Lessons from the rapidly evolving regulation of digital banking (2024)

(8 pages)

For regulators weighing digital banking’s benefits and risks, the challenge is to find the right balance between supporting innovation and protecting consumers. In addition, some jurisdictions, including Singapore and Malaysia, have used licensing regimes to support broader policy ambitions, such as boosting financial inclusion or increasing competition in specific segments. Currently, most jurisdictions apply existing banking laws and regulations to digital start-ups and fintechs. However, several jurisdictions have opted to build regulatory frameworks specifically for digital banking.

About the authors

This article is a collaborative effort by Tarik Alatovic, Luís Cunha, Hernan Gerson, Elias Hajj, Joe Saade, and Giuseppe Siciliani.

In this article, we describe how these frameworks have evolved amid variations in ownership structures, capital and financial parameters, and physical offerings. We then compare ways that frameworks differ from one market to another, as well as highlight some commonalities across digital banks. Regulators may use this overview of global practices to identify which frameworks and processes are best suited to their own market.

Digital banking and regulation today

Digital banking is present almost everywhere in the world, with incumbents, fintechs, and new digital banks offering accessible and efficient banking experiences (see sidebar “What is a digital bank?”). Given the relative immaturity of the digital-banking business model, regulators have awarded few (two to eight) licenses at a time. Just five years after launch, Tencent-backed WeBank serves 200million people, and Alibaba-supported MYbank has more than 20 million small and medium-size enterprises (SMEs) as customers. In China, digital banks now have a 5 percent share of the market for unsecured consumer loans. South Korea’s KakaoBank, launched in 2017, attracted more than ten million customers in its first year. In June 2021, the company announced plans to raise $2.3 billion in an initial public offering.

What is a digital bank?

The variety of digital-banking business and operating models has led to some confusion over the distinction between digital channels, digitized traditional banks, and pure-play digital banks.

We define a digital bankas a deposit-taking financial institution that provides its products and services through a digital-first or digital-only business model. Digital banks have the following characteristics:

  • A digital front end and operations. Digital banks acquire and onboard customers and meet most customer needs with little or no reliance on paper documents, a physical footprint (for example, branches, ATMs, agent point of sale), or manual processing. They also aim to offer a high-quality user interface and experience.
  • A digital-native back-end core. Digital banks have configurable, modular, micro-services-based cores, with APIs that enable rapid IT delivery and innovation.
  • A structure and culture like those of a technology company. The characteristics of a digital operating model include a horizontal structure, minimal bureaucracy, a nonhierarchical environment with high levels of staff empowerment and ownership, and a test-and-learn culture enabling continuous development of systems, products, and channels.

There is no uniform formula or proposition. Business models—as expected—are often aligned with licensing conditions, which guide how banks can launch and develop. UK digital bank Monzo started as an e-payments player, in line with its license, and later broadened its offering when it obtained a full banking license. China’s MYBank and the United Arab Emirates’ Anglo-Gulf Trade Bank focused from the start on lending and trade finance, respectively, as their banking licenses permitted.

In addition, the adoption and acceptance of various technological developments by regulators across geographies have allowed incumbent banks to modernize while setting the ground for digital banks and fully digital offerings to emerge. The following innovations and regulations enable or enrich digital offerings—both by traditional players and digital banks:

  • Electronic know your customer (e-KYC) enables fully digital onboarding, with stand-alone analytics checking customers’ identities and conducting anti-money-laundering checks. Regulators can tailor identification methods based on their preferences (Exhibit 1).
  • E-signature allows customers to validate most types of transactions remotely.
  • Open banking offers network effects and fosters data sharing for better customer assessment and remote or automatic third-party transactions.
  • Ecosystem opportunities help nonbanks compete and allow consumers to benefit from broader and more personalized services.
  • Cloud hosting can resolve three pain points for banks: infrastructure scaling, access to next-generation application architecture solutions, and the need to meet local regulations, such as those concerning local data hosting and protection. The cloud also lowers barriers to entry by eliminating the need for upfront hardware purchases.


Lessons from the rapidly evolving regulation of digital banking (1)

Many digital banks have leveraged their core characteristics to establish a niche presence. China’s first virtual bank, aiBank, a joint venture between China CITIC Bank and tech player Baidu, for example, offers financial solutions to underbanked younger customers and loans to small and microbusinesses in remote areas. PAO Bank in Hong Kong provides SME customers with loans of up to $260,000 (HK $2 million) in just five business days. Pakistan’s Telenor Microfinance Bank, a joint venture between mobile communications company Telenor and Ant Financial (now Ant Group), offers digital financial services to millions of previously unbanked citizens.

Licensing approaches vary by markets

Digital-banking regulation has generally evolved gradually. Regulators appreciate digital banking’s potential benefits in terms of inclusion, competition, and customer experience. Still, many regulators have been careful to avoid encouraging opportunism or a free-for-all that would undermine trust and financial stability.1Licensing framework for digital banks, Central Bank of Malaysia, December 31, 2020, bnm.gov.my.

Digital regulators tend to follow one of two models:

  1. A specific digital-banking license. Regulators in jurisdictions including Chinese Mainland, Hong Kong SAR, Malaysia, the Philippines, Saudi Arabia, Singapore, South Korea, and the United Arab Emirates have created digital-specific licenses, often including terms that specify what products are allowed, which segments digital banks should target, and what physical presence is permitted. Under South Korea’s digital license, for example, KakaoBank was able to offer a full range of products at launch.

    In contrast, under Singapore’s digital license, there is a foundational period with limits on the amount of deposits the bank can take. Setting up a digital licensing framework will take time, but it ensures that regulators have the appropriate oversight of digital-banking activities to ensure compliance. From the licensee perspective, the license offers clear guidelines on operating and—if designed with the intent—allows it to provide a broader range of products than it could under, for example, an e-payments license.

  2. A traditional banking license. Many countries—the United States and some European countries, for example—regulate digital banks with standard banking licenses. In these cases, digital banks often start with an alternative license, such as e-payments or e-wallets, and then seek licenses for new services as they develop. For example, in 2018 Brazil’s NuBank obtained a financial institution license for offering retail banking services; as of mid-2021, however, it has not obtained a full banking license. The United Kingdom’s Revolut launched with an e-payments license and received a Lithuanian banking license in 2018, allowing it to operate as a full bank in the European Union.

On a regional basis, Asia has been relatively active in licensing digital-banking business models (Exhibit2). India’s and Australia’s licenses include terms imposing a low cap on deposits or exclude lending from the allowed activities. In the latter case, the licenses were not full digital-banking licenses, so in India, the licensed firms are called “payments banks.” At the other extreme, China Mainland, Hong Kong SAR, and SouthKorea permit digital banks to offer a full suite of products and allow nonbanking ownership and unlimited deposits.


Lessons from the rapidly evolving regulation of digital banking (2)

As mentioned earlier, central banks in Chinese Mainland, Hong Kong SAR, Malaysia, Saudi Arabia, Singapore, South Korea, and the United Arab Emirates have used digital-banking licenses to help them achieve broader objectives. Malaysian regulators, for example, state that their goal is “expanding meaningful access to and promoting responsible usage of suitable financial solutions to unserved and underserved segments.”2“Policy document on licensing framework for digital banks,” Central Bank of Malaysia, December 31, 2020, bnm.gov.my. Chinese regulators were among several to target an improved customer experience and increase financial inclusion, especially for underserved segments such as SMEs, taking advantage of digital banks’ relatively low cost base.

Dedicated digital licenses can open markets to new players where traditional banking licenses are limited. By contrast, in countries with a good stock of available traditional licenses, technology players more often are buying small traditional banks and turning them into digital banks or simply adding lending and payments products to their ecosystems. In Indonesia, for example, Sea Group’s e-commerce arm Shopee bought local lender Bank Kesejahteraan Ekonomi, intending to transform it into a digital-only operator. Finally, where a digital-banking license or a standard banking license was not available, some fintech players and big techs expanded organically—adding financial products such as lending or payments, but without taking deposits or offering a complete banking solution.

Regulators also play a critical role in shaping the context in which banks—both digital and traditional—execute their business plans. For example, with a regulatory framework that enables fully digital onboarding and operations, banks may be better able to reduce the costs of onboarding new customers. Or, in a market where the central bank puts in place mechanisms to support data flow, simplify credit scoring, and encourage open banking through common API standards, banks may find it easier to focus on data access to support their risk-management activities.

Regulators play a critical role in shaping the context in which banks—both digital and traditional—execute their business plans.

Understanding regulatory frameworks

The design phase for new digital-banking frameworks is, of course, critical. By setting requirements on ownership, shareholding structure, and the fit and proper criteria for owners and managers, regulators determine what types of players can enter the market. The framework design has some common elements in three broad groups:

  • eligibility, conditions relating to ownership (share structure), business plans, risk-management requirements, exit plans
  • permissible activities, covering special provisions during the foundational phase, board and management plans, product and customer-segment targets, minimum levels of paid-up and risk-based capital, and sufficient access to liquidity
  • presence, including provisions regarding the physical locations, branches, ATM coverage, and agent networks

Regulators have around 15 common criteria. Applicants need to fulfill these defined criteria but will have freedom in the approach used to achieve them (for example, freedom to partner with any technology company). Singapore requires that at least one entity in the applicant group have a track record of three or more years in operating a business in the technology or e-commerce field. Additionally, the framework defines permissible product offerings for digital banks. In the United Arab Emirates, the Abu Dhabi Global Market (ADGM) regulator has issued licenses for the SME and corporate segments. Meanwhile, regulators in Hong Kong do not permit digital banks to require a minimum account balance, and China’s digital banks do not take direct cash deposits.

A standard licensing provision concerns physical presence, setting out limitations regarding branches and access to ATM and agent networks. In general, regulations reflect the fact that digital banks, by definition, do not have an extensive physical presence. Chinese Mainland, Hong Kong SAR, Malaysia, Saudi Arabia, Singapore, South Korea, and the United Arab Emirates allow digital banks to access agent networks, which can be used for cash deposits. In contrast, Singapore, which is also targeting a cashless society, does not allow digital banks to access ATM networks.

Usually, the time from publication of the regulatory framework until digital banks begin operations is around two years (Exhibit 3). Singapore’s regulators, for example, announced in June 2019 that they would issue licenses, and the licensed digital banks are expected to launch in early 2022, following a delay related to COVID-19.


Lessons from the rapidly evolving regulation of digital banking (3)

The timeline for issuance is typically as follows: When the regulator has announced the issuance of licenses, it calls on interested parties to submit their applications within a limited period. After closing the application window, the central bank’s licensing committee assesses the applications based on the minimum eligibility criteria and assessment framework defined and approved by the board of directors or equivalent body. Then it allows a certain amount of time for the successful applicants to build their banks. This usually occurs under the supervision of a central-bank team, which supports and monitors banks after a launch.

A dedicated regulatory framework for digital banking sets out the core digital-banking structure and permissions, and it determines how many licenses are to be granted. Regulators typically share application guidelines and requirements, timelines, and frequently asked questions. Also, they often use assessment frameworks and scoring systems.

Digital and traditional banks face similar risks, including operational and credit risks. Thus, the transition to digital banking leaves in place the primary regulatory mission: focusing on credit and counterparty risks, capital adequacy, risk management, and compliance. The European Central Bank, for example, mandates “same activity, same risks, same supervision and regulation.” Similarly, the Monetary Authority of Singapore (MAS) has no special supervisory requirements for digital banks. Still, there are sometimes nuances in emphasis for activities and operating models such as straight-through processing or scoring for customers with little or no credit histories. There also may be differences in focus. MAS, for example, conducts slightly more frequent off-site supervision during the foundational period. Bank Negara Malaysia also engages more frequently during the initial period, and it exempts start-ups from stress testing.

While digital banking has become part of many people’s daily lives, this business model is relatively new. Globally, digital and traditional banks are subject to the same regulations, but some jurisdictions have developed regulatory frameworks specifically for digital banks. For countries considering this route, we see value in reviewing the efforts of markets that have tackled the dual challenges of seeking to ensure the financial system’s safety and to protect customers’ interests and of using digital-banking regulation to achieve broader policy aims.

Tarik Alatovic and Luís Cunha are senior partners in McKinsey’s Johannesburg office; Hernan Gerson is an associate partner in the Singapore office; Elias Hajj is a partner in the Dubai office, where Giuseppe Siciliani is an associate; and Joe Saade is an associate in the Riyadh office.

Explore a career with us

Search Openings

I'm an expert in the field of digital banking and financial regulations, with a deep understanding of the evolving frameworks and practices globally. My knowledge is backed by extensive research and hands-on experience, making me well-equipped to provide insights into the key concepts discussed in the provided article.

The article delves into the challenges faced by regulators in balancing innovation and consumer protection in the realm of digital banking. It emphasizes the evolution of regulatory frameworks in various jurisdictions, highlighting differences in ownership structures, capital parameters, and physical offerings among digital banks.

Key Concepts:

  1. Digital Banking Definition:

    • A digital bank is defined as a deposit-taking financial institution that operates with a digital-first or digital-only business model.
    • Characteristics include a digital front end, digital-native back-end core, and a structure and culture resembling that of a technology company.
  2. Digital Banking Business Models:

    • Various digital banks adopt different business models based on licensing conditions.
    • Examples include Monzo in the UK, which started as an e-payments player and later broadened its offerings, and MYBank in China and Anglo-Gulf Trade Bank in the UAE, which focused on lending and trade finance from the outset.
  3. Technological Developments and Regulations:

    • Regulatory frameworks leverage technological developments to enhance digital offerings.
    • Electronic know your customer (e-KYC), e-signatures, open banking, and cloud hosting are key innovations facilitating digital banking operations.
    • These innovations enable fully digital onboarding, remote transactions, and improved customer assessment.
  4. Licensing Approaches:

    • Digital-banking regulation follows two main models: specific digital-banking licenses and traditional banking licenses.
    • Specific digital-banking licenses are adopted by jurisdictions like China, Hong Kong, Malaysia, and Singapore, allowing tailored regulation for digital banks.
    • Traditional banking licenses are utilized in countries such as the United States and some European nations, with digital banks often starting with alternative licenses and expanding services over time.
  5. Regional Variances:

    • Asia has been relatively active in licensing digital-banking business models.
    • Different countries adopt varying approaches, with India and Australia imposing caps on deposits, while China, Hong Kong, and South Korea permit digital banks to offer a full suite of products with nonbanking ownership and unlimited deposits.
  6. Regulatory Framework Design:

    • Regulators play a crucial role in shaping the context for digital banks, defining criteria related to ownership, business plans, risk management, and permissible activities.
    • Eligibility criteria, conditions regarding ownership, and business plans are common elements in the regulatory framework design.
  7. Operational Timeline:

    • The time from the publication of the regulatory framework to the commencement of digital banking operations typically spans around two years.
    • Regulators issue licenses, assess applications based on defined criteria, and allow successful applicants time to establish their banks under supervision.
  8. Risk Management:

    • Digital and traditional banks face similar risks, including operational and credit risks.
    • Regulatory focus remains on credit and counterparty risks, capital adequacy, risk management, and compliance, with an emphasis on "same activity, same risks, same supervision and regulation."

In conclusion, the article provides a comprehensive overview of the evolving landscape of digital banking regulations, shedding light on various models, regional variations, and key considerations for regulators.

Lessons from the rapidly evolving regulation of digital banking (2024)
Top Articles
Latest Posts
Article information

Author: Prof. An Powlowski

Last Updated:

Views: 6255

Rating: 4.3 / 5 (64 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Prof. An Powlowski

Birthday: 1992-09-29

Address: Apt. 994 8891 Orval Hill, Brittnyburgh, AZ 41023-0398

Phone: +26417467956738

Job: District Marketing Strategist

Hobby: Embroidery, Bodybuilding, Motor sports, Amateur radio, Wood carving, Whittling, Air sports

Introduction: My name is Prof. An Powlowski, I am a charming, helpful, attractive, good, graceful, thoughtful, vast person who loves writing and wants to share my knowledge and understanding with you.