposed legislation requiring firms to map important business services, set appropriate impact tolerances and robustly test contingency arrangements. In Singapore, existing guidance on the management of outsourcing will soon be formalised into legally-binding requirements applicable to banks. Firms will need to factor these into existing framework.
• We anticipate an increase in enforcement action relating to operational disruptions. Regulators may seek to hold firms accountable for failures in their responses to challenges resulting from COVID-19, particularly if disruptions arise from cost-cutting in any related economic downturn. In parallel, the same technology disruption (and criticism from regulators) could give rise to civil claims.
• The European Commission unveiled its proposed digital operational resilience act (DORA) in October 2020 to harmonise rules addressing ICT risk in finance. This will include the creation of an EU framework to oversee “critical” ICT third-party service providers, potentially bringing within EU oversight major non-financial technology companies which provide, for example, cloud computing, data analytics or software. DORA is currently being reviewed by the European Parliament and European Council, but the EU is keen to get the act ratified and so firms will need to start taking steps in 2021 to ensure compliance.

For more, read: Exploring DORA

4. Crypto and CBDC developments

Cryptoassets remain high on regulatory and press agendas, particularly with Bitcoin’s sharp price rises and falls in recent months. Partly forced by private stablecoin initiatives such as Diem (the Facebook-associated stablecoin formerly known as Libra), global governments and central banks have made key progress on exploring the use of central bank digital currencies (CBDCs). 

Regulators have continued to work on bringing cryptoassets within the regulatory perimeter, including in the UAE, where Clifford Chance has supported the development of its comprehensive new regime for cryptoassets, including cryptocurrencies and security tokens.

The rise of decentralised finance (DeFi) which aspires to create a global peer-to-peer alternative to traditional financial services using permissionless blockchain technology, has seen purportedly unregulated crypto investment worth billions of dollars.

What’s next?

• Expect to see further tightening of the AML regulatory requirements applicable to cryptoassets globally and a flurry of discussions around the European Commission’s proposed Markets in Crypto-Assets Regulation (MiCA), the UK’s consultation on its regulatory approach to cryptoassets and stablecoins and Hong Kong’s proposal to introduce a licensing regime for virtual asset services providers, among others.
• We will see more economies getting closer to wide-scale issuance of CBDCs. In January 2021, it has already been confirmed that the Banque de France has successfully piloted the use of a CBDC to settle monetary fund shares and that the People’s Bank of China’s pilot programme for its CBDC (the digital Renminbi) has been extended to more cities including Beijing, following trials in Shenzhen and Suzhou. The US Federal Reserve has also acknowledged that it is actively investigating distributed ledger technologies and how they might be used to digitise the dolllars.   
• In the US, regulators are likely to closely examine DeFi platforms. We also expect to see further US regulatory and enforcement activity against both US and non-US cryptoasset trading platforms.  We’ll also likely see further developments in the turf war for the regulation of virtual currency activities between US state and federal regulators.  

For more, watch our international expert panel discussion on CBDCs and Stablecoins  or read: CBDCs and Stablecoins – how might they work in practice? and As DeFi Matures, US Financial Regulatory Questions Loom Large.

5.  Sustainable fintech

We have seen increasing focus on environmental, social and governance (ESG) issues across the financial sector. With government imperatives to make progress in meeting the UN sustainable development goals ahead of COP26 in November 2021, we have seen key regulatory developments, such as the European Commission’s green taxonomy and stimulus plans, as well as both private sector and consumer interest helping to drive change. From the carbon footprint of Bitcoin, to the cultural and ethical issues raised by developing products utilising personal data or AI and the value that fintech can bring in terms of social inclusion, ESG considerations and challenges abound for fintech.

What’s next?

• A much greater focus on the intersection between ESG and fintech. This means improved opportunities for green or socially aware fintechs and firms being held to greater account on ESG issues. Diversity and inclusion will be key, with a move towards greater investment in fintech firms led by BAME and female founders.
• With increasing focus on governance, financial firms will need to develop documented procedures on the development, implementation and use of technology which may impact consumers or society at large. Taking AI, for example, this might include ethics frameworks, explanations of the AI, approval processes and allocation of responsibility. First steps towards mandatory human rights due diligence mean fintech firms of all sizes will need to understand risks throughout their value chain and show they have processes in place to address them. Such processes will be important reputationally, and may also be requested by regulators or litigants.
• President Biden’s inauguration has brought ESG to near the top of the US agenda, which could mean particular focus on sustainable fintech issues. Biden rejoined the Paris Climate Agreement upon taking office. He also appointed one of the most outspoken proponents of greater disclosure of ESG policies and practices by publicly listed companies and certain other financial services providers to serve as the interim Securities and Exchange Commission (SEC) Chairman, and we expect continued focus by the SEC and other US regulators on “greenwashing” and other potentially misleading marketing practices.

For more, read: ESG: Legal Risk or Business Opportunity? and Can human rights due diligence help the tech sector?