Fragmented Data Privacy Rules Impede Fintech Growth in Asia

New ASIFMA whitepaper advocates regional harmonisation of data privacy rules to facilitate continued growth of fintech ecosystems in Asia.

ASIFMA (Asia Securities Industry & Financial Markets Association) has released a white paper on the implications of data privacy regulations for fintech in Asia.

Emerging technology like distributed ledger technology, artificial intelligence, machine learning, big data and cloud computing have the potential to drive innovation and efficiencies and improve access to financial services, the paper says.

“The free flow and utilisation of data are particularly important to the proliferation of financial technology,” it adds. But despite the increasing importance of data, some regulatory structures in Asia have not been adapted to account for data that can be shared electronically across borders. Meanwhile, Asia’s patchwork of data privacy-related regulations and laws impose varying and often conflicting obligations on firms, threatening to upend the potential of fintech.

“Data privacy rules have a particularly strong impact in the fintech space, where solutions are largely driven by the use of data and rely on cross-border data flows to scale their products,” said ASIFMA CEO Mark Austen. “Different interpretations of data privacy rules and definitions can create legal uncertainties which impact confidence to operate across markets, and data localisation requirements present significant costs to new firms that keep them from expanding into new jurisdictions.”

The paper highlights the challenges firms face grappling with varying personal data privacy regulations in the region, suggesting that policymakers develop principles-based data privacy frameworks that increase flexibility for firms looking to employ fintech solutions. A principles-based approach, the paper argues, should replace reliance on overly-prescriptive rules that are not well suited for the rapidly changing fintech ecosystem.

“As countries across Asia update their personal data protection regulations, it is essential that they avoid placing barriers that would prevent the flow of information or the innovative use of data, as such impediments can impose real and substantial economic costs,” it says, citing the GDP-reducing impact and higher prices for cloud services as the costs of these barriers in some countries.

As such, data privacy regulations directly impact where fintech firms decide where to incorporate and make their innovative products. This results in certain countries being “left behind” in terms of innovation and financial inclusion.

ASIFMA suggests that data privacy laws should be focused on outcomes rather than process and be technology neutral. They should also be consistent with existing international best practices. The focus should be on how data is stored rather than on geographic locations, and allow mechanisms to facilitate cross-border sharing. Additionally, the ability of firms to outsource functions to third-parties should be preserved.

“While there should be limits on what can be transferred across borders and minimum protections for how information is stored, regional harmonisation would provide a level of legal certainty,” said Austen. “This would help facilitate the continued growth of new technologies and innovative fintech ecosystems across the region.”

A principles-based approach will help regulators meet statutory objectives by focusing on operational results rather than technical details, he added. Additionally, it can promote dialogue between regulators and fintech firms, which can result in better results for all stakeholders.

The report, developed in partnership with Refinitiv, Latham & Watkins and Herbert Smith Freehills, is available here.

To Top