High internet penetration and a push for financial inclusion has heralded a digital banking boom across Southeast Asia, where 73% of people remain unbanked. Covid-19 has provided a further impetus for players to explore pure-play digital banking as traditional brick-and-mortar banks were forced to shut down.
In the absence of physical branches and live interaction, one of the largest hurdles faced by pure-play digital banks is a lack of trust by consumers. A survey of 17,000 respondents across 17 countries found that customers preferred to visit a physical bank for tasks ranging from opening an account to complex wealth management services. The finding was consistent across generational cohorts and verified physical branches as a symbol of trust. Given the complexity of financial services, data privacy issues, and the importance of financial security, trust plays a foundational role in the switch to digital banking.
Understanding how digital banks have been introduced in Southeast Asia is important to understanding the ways they have tried to address this trust issue. This has taken place via two primary methods: the regulation-led regime best exemplified by Singapore, and the market-led regime best exemplified by Indonesia and Malaysia. While a market-led regime might be quick to attract investments, banks are exposed to a high risk of failure, which could undermine the already fragile consumer trust. While it is too early to pick winners in a very underdeveloped market, the regulation-led approach potentially addresses the problem better. So, does this mean we should expect it to be adopted more widely? The need to manage risks has also prompted market-led regimes like Indonesia and Malaysia to introduce guidelines. While there is no indication of a complete shift to being regulation-led, authorities are more likely to gradually impose safeguards than to continue giving digital banks free rein.
Singapore led the region in terms of regulation when it announced a FinTech regulatory sandbox in November 2016. This paved the way for the liberalisation of the banking sector by encouraging innovation in financial technology while ensuring a sustainable path towards profitability. The sandbox facilitates the entry of non-banking tech players by addressing a crucial problem: while tech giants in the sharing economy tend to enjoy network advantages from their existing pool of users, unlike traditional banks they lack crucial infrastructure for assessing financial risks.
The approach allows tech players to leverage their existing customers, while still ensuring there are sufficient safeguards to mitigate the risk of failure and protect the overall integrity of the financial system. The overarching aim of regulation has been to enable mainstream adoption of digital banking in a safe manner. Four digital banking licenses were subsequently handed out in 2020, with full digital bank licenses going to the Grab-Singtel consortium and Sea Group. There was a clear focus on selecting prudent applicants who were able to outline a five-year path towards profitability.
Additional safeguards included an initial total deposit cap of $50m, which would gradually be increased if strong risk management was demonstrated. Notably, the firms granted full digital bank licenses in 2020 were non-banks with primary expertise in e-commerce, gaming, mobile services, and ride-hailing, all of whom hope to transfer that online experience into banking. This may present a material challenge for an industry still largely dominated by incumbents struggling to digitise.
Unlike regional peers, Indonesia has yet to issue digital banking licenses. The lag in digital banking licensing seems to be partially motivated by a desire to put a cap on an already crowded market, because it forces digital banking hopefuls to acquire existing lenders and convert them into a digital bank, rather than setting up yet another entity. Indonesia currently has 108 commercial banks and more than 1,500 rural banks. A highly fragmented banking industry presents urgent problems as the lack of capitalisation and a thin deposit base exposes smaller banks to liquidity and solvency issues that could lead to their failure.
The concern about further industry fragmentation has been partially addressed by a wave of acquisitions of smaller local banks by non-banking tech giants, led by Alibaba-backed FinTech company Akulaku in 2019 when it acquired Bank Yudha Bakti and rebranded it into a digital bank in 2020. Other high-profile acquisitions by Gojek and Singapore’s Sea Group have since followed. Nonetheless the risk of failure under a fragmented industry remains and has been further exposed by the pandemic. Indonesia’s financial watchdog Otoritas Jasa Keuangan (OJK) announced that guidelines for digital banks will be published by mid-2021. The guidelines will not regulate finer details on how banks should mitigate potential risks and will merely provide a set of steering principles rather than imposing strict rules. While this market-based approach gives pure-play digital banks considerable leeway to innovate, it could be risky for consumers if it allows new entrants to bypass the capital requirements needed in other jurisdictions.
What we have in South East Asia then are a series of experiments in the policy framework for digital banking. One model is based on clear regulatory gateways for digital banks, the other more open. The latter might see more initial innovation, but it is also more exposed to potential failures. A key avenue for digital banks to capture market share would be to target the unbanked and underbanked, but the underserved segment remains less technologically savvy, has weaker financial literacy and has traditionally been a reluctant adopter of digital services. This raises the question of whether a stronger regulatory framework might actually be a better basis for both heading off political concerns and underpinning consumer confidence.
One other feature of the market here is likely to be a flanking rise in data protection standards. Across the region, digital banking is usually preceded by data legislation, often modelled on the European Union’s General Data Protection Regulation. On legislative infrastructure, Southeast Asian countries vary in preparedness. The Personal Data Protection Act came into effect in 2012 in Singapore, 2013 in Malaysia, and 2019 in Thailand. Indonesia does not have a comprehensive framework. As a general rule, we can expect digital banking frameworks to follow after a push on data protection.
What this all adds up to is likely to be several years of interesting activity in digital banking in the region. Two broad models of market design mean that states will be scrutinised for the strengths and weaknesses of each, and the consequences will be important for firms, especially firms without the adaptability to move between models. Data protection will also be a key feature of regulatory and commercial strategies. South East Asia is all but certain to be on a journey to the mainstreaming of digital banking. The question is the choices it will make on the way.