Central banks and regulators are expected to foster innovation while safeguarding stability, yet many face practical challenges in keeping pace with rapid change.
by Gary Palmer, CEO, Payall
Central banks and regulators push for innovations in financial services with sandboxes, start-up labs, and inspiring conference speeches. Yet we hear that these same institutions are too slow, too conservative, or too risk-averse. Having worked closely with leaders from these institutions globally for over 25 years, I’ve seen both the potential and the pressure they face when it comes to supporting innovation. Here’s the truth—it’s not that most regulators and central banks lack the will or creativity to support fresh ideas—they lack the resources, namely, technical. Additionally, many are constrained by “familiarity bias”, or an inability to break free from how things have always been or what technology can do.
Payments are transforming at warp speed. Digital assets, real-time domestic payments, new alternatives to correspondent banks for cross-border payments, new types of regulated entities such as e-money institutions, banking-as-a-service, tokenised deposits, embedded finance—and there’s no end in sight. Fuelling these innovations are new ideas, new entrants, and new technology. Yet central banks and regulators are trying to respond to a surge of new technologies and market entrants using the same outdated tools: paper forms, legacy systems, manual processes, and limited staff. That’s simply impossible. This unprecedented technology deficit among our overseers is why they’re slow and seem conservative or risk-averse. As this innovation wave builds, the expectation is that central banks and regulators will not only keep up but also actively support and supervise it. How can they? Central banks and regulators need new, purpose-built software infrastructure to safely, efficiently, and effectively enable these wide, deep, and high-velocity changes.
This class of regulated entity is designed to introduce agility and new financial products to the market. The intention was admirable: to lower the economic cost of entry for innovative players to offer narrowly defined payment services under strict conditions to protect user funds. Here are four essential areas where regulators must evolve to support innovation—drawn from the e-money sector, but relevant far beyond it.
The application and diligence process begins with a 200-page paper questionnaire. By the way, this isn’t just a UK or Europe problem; applying for a U.S. Federal Bank Charter is a massive paper-based mess.
There’s no digital process, initiated as part of creating an applicant portal, that efficiently and dynamically executes the application and due diligence processes. Transparent and real-time progress status, questions and answers, additional requests—a logical, digital way to apply doesn’t exist.
And for the entity granting the licence, imagine the improved efficiency to risk, compliance, financial integrity, and infrastructure—all stakeholders at the regulatory level having access to a common, perpetually updated applicant profile leading to a digital review and approval (or other outcome).
You’ll rarely hear a bank, e-money institution, building society, or credit union say they had an excellent experience with a regulatory review.
I’ve received photos of bank and e-money institution board rooms with stacks of folders. A dozen or more people from different domains are involved. I’ve spoken with countless frustrated chief compliance officers, as well as bank and electronic money institutions (EMI) CEOs, commiserating on this inefficient process. By the way, the outcomes and action plans are then layered into the next visit—manually.
It’s no picnic for the regulator either!
This is fixable. Oversight can be digitised and “on-demand” without even interfering with the regulated entity’s operations. It’s now possible for a central bank or regulator to perpetually surveil the bank, EMI, or other regulated entity with a comprehensive mix of independently gathered and authenticated artefacts as well as a real-time view of how they’re executing their policies and procedures. This approach offers a far more efficient way to oversee and audit firms, while dramatically reducing the resource burden and improving outcomes.
Ask any examiner: paper and data are dead in binders and folders—it’s a new form of growing cyber-risk as well as an impediment to safety, soundness, and innovation.
When an EMI or other new regulated entity, for that matter, needs basic services such as holding client funds and segmenting these from the operating funds, they’re told to acquire those services from traditional banks.
There are three problems with this requirement: first, forcing innovators to rely on infrastructure supplied by incumbents is illogical; second, holding incumbents responsible for the actions of their competitors is unfair and discourages cooperation (by the way, the incumbents don’t have the software they need to properly oversee these folk either); and third, the services provided by banks often fall short of what e-money institutions need, impairing their innovation potential.
All of this adds unnecessary costs and risks to both e-money institutions and banks, as well as undermining the promise of innovation that’s safe, with better capabilities, less expensive, and fast to market.
What’s the solution? Central banks must provision deposit-taking, with new capabilities, that efficiently and effectively protect user funds, automate oversight, and perform a wide range of “checks” in ways no commercial bank has ever done.
Innovation without regulatory capability is not just frustrating; it’s dangerous.
The same situation applies to accessing payment systems as exists with deposit taking. EMIs should have direct access to Faster Payments and Single Euro Payments Area (SEPA). In the UK, access to Faster Payments is severely limited, creating what is effectively an inefficient “toll road” that constrains innovative access into the payment system. Opening this access to certified payment processors—those engaged by a bank, EMI, or other regulated entity— would preserve safety and oversight while encouraging competition and lowering costs. Jonathan Tyce’s paper ‘Regulating Fintechs: Defence vs. Offence’ offers detailed insights that align with the points discussed here and is well worth reading.
At The Payments Association’s Financial Crime 360, much of the conversation will rightly centre around innovation and its implications for risk management and compliance. But one critical point must be made: manual oversight is itself a risk.
When regulators can’t digitise their workflows, they can’t oversee or audit effectively with software, are unable to detect patterns in data, or act in real time to intervene—innovation is compromised, resources are wasted, and bad things can happen. In anti-money laundering (AML), fraud prevention, or risk management, this becomes a systemic vulnerability.
Innovation doesn’t make financial crime inevitable. In fact, the right, purpose-built software makes it more detectable, traceable, and preventable. But regulators must have access to that software, and the systems required to deploy it.
Let me be clear, at most regulatory bodies and central banks, the contention between innovation and regulation isn’t the absence of regulatory ambition or interest—it’s the absence of modern, and itself innovative, regulatory and central bank infrastructure.
Moreover, in the US, the launch of the real-time payments network, FedNow, was a significant milestone. Yet shortly after it went live, one of the Federal Reserve Governors raised concerns that these payments were “too fast to be safe.” The irony is striking: globally, up to 5% of GDP (around $2 trillion) is laundered through traditional, “safe because slow” banking systems each year. The problem isn’t speed, it’s software.
Slowing transactions does not make them safe; only the right technology applied end-to-end can achieve that. That’s how safety and speed can coexist.
This principle applies to every area where regulation meets innovation. Safety, soundness, and an environment that stimulates or even inspires innovation can co-exist with the right software at central banks and regulators.
Regulators seeking to ensure safety are often working with analogue systems that have been in place for decades, while the fintechs they oversee operate on next-generation platforms. The imbalance is profound, and it’s quietly undermining the progress we all want to see.
Innovation is often framed as a private-sector activity, and regulation as a public-sector response. But if we want innovation to thrive safely and responsibly, we need to abandon that binary. Everyone in the ecosystem, including innovators, regulators, compliance officers, and policy leaders, has a role in building or embracing new infrastructure that supports innovation and protects users as well as the system.
Some countries have recognised the urgent need for banks to upgrade their technology. In Hungary, Anikó Szombatia, the former chief digital innovation officer at the Bank of Hungary, initiated a landmark tech upgrade programme across its domestic financial institutions, complete with a digital readiness questionnaire and tailored support to modernise core systems. Imagine that same effort turned inward: central banks applying the same scrutiny to their platforms.
The Bank of Lithuania, under the previous leadership of Marius Jurgilas, was a beacon for e-money licencing in Europe, issuing nearly a quarter of all such licences at one point. Why? He clearly understood the obvious: in order for innovators to drive innovation, the central bank needed to provide deposit-taking and access to SEPA, rather than requiring traditional banks to assume the risk of EMIs and expect banks to welcome new entrants (competitors) as customers. While the Bank of Lithuania’s infrastructure may have been found to be a bit lacking, it’s impossible not to recognise and admire Marius’ intellectual honesty and departure from the herd mentality to support innovation.
Central banks and regulators need new enterprise software and new infrastructure to keep pace. It requires a comprehensive, end-to-end analysis of workflows, followed by capabilities built from a first-principles mindset.
If you’re a policymaker, regulator or central banker reading this: know that help is available. There are now purpose-built platforms that can digitise your supervision processes from end-to-end, as well as safely and efficiently enable the essential services innovators need.
If you’re a fintech or product leader, encourage your regulator and central bank to explore these tools. Advocate not just for innovation in your product, but for innovation in the systems and organisations that govern you.
Innovation without regulatory capability is not just frustrating; it’s dangerous. Regulatory oversight without the right tools is not just slow, it’s unsustainable. We can’t keep building tomorrow’s finance on yesterday’s filing cabinets.
Let’s give regulators and central bankers what they need to keep up, and help them help us all.
