RegFi Episode 61: Reimagining Financial Regulation for the Digital Age
52 min listen
Jo Ann Barefoot, founder and CEO of the Alliance for Innovative Regulation (AIR), and Kabir Kumar, partner at Flourish Ventures, join co-hosts Jerry Buckley, Sasha Leonhardt and Sherry Safchuk for a special RegFi episode recorded during Orrick’s Annual ConFi Today conference.
The conversation explores the future of financial regulation in the technology age, including AI's transformative potential in financial services, the challenges of navigating state and federal regulatory frameworks, and how technological advances could enable real-time regulatory supervision.
- Alliance for Innovative Regulation (AIR)
- Flourish Ventures
- “Financial Regulators' Dilemma: Administrative and Regulatory Hurdles to Innovation”
- Orrick Financial & Fintech Advisory
- RegFiPodcast.com
-
Jerry Buckley:
Hello, I’m Jerry Buckley, and I want to thank you for joining us here at Confi and welcome you to this special 61st episode of our Orrick RegFi podcast series. Today, we will be engaged in a thought experiment, seeking to imagine how technology advances could transform the way financial services are offered and regulated in the United States.
For those of you who are not regular listeners to RegFi, our premise is this: Financial regulation driven by advances in technology will change more over the next 10 years than over the last 50. Our aim at RegFi is to move beyond the tactical regulatory issues we deal with on a daily basis and consider how rapidly advancing technology and changing public policy environment are likely to impact the way financial services are offered and regulated here.
Today, we are honored to have two guests who have thought deeply about the positive impact that technology can have on financial products and services, and how the use of new technology can enhance regulation and supervision of financial market participants.
Jo Ann Barefoot is the founder and CEO of the Alliance for Innovative Regulation, or AIR as it’s known. She is a co-founder of Hummingbird and the host of her own podcast, Barefoot Innovation. AIR is a global nonprofit dedicated to ensuring that digital transformation and finance is matched by digital transformation and financial regulation.
Kabir Kumar is a partner at Flourish Ventures, a leading global venture capital firm focused on financial innovation and expanding financial opportunities worldwide. Kabir leads global policy and ecosystem efforts at Flourish.
And to finish the introductions, we’re joined today by my Orrick partners and fellow RegFi hosts, Sherry Safchuk and Sasha Leonhardt, both of whom focus their practices on the intersection of financial services, data, and innovation.
We’ll be talking a lot today about regulation, and you might ask why. To a greater extent than almost in any other industry, regulation is central to the financial services business. Financial services industry consists of a series of financial models and accounting conventions wrapped in laws. Take away the laws and regulations, the financial services industry might cease to exist. So, this is a symbiotic relationship: regulations prescribing how financial products are to be offered and by whom, while regulations need to be updated regularly to respond to emergence of new tech financial products, particularly enhancements brought about by technology advances.
Money is an abstract concept and relies on confidence of market participants. Without a shared understanding of the accepted and expected behaviors, which in modern finance is usually founded on governmentally promulgated regulatory models, the system breaks down. And as we saw in the late 2000s, when the regulatory guardrails fail, the entire financial system can be put at risk.
The emergence of new AI-powered technology will inevitably reshape the way financial services are offered. And this leaves us with a question we will be exploring today. How can our financial regulatory system evolve to provide a confidence-building, rules-based framework for technology-driven innovation without stifling innovation itself?
Jo Ann, yours has been one of the first and strongest voices calling for innovation and regulation. And AIR recently released your blog called Regulation 2.0, noting that 2025 could be the year when our regulatory models make a great leap forward. To get us started, could you summarize for our listeners why you think 2025 provides the confluence of conditions that would spark tech-driven change, that would transform our financial system? And, by the way, I strongly recommend to our listeners that they listen to that full blog. But Jo Ann, to give us a summary, would you do that, please?Jo Ann Barefoot: Yes, I’d be delighted to. And thank you for having me. I love your podcast. And Jerry, you have been one of my best thought partners for many, many years. And Kabir is one of my other best thought partners. So, it’s really fun to be with you both and also obviously with Sasha and Sherry.
The argument that we’re making at AIR is that, first of all, we work on the regulatory side of the tech change that’s transforming finance. We’re a nonprofit organization. We work all around the world. We work with regulators throughout the world and throughout the United States. And I’m a former regulator myself: I was Deputy Comptroller of the Currency. Everything I’m going to say is not intended to be critical of the regulators. They have a very hard job to do. And it’s easy to talk about these things. It’s much harder to do them.
That said, it seems clear to us that the U.S. regulatory model needs to change in light of the tech forces that are, again, transforming the industry. The regulators need to understand the tech change that’s occurring in the markets they oversee, and they also need to use better technology themselves.
And I know we’re going to talk about that as we go through the conversation. The agencies are in motion. They are changing. They have been. You can see a confluence of many kinds of progress being made as the agencies have lived in the modern tech world like the rest of us have. And I think that makes this moment ripe for change.
And then why 2025? Really because the Trump administration has arrived and is making things change faster. Whether people like the Trump changes or don’t like them, I have been comparing the arrival of the new administration to an asteroid hitting the Earth. You know, it’s really having effects that are making people rethink what they’re doing. And, you know, you can choose your words, but disrupting what was there and also is being populated by people who are moving quickly. Obviously, we’re seeing that in things like the DOGE Project.
So, we are suddenly in a situation where we had a system ripe for change, a system that needs change in my view, and I think that’s a widely held view, and then suddenly some leadership that is very motivated by more rapid change. I think that one result of this is likely to be more cooperation among the U.S. federal financial regulators than we have usually seen. The agencies obviously do cooperate with each other. But as your listeners probably know, the United States has a uniquely complex regulatory structure at the federal level in financial services, with multiple agencies directly supervising banks and credit unions, depository institutions.
With several different agencies having their own domains, I think that there is growing recognition that there’s probably more need for moving toward what we’ve called a Regulation 2.0 model in which — and I know we’re going to talk about it more as we go through the discussion — but in which the regulators move toward working more with common data or interoperable data and common technology platforms that can enable them to move faster, to see more, to, again, cooperate more, perhaps to give more consistency to the industry in terms of guidance and so on.
And I think that we may be struck by big things happening faster than they usually would in the careful mode of regulation, which is it’s not a bug. It’s a feature that the regulatory system is designed to be deliberate, careful, cautious, which makes it slow.Sasha Leonhardt: Jo Ann, thank you for that. And Jo Ann, Kabir, thank you both for joining us. To build on your point there about the regulatory system being deliberate and that being a feature and not a bug. Kabir, several years ago, and with your encouragement, Jo Ann, Jerry, and I worked together on a pro bono project where we interviewed the heads of innovation at each of the financial regulatory agencies. And the goal there was to identify factors that they believed were holding back regulatory innovation.
The report that emerged from these interviews was entitled Financial Regulator’s Dilemma: Administrative and Regulatory Hurdles to Innovation. And we’ve spoken about it a handful of times on this RegFi podcast. Jo Ann, I think with you the last time we had you on, in fact. Among the hurdles identified by some of the people we interviewed were the cumbersome requirements and extended timelines associated with rulemaking under the Administrative Procedures Act. Now, the APA provides important protections and opportunities for agencies to receive and incorporate public comment in rulemaking actions.
But it can result in a multi-year process to amend regulations. And this puts the APA directly at odds, or I could say at least in tension with, the world we live in today, where technology is advancing rapidly, day over day, week over week. Any suggestions, and Kabir, I’ll ask you to answer this first, but Jo Ann, we’re welcome to your thoughts as well. Any suggestions as to how the regulatory process could be better aligned with this fast-moving tech environment we find ourselves in today?Kabir Kumar: Thank you for that question, Sasha. And Jerry, thank you again for having me. And it’s great to be in this conversation with both you and Jo Ann, who are a great inspiration to me. You’ve had tremendous impact on the financial system, and I’ve learned a lot from both of you. So it’s always a privilege to be in this conversation.
You know, as Jerry mentioned at the top, Sasha, you know, we are a global investment firm with 850 million AUM. A big part of our efforts are investments in fintech companies. In fact, fraud and compliance is a very important area for us. So we are investors in Hummingbird, in companies like Alloy, TrueBiz, Spade, and many others globally. And in addition to investing, we also engage with the ecosystem. And one of the areas of emphasis for us has been over the years is how do we modernize the regulatory system itself? And we conceptualize this as an important area for us, the previous era of technological change, which was mobile internet, effectively the internet reaching everyone through mobile.
And so we conceptualized that, wow, this is an era that is going to fundamentally transform financial services. Ten, 15 years ago, we barely transacted using our cell phones. Today, in the post-pandemic moment, we entirely transact using our cell phones. It’s been a very fundamental and foundational shift.
And we felt we have all these technologies, they’re fundamentally changing our interaction with financial services, but we have to bring the regulators along. And as Jerry and Jo Ann were explaining, not only do they have to enable rules and not only do they have to enable regulations, but their own systems, their own ways of engaging with the financial system have to change. They have to adopt technology. And this is partly why we worked with you and commissioned that study, that pro bono work that you did that was tremendously impactful. You know, I would like to say that we’ve advanced on all of the aspects that we identified in that report. Unfortunately, we haven’t. Or as Jo Ann said it, fortunately, we haven’t.
I think there’s still an opportunity for us to go and tackle these areas, but things have changed now. Now we are in a different era when it comes to technology. We are in an extraordinary era when it comes to technology. It’s the age of AI. It is going to be fundamentally transformative. Someone said the next four, five years — this has got nothing to do with politics, administration, what’s happening in the U.S., what’s happening globally — it’s a secular development. It’s going to feel like a time warp. We’re going to feel that we have suddenly moved, you know, years ahead.
And so we now have a new challenge in front of us. You know, we still have the system that didn’t catch up with mobile and internet. And now we have a system that’s really fundamentally realigning. And I’ll give you one small anecdote from our investment work. We have an overwhelming number of startups innovating at the intersection of AI and compliance. It’s fascinating to me. I mean, who would have thought that the next founder wants to innovate in compliance? But I think it’s exciting because people believe that the technology creates a real shift moment. They can actually engineer something fundamentally new. And so very excited about that.
I was telling Jerry before this podcast last week that one of the other things that we have to do, we have to think of some of the laws in a way that we haven’t thought about them before. And I was drawing inspiration from Jerry’s work from early in his career with the E Sign Act. We wouldn’t have internet commerce without E-Sign. It was made for the internet moment. And Jerry may want to talk about it because the way it was done was also very, very important and instructive for this moment. But what is the equivalent of the E Sign Act for this moment is a question we should ask.Jerry: Since you bring it up, the E Sign Act, for the benefit of those who take it for granted today, was something that emerged in the late 1990s and ultimately was enacted in 2000. And it was a law designed to allow for the use of electronic records where paper records were used, electronic signatures where ink signatures were used. And it was thought through very carefully by the Uniform Law Commission. They produced something called the Uniform Electronic Transactions Act. And then, because some of the states were not acting uniformly, the Federal E Sign Act emerged. And it gives us some interesting lessons.
One of them is that the sense was that we should not try to ensconce in regulations what the policies should be. So it took the approach of spelling out in a relatively short statute with protections for consumers built in, but that is they had to understand and they had to verify that they could use the technology, but otherwise, it left to the marketplace deciding how it was going to be done.
And because it didn’t have a regulatory framework, and of course, our financial services industry sort of follows along in the regulatory model, it was necessary to establish something which was called SPERS, Standards and Procedures for Electronic Records and Signatures. And I was counsel for that group, and we sort of organized, and it was a large group of all the financial regulatory agencies and many of the players. And what emerged was a series of basically common understandings and common language. So, what does it mean to authenticate? What is the signature process? All of that was developed in a concerted effort and it became adopted by the mortgage industry, the insurance industry, the auto finance industry, as the model for how they should operate. And, you know, then things evolved from there. But we never had a regulatory process that ossified in one place, this is the way it must be done, and could not adapt then, as we visualized that it might not adapt to change.
There’s something not unlike that idea represented in the 1033 rule, which emerged last year, and which calls for a standard-setting organization. And the first one is FDX. And that process also will involve leaving to players- not having to comply with all the burdensome restrictions of the Administrative Procedures Act- lead to them creating the way in which things are going to be done. Now, we don’t know exactly how to proceed with respect to AI and the other things that are coming down the line, but I think a regulatory model that is more based on consensus and is flexible to respond to changes in technology will be a better way to go than trying to prescribe every jot and tittle of how you can operate and then having that become outdated relatively quickly. So, Kabir, that was an interesting conversation and an interesting throwback to 25 years ago, but I think it does give us some lessons for today.Sherry Safchuk: Kabir, I thought your description of, “What is today’s E Sign Act?” to be a great description for what we are looking at right now. And also, before I get ahead of myself, I would like to welcome Jo Ann and Kabir back to RegFi. Thank you for joining us.
I wanted to follow up on this kind of concept of E Sign and I have a question about the federal system. So we now have states that are starting to enact their own AI regulatory requirements. Some of these laws are stand-alone and some are included in state laws that have been previously and recently enacted regarding privacy and data security. I would note that most of these laws exempt certain financial services activities, but I don’t want to get into the weeds on that. As generative AI, blockchain, and other innovations evolve, how do we balance the need for a consistent set of regulations and the ability to adapt to rapidly developing technology, given that there appears to be starting a multi-state regulatory regime? Jo Ann, do you have any comments?Jo Ann: Yeah, happy to comment. That’s a tough one, isn’t it? I was saying earlier we have a very complicated federal structure in the U.S., and then we also have 50 states. And I share the widespread view that the variations among the states can contribute a lot to our learning. If you look at the Conference of State Bank Supervisors, they like to point out that the states can be learning laboratories and experiment testing grounds for what works in different ways. And I think there’s a great deal of truth to that. But at the same time, there’s a cost on the system if different rules are different in different states, particularly for any entity that has to comply state by state. I think it does slow down overall progress in a time when we’re trying to move quickly. I don’t think there’s an easy answer to it, but I do think we should be striving toward models of compliance that are more agile, to use a term that the tech world has brought to the rest of us. Agile ways of working so that it is easier for the industry itself to adjust.
Maybe it’s adjusted to different requirements in different places, but also to adjust what they’re doing over time. Going back to the question you asked, Sasha, on the Administrative Procedures Act, taking years to get one rule from conception to being enforced in our world today, by the time you get that rule out there, it may be obsolete. I once met with a federal agency where I told them about an approach being taken in another country, in RegTech, and the gentleman across the table from me said, if we decided today to get that, it would be seven years before we would have it. And that’s not going to work.
So how do we maintain the safeguards of the process that’s important to go through when we’re changing roles and combine it with an ability to move a little bit faster? And I don’t think there’s an easy answer to that, but I do think that a lot of it is in the foundation layer of the data architecture and the tech architecture that are being used in both the industry and the regulatory agencies and in the risk management world, so that we get more transparency and more ability to see what’s going on in the system.
And maybe something as with the E Sign Act, have more requirements that are principles-based, or even outcomes-based, where we’re measuring whether something is achieving a clear goal, which we could begin to try to set more of in financial regulation and worry less about prescribing exactly how they get there. Again, that’s not going to be a solution we’re going to have to the state-by-state complexity in a year or two, but it ought to be in our thinking because if we can create those foundational design features, we can get more agility and adaptability across the board, I think, in this whole system.Sherry: It seems like the standard-setting organizational concept may be one option, and it seems to be a middle ground between using unfair, deceptive acts and practices to kind of define the contours versus having this state-by-state review of requirements that may apply. Jo Ann: Yes. Jerry: Kabir, please go ahead. Kabir: I was going to agree with that. I think the standard set as FDX in the 1033, as Jerry mentioned, is very important as a result. And that’s where you have sort of not only standards emerging, but it’s an outcome of collective action from the industry, where it’s an outcome of negotiations between the industry. And so that’s very powerful if you can have that kind of process.
You know, on the sort of state, federal, you know-there is some parallel with self-driving cars because effectively this moment of AI is a moment of self-driving finance. That’s what’s going to happen. That’s what we are seeing. Automation at a level we’ve not seen before. And so you need new rules. Now, why do you need new rules? People are actually conceptualizing a future with self-driving cars where you don’t need traffic lights, or you need new kinds of traffic lights. For example, you might need an added white light that signals to all the drivers that more than half the cars present are self-driving and will now optimize the traffic flow through communication between the cars.
The parallel with the financial system is if you have self-driven finance, what kind of regulatory and supervisory system really makes sense? Can it be the same traffic light supervisory system we have now, or do you need it more optimized? And when you look at how those laws are emerging, you know, we don’t have a federal law yet, as far as I know. All of us are financial systems folks, so we may not fully know. I don’t believe there is. And there are some state laws, but as you were intimating, Sherry, you know, some of them have taken a conservative approach, while others have been more open about it. And that’s where the state of play is. But I think that’s the moment we are in. It’s a new foundational thinking.
So we have two activities. We have to reform the culture of regulation, as Jo Ann is saying. We’ve been on it for a decade or plus, fundamentally nimble kind of working with the technological progress but we also have to build for a new world and that’s very fundamentally different. So I think it’s exciting at some level but it’s also very daunting given we all appreciate how slow moving the financial system typically is and, you know, mobile internet felt fast and this is going to feel crazy fast, it’s already crazy fast.Jo Ann: I’ll add one thought to that that we’ve had some discussion of, which is we may be able to go through a transition period that would enable the industry the option of either doing traditional compliance or opting into being ready to be regulated more by outcomes that would be measured through good data and maybe gradually shift from the former to the latter over time as everyone gets good at doing it. Kabir: Or that regulation, I mean, you may laugh at me, but I’m taking your words, Jo Ann, that it is in code, that we are seeing aspects of laws actually being in code. It may sound extraordinary, but it is within reach and within feasible. And I think some of us believe it might be necessary in this moment. Jo Ann: The UK Financial Conduct Authority did a tech sprint experiment in 2017 on trying to regulate directly through a code change by the regulator going into the system of the regulated entities. And at the end of it, they all stood up and cheered together, the regulators and the industry together, which is, we don’t see that every day. Sasha: Jo Ann, if I can just loop back to something you said that I thought was really interesting. The idea of moving towards, I should say, an outcome and principles-based approach versus a process approach, right? If the marker of a good rule, a good AI, a good system is, does it reach the proper outcomes for consumers? Does it reach fair outcomes? However we define that. I’m struck by the fact that we have laws that already do that. We have fair lending laws, you know, which in the disparate impact world, we are looking for outcomes in some sense. We’re looking for a fair distribution of credit opportunities.
In UDAAP, we’re similarly thinking of principles about unfairness and deception. And yes, we have rules around how we define that. And I’m curious how we think about that versus the old model, you know, the process approach that you considered, TILA, TISA, EFTA. You know, there are criticisms of both. With the process approach, you know what the rules are. You look at Reg Z, Reg E, and you know exactly how to figure out the Schumer box and put it together. And if you do that, you’re fine.
But at the same time, you’re subject to kind of the subjectivity of the other ones. I guess there’s benefits and losses to both. And I’m curious how you think about running through that balance going forward in a world where, you know, we kind of can’t easily see under the hood for AI for how it reaches its outcomes.Jo Ann: Yeah, that’s a great question. And as you say, there’s been debate for decades over which is better, principles-based or a process-based regulation. And they both have their pros and cons. And in the principles-based, one of the industry’s concerns is it can lead to regulation by enforcement because it’s subjective and you can be whipsawed by the priorities of a different group of leaders in Washington and so on.
I think the answer to it is outcomes. It’s a triangulation, a third way. Neither process nor just principles, although the principles are important. But if we could move in many of these areas to outcomes-based regulation that can be measured, then you can start to- I mean, we don’t even usually ask ourselves the question in financial regulation of what good looks like. I’m not saying food and drug regulation is an ideal that we should all aspire to. You know, that whole realm has its own problems. But if you think about it, in drug and medicine regulation, the regulatory process is designed not just to be sure that things are safe, but also to be sure that a new innovation is effective.
And if it is, there’s a desire to enable adoption of that change by the regulator. When we invented penicillin, it was good for people to adopt it. Even though it was a new thing. And we have very, very little of that. And I don’t think it’s anybody’s fault. I think it’s we haven’t been able to measure. We haven’t had enough data to know really what’s happening under the hood of a UDAAP or a potential fair lending disparate impact problem or even some disparate treatment problems. We can get more data now, much more.
And as Kabir said, we can analyze it with AI that can find patterns. And yes, will there be problems with that? Clearly so, but let’s work on those problems. Let’s figure out how you create an AI risk manager that is being tested by, frankly, another AI agent as well as a human in the loop control system so that we can decide whether or not it’s achieving what it’s supposed to be achieving as opposed to overemphasizing traditional explainability. It’s important, but it can also really hamper our ability to do better and make the system more fair, more stable, more accessible.Jerry: Thank you, Jo Ann. And this is a debate I have a feeling will be going on for a while, but hopefully, as Kabir notes, things are moving so fast that we’ve got to think a little faster about those things.
In a prior RegFi episode, we engaged in a thought experiment that I thought I would revisit here to get reactions from Jo Ann and Kabir. Jo Ann and I were on the staff of the Senate Banking Committee during a time several decades ago when most of our financial services regulatory framework was put in place. And the underlying assumption of that legislation was that giving consumers information on the cost in terms of credit would empower them to shop for financial products that would best for them. And it was thought that would lead to a fair and efficient consumer finance market. A series of laws enacted by Congress, including Truth in Lending Act and others that have been mentioned here, proceeded on that premise. But how helpful were the federally mandated disclosures that you received when you were looking for a mortgage or applying for a credit card or an auto loan?
Let’s face it, most consumers find these disclosures minimally helpful if they look at them at all.
So now in the world of generative AI, imagine if you could have an AI-powered app, a financial agent that could access all of your financial records, ask you about your borrowing and investment objectives, suggest what financial products would be best for you based on your objectives, shop all available products and providers, and make a recommendation to you, answer any questions you might have about the reasons for a particular recommendation, and then handle all interactions with the financial service provider needed to apply for and consummate the transaction. This would ensure that consumers would not just get a ream of hard-to-understand disclosures but would be able to secure financial products that align with their personal financial needs, making loans safer for borrowers and lenders alike. Generative AI can serve as an intermediary, translating sometimes opaque credit profiling into clearer narrative, enabling consumers to grasp how their behavior and economic circumstances influence their credit opportunities.
Of course, human advisors may help to guide the consumer in the use of these AI-driven tools. The integration of generative AI into financial services will not be without challenges, of course. There are concerns about data privacy, about accuracy, that is the lack of hallucination, or the potential for perpetuating existing biases based on biases in the data. However, these challenges are not insurmountable. And of course, the anti-discrimination, data privacy, and anti-fraud provisions of existing law would have to be preserved. But in fact, AI might enhance enforcement of those protections as well.
The introduction of the financial Gen-I AI tool to guide consumers, of course, raises questions regarding what regulatory guidelines would need to be put in place to assure that the providers of these services were qualified and performing appropriately. Will they have a fiduciary duty to the consumer? What is their duty of care? What standard of regulatory or legal liability will apply? Well, those are the questions.
But I think that, and of course, we regulatory lawyers look forward to wrestling with those questions as we go forward, b ut I’d be very interested in your thoughts. We batted this around in a prior podcast. It’s something I’ve felt is an interesting idea. I’ve discussed it with you previously, Jo Ann. I don’t know as much with you, Kabir. But I think it’s a fascinating thought that we could really empower people in a way that they have not been empowered before. So, Jo Ann.Jo Ann: I love this question and this idea, as you know, Jerry, and I actually think it is a transformative approach and could solve just a huge swath of the problems that we have in consumer finance with fairness, lack of bias, transparency, consumer understanding. The market theory is that markets are the best way of making decisions when the buyer and the seller are equally informed and equally powerful and they can figure out their best interests. In consumer finance, we almost never have that. The consumer almost always has less information and less bargaining power usually too than the provider does. And the more complex the products get, the harder that equation is. And so people not only make decisions that are suboptimal because they’re too busy or they don’t understand, but they also are sometimes ensnared in products that have been designed to be tricky and to have hidden terms and so on, that are not transparent and easy to see. And AI does have the ability to see into these issues.
And as you said, Jerry, to customize it for the needs of the individual who’s being taken care of. We mentioned earlier the paper that we worked together on, which is on AIR’s website, regulationinnovation.org. Another paper there is a series that I wrote as a senior fellow at Harvard at the Kennedy School on how to use technology to improve consumer financial regulation. One of the things I found in that research was people do not read the disclosures. They just don’t. And if they do, the few who do, do not find them helpful, as you just said.
So the disclosure model that you and I, as you say, were there in the early stages often of thinking how to use that in different methods. And it’s financial literacy training, too. I’m all for it, but it doesn’t equip people to make optimized financial decisions for themselves. So I’ll try to condense the rest of what I’m going to say, but I want to say a couple more things. So if you could equip people with that kind of an agent AI, you could do all the things that you just described.
You could also help them protect themselves against fraud, scams and ransomware attacks and all these other kinds of crime that are coming at them. You could protect your kids when they went to college or protect your elderly parents. You know, you could create massive, guardrails around the situations that make people financially vulnerable. And last but not least, if you required legally that such a tool had to be optimized for the best interests of the consumer and not have a secondary agenda from the provider of it, I think we could do away with a lot of the other regulatory complexity that we have, because most of the other laws are trying to achieve this goal we’re describing, helping the consumer make the best choice. If you had a really good way of doing that, you could keep the principles of all those laws, but you wouldn’t have to necessarily go through every disclosure requirement and comply and so on. So I think this could be the future.Jerry: Well, thank you, Jo Ann. I'm glad you feel that way. And Kabir? Kabir: You know, I too share your enthusiasm for this line of thinking, Jerry and Jo Ann. I mean, at the foundation of this is you’re asking the question that your original intention was to inform consumers so they could make best decisions for themselves. That intention still holds. But the way it was implemented: meaningful and powerful for that time is no longer, potentially irrelevant for this time and so we have to have a new way of doing it and the one thing I would highlight is- I’m not confident that necessarily industry is incentivized to be the ones communicating this kind of information to consumers.
You know, there’s a reason to believe that the industry may not be incentivized and that’s why we, for instance, have the good fortune of partnering with an organization like Consumer Reports. It’s an 80 year-old entity. Many of us have used it. There are six, seven million subscribers. Many of us have used it to buy our next car or our washing machine or our microwave. Why shouldn’t we use it to make a decision on our financial product in the digital era? And so you need sort of a neutral body that’s perhaps monetizing through subscriptions and not through ads and a referral model, which is what NerdWallet does or Wirecutter does.
I mean, today, if you need to shop for a new credit card and you don’t have a banker or a financial advisor, which is the vast majority of Americans, you go to Google or now you will go to ChatGPT or Perplexity and you say, hey, given this profile, what’s a good card for me? And the sites you will get to are actually driven by ad dollars. So you don’t know whether you are being given the information that’s best suited for you. And so that’s why we need things like Consumer Reports. And Delicia, if I’m not mistaken, came onto your podcast, Jo Ann, Delicia Hand from Consumer Reports, to talk about sort of the next chapter in that, which is using agents to enable that guidance. So it’s, again, on your website, which you already mentioned. And I think it’s a very exciting vision for taking this idea into the future.Jerry: You know, we had Delicia as a guest on the RegFi podcast. Kabir: Okay, that's excellent. Jerry: And the thinking they’re doing at Consumer Reports is very interesting. I’m not ready to say that there could not be private sector companies that are able to develop this and adhere to their duty of care and fiduciary duty, because I think that we need competition to develop tools that are better and better. And I’m not saying that Consumer Reports wouldn’t do that. I think it should be a part of the system, but I wouldn’t rule out having competition to actually better serve the consumer in this way. And I can even see banks having this as an element of their service, as well as offering products, but not having the thumb on the scale in terms of their own product. Who does it is to be determined, I think. Kabir: Well, I wish transparency was a competitive advantage, the level of transparency we want. But, you know, I haven't really seen it play out in industry. Jerry: That’s why we’re talking about regulation. They would have to operate based on the standards that are established in terms of fair treatment of the people who are coming to them for service and advice, I think. But we shall see. That’s all to be determined in the future. Kabir: Yes. Sasha: Jerry, to kind of pick up a note there, I like the idea of transparency, albeit perhaps regulatorily enforced or nudged transparency, we’ll say. Jo Ann, kind of building on this, in your Regulation 2.0 blog that we chatted about, you posited that technology holds the key to making financial supervision more effective. Now, speaking of revisiting prior RegFi guests, we had Nick Cook on, your colleague from AIR, who previously was the head of innovation at the UK FCA. While there, he worked on a dashboard concept that would have allowed regulators to get real-time information on the operations of financial services providers and really kind of have a thumb on the pulse of them day-to-day, week-to-week to see how they’re operating. We are just not there in the U.S. As many of you listening know, financial supervision right now for stability requires filing periodic call reports. When it comes to regulatory compliance, there is supervision, which involves extended examinations and a complaint database.
But that’s not really real time in the same way that Nick and the UK experiment envisioned. We could try and borrow from the UK approach with advanced technology, AI, some sort of government regulator-focused dashboard to give that level of insight. And I think there may be a lot of benefits to it, but one thing that comes to mind as we’ve been batting this around within our walls here at Orrick is regulators could use this as a tool to second-guess business decisions from financial institutions and take on more of a management than a supervisory role.
Right now, the view is institutions are allowed within bounds to create their business to maximize their utility and benefit for consumers, but if you give regulators that kind of on the ground view, you know, minute by minute, is it going to encourage them perhaps to stick their thumb in a move beyond a higher level supervisory to a managerial role? Jo Ann, Kabir would love your thoughts on this.Jo Ann: It certainly could, although honestly, I more often hear from regulators that that is a deterrence to them. They worry about the scenario where if they have all the information about what’s going on at the regulated entity and something goes wrong, then are they going to be responsible for it? And I think that the answer to this, and you’re the lawyers, I’m not, but is going to really have to be a lot of hard work on who has responsibility for what. And basically, the answer to that is that the entity has to be free to make its business decisions within the law, and the regulator isn’t responsible for them, nor should it be dictating them.
But the design that you’re talking about, the Financial Conduct Authority now does have an integrated dashboard enabling system in which all the data has been pulled together. The tools, the data, the platforms are shared between the Financial Conduct Authority and the Bank of England, which is the prudential regulator. And the bank examiner, if that’s what it is, can optimize that dashboard for what she wants to see.
So if she’s looking for anti-money laundering, it’s one thing. If she’s looking for UDAAP problems - they don’t have UDAAP per se, but you know what I mean - treating customer fairly problems. It’s a different dashboard. It’s able to pull up past history. It’s able to benchmark across horizontally in the system. So here’s an idea that was all created before generative AI. What if we turned those systems into an LLM type of architecture and gave the supervisor answered questions? What if this could be a queryable database and the examiner could ask questions about risk trends and developments? Think of the time you could save. The FDIC estimates its examiners spend 400,000 hours per year just doing data entry into spreadsheets for long review. The computer should do that, right? And then the examiner should be looking for where are the risk trends in it. I think it’s a really powerful idea.
And one more thing. It’s not about buying a supe tech tool or having one created. It’s about fundamentally updating the technology architecture of these agencies. They have to go into the cloud, and they have to be able to use their data. And so does the industry, including community banks, in order to be able to get and use and analyze data in this way.Kabir: You know, I think it’s a very powerful idea, in part because the current way of doing things, Sasha, is too dated and potentially very risky because it’s after the fact. It’s nowhere close to real time. That’s really the spirit of the idea, you know. It’s sort of how can it be dynamic? How can it be real time? How can we have optionality on what data we could see?
But in terms of your overreach question or that it could go out of hand, that’s where we need some sort of a new regime of laws around these new systems. You know, I don’t want to be silly, but maybe we need the AIR Act. We need the Automated Finance Innovation and Regulation Act. How does that sound? You know, and we need that just like we needed the GLBA, which was in 1999. It predated the internet era. It subsequently kind of was helpful in the internet era, but it predated it. We had, I think, amendments in ’21 around cybersecurity. Then we had E Sign in 2000, Jerry mentioned. I think we need a new sort of guardrails and rules around this that inform the use and deployment of the kinds of systems that JoAnn and Nick are envisioning.Sherry: I think we have two more minutes, so can I just throw out one more question just to think about? As we were talking today, I’ve been thinking about which initiatives require legislation and which can be achieved by a federal agency. So on the consumer financial side, you have the CFPB that has the authority to modify or grant exemptions from certain regulations. And I mean, I guess this is a question for Jerry, Sasha, and I, but for any of the ideas we discussed today or the ideas that AIR and Flourish put forward, if we can execute that by advanced technology, then I wonder if it’s worth it to analyze whether legislation is needed or whether we can accomplish this under current existing regulatory authority, recognizing, as Kabir said, GLBA was enacted in 1999 before the internet was rampant. Any last thoughts on this? Kabir: My quick version is that the changes seem so profound, Sherry, that I’m not sure we can get away from legislative action. That’s my quick thought. But the spirit of your question, I appreciate because we could get further along with agencies acting sensibly along the ideas that Jo Ann and Nick are putting forward. So that’s my quick part on that. Jo Ann: I agree. I think we can do a lot without law changes, but we definitely will need them eventually. And frankly, the agencies would benefit from just green lights from Congress to be trying to move in this direction because they do worry about being second-guessed. Sasha: At the risk of being the unpopular one to first mention a Supreme Court case, we do live in the post-Loper-Bright era. So I’m concerned that any move to go beyond what is permitted by the statute is going to run directly into a brick wall at a federal court. And that is something that may need consideration. Jerry: And at the risk of offering a corollary to that, if you read the authority that Dodd-Frank gives to the CFPB to modify and exempt, it is vast. And Loper-Bright recognizes that if a special authority is granted by Congress, that is going to be given much higher respect. So it may be that embedded within the CFPB’s authorizing legislation is the ability to do much of this and as far as some of the discussion we had about empowering consumers, you may leave the existing laws in place and they are complied with for form purposes. But in fact, the reality becomes that the GenAI tool becomes the way that everybody does business. So they ultimately just fall away of their own weight.
So we’ll see how all this develops, but we are out of time. And I want to thank the two of you for bringing your very thoughtful insights. I want to thank my fellow RegFi hosts and our audience for listening. There’s much more to be discussed, but I think we’ve started the discussion down this road, and it’s been, I hope, stimulating of further thought.
Thank you all.
Kabir: Thank you. Jerry: Thank you for joining us for RegFi. Don’t forget to subscribe wherever you listen to podcasts so you won’t miss an episode. And please take a moment to leave a review. This will help us improve and will make it easier for others to discover this podcast.