GovTalk with Paul Griffiths: Innovating governance and fintech in the global economy

In this edition of GovTalks, we spoke to Professor Paul Griffiths of EM Normandie Business School/Metis Lab about fintech’s role in governance, digital banking transformation over the past decade, and the complexities of sustainability in finance.

GoveTalks Interview with Professor Paul Griffiths - Web Banner

Welcome to GovTalks - Cygnetise’s interview series dedicated to exploring the multifaceted world of Governance, Risk & Compliance (GRC), and the transformative role of Regulatory Technology (RegTech). GovTalks brings together thought leaders, industry experts, and trailblazers to shed light on these complexities. If you’d like to be featured and share your story, get in touch here.

In this edition, we were privileged to talk with Paul Griffiths, Professor in Finance and former Academic Director of the Master’s in Fintech at the Normandie School of Management (EM Normandie Business School/Metis Lab), and an esteemed thought leader in the fields of corporate governance, fintech, and sustainability. Professor Griffiths brings a wealth of experience from his work with international financial institutions, advising CEOs and boards on strategic transformation and aligning information technology with business goals. Having worked in 15 countries and helped businesses thrive across diverse cultural and economic landscapes, he offers unique insights into cross-cultural entrepreneurship and the future of fintech governance.

In this insightful interview, Professor Griffiths delves into the challenges and opportunities facing banks as they navigate digital transformation and integrate fintech innovations. He emphasises the importance of strong governance frameworks at the micro, meso, and macro levels, explaining how adopting responsible banking principles can align with knowledge management strategies to foster sustainable growth. He also addresses the paradox of using energy-intensive technologies, such as machine learning and blockchain, to promote environmental sustainability, and how the next generation of AI could resolve these issues.

Furthermore, he highlights the evolving relationship between banks and fintechs, underscoring the necessity for banks to adopt innovative technologies like AI-driven customer relationship management (CRM) systems while balancing governance and compliance standards. Professor Griffiths shares actionable strategies for converting ICT investments into shareholder value, offering banks a roadmap for sustainable innovation.

Whether you're interested in fintech’s role in governance, digital banking transformation, or the complexities of sustainability in finance, this interview is packed with expert advice and forward-looking insights.

Let’s get into it.

Professor Griffiths, your research at EMN Business School focuses on models for corporate governance in the knowledge economy. How do you see the Principles of Responsible Banking aligning with knowledge management strategies in today's financial services sector?

The connection between the adoption of the Principles of Responsible Banking (PRB) and knowledge management strategies is indirect. The PRB are connected to sustainability in a practical sense. As we know, corporate funding essentially comes from two sources: equity investments and lending. Despite the controversies and scepticism around ESG metrics and processes, the former has advanced, and funders who care about sustainability tend to invest in securities that are said to be ESG-compliant. However, the lending side is a different story, and being a larger source of corporate funding than equity investments, much work remains to be done. The PRB focus on the lending side and have the merit of focus: not ESG, but just E; and E specifically for emissions, not the broader environment. Essentially, they involve incorporating long-term emissions neutrality as an additional criterion for originating corporate and project finance.

Of course, this requires (a) knowing how to measure greenhouse gas (GHG) emissions, and (b) having the means to monitor that the borrower follows through on the GHG emissions mitigation actions they commit to at the time of borrowing. This needs to be sustained throughout the entire life cycle of the project, which may be 15, 20, or even 30 years. This is not expertise that banks traditionally possess, and I doubt they will develop it internally. I foresee this expertise being outsourced to Fintech or Regtech companies.

So, how will Fintechs and Regtechs go about delivering this service? We can anticipate intense use of technologies such as machine learning for the initial assessment of the emissions of the project to be financed, and distributed ledger technology (blockchain) in the form of smart contracts to monitor the mitigation actions throughout the project’s life cycle. But what is the paradox here?

The paradox is that both the current forms of machine learning (GenAI) and blockchain are unsustainable consumers of energy. Should we use unsustainable tools to enable sustainable policies? The good news is that we should see radical technological changes in the next two to three years. GenAI will likely disappear as abruptly as it emerged, replaced by the next generation of machine learning (ML), which will be more efficient in its training, more effective in data protection, capable of explaining its decision-making, and consume orders of magnitude less energy. Concurrently, blockchain will run on the same energy-efficient hardware (neuromorphic computing?) as the next generation of ML.

When it comes to converting information technology investments into shareholder value, what metrics and progress-tracking tools do you recommend to ensure that businesses achieve their goals in knowledge management projects?

Information and communications technology (ICT) investments have no intrinsic value; they only generate value when applied to a value-creating activity. Hence, it is the activity that converts into shareholder value, not the technology itself. So, how do you measure returns on ICT investments? This is not a trivial matter, and there is no single method that fits all ICT investments.

A good approach is to treat the ICT assets of an organisation as an investment portfolio with four categories of assets, each with its own strategic value and form of business case:

Infrastructure: The strategic value of infrastructure includes technology applications without which you simply cannot operate in the business, such as an ATM network. These investments provide no strategic advantage and do not build shareholder value, but if they fail, they destroy value. These investments do not require a business case as they are compulsory assets.
Efficiency: The strategic value of efficiency consists of transactional systems that automate processes (reducing headcount and changing cost structures), reduce inventory, or shorten collection cycles. This could be a machine learning-enabled client onboarding, credit scoring, and loan origination system. For example, Klarna exemplifies this: it completes the client onboarding (including know your customer - KYC), credit scoring, and loan origination process in an average of 70 seconds without any human intervention! The business case for this type of ICT is based on tangible benefits and cost-benefit analysis.
Flexibility: The strategic value of flexibility enables short production batches, changes in delivery dates, adjustments in product mix, or tailoring products to the customer’s needs. In a bank, an AI-enabled customer relationship management system that allows you to understand all your customers’ needs and financial positions and create a mix of products that enhance their financial health—not to cross-sell, but to let the customer cross-buy—would fall under this category. The business case here is based on intangible benefits such as customer satisfaction, loyalty, and long-term relationships.
Innovation: Finally, the purpose of the strategic value of innovation is to create the future. You cannot make these investments expecting a short-term, tangible return. Instead, you allocate a certain amount, perhaps in relation to total ICT spending or other budgets, and then select the most promising initiatives.

Technologies have a life cycle and may pass through the four categories. When Citi in New York or Barclays in the UK piloted the first ATMs, they were in category (d). Once the proof of concept stage finished and the pioneering banks rolled out the ATMs, they moved into category (c) with the benefit of providing flexibility in access to cash 24/7. When follower banks adopted ATMs, they gained no competitive advantage; they were simply catching up. Soon, it became about getting customers out of the branch office and reaping the tangible benefit of reduced transaction costs (Category b). Eventually, banks realised that duplicating investments made no sense; the ATM had reached category (a), so it was better to pool resources and have a single infrastructure to serve all banks.

This may seem obvious today, but it explains why banks were stuck with their legacy systems for so many years. They were attempting to produce tangible business cases to justify upgrades to their core banking systems when their transactional systems (category b) were already efficient. They failed to consider the intangible benefits that new core banking systems could offer, which would enable them to invest in categories (c) and (d).

With your extensive experience in assisting banks on their digital transformation journeys, what are the critical factors that banks should consider to successfully adopt and integrate innovative technology solutions while maintaining robust governance and compliance standards?

As mentioned in the response to one of your previous questions, it is surprising how long banks remained stuck in their legacy core banking systems due to limitations in their ICT investment decision criteria. However, things have changed in the last few years, and significant progress has been made due to improved investment decision criteria and the realisation by banks that they should leverage fintechs to help accelerate transformation. In terms of digitalisation strategies, some opted to digitalise their processes from within, while others created green-field digital banks and later merged them with their traditional ones. The former is a higher-risk option, but the latter can take longer to achieve the full benefits of digitalisation. The really interesting aspect of your question is that it brings together 'digital transformation' and 'governance and compliance standards.'

Take the case of incorporating machine learning-enabled CRM systems to customise offerings to clients. We have witnessed how the rapid evolution of large generative AI models offers new opportunities in real-world applications and everyday life. These models' capabilities have raised expectations but also brought societal and ethical concerns in at least four areas:

a. Negative environmental and sustainability impacts due to the indiscriminate use of massive data for Large Language Model (LLM) algorithm training (sustainability issue).

b. Opaque decisions and a lack of transparency regarding how the AI algorithms arrive at the outcomes they produce (transparency issue).

c. Lack of relevant training data leading to unreliable predictions and hallucinations (trust issue).

d. The intrinsic problem in current LLMs is that, once you apply them to your data set, your data may become part of the public domain (data security issue).

Overcoming these four issues requires a variety of approaches. The first two issues require technological solutions, and different approaches are being explored as we speak. One of the most promising that I have been following is neuromorphic computing. This brain-like computational framework builds on the growing understanding of neural mechanisms, synaptic learning processes, and neural circuit topologies that lead to energy-efficient information processing and wide-ranging cognitive and perceptual functionality.

Issues (c) and (d) are related to the management of data used to train algorithms. One possible approach to address this is Federated Learning (FL). The idea behind FL is that each institution trains the algorithms on its own data, in-house. Once this is done, it shares the outcome parameters of the learning (but never the raw data) with the other institutions in the federation. This ensures that the institution's data remains protected while minimizing the amount of information communicated, leading to greater speed and efficiency within the network. While it might be argued that this is a slower process, as learning would be done sequentially by institutions/servers, this drawback can be mitigated by creating a hub-and-spoke architecture, where a central server at the hub takes a leadership role, receiving learning parameters from peripheral ones and immediately feeding them back to the entire federation of institutions/servers for the next iteration of learning.

As you can imagine from this brief overview, incorporating the next generation of AI into banks will require very strong corporate governance within each institution, with the Board of Directors deeply versed in technology and involved in setting guardrails that permit innovation while protecting the data of clients and other stakeholders. We call this governance at the micro-level. However, this is not enough. It should be clear by now that cooperation across financial institutions (i.e., banks, fintechs, and other financial services organisations) is necessary, and such cooperation needs to be governed as well. We can envision this being facilitated at the trade association level, with regulatory oversight. This is what we refer to as the meso-level of governance. Finally, this governance needs to be embedded within macro-level economic policies that promote innovation, establish legal frameworks to protect personal data, and ensure education systems prepare people to carry these initiatives forward, among other things.

In summary, incorporating ground-breaking technologies into banks is not a linear, independent endeavour for each bank; it requires the development of a complex ecosystem that must be governed at the micro, meso, and macro levels.

Given the rapid advancements in fintech and regtech, how do you envision the technology's role in revolutionising current GRC processes, and what potential challenges should regulated organisations be prepared to face during its implementation?

This very interesting issue addresses the evolving relationship between fintechs and traditional banks, which now may be transitioning toward a relationship between fintechs and banking supervisory authorities.

If we consider 2007/8 as the time of the advent of fintech as a separate industry sector from banking, the relationship between the two sectors initially started as strongly antagonistic. Fintechs began cherry-picking financial services to offer underserved banking clients, while banks pressured banking authorities to regulate fintechs in order to establish a level playing field.

A few years later (around 2013 as a time reference), the relationship evolved: banks realised they needed fintechs to help them digitalise, and fintechs realised they could not change the world of finance on their own and that banks could become a reliable source of revenue for them. Consequently, banks increasingly relied on fintechs to improve their back-office processes through services such as bio-identity recognition, big data analytics, robo-trading, robo-advisory services, and many others, including assistance with compliance amid ever-changing and increasingly complex banking regulations (regtech).

Fast forward to March 2023. The Californian banking supervisors happily went home on a Friday evening, only to learn through a Sunday phone call from Silicon Valley Bank (SVB) that they were in the midst of a massive bank run. Bank runs no longer give warnings; when Northern Rock went under during the financial crisis, we all knew what was happening by the long queues of people outside their branches, desperate to withdraw their savings. At SVB, where depositors on average held amounts far greater than those covered by FDIC protection, rumours of liquidity issues spread rapidly on social networks, and depositors withdrew their funds almost instantly through online banking.

In the early 2000s, I was working as a consultant to the Chilean Financial Services Authority (SBIF), helping banks understand the implications of the BIS II regulation guidelines that were soon to be implemented. SBIF was headed at that time by a visionary named Enrique Marshall (who later became governor of the Central Bank). In side conversations, he brought up the idea that he wanted his bank supervisors to be connected to the banks' systems, so they could have real-time, online access to critical bank parameters such as liquidity. During the few weeks I worked with them, we explored how this could be achieved and the potential positive and negative implications. Although this idea may not have gone beyond an interesting intellectual discussion at the time, Marshall's thinking was over 20 years ahead of its time!

I believe this could be the next wave of opportunities for regtechs - not only assisting banks with compliance but actually working with banking supervisors to create this online, real-time supervision environment. This is urgent. We cannot have digital-age banks being monitored by analog-age supervisors.

You have worked on implementing sustainability business models leveraged on shared value. Can you provide examples of how financial institutions can integrate these models into their strategies to enhance both their corporate responsibility and shareholder value?

Let me unpack some of the factors in your question. Indeed, it has been 20 years since my first project assisting an organisation in adopting a sustainable business model. I am a firm believer in corporate responsibility (CR), which is based on a set of principles, and sustainability, which is about creating business models that operationalise those principles. However, I do not subscribe to the concept of shared value. This was introduced by Porter and Kramer in 2011 and later expanded by Porter and Achtmeyer in the early 2020s in what they called 'stakeholder optimisation.' They argue that companies "need to constantly adapt and iterate on business strategy" to "ensure that the threshold needs of stakeholders are satisfied." Porter is even more explicit when he says, "We believe that no stakeholder should ‘win’ at the expense of another stakeholder."

In other words, both of Porter's concepts - 'shared value' and 'stakeholder optimisation' - seem to me to have a fundamental flaw: they try to be everything to every stakeholder group. This ignores a critical fact, which is the most fascinating aspect of sustainability: stakeholder groups have opposing interests. In a world of limited resources, if a company decides to invest in making its production lines emissions-neutral over the next three years, those resources will not be available for training programs for its staff or the development of local suppliers. Thus, the stakeholders related to environmental issues will benefit, while the company's staff and local community may be deprioritised. And that’s alright - there is nothing wrong with that - that’s just reality.

Stakeholders do not determine a company’s strategy - that is the role of management and the Board of Directors. What the company does need to do is recognise that stakeholders have conflicting interests and then clearly communicate which stakeholders it will prioritise and which it will not.

Another important distinction is that corporate responsibility is not philanthropy. Any initiatives carried out under the banner of CR or sustainability must intersect with and support the organisation’s long-term shareholder value-creation strategies. Donations to a local museum or charity should come from the pockets of the directors or managers, not from company funds - unless it can be demonstrated that those donations align with value creation.

Now, returning to what banks can do: they can push for changes to the Principles of Responsible Banking (PRB) to make them more effective. Currently, the PRB are voluntary and non-binding, and they require signatory banks to immediately stop lending to high-emissions organizations, such as those in extractive and energy industries. For a bank heavily invested in extractive or non-sustainable land-use project financing, it would be irresponsible to its shareholders, staff, and local economy to adopt the PRB. As a result, the banks that become signatories tend to be those whose loan books are not in GHG-emitting industries, which limits the PRB's impact on emissions reduction.

What we need to promote is the idea that the PRB should become compulsory and binding, while allowing banks to create a plan to make their loan portfolios greener over time, with clear metrics and disclosure on their progress. It is far better for banks to self-regulate in this regard than to have external GHG emissions regulations imposed upon them - so they had better start moving in this direction.

Cygnetise helps organisations reduce the risk of fraud, facilitate business continuity and contribute to ESG by digitising the process of authorised signatory management and bank mandates. Our application enables users to update their signer data in real time and has a variety of sharing mechanisms so that all relevant counterparts can have constant access to the most up-to-date information without you having to recompile and redistribute.

To learn more about Cygnetise and request a free demo, click here or email our team at info@cygnetise.com