UAE, UAE, DUBAI - Finance
CEO, Dubai Financial Services Authority (DFSA)
Bryan Stirewalt was appointed CEO of the DFSA in 2018 after eight years as the DFSA’s managing director of the supervision division. From 1985 to 1996, he worked for the US Treasury’s Office of the comptroller of the currency as a national bank examiner specializing in policy development and implementation, problem bank rehabilitation, and banking fraud initiatives. From 1996 until joining DFSA in 2008, he worked for an international consulting and advisory firm focused on emerging market development programs in Poland, Ukraine, Cyprus, and Kazakhstan. He is now co-chair of the Basel Consultative Group, which provides a forum for deepening the Basel Committee on Banking Supervision’s engagement with non-member global supervisors on banking supervisory issues.
What is DFSA’s role in facilitating innovation in financial services?
As a regulator, we tend to move in a cycle of seeing where risk is rising, writing regulation, and then adopting it in our supervision practices, but this cycle is now changing. Technological change in financial services is not new, but the speed of change is. The speed of change is greater than the speed of adoption, meaning you are unable to get comfortable with an innovation before it changes again. We cannot write regulations at the same speed as the technology. Technological change is putting pressure on our supervisors to understand business models of a financial services provider in a much deeper way. It is not so much about seeing if people are complying with a rulebook—although that continues to be important—but understanding where business is changing and the risks of that change. Understanding and supporting emerging technologies forms an important area of focus for DFSA. Innovation is one of the key strategic themes that will shape and influence our regulatory activities over the coming years, and we have been working to facilitate innovation in financial services in a number of ways. This includes our Innovation Testing License Program, which is our version of a regulatory sandbox. The program is intended for financial services firms that want to introduce an innovative financial service technology to our market. It allows a firm to test its technology in a controlled environment and allows us to develop an understanding of the technology and its regulatory implications before the firm is given full access to our market. We work very closely with the DIFC’s FinTech Hive and its accelerator and start-up bootcamp programs, engaging directly with program participants to develop our understanding of their technologies and how they impact financial services in our markets. We are also founding members of the Global Financial Innovation Network, a group of 33 international financial regulators that seek to provide efficient ways for fintech firms to engage with regulators across multiple jurisdictions.
What benefits and challenges does technology bring to effective regulation?
I do not know of another regulator that has done this in the same manner as us, but a number of regulators around the globe are focusing more on technology. The face of regulation is changing, and we have to deal with that change effectively. We spend an increasing amount of time focused on technology governance, operational risks, and cyber resilience, all of which are areas of expertise. One of the biggest challenges for regulators is who to hire for this change. Will it be training a traditional financial sector supervisor how to look at new technology, or do you get a technology person and teach them how to regulate? In my opinion, it is easier to teach a technology expert how to regulate than vice versa. Thus, we are hiring from nontraditional sources. We have hired a cyber expert, and DFSA has an ethical hacker. We have brought together different areas of expertise into the system to interact with the financial service firms. Within this shifting discussion, the most pioneering and simultaneously challenging aspect of that space is cyber resilience. We are creating a cyber threat intelligence platform, which is the first in the entire region, whereby we are connecting other UAE authorities that are monitoring cyber risks with our firms and who might be getting attacked. You need to think about how to react if a breach has occurred, what to do, and who to tell.