FS 3x

There is widespread consensus that incumbent retail and commercial banks will need to redefine their business models over the next five to ten years to remain viable. Two forces will play a fundamental role in determining the speed of change and the end-point toward which incumbents will move. The first force concerns incumbents’ vision of the future and their capacity for achieving digital transformation alongside the success of new digital native competitors. The second force concerns the role of financial regulators and supervisors as drivers of, or brakes on, digital transformation. Whilst digital transformation typically factors in regulatory compliance based on the current regulatory state of play, it does not tend to factor in regulatory risk. In this series “Digital transformation meets regulation 4.0: Playing and winning in 2030”, we present a way of thinking about how incumbents could play and win to hedge the value of their digital transformation against regulatory change.

Innovation poses an intrinsic challenge for regulators. Regulate too early and you risk impeding innovation; wait too long and you risk a potentially over-disruptive or harmful, and widespread, innovation reaching consumers and markets. In the past, due to the incremental nature of innovation, regulators had more time to learn and adapt. As firms are embracing “industry 4.0”– the industrial revolution for the digital age – regulation will need to follow suit by embracing “regulation 4.0” – the regulatory approach for the digital age. As such, in this blog, we explore how regulators will respond to innovation – given its relevance for incumbents’ digital transformation. In doing so, we build on previous Deloitte analysis on Open Banking and on the Future of Regulation.


Three attributes of the current wave of innovation pose great challenges for regulators, prompting the need for a change of approach: speed, scalability and interconnectedness. Speed and scalability result in fast-moving disruptive innovations that multiply in terms of both time to market (e.g., open APIs are expected to reduce time to market) and market share. This challenges the traditional cycle of regulation. Interconnectedness, through the rise of business ecosystems – a network of interlinked organisations – results in blurred boundaries between business models, industries and jurisdictions. This challenges the traditional jurisdictional authority approach of regulators.

The current wave of innovation is also altering the profile of risks, posing additional challenges for regulators. This altered profile includes heightened risks concerning: data conduct (protection of customers’ data), strategy and profitability, financial stability and financial crime.


One way of thinking about how regulators will respond to disruptive innovation is to break down regulation between its design (“what”) and its architecture (“how”). As the traditional cycle and jurisdictional authority of regulation are challenged by disruptive innovation, both the what and the how of regulation are being revised (Figure 1).

In terms of the design of regulation, greater regulatory agility, whereby financial regulators are more proactive and focus on outcomes (i.e. has this innovation resulted in any harm or any value?) rather than means (i.e. is this innovation strictly complying with the regulations?), is already taking place. In terms of the architecture, a regulatory ecosystem where regulation, in particular some aspects, is coordinated and co-owned under a multi-stakeholder jurisdictional approach, whereby traditional siloes for business models, industries and jurisdictions no longer apply, will take longer to progress.


Design (“what”)

Architecture (“how”)

The attributes of disruptive innovation pose challenges…

Speed and scalability


…to the current regulatory design and architecture…

Regulatory lifecycle

Jurisdictional authority

…and point to future regulatory design and architecture

Regulatory agility

Regulatory ecosystem

Figure 1: Regulatory design and architecture

Considering also the risks of innovation, forward-looking regulatory scenarios will capture the interplay of three factors:

  • risk management (degree to which retail and commercial banks demonstrate that they can manage new risks posed by innovation effectively);
  • regulatory design and architecture (degree to which the regulatory design is agile and degree to which the regulatory architecture is an ecosystem, with the latter being far more difficult to achieve); and
  • regulatory convergence (degree to which the cross-border regulatory framework is harmonised).

Two scenarios defining the boundaries of the future of regulation, in particular, could be envisaged. Figure 2 outlines these boundaries. In the first scenario, the factors of: risk management, regulatory design and architecture and regulatory convergence are assumed to be low to medium level. In the second scenario, the factors of: risk management, regulatory design and architecture and regulatory convergence are assumed to be high to medium level. Armed with these two regulatory scenarios, incumbents can consider how regulatory risk will need to be factored into their digital transformation


Figure 2: Forward-looking regulatory scenarios

In the first scenario, regulation acts as a facilitator, whereby it is anticipatory, enables innovation and enhances competition in markets. This scenario also assumes that retail and commercial banks are able to effectively manage the risks related to disruptive innovation. It builds on the future design and architecture features presented above (Figure 1). That is, regulatory agility (in terms of design) and regulatory ecosystem (in terms of architecture). In terms of regulatory convergence, this scenario assumes that global integration and international cooperation are progressing.

In the second scenario, regulation acts as a deterrent, whereby it is reactive (it arises following a challenge for consumers and markets) and/or divergent (gaps and/or inconsistencies within the regulatory framework) and aims to de-risk market participants by limiting both the depth and breadth of the applications of disruptive innovation. This scenario assumes that retail and commercial banks still need to effectively manage the risks related to disruptive innovation. This scenario again builds on the current design and architecture features presented above (Figure 1). That is, regulatory lifecycle (in terms of design) and jurisdictional authority (in terms of architecture). In terms of regulatory convergence, this scenario assumes that fragmentation, due to national and/or regional protectionism, is on the rise.

The next blog in this series will explore, given these forward-looking regulatory scenarios, where incumbents should play to hedge against regulatory risk by assessing their optimal digital transformation target and their geographic footprint.




Simon Brennan – Director, Centre for Regulatory Strategy

Simon specialises in prudential regulation for banks. Simon joined Deloitte after 11 years at the Bank of England, where he worked in a number of areas covering macro and micro prudential policy, and financial institution risk assessment.

Email | LinkedIn 

Dr. Alexandra

Dr. Alexandra Dobra-Kiel – Manager, EMEA Centre for Regulatory Strategy

Dr. Alexandra Dobra-Kiel is a Manager in Deloitte’s EMEA Centre for Regulatory Strategy, specialising in corporate strategy for banks. Prior to Deloitte, Alexandra worked in consulting, where she focused on strategy, innovation and thought leadership. Alexandra’s research has been published in top-tier US and European journals, gained prestigious honours and scholarships and lectured at Warwick Business School.

Email | LinkedIn 


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.