Regulation and innovation: mutual benefits

Ladies and Gentlemen,
 

The financial sector is engaged in an unprecedented dynamic of innovation. New technologies offer vast opportunities in the field of financial services but bring also a variety of risks. This ambivalent impact of innovation raises obvious questions for central banks and supervisors in charge of financial stability: how can we ensure that financial stability is maintained in such a changing environment, and that customers and all stakeholders have confidence in the financial system? In Europe, part of the answer to this question is provided by adapting our regulation tools to help harness benefits brought by innovation while controlling risks. However this approach raises questions: is there not a risk of hampering innovation and therefore competitiveness of the financial sector in the name of controlling risks?

This morning I would like to share with you a strong conviction, which may seem iconoclastic in the current context, and perhaps even more so in this country: there is no point in opposing innovation and regulation. Jean Monnet, one of the fathers of European integration, famously said: ‘Nothing is possible without men, but nothing lasts without institutions’. In the same vein, I would say: ‘Nothing is possible without innovation, but nothing lasts without regulation’. 

This is particularly true, I believe, for the financial system, and I would like to illustrate this in three critical areas for the prospective safety and efficiency of the financial sector – DLT-based finance, artificial intelligence (AI) and cyber risks.
 

I/ Let me start with DLT-based finance.

1/ Today, crypto-assets are back in the spotlight, particularly here in the US. However, we need to bear in mind that ‘first generation’ crypto-assets, such as bitcoin, represent only a small proportion of global financial assets (1.4% of the world market capitalisation at the end of 2024), and are not widely used in critical financial services, including payments, on which the real economy depends.

In contrast, the sponsors of tokenization initiatives argue that DLT-based tokenization, while still in its infancy, offers wider opportunities and use cases notably in the field of investment, trading, clearing and settlement services. For example, in the short to medium term, the tokenisation of financial assets could lead to efficiency gains in post-trade activities, with blockchain technologies enabling greater automation, greater availability and transparency, and improved traceability. In the longer term, the tokenisation of non-financial assets - such as real estate - could increase the liquidity and accessibility of the underlying markets.

However, the development of tokenised finance is notably handicapped by the absence of a fully secure settlement asset. Central bank money - the most secure form of money, and the reference settlement asset in traditional finance - is not currently available on blockchain. For this reason - in other words, by default - market participants may be tempted to use crypto-assets known as stablecoins. However, stablecoins, especially when they are not regulated, are subject to many risks, particularly liquidity risks. Market participants are well aware of these risks, and the resulting lack of confidence goes a long way to explaining the relatively slow pace at which the tokenisation of assets is developing.

2/ Against this backdrop, our strategy in Europe has been to adapt our regulation tools in two main ways to support a sustainable and safe development of tokenised finance, and to also safeguards our monetary sovereignty on settlement solutions. First, we have developed an ad-hoc legislation for stablecoins issuers and digital assets service providers through the adoption of the MiCA Regulation and the so-called ‘DLT Pilot Regime’ Regulation. Second, central banks of the Eurosystem under the aegis of the ECB have been preparing an adaptation of the central bank money services they provide. To support the development of tokenized finance more specifically, the Governing Council of the ECB announced two weeks ago that the Eurosystem will develop and deploy solutions to settle in central bank money, including in digital form, namely in wholesale CBDC, transactions recorded on DLTs, following a two track approach. This initiative whose first track should become live by the end of next year should contribute to support the growth of an integrated and sound European market for digital assets.
 

II/ I'd now like to turn to a second area of innovation that is absolutely crucial for the financial sector: artificial intelligence. 

1/ The recent International AI Safety Report led by Professor Yoshua Bengio identifies three types of AI risk: risks associated with misuse, risks associated with malicious use, and systemic risks. This morning I would like to talk about the latter, and how they apply to the financial sector.

First and foremost, the financial sector is vulnerable to risks originating in the real economy. AI could bring about incremental productivity gains but also more profound economic changes, with major sectoral restructuring, and major transfers of jobs from some economic sectors to others - with increased risks of bankruptcy in some sectors, speculative bubbles in others... These economic changes could in turn destabilise the financial sector.

The financial sector is also largely concerned with environmental risks, which the development of AI tends to amplify. The prospect of regular, or even intensive, use of generative AI by billions of customers around the world obviously raises environmental questions and leads to advocacy for a reasoned use of AI.

AI could also contribute to amplify financial sector vulnerabilities through a number of specific characteristics. For instance, concentration in the AI market, in terms of reliance on specialized hardware, cloud services and pre-trained models, may result in compounding a risk of dependence on third-party players, if the financial sector were to massively favour the purchase of ‘off-the-shelf’ AI systems - for example in the field of generative AI, where the main players are today the same as those who dominate the cloud market. This echoes the sovereignty issues I mentioned earlier.

Other amplification impacts on financial system vulnerabilities could go through the use of the same types of trading tools and models, which could increase herding behaviour in the financial markets, resulting in greater volatility and procyclicality. The complexity and novelty of the new models could also increase the risk of error or misuse of AI by institutions. This could lead to significant financial losses, which, through financial interconnectedness, could quickly spread throughout the financial system.

2/ To deal with these risks, we must lay the foundations for ‘trustworthy AI’, i.e. AI that is under control, which implies appropriate regulation.

Europe has been a pioneer in this area: the AI Act, adopted in the summer of 2024, aims to protect citizens' rights while promoting the development of a European market of trustworthy AI. In addition, financial supervisors will have to adapt their supervisory activities to ensure that financial institutions remain in control of the risks associated with their use of AI. 

To that end, I would like to share two convictions with you this morning. Firstly, the principles we usually promote as supervisors of sound risk management and governance can provide an effective framework for most of the risks associated with AI, with a few adaptations. And the financial sector's risk management culture and internal control systems provide solid safeguard. 

However, and this is my second conviction, some issues are resolutely new. Thus, they require specific attention from supervisors and supervised entities alike. This is the case for the explainability and fairness of algorithms. To leave these questions unanswered would mean creating legal uncertainty for institutions, in other words slowing down operational decisions and ultimately innovation in the sector. So I believe that we need to provide the financial sector now with technological and regulatory support, to ensure the development of trustworthy AI. In particular, this means that supervisors need to upgrade their skills, adapt their tools and methods... in short, they need to innovate. Here again, innovation and regulation appear to be complementary rather than mutually exclusive imperatives.

III/ Finally, let me now turn to a third area of critical importance to the financial sector: cyber risks.

1/ The financial sector is one of the biggest users of data and IT resources in the world. This structural trend has been reinforced in recent years by the ever-increasing availability and openness of data. This openness is of great benefit to the financial sector, which can assess new risks or fine-tune pricing. At the same time, the multiplication of data sources and the strengthening of technical interconnections are creating new vulnerabilities. These vulnerabilities are exacerbated by the development of new technologies, most notably AI, which greatly increases the threat posed by cyber attackers, although it can also help to identify attack patterns.

Another new technology could have an even more radical impact on cyber risks, with devastating consequences for the financial sector: quantum computing. It has already been proven that, thanks to their parallel computing capabilities, quantum computers will be able to break the most widely used encryption methods by ‘brute force’, particularly those that currently protect our communication channels. The advanced dematerialisation of exchanges means that our economy and financial system are highly dependent on the robustness of encryption techniques. As a result, this threat should prompt us to begin without delay a gradual transition to quantum-resistant cryptographic solutions. These solutions already exist and have recently been referenced by the American NIST, even if they still require a great deal of research. This is one of the reasons why we, at the Banque de France, have been conducting a number of experiments in this area on an international scale, notably through our involvement in the BIS Innovation Hub.

2/ Furthermore, in order to reconcile open data and risk management, we need to organise the operational resilience of the financial sector. To that end, in Europe, the recently enacted DORA Regulation complements the sectoral regulations with specific rules on operational resilience and IT risk management. In particular, it introduces new risk prevention methods, such as threat-led penetration testing (TLPT) for systemic institutions. These enhanced security tests, involving ‘red’ teams that simulate the tactics of cyber attackers, allow institutions' critical systems to be tested in a real-world environment.

DORA also encourages financial institutions to cooperate with each other to share their knowledge of emerging threats. Supervisors will play a central role in facilitating and overseeing this exchange of information between stakeholders. In this way, regulation will act as a facilitator, to improve operational resilience and IT risk management.

To conclude, let me say a few last words on the challenges those innovations raise for us central banks and supervisors if we want to contribute positively to harness their benefits and mitigate their risks on the functioning and stability of the financial system. 

1/ First, we need to master new technologies ourselves to remain effective and efficient in the conduct of our supervisory activities. This means equipping ourselves with high-performance processing infrastructures, paying particular attention to the sensitive data at our disposal. When it comes to data, we need to make the most of the new data sources, by taking advantage of technological innovations: the open ledgers that blockchains constitute, for example, are a new data manna for central banks and supervisors. To make the most of this potential, however, we need to acquire specialised skills - which is not always easy in a highly competitive world - and develop our tools and methods. In this area, closer cooperation with the academic world could enable us to move forward more quickly.

2/ This brings me to my second point: we also need to cooperate more and better. Each of the three subjects I mentioned earlier - DLT, AI, cyber and quantum - is by its very nature a cross-border issue. We therefore naturally need to develop synergies with peer financial authorities, in order to build coherent regulation on a global scale. We also need to go further and build cooperation with other sectoral authorities (competition, privacy, cyber-security, etc.), in order to take account of the many dimensions of these highly complex issues. Finally, it is also in our interest to cooperate more with the financial sector itself: public authorities and financial institutions share many challenges - think, for example, of quantum computing, which I mentioned earlier - and they will be able to tackle them all the more easily if they are able to move forward together.

To sum up, I would say that central bankers and financial supervisors must not only contribute to regulate, but also innovate, in order to ensure the stability of the financial system while supporting its transformation through innovations. This requires from us to avoid the pitfall common to both regulation and innovation, which can be excessive sophistication or complexity.
This is why in the debate which has started in Europe about how to foster the competitiveness of our financial sector, we advocate at the Banque de France for regulation as simple as possible, and for simplifying it and reducing the associated reporting burden when needed, without renouncing to set demanding requirements in terms of risk management.

In other words, we are in favor of simplifying, not deregulating, which means regulating more effectively and efficiently.

Thank you for your attention.