The Emergence of FinTech in MENA
What is FinTech?
FinTech (short for ‘Financial Technology’) is an umbrella term that refers to the application of technological innovation to the financial services industry. It is quite a broad term, and as such, FinTech firms often have very little in common with one another. Although most people associate FinTech with crypto-currency, the reality is that it is much more than that. In fact, FinTech encompasses a diverse range of platforms, applications and service offerings for both individuals and corporates, including:
- Lending, Peer to Peer (e.g. Beehive and Liwwa) and Crowdfunding Platforms that allow individuals and businesses to lend to and borrow funds from a variety of sources through an online platform (like Eureeca);
- RegTech: regulatory compliance software (including for facilitating ‘Know Your Client’ procedures, Anti-Money Laundering and fraud screening and detection, and real time monitoring of compliance with regulatory requirements). Prominent examples include Hummingbird and Azakaw;
- Payment Processing (e.g. Pay Tabs, Stripe, Fiserv and Paypal) and Subscription Billing Software (think Netflix and Uber);
- Budgeting Tools and Apps to manage personal finances (such as Mint – a free budgeting app that syncs users’ bank accounts, credit cards and other accounts to help track incoming and outgoing money);
- Mobile Wallets (e.g. Careem Wallet) and Mobile Payment Apps (e.g. Apple Pay, Google Pay, and Alipay) which allow users to pay on websites, in apps, and in stores using the cards saved to their account (by simply tapping the back of a smartphone to the payment terminal screen);
- International Money Transfer and Tracking Software (e.g. CurrencyFair);
WealthTech: Wealth Management and Investment Platforms and Tools, including Robo-Advisors (e.g. Sarwa, and Vanguard personal advisor services);
- Open Banking APIs used as a secure communication method between banks and authorised third party providers (e.g. TrueLayer);
- InsurTech: data analytics and software for re-insurers and companies selling insurance digitally (e.g. Bayzat, Democrance and BIMA – the latter, a Swedish company that promotes financial inclusion by offering insurance and mobile health services for low-income families, the vast majority of whom are accessing insurance for the first time and who live on less than US$10 per day);
- Stock-trading Apps (like Robinhood) which are relatively inexpensive and require low minimum investment amounts;
- Capital Markets analysis and infrastructure tools (e.g. Credit Benchmark) for financial institutions;
- Mortgage financing and digitisation platforms (such as Zoopla which reduces the mortgage application process from months to days, and the Dubai Land Department’s proposed platform for conducting end-to-end real estate transactions online); and
- Blockchain technologies for financial services (e.g. HSBC MENA’s Voltron which digitises the Letter of Credit process).
Unicorn, Sandbox, Chatbots.. What the!?
The technology industry (and FinTech is no exception) loves jargon. Here are some commonly used terms in this space (in order of appearance in this article):
- Application Program Interface or APIs: allow one computer program to be used by another. Essentially, they are used as a secure method of communication between online banking systems and those of third parties.
- Neobanks / Challenger banks: fully digital banks with no branches (such as Monzo and Revolut) that operate through online banking or mobile Apps. Primarily, there are three types of neobanks: those that offer financial services under the licenses of traditional banks; those that have alternative licensing for offering bank accounts that have some limitations; and those that are a subsidiary of a traditional bank which aims to offer new products etc. but operates under its parent bank’s licence.
- Unicorn: a privately held Start-up company with a value of over US$1 billion.
- Sandbox: a time bound regulatory process that provides FinTech firms and traditional banks the ability to develop and test their new product and service offerings in a controlled environment without having to comply with the regulatory requirements that would otherwise apply to it. The aim is to encourage innovation whilst providing regulators with an opportunity to understand potential implications of the solution to consumer protection and financial system stability, so that they can adapt the current regulatory framework to accommodate such innovative and disruptive solutions.
- Machine Learning: refers to computer systems that have been empowered by humans with the ability to ‘learn’ by themselves by using the provided data and to make accurate predictions and decisions. Machine Learning is a subset of Artificial Intelligence.
- Artificial Intelligence or AI: is an umbrella term that describes machines that incorporate some level of human intelligence / cognitive ability.
- Chatbots: software (such as Siri) that conducts a conversation with customers via audio or text, providing automated customer support.
- Robo-Advisors: are automated virtual financial assistants which use mathematical rules or algorithms to provide digital financial advice, make asset recommendations, and manage and optimise portfolios without any human intervention.
What’s the Big Deal?
FinTech has, and continues to disrupt the financial services industry by providing better, cheaper, and more personalised offerings to individuals and businesses (including banks) often by utilising the internet, mobile applications, cloud services, software and other technology. Add to this the proliferation of user-friendly interfaces and frictionless customer experience (for example, being able to buy stocks or transfer money at the click of a button) – and it is no wonder that customers are increasingly transacting digitally and moving away from cash and visiting branches.
In Australia for example, the Australian Prudential Regulatory Authority’s data shows nearly 300 branches closed around the country in the year to June 2019, up from the 201 branches closed in the previous financial year. Banks in the Middle East have been equally affected by this seismic shift in peoples’ preferences when it comes to financial services, and they have responded by investing heavily in digital transformation. EmiratesNBD has been leading the charge, with an AED 1 billion digital transformation initiative aimed at improving its technology infrastructure so as to continuously improve its digital banking offerings and customer experience.
The impact of FinTech is evident with banks looking to appoint Chief Digital Officers who report directly to the Board. And their role is not just about automation; it is about transforming the whole bank (and not just automation) – this means streamlining existing operations, rethinking client journeys, creating new opportunities by building digital products and services, and most importantly reshaping the internal culture to one that is agile and focused on putting the customer at the centre of every single process.
FinTechs were initially considered a major threat to traditional brick-and-mortar banks and other financial services firms, with the expectation that banks would look to acquire lots of FinTech firms. In reality, this has not eventuated largely because of issues around incompatibility with the legacy technology infrastructure of banks, differences between the Start-up culture of FinTech s (driven by small autonomous teams tasked with delivering customer value) and the more conservative environment prevalent at banks, and competition law restrictions. Instead, the much touted rivalry has given way to a more collaborative approach with banks looking to work with different FinTech firms (including neobanks) and other technology vendors to accelerate the innovation process and co-create solutions that are customised to the needs of banks and which serve to fill a gap in servicing their existing and prospective customers.
The FinTech sector has experienced phenomenal growth in the last five years or so, with t FinTech deals having soared to approximately 1,700 deals (and a combined value of US$39 billion) in 2018. The number of FinTech unicorns globally grew from 25 (with a total value of approximately US$75 billion) in 2018 to 39 unicorns in 2019 (worth close to US$150 billion).
Although the MENA region accounts for a small proportion of venture capital investments in FinTech globally, the FinTech sector in the region is said to be growing at a compounded annual growth rate of 30 per cent. Also, on the consumer side, the region is an attractive market for FinTech firms, boasting a population of roughly 450 million people (half of which is below the age of 25 – presenting a strong base of early technology adopters). The challenge for foreign FinTech firms expanding in to the region will be maintaining their global brand whilst modifying their offerings to be relevant to the local market.
What are the Trends and Predictions?
- Everyone, particularly the big tech companies (Apple, Google and Facebook) want to be a bank in a bid to increase revenue (essentially by offering financial services to their existing customer bases), however there are some competition law hurdles they will need to overcome, particularly if they wish to do it without partnering with a licensed financial services provider.
- Banking-as-a-service (‘BaaS’): this is an extension of the ‘as-a-Service’ model that is prevalent in the technology industry and presents banks that have embraced digital to monetise their regulated infrastructure by granting access to FinTech firms that will pay fees to access a bank’s BaaS platform via APIs. This in turn, enables FinTech firms to use the APIs to build new financial services solutions.
- Bundling of offerings and the dominance of ‘super Apps’ as consumers will find it difficult to (ironically) stay on top of multiple Apps, each with a different offering. Grab, WeChat and Go-jek in Asia have taken advantage of their strong customer bases and existing platforms to expand into new segments and provide consumers with a less fragmented experience that allows you to take a car ride, book hotels, order food delivery, get documents and parcels delivered, transfer funds, and make in-store and online purchases. Careem locally is moving to leverage its existing ride-hailing infrastructure to become the Super App of the region.
What are some of the Relevant Legal Issues?
By default, all entities will be subject to the existing legal framework in each jurisdiction. However, a number of jurisdictions in the region have established regulatory sandboxes, including the Dubai Financial Services Authority (‘DFSA’), the Abu Dhabi Global Markets (‘ADGM’), Bahrain and Saudi Arabia. Although mainland UAE does not have a sandbox, the UAE Central Bank recently announced that it will be setting up a dedicated FinTech office to develop countrywide regulations in order to enable and facilitate FinTech activities in the country.
While each sandbox has its own rules, generally, to be admitted into a sandbox, an applicant needs to demonstrate that its solution is genuinely innovative (i.e. that its offering is significantly different from those that already exist, that it offers a new use for existing technologies or represents a significant scale-up in existing technologies), offers consumer benefit, is ready for testing and that it has a plan to exit the sandbox and deploy its solution in the market.
Please see the related article entitled ‘FinTech Space in the United Arab Emirates‘ from our banking team on the regulatory framework (including sandboxes and testing licenses) for crypto-assets in the UAE.
Right to object to ‘Automated Data Processing’
Often, FinTech solutions adopt AI (including machine learning) technologies, mathematical rules or algorithms to automate certain tasks and make decisions. Such cases include Chatbots, Robo-Advisors, fraud detection and claims management software and predictive analysis in financial services.
Under some regional data protection laws (for example the Bahrain Data Protection Law), an individual may object to decisions that are made solely on automated processing of personal data intended to assess him / her (for example in the context of a loan application). Please see Andrew Fawcett’s and Krishna Jhala’s article titled ‘Borrowers in Bahrain may be able to Object to Automated Loan Processing Decisions‘.
Ethical use of AI
Guidelines have been developed around the world to provide a framework for the ethical use of AI. Regulators globally have in general sought to avoid enacting laws so as to avoid stifling innovation. Given the infancy of AI technologies, it is believed that a soft regulatory approach will help the industry flourish whilst enabling regulators to better understand the associated risks. The focus is more on working with business to develop an agile approach to regulation that is industry specific.
In large part, the various guidelines are focused on ensuring that AI is explainable, non-discriminatory, unbiased, fair, transparent and accountable. In the context of the automated loan processing example above, AI developers would need to be able to explain the algorithms they use so that ‘black box’ systems do not make arbitrary decisions that have a significant impact on a person’s life. Also, they would need to be able to demonstrate that the data sets being fed into their AI systems are unbiased. Consider if the data set is taken from a loan officer who routinely rejected loan applications because of their race, religion, gender or some other factor that is not relevant to assessing their ability to repay a loan. If that data set were to be given to the AI system as a basis for assessing future loan applications, then that human bias and discrimination would be ingrained into AI systems, and similar applicants would have their loan applications rejected because of irrelevant factors, thereby resulting in algorithmic bias and perpetual discrimination.
Early this year, Smart Dubai launched its own guidelines on the ethical use of AI together with a toolkit that allows developers to assess their AI systems’ level of compliance with Smart Dubai’s guidelines. Although the guidelines are not legally binding, breach of certain principles could nevertheless amount to a breach of relevant national laws such as the UAE’s Federal Law Combating Discrimination and Hatred.
Compliance with a raft of data protection regimes is a key concern for FinTech offerings as the underlying systems and applications contain vast amounts of data, including personal data. In the region, there are myriad of data protection laws that apply in various free zones (such as the DIFC and ADGM), as well as in Bahrain, Qatar and other jurisdictions with new laws expected to be enacted in the UAE and Saudi Arabia.
From a data protection perspective, Banks, FinTech firms and other technology vendors will need to ensure they have, in place, appropriate documentation (for example privacy policies and data protection / transfer agreements for sharing data with one another as well as other data controllers and processors, both domestically and across borders) in addition to technical and operational measures so as to comply with regional data protection laws. A data breach incident can result in civil (and even criminal penalties), and in cases where the personal data relates to persons in more than one jurisdiction, it may result in fines being imposed by multiple regulators. We will discuss this issue in greater detail in a publication to be published in the next couple of months.
Cloud and Cybersecurity
The risk of data breach increases as banks and FinTech firms collaborate and novel business models such as BaaS become more common. Well known FinTech platforms could be an easy target for cyberattacks, and in addition to the measures noted above, FinTech firms and banks ought to ensure they have adequate cybersecurity and cyber insurance in place to meet regulatory requirements. Please see Zil Ur Rehman’s articles in relation to proposed cybersecurity standards for Information Communication Technology (‘ICT’) service providers in Saudi Arabia that are likely to be relevant to telecommunications service providers who are looking to offer mobile or ‘internet of things’ wallets in conjunction with banks.
Open Banking started out as a regulatory initiative in the EU as part of a concerted effort to increase competition and innovation in the banking sector, which is now gaining momentum globally. In certain countries, such as Bahrain, banks are required to share customers’ financial information with authorised third parties, resulting in numerous benefits, namely: (1) third parties can access consenting bank customers’ financial information in order provide alternative or new offerings to such customers; (2) banks are able to deliver a better experience to its customers by enriching their offerings; and (3) customers can access their data in real time and share their information with other parties (for example, to get a better deal elsewhere or simply to get an amalgamated view of all their finances across various banks and FinTech firms within the one portal or App). It is yet to be seen, if and when, other countries in the region will follow suit. It is envisaged that Open Banking will lead to ‘open finance’ and ultimately ‘open utilities’ as the model can be replicated in other industries such as utilities and real estate. For example, the use of aggregated data and APIs will enable changes in a person’s financial life to be identified (e.g. an annual increase in their rental payments) and personalised services to be solicited from comparison sites.
Technology Contracting Risks
Collaboration and outsourcing with FinTech firms and other technology vendors can unwittingly introduce new points of compliance failure for banks, particularly in an environment where the technology supply chain and ecosystem is becoming ever more interconnected and complex. The proliferation of numerous FinTech solutions, third party software, and cloud services etc. requiring configuration, integration and/or implementation with legacy technology infrastructure will require special contracting focus in order to ensure regulatory compliance and mitigate risk.