Industry veteran Jamie Lloyd Evans discusses the introduction of digital identities in Singapore, and what it could mean for banking.
One of the unfinished stories of 2019 was the peculiar announcement that consumers in the island nation of Singapore will soon be able to aggregate and share their financial data online. The Business Times led with this front-page story on 25 October based on an exclusive interview with the Managing Director of MAS (Monetary Authority of Singapore), Ravi Menon, but to date no further information seems to have surfaced.
In the movie, Casablanca, there is a scene in which Rick (Humphrey Bogart) secretly ‘adjusts’ the odds at the gambling table in order to help prevent a desperate woman from doing something unconscionable with the rascally prefect of police (Claude Rains). On hearing of this news, the waiter (Leonid Kinsky) falls upon his stony-faced employer with many kisses, and exclaims:
“Boss, you have done a beautiful thing”
I’m not sure that any analogy with banks and fintech is appropriate, but the reaction to the interview has fallen somewhat short of that Casablancan exuberance; in fact, there has been virtually no public reaction to the statement.
At a personal level, I am a big supporter of some form of open banking, so this seems like a big step in the right direction – and potentially a game changer for the industry. But what should we expect of this infrastructure, and will it come at a price?
National identity as the backbone
I don’t have any privileged insights, but for those that attended the Singapore Fintech Festival in November, I think a big clue was to be found in a fleeting glimpse of something called the “Singapore Stack”, revealed in a video that was played during Menon’s opening remarks.
The mysterious Stack was featured in the section on digital identities that are being created for all residents in Singapore, known as the National Digital Identity (NDI) project. This is a big endeavour in its own right, but also forms part of the larger Smart Nation agenda and is integral to the future of Singapore’s digital evolution.
A second clue was to be found in the joint press release published by the MAS and BIS (Bank for International Settlements) during Fintech Festival, stating that the new BIS Innovation Centre in Singapore will focus initially on work that the MAS has already undertaken in establishing “a framework for public digital infrastructures on identity, consent and data sharing”.
The statement goes on to say:
“Trusted digital identities for individuals and corporates is a foundational public good that supports the development of inclusive digital financial services including payments as well as other transactions in the broader digital economy”
If we follow the clues, it would seem NDI will be the backbone of a system that will combine access, data, and services to consumers in Singapore. Within this scheme, all government services, as well as some private sector financial services, will be available on the basis of NDI biometric authentication (no more passwords and 2FA?) and will interface with private sector protocols.
In more practical terms, this means that a variety of functions will be completed directly via the Stack, e.g. KYC when applying for a new account, data transfer from one institution to another, and even transaction initiation.
Security and safeguards are paramount
Singapore would not be the first country in the world to create this infrastructure (NB. India’s Aadhaar project and the ‘India Stack’) but Singapore could be particularly effective at pulling it off, given the size of the population and the fact that all government systems (and many private sector systems) already rely on the existing national ID card number – NRIC.
There are political dimensions to this type of project, and to a real libertarian it may sound ominous. But my own view is that a confluence of history, culture, economics and politics will naturally lead some countries to embrace this type of digital ID/Stack, whilst others will adopt a more wary posture. It may not be the case that one inclination is right and the other is wrong, but it will naturally lead to many questions.
In the future, will every country have their very own digital ID system and stack? Would some cross-border connectivity between these stacks be developed over time? Will financial services be available only through the Stack in Singapore?
We don’t have enough information to answer these questions, but from the outset it may be helpful to think of the Stack principally as a router or gateway, rather than a giant repository of our life-long digital footprint. And I think we should also assume best intentions as much as the Stack is conceived as a public good based on the principle of consumer consent.
Security and safeguards will be paramount, and we will have to wait and see what type of governance features will be built into the Stack, and how it will be supervised and maintained. A reasonable safeguard, for example, might be to limit the number of participants or services/APIs accessible via the Stack.
I’m not sure that this would necessarily improve security, but rather than being a completely open platform, I can imagine that initial participation would be restricted mainly to the local banks[i], assuming they meet certain standards set by the Stack operator/regulator, with other participants being allowed in over time. This could be prudent, but in this scenario many of the non-bank fintechs might be left out in the cold.
A regulatory compass
To continue with the scene from Casablanca, the extraordinary fortune of the husband of the young woman prompts an aggrieved patron to ask, with a fair amount of irony, whether the dealings in Rick’s establishment are legitimate; indignation instead of kisses…
These difficult situations typically lead us back to the perennial topic of policy trade-offs and balancing acts. This complexity has always existed, but seems to have dialed up a notch in recent times. For the most part, the issues can be reduced to the question of how policymakers simultaneously promote and protect consumer interests (including their data) whilst maintaining financial stability. Consequently we are not talking about “honesty” or moral compass in this sense, as much as a “regulatory compass” for these waters.
Fortunately, in 2019 the BIS produced one of its best pieces of research in a report on the interaction of traditional banking models and fintech – particularly the rise of BigTech.
The report contained a ‘regulatory compass’ for bigtechs in finance, providing a a useful – albeit imperfect – way to think about policy directions and trade-offs.
If we were to focus on open banking, the compass indicates both restricted and less restricted approaches that are based on data portability. But taking into account the work on national digital identities, in my opinion, we could also think about policy approach in terms of three different typologies:
- Specific legislation but no prescribed infrastructure (e.g. the EU)[ii]
- No specific legislation and no prescribed infrastructure (e.g. China, US)
- No specific legislation, but available public infrastructure (e.g. India, Singapore?)
These typologies are arguably a summation of policy tools, which in turn reflect policy intent, but how these tools and policies intersect with issues, such as data protection and competition (bigtech and small fintech), is unclear and probably will require a ‘regulatory compass’ in the near future.
Having said that, it seems to me that in Singapore the wind is blowing in a slight north-easterly direction, and if so, the banks in Singapore, including the new digital banks, will need to prepare themselves for a world in which consumers will view and manage their aggregated financial resources like never before. This will at once create opportunities and potential risks for banks.
I would not be surprised if PFM (Personal Financial Management) capabilities become the new battleground of consumer banking – think data enrichment, analytics, aggregation, advisory, etc. The superior offerings in this space will ultimately ‘own’ the customer relationship, especially if their personal accounts are spread across a number of institutions.
Whether these capabilities could eventually be subsumed within a ‘Super-app’ that orders our food and tells us which clothes to wear in the morning remains to be seen, but at that point in time we may need to take a very hard look at our compass.
Jamie is a seasoned financial services practitioner who has experience as a banker, regulator, and advisor in the fintech space.
[i] In the spirit of a public good I would anticipate that moral suasion rather than legislation would initially lead the local banks to become full participants in the stack.
[ii] Absent any prescribed infrastructure the bank API gateway models (Tink, Plaid, etc.) may continue to present a compelling business model within an open banking environment, but how they interact with Digital ID/global Stacks is too early to call.