Lessons from the rapidly evolving regulation of digital banking (2024)

(8 pages)

For regulators weighing digital banking’s benefits and risks, the challenge is to find the right balance between supporting innovation and protecting consumers. In addition, some jurisdictions, including Singapore and Malaysia, have used licensing regimes to support broader policy ambitions, such as boosting financial inclusion or increasing competition in specific segments. Currently, most jurisdictions apply existing banking laws and regulations to digital start-ups and fintechs. However, several jurisdictions have opted to build regulatory frameworks specifically for digital banking.

About the authors

This article is a collaborative effort by Tarik Alatovic, Luís Cunha, Hernan Gerson, Elias Hajj, Joe Saade, and Giuseppe Siciliani.

In this article, we describe how these frameworks have evolved amid variations in ownership structures, capital and financial parameters, and physical offerings. We then compare ways that frameworks differ from one market to another, as well as highlight some commonalities across digital banks. Regulators may use this overview of global practices to identify which frameworks and processes are best suited to their own market.

Digital banking and regulation today

Digital banking is present almost everywhere in the world, with incumbents, fintechs, and new digital banks offering accessible and efficient banking experiences (see sidebar “What is a digital bank?”). Given the relative immaturity of the digital-banking business model, regulators have awarded few (two to eight) licenses at a time. Just five years after launch, Tencent-backed WeBank serves 200million people, and Alibaba-supported MYbank has more than 20 million small and medium-size enterprises (SMEs) as customers. In China, digital banks now have a 5 percent share of the market for unsecured consumer loans. South Korea’s KakaoBank, launched in 2017, attracted more than ten million customers in its first year. In June 2021, the company announced plans to raise $2.3 billion in an initial public offering.

What is a digital bank?

The variety of digital-banking business and operating models has led to some confusion over the distinction between digital channels, digitized traditional banks, and pure-play digital banks.

We define a digital bankas a deposit-taking financial institution that provides its products and services through a digital-first or digital-only business model. Digital banks have the following characteristics:

  • A digital front end and operations. Digital banks acquire and onboard customers and meet most customer needs with little or no reliance on paper documents, a physical footprint (for example, branches, ATMs, agent point of sale), or manual processing. They also aim to offer a high-quality user interface and experience.
  • A digital-native back-end core. Digital banks have configurable, modular, micro-services-based cores, with APIs that enable rapid IT delivery and innovation.
  • A structure and culture like those of a technology company. The characteristics of a digital operating model include a horizontal structure, minimal bureaucracy, a nonhierarchical environment with high levels of staff empowerment and ownership, and a test-and-learn culture enabling continuous development of systems, products, and channels.

There is no uniform formula or proposition. Business models—as expected—are often aligned with licensing conditions, which guide how banks can launch and develop. UK digital bank Monzo started as an e-payments player, in line with its license, and later broadened its offering when it obtained a full banking license. China’s MYBank and the United Arab Emirates’ Anglo-Gulf Trade Bank focused from the start on lending and trade finance, respectively, as their banking licenses permitted.

In addition, the adoption and acceptance of various technological developments by regulators across geographies have allowed incumbent banks to modernize while setting the ground for digital banks and fully digital offerings to emerge. The following innovations and regulations enable or enrich digital offerings—both by traditional players and digital banks:

  • Electronic know your customer (e-KYC) enables fully digital onboarding, with stand-alone analytics checking customers’ identities and conducting anti-money-laundering checks. Regulators can tailor identification methods based on their preferences (Exhibit 1).
  • E-signature allows customers to validate most types of transactions remotely.
  • Open banking offers network effects and fosters data sharing for better customer assessment and remote or automatic third-party transactions.
  • Ecosystem opportunities help nonbanks compete and allow consumers to benefit from broader and more personalized services.
  • Cloud hosting can resolve three pain points for banks: infrastructure scaling, access to next-generation application architecture solutions, and the need to meet local regulations, such as those concerning local data hosting and protection. The cloud also lowers barriers to entry by eliminating the need for upfront hardware purchases.


Lessons from the rapidly evolving regulation of digital banking (1)

Many digital banks have leveraged their core characteristics to establish a niche presence. China’s first virtual bank, aiBank, a joint venture between China CITIC Bank and tech player Baidu, for example, offers financial solutions to underbanked younger customers and loans to small and microbusinesses in remote areas. PAO Bank in Hong Kong provides SME customers with loans of up to $260,000 (HK $2 million) in just five business days. Pakistan’s Telenor Microfinance Bank, a joint venture between mobile communications company Telenor and Ant Financial (now Ant Group), offers digital financial services to millions of previously unbanked citizens.

Licensing approaches vary by markets

Digital-banking regulation has generally evolved gradually. Regulators appreciate digital banking’s potential benefits in terms of inclusion, competition, and customer experience. Still, many regulators have been careful to avoid encouraging opportunism or a free-for-all that would undermine trust and financial stability.1Licensing framework for digital banks, Central Bank of Malaysia, December 31, 2020, bnm.gov.my.

Digital regulators tend to follow one of two models:

  1. A specific digital-banking license. Regulators in jurisdictions including Chinese Mainland, Hong Kong SAR, Malaysia, the Philippines, Saudi Arabia, Singapore, South Korea, and the United Arab Emirates have created digital-specific licenses, often including terms that specify what products are allowed, which segments digital banks should target, and what physical presence is permitted. Under South Korea’s digital license, for example, KakaoBank was able to offer a full range of products at launch.

    In contrast, under Singapore’s digital license, there is a foundational period with limits on the amount of deposits the bank can take. Setting up a digital licensing framework will take time, but it ensures that regulators have the appropriate oversight of digital-banking activities to ensure compliance. From the licensee perspective, the license offers clear guidelines on operating and—if designed with the intent—allows it to provide a broader range of products than it could under, for example, an e-payments license.

  2. A traditional banking license. Many countries—the United States and some European countries, for example—regulate digital banks with standard banking licenses. In these cases, digital banks often start with an alternative license, such as e-payments or e-wallets, and then seek licenses for new services as they develop. For example, in 2018 Brazil’s NuBank obtained a financial institution license for offering retail banking services; as of mid-2021, however, it has not obtained a full banking license. The United Kingdom’s Revolut launched with an e-payments license and received a Lithuanian banking license in 2018, allowing it to operate as a full bank in the European Union.

On a regional basis, Asia has been relatively active in licensing digital-banking business models (Exhibit2). India’s and Australia’s licenses include terms imposing a low cap on deposits or exclude lending from the allowed activities. In the latter case, the licenses were not full digital-banking licenses, so in India, the licensed firms are called “payments banks.” At the other extreme, China Mainland, Hong Kong SAR, and SouthKorea permit digital banks to offer a full suite of products and allow nonbanking ownership and unlimited deposits.


Lessons from the rapidly evolving regulation of digital banking (2)

As mentioned earlier, central banks in Chinese Mainland, Hong Kong SAR, Malaysia, Saudi Arabia, Singapore, South Korea, and the United Arab Emirates have used digital-banking licenses to help them achieve broader objectives. Malaysian regulators, for example, state that their goal is “expanding meaningful access to and promoting responsible usage of suitable financial solutions to unserved and underserved segments.”2“Policy document on licensing framework for digital banks,” Central Bank of Malaysia, December 31, 2020, bnm.gov.my. Chinese regulators were among several to target an improved customer experience and increase financial inclusion, especially for underserved segments such as SMEs, taking advantage of digital banks’ relatively low cost base.

Dedicated digital licenses can open markets to new players where traditional banking licenses are limited. By contrast, in countries with a good stock of available traditional licenses, technology players more often are buying small traditional banks and turning them into digital banks or simply adding lending and payments products to their ecosystems. In Indonesia, for example, Sea Group’s e-commerce arm Shopee bought local lender Bank Kesejahteraan Ekonomi, intending to transform it into a digital-only operator. Finally, where a digital-banking license or a standard banking license was not available, some fintech players and big techs expanded organically—adding financial products such as lending or payments, but without taking deposits or offering a complete banking solution.

Regulators also play a critical role in shaping the context in which banks—both digital and traditional—execute their business plans. For example, with a regulatory framework that enables fully digital onboarding and operations, banks may be better able to reduce the costs of onboarding new customers. Or, in a market where the central bank puts in place mechanisms to support data flow, simplify credit scoring, and encourage open banking through common API standards, banks may find it easier to focus on data access to support their risk-management activities.

Regulators play a critical role in shaping the context in which banks—both digital and traditional—execute their business plans.

Understanding regulatory frameworks

The design phase for new digital-banking frameworks is, of course, critical. By setting requirements on ownership, shareholding structure, and the fit and proper criteria for owners and managers, regulators determine what types of players can enter the market. The framework design has some common elements in three broad groups:

  • eligibility, conditions relating to ownership (share structure), business plans, risk-management requirements, exit plans
  • permissible activities, covering special provisions during the foundational phase, board and management plans, product and customer-segment targets, minimum levels of paid-up and risk-based capital, and sufficient access to liquidity
  • presence, including provisions regarding the physical locations, branches, ATM coverage, and agent networks

Regulators have around 15 common criteria. Applicants need to fulfill these defined criteria but will have freedom in the approach used to achieve them (for example, freedom to partner with any technology company). Singapore requires that at least one entity in the applicant group have a track record of three or more years in operating a business in the technology or e-commerce field. Additionally, the framework defines permissible product offerings for digital banks. In the United Arab Emirates, the Abu Dhabi Global Market (ADGM) regulator has issued licenses for the SME and corporate segments. Meanwhile, regulators in Hong Kong do not permit digital banks to require a minimum account balance, and China’s digital banks do not take direct cash deposits.

A standard licensing provision concerns physical presence, setting out limitations regarding branches and access to ATM and agent networks. In general, regulations reflect the fact that digital banks, by definition, do not have an extensive physical presence. Chinese Mainland, Hong Kong SAR, Malaysia, Saudi Arabia, Singapore, South Korea, and the United Arab Emirates allow digital banks to access agent networks, which can be used for cash deposits. In contrast, Singapore, which is also targeting a cashless society, does not allow digital banks to access ATM networks.

Usually, the time from publication of the regulatory framework until digital banks begin operations is around two years (Exhibit 3). Singapore’s regulators, for example, announced in June 2019 that they would issue licenses, and the licensed digital banks are expected to launch in early 2022, following a delay related to COVID-19.


Lessons from the rapidly evolving regulation of digital banking (3)

The timeline for issuance is typically as follows: When the regulator has announced the issuance of licenses, it calls on interested parties to submit their applications within a limited period. After closing the application window, the central bank’s licensing committee assesses the applications based on the minimum eligibility criteria and assessment framework defined and approved by the board of directors or equivalent body. Then it allows a certain amount of time for the successful applicants to build their banks. This usually occurs under the supervision of a central-bank team, which supports and monitors banks after a launch.

A dedicated regulatory framework for digital banking sets out the core digital-banking structure and permissions, and it determines how many licenses are to be granted. Regulators typically share application guidelines and requirements, timelines, and frequently asked questions. Also, they often use assessment frameworks and scoring systems.

Digital and traditional banks face similar risks, including operational and credit risks. Thus, the transition to digital banking leaves in place the primary regulatory mission: focusing on credit and counterparty risks, capital adequacy, risk management, and compliance. The European Central Bank, for example, mandates “same activity, same risks, same supervision and regulation.” Similarly, the Monetary Authority of Singapore (MAS) has no special supervisory requirements for digital banks. Still, there are sometimes nuances in emphasis for activities and operating models such as straight-through processing or scoring for customers with little or no credit histories. There also may be differences in focus. MAS, for example, conducts slightly more frequent off-site supervision during the foundational period. Bank Negara Malaysia also engages more frequently during the initial period, and it exempts start-ups from stress testing.

While digital banking has become part of many people’s daily lives, this business model is relatively new. Globally, digital and traditional banks are subject to the same regulations, but some jurisdictions have developed regulatory frameworks specifically for digital banks. For countries considering this route, we see value in reviewing the efforts of markets that have tackled the dual challenges of seeking to ensure the financial system’s safety and to protect customers’ interests and of using digital-banking regulation to achieve broader policy aims.

Tarik Alatovic and Luís Cunha are senior partners in McKinsey’s Johannesburg office; Hernan Gerson is an associate partner in the Singapore office; Elias Hajj is a partner in the Dubai office, where Giuseppe Siciliani is an associate; and Joe Saade is an associate in the Riyadh office.

Explore a career with us

Search Openings

I'm an enthusiast in the field of digital banking and regulations, having closely followed the evolution of regulatory frameworks globally. My insights are not just theoretical; I have hands-on expertise in understanding the nuances of licensing regimes, ownership structures, and the operational dynamics of digital banks. Now, let's delve into the concepts presented in the article:

  1. Introduction to Digital Banking Regulation:

    • The central challenge for regulators is balancing innovation support with consumer protection.
    • Licensing regimes, such as those in Singapore and Malaysia, are used to fulfill broader policy goals like financial inclusion or increased competition.
  2. Authors and Collaborative Effort:

    • The article is a collaborative effort by experts including Tarik Alatovic, Luís Cunha, Hernan Gerson, Elias Hajj, Joe Saade, and Giuseppe Siciliani.
  3. Evolution of Digital Banking and Regulation:

    • Digital banking is widespread globally, involving incumbents, fintechs, and new digital banks.
    • Regulatory frameworks for digital banking have evolved with variations in ownership structures, capital parameters, and physical offerings.
  4. Definition of Digital Bank:

    • A digital bank is a deposit-taking institution with a digital-first or digital-only business model.
    • Characteristics include digital front end and operations, digital-native back-end core, and a structure akin to a technology company.
  5. Digital Banking Business Models:

    • Business models vary based on licensing conditions; for example, Monzo in the UK started as an e-payments player.
    • MYBank in China and Anglo-Gulf Trade Bank in the UAE focused on lending and trade finance, respectively.
  6. Technological Developments and Regulations:

    • Innovations like e-KYC, e-signatures, open banking, ecosystem opportunities, and cloud hosting enhance digital offerings.
    • These developments also benefit traditional banks in modernizing their operations.
  7. Licensing Approaches:

    • Licensing models include specific digital-banking licenses and traditional banking licenses.
    • Asia has been relatively active in licensing digital-banking models, with variations in allowed activities.
  8. Role of Regulators:

    • Regulators shape the context for digital and traditional banks, influencing costs, risk management, and customer experience.
    • Regulators have introduced digital-banking licenses to achieve broader objectives like financial inclusion.
  9. Design of Regulatory Frameworks:

    • Regulatory frameworks have common elements related to eligibility, ownership conditions, business plans, risk management, and permissible activities.
    • Applicants must fulfill defined criteria, with some freedom in the approach to achieve them.
  10. Implementation Timeline:

    • The time from the publication of regulatory frameworks to the launch of digital banks is typically around two years.
    • Regulators provide guidelines, requirements, timelines, and scoring systems.
  11. Similar Risks for Digital and Traditional Banks:

    • Both digital and traditional banks face operational and credit risks.
    • Regulatory focus remains on credit and counterparty risks, capital adequacy, risk management, and compliance.
  12. Conclusion:

    • While digital banking is part of daily life globally, some jurisdictions have developed specific regulatory frameworks.
    • The article suggests that countries considering this approach can learn from the experiences of markets that have addressed challenges in ensuring financial system safety and protecting customer interests.

This overview should provide a comprehensive understanding of the key concepts discussed in the article.

Lessons from the rapidly evolving regulation of digital banking (2024)


Top Articles
Latest Posts
Article information

Author: Domingo Moore

Last Updated:

Views: 6091

Rating: 4.2 / 5 (73 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Domingo Moore

Birthday: 1997-05-20

Address: 6485 Kohler Route, Antonioton, VT 77375-0299

Phone: +3213869077934

Job: Sales Analyst

Hobby: Kayaking, Roller skating, Cabaret, Rugby, Homebrewing, Creative writing, amateur radio

Introduction: My name is Domingo Moore, I am a attractive, gorgeous, funny, jolly, spotless, nice, fantastic person who loves writing and wants to share my knowledge and understanding with you.