After the collapse of Independent Insurance in 2001, the Financial Services Authority did a fair amount of internal soul-searching.
Why had warning signs, in this and other cases, seemingly obvious in retrospect, not been picked up sooner?
The result was a short list of subjective tests that supervisors could use to justify deeper investigation of a firm even when the usual raft of objective tests caused no concerns.
Among the new tests, which can be seen as an early formalization of the judgement-based approach good regulators have always used, were whether the firm had a dominant CEO, or an unusual business model.
Unfortunately, like too many hard-learned regulatory lessons, this short set of tests was soon overtaken by new ideas, and opportunities were consequently missed. In the run up to the financial crisis, RBS had a dominant CEO and Northern Rock an unusual business model, yet neither was properly picked up. And bringing us right up to date, Wirecard, which collapsed in scandal this summer, had both.
In addition, its history also carries echoes of the 1991 collapse of BCCI, another overseas-based financial services group with a UK presence that turned out to be riddled with fraud.
Although most obviously a financial fraud, the broader regulatory significance of Wirecard may turn out to be almost as great, and, while based in Germany, its UK presence is not insignificant. Therefore, questions about whether UK regulators might have become concerned and taken sooner remain relevant.
So, what are the other takeaways for UK regulation from the Wirecard affair? The story is still unfolding, but at this stage there are two areas that stand out.
1. Regulation of Fintechs
Perhaps the most obvious lesson of the wider Wirecard scandal is that it exposes the dangers of what we might call the “Fintech halo effect”, the potential bias that sees new technology-focused entrants to financial services as inherently good because they increase choice for consumers and provide competition for incumbents.
These days, all regulators, including the FCA with its competition objective, will be susceptible to this bias to some degree. The questions therefore is what do they have in place to mitigate it.
The reality of Fintech regulation is, of course, more complicated. They are, for example, as vulnerable as other firms to the risks of poor governance, management and controls, while the limited firm data supervisors receive make it hard to assess business models that prioritise market share over profit.
All this is accentuated by the lighter regimes in place for many Fintechs. Both the e-money directive – under which Wirecard is regulated in the UK - and the payment services equivalent, are deliberately less onerous than the Financial Services & Markets Act (FSMA). A major difference is that consumers do not have access to the Financial Services Compensation Scheme (FSCS).
Wirecard is not a large firm in the UK but neither is it small, and several other regulated firms depend on it. By one estimate, some 500,000 consumers were affected by the FCA’s end-June scramble to suspend Wirecard while it worked out if the UK operation was affected by what was happening in Germany.
Many of those who use the services of Wirecard and other e-money firms will believe, wrongly, that their money is protected by FSCS and will not understand that they are less regulated than banks. This is unacceptable, not least those who are vulnerable.
More broadly, the risks involved in Fintechs like Wirecard that work across several other regulated firms are not easy for supervisors to monitor properly. The relationships are sometimes hard to map and the resulting dependencies are difficult to assess. Meanwhile, the FCA is largely organized around market sectors, and does not obviously help supervisors understand the business models of Fintechs like Wirecard that are sector agnostic.
Given the above, now is a good time to review the regulation of e-money and payment services firms, to judge whether the current lighter regime with its lower levels of consumer protection remains the right answer, to design a new approach to consumer awareness, and to assess how the FCA’s operating model needs to change to take account of Fintechs like Wirecard.
2. Group supervision
The effective supervision of financial services groups has always been notoriously difficult, particularly when the groups are international and include large non-financial services firms.
For the Wirecard Group, incorporated in Germany, the main weight of regulation clearly falls on Germany as the home supervisor. But the FCA clearly has a responsibility as the regulator of the UK subsidiary, and, as BCCI showed, it is naïve to believe you can supervise a UK entity divorced from the wider group context.
With this in mind, the FT’s reporting on Wirecard, going back several years, should have raised some red flags, and it would be interesting to know how the FCA treated these and what questions they asked as a result. Curiosity was meant to be one of the founding values of the FCA and Wirecard was fertile territory.
None of the above is easy to get right and requires multiple factors to be balanced at any given time before taking decisions. However, many of the challenges of regulating Wirecard are not new, and the arguments above will almost certainly have been made internally at various times.
As the Wirecard story continues to unfold, it will likely reveal more lessons, both new and old, to inform the future regulation of Fintechs.