Rewriting Financial Regulation for the Age of BigTech Power

There was a time when banks were the undisputed gatekeepers of the financial system. Today, the real powerhouses are firms that neither hold banking licences, nor sit under direct regulatory scrutiny, and yet handle everything from your payments to credit, including personal data. 

Call them FinTechs or platforms, but at the top of the pile sit the BigTechs. Apple, Amazon, Microsoft, Meta, Alibaba, and others like them have made financial services a seamless, often invisible part of their digital ecosystems. They have not merely broken into finance; they have absorbed it. 

This shift has not just widened access or improved efficiency. It has redrawn the very idea of what a financial service is, and who provides it. BigTechs leverage three things that most banks cannot compete with: data, reach, and infrastructure. Every click, every transaction, every search, feeds back into a loop, enabling them to offer new services, often with better pricing, more convenience, and much faster onboarding. 

Predominantly based in the US or China, they have grown into global conglomerates with a web of subsidiaries, financial and non-financial, spanning diverse activities.  But with this new architecture come a new kind of risks. BigTechs can scale financial products globally in days. Their vast networks blur the lines between commerce and credit, social media and payments, logistics and lending. Thus, compelling a rewrite of the rules of finance.

Regulatory Lag
Most current regulations were designed for banks. These frameworks assume clear lines between financial and non-financial activity; lines that have been made obsolete by BigTechs.  

Some jurisdictions have begun to respond. For example, EU’s Digital Markets Act (2022) and India’s draft Digital Competition Bill are designed to rein in the market dominance and anti-competitive conduct of BigTechs. Yet, market monopoly or competition distortions are only part of the story. The real test lies in striking a balance: fostering innovation while closing loopholes that enable regulatory arbitrage, preserving the resilience of financial institutions, and safeguarding transparency and systemic stability. 

In this fast-shifting landscape, regulators are beginning to take a panoramic view of the risks posed by novel financial products, services, delivery models, and the technologies powering them. This includes grappling with the hazards created by sprawling partnerships, powerful network effects, and concentrated market power. 

Rebuilding Oversight 
Lately, debate has been intensifying over entity-based versus activity-based regulation. The Financial Stability Institute at the Bank for International Settlements and the International Monetary Fund have explored various models for regulating the interactions between banks, FinTech startups, and BigTechs, which include activity-based regulation. 

Traditionally, Central Banks have applied an entity-based regulatory approach for banks and non-banking financial companies, governed by a comprehensive prudential framework. While activity-based regulation, which applies identical rules to identical activities with comparable risks, can be layered on for targeted areas such as securitisation or real estate, an outright switch to this model remains unrealistic.  Financial stability concerns precede ‘Level Playing Field’ considerations and necessitate an entity-based approach, particularly when an entity offers a combination of financial services that collectively pose greater risks than individual activities.

Three broad models have emerged in the global debate: 

1. Break-Up Model: Similar to the Glass-Steagall Act in the US, this model suggests breaking up large groups into manageable entities and discourages mergers that could result in market dominance, thereby preventing anti-competitive practices.
2. Segregation/Ring-Fencing Model: This approach involves separating regulated financial activities under a Financial Holding Company within the BigTech parent company. Prudential rules governing capital and liquidity requirements apply only to the entities led by the FHC and not to the entire group. However, corporate governance, business conduct, and operational resilience rules apply across the entire group. To prevent risk transmission, interactions between the FHC and other parts of the group are restricted. This constrains the core strength of BigTechs, which is their ability to leverage synergies between financial and non-financial activities, such as sharing customer data between the FHC and the technology platform/s.
3. Inclusion Model: Regulations will be designed for the entire group but the interdependencies will not be prohibited or severely constrained. The parent holding company will impose controls on interactions between the regulated and unregulated activities to ensure operational resilience and financial stability.

Each has merits. None are silver bullets. So, what is the answer? No single model holds the cure, even as the old binary is past its shelf life. Regulators must focus on broadening their gaze —  to encompass entire groups, the webs of interconnected networks, and the force of scale, not the formality of compliance alone. For, the systemic implications are obvious. Failure in one part of a BigTech operations could ripple across financial markets, quickly and globally. 

Challenges include ensuring sufficiency of regulations for BigTechs and other new entrants into the financial landscape, directly or indirectly, managing the increasing role of third-party technology/service providers, and addressing the risks of concentration, interconnections, contagion, and competition. 

This moment calls for a new playbook, not just tougher rules, but smarter architecture. 

Comprehensive, quantitative and qualitative impact studies and deep collaboration are needed to develop a well-calibrated framework that prevents regulatory arbitrage on one hand and the unintended consequences of regulation on the other. 

We cannot regulate the future by stretching the tools of the past. The real challenge is not just to manage risk, but to understand how that risk is evolving, in structure, in scale, and in speed. 

As the system transforms, the rulebook cannot trail behind.