About The Project

(ARC Project Number FL200100007)

The Financial Data Revolution:

Seizing the Benefits, Controlling the Risks


FinTech has great potential, but current laws everywhere stifle its growth and fail to ameliorate its risks. No one yet knows how to regulate FinTech well. The major difference between progressive regulators, and those less adept, is that the former acknowledge they don’t know how to properly regulate data, FinTech and RegTech.1DW Arner, J Barberis and RP Buckley, ‘FinTech, RegTech, and the Reconceptualization of Financial Regulation’ (2017) 37(3) Northwestern Journal of International Law & Business 371, 398–99. L Perlman, ‘Fintech and Regtech: Data as the New Regulatory Honeypot’ (Academic Paper, Digital Financial Services Observatory, Columbia Business School, 2 December 2019) 28 <https://dfsobservatory.com/publication/fintech-and-regtech-data-new-regulatory-honeypot>. This project sets out to assist regulators and address these daunting challenges.

Prostock-studio / Shutterstock.com


We live amidst the biggest commercial and social transformation since the Industrial Revolution: driven by increases in the volume of data; and advances in its algorithmic analysis. 

Elnur / Shutterstock.com

In 2018, 33 zetabytes (33 trillion gigabytes) of data was created. This is predicted to rise to 175 zetabytes by 2025.2D Reinsel, J Gantz, J Rydning, The Digitization of the World: From Edge to Core (International Data Corporation White Paper No US44413318, November 2018) 6 <https://www.platinasystems.com/report-the-digitization-of-the-world-from-edge-to-core>. By late 2019, the new Consolidated Audit Trail initiative of the US Securities and Exchange Commission was processing over 105 billion financial transaction records every day.3Hearing before the Committee on Banking, Housing, and Urban Affairs, US Senate, S. Hrg. 116-113 (22 October 2019), Statement of MJ Simon, Chair, CAT NMS Plan Operating Committee, <https://www.congress.gov/event/116th-congress/senate-event/LC64742/text?s=1&r=40>

Data can be used: (i) by providers to offer better financial services, (ii) by regulators to promote systemic stability and prevent abuses, and (iii) by consumers to receive better and more competitive services. This research project will analyse each of these uses of data.


On the upside, data and technology are revolutionising financial services so they can be extended more broadly: improving lives, lifting economic growth and reducing poverty. 

Brian A Jackson / Shutterstock.com

In Australia, the financial system serves small businesses and consumers poorly — in ways in which those of us with home loans are usually unaware. For instance, between April 2016 and July 2019, Australians borrowed over 4.7 million payday loans of up to $2,000 at 68% p.a.4Stop the Debt Trap Alliance, The Debt Trap: How Payday Lending is Costing Australians (Report, 12 November 2019) 4, 7 <https://consumeraction.org.au/20191112-the-debt-trap-report/>.

Our financial system today keeps poor people poor. 

The answer to this real financial hardship is technology: using algorithmically interpreted data (i) to accurately price risk, and thus credit, for these people (FinTech), and (ii) to monitor the behaviour of those making the loans (RegTech).

FinTech and RegTech

FinTech is software that deals innovatively with data to solve problems in financial services. US$478.4 billion was invested in it globally from 2017 to 2020.5KPMG, The Pulse of Fintech H2’20 (Report, February 2021) 8 <https://assets.kpmg/content/dam/kpmg/xx/pdf/2021/02/pulse-of-fintech-h2-2020.pdf>. It includes robo-advice, peer-to-peer lending, crowd-funding, payments applications and new risk management methods.6P Schueffel, ‘Taming the Beast: A Scientific Definition of Fintech’ (2016) 4(4) Journal of Innovation Management 32, 32–3.

Alexander Supertramp / Shutterstock.com


RegTech is software that deals innovatively with data to help firms meet their compliance obligations or to help regulators regulate. It is currently enabling cheaper financial services by reducing the regulatory compliance costs of banks. In time it will underpin all financial supervision by regulators.


This data revolution comes with many risks. These relate to inaccurate data and its poor algorithmic analysis or other misuse, and are facilitated by poor regulation.7DW Arner, J Barberis and RP Buckley, ‘The Emergence of RegTech 2.0: From Know Your Customer to Know Your Data’ (2016) 44 Journal of Financial Transformation 79. These risks are global, none are uniquely Australian, and most are regularly ignored amid the hype. High profile FinTech risks to manifest here have been the long-running robo-debt scandal8V Braithwaite, ‘Beyond the Bubble That Is Robodebt: How Governments That Lose Integrity Threaten Democracy’ (2020) 55(3) Australian Journal of Social Issues 242, 243–246; D Sadler, ‘“ServicesAus” Tech Systems Made Robodebt Worse’, Innovation Aus (online, 8 April 2021) <https://www.innovationaus.com/servicesaus-tech-systems-made-robodebt-worse/>; L Henriques-Gomes, ‘Billion-dollar Robodebt Settlement Reveals Massive Scale of Welfare Crackdown Disaster’, The Guardian (online, 17 November 2020) <https://www.theguardian.com/australia-news/2020/nov/17/billion-dollar-robodebt-settlement-reveals-massive-scale-of-welfare-crackdown-disaster>. and Westpac’s 23 million breaches of anti-money laundering laws.9I Fargher, ‘How Westpac Is Alleged to Have Broken Anti-money Laundering Laws 23 Million Times’, The Conversation (online, 25 November 2019) <https://theconversation.com/how-westpac-is-alleged-to-have-broken-anti-money-laundering-laws-23-million-times-127518>; J Frost, ‘Westpac Admits 23m Anti-money Laundering Breaches’, Financial Review (online, 15 May 2020) <https://www.afr.com/companies/financial-services/westpac-admits-23m-anti-moneylaundering-breaches-20200515-p54ta9>.

Roberto Pastrovicchio | Dreamstime.com

The implementation of the Consumer Data Right (CDR) progressively from 2020 will bring more risks as data previously housed safely in one bank will suddenly be moving between providers. FinTech can promote opacity and complexity, thus reinstating some causes of the 2008 GFC. RegTech, poorly applied, could mask an upcoming crisis. Central bank digital currencies could facilitate the collapse of a banking system through the mother of all bank runs.10AN Didenko and RP Buckley, ‘The Evolution of Currency: From Cash to Cryptos to Sovereign Digital Currencies’ (2019) 42(4) Fordham International Law Journal 1041, 1091.

More generally, we need to learn how to regulate algorithms so that they produce transparent and ethical outcomes, otherwise we risk real damage to consumers.11R Sims, ‘The ACCC’s Approach to Colluding Robots’ (Speech, Australian Consumer and Competition Commission, 16 November 2017) <https://www.accc.gov.au/speech/the-accc%E2%80%99s-approach-to-colluding-robots>. Doing so will inform global responses to data risks in other contexts such as in judicial sentencing12N Stobbs, D Hunter and M Bagaric, ‘Can Sentencing Be Enhanced by the Use of Artificial Intelligence?’ (2017) 41 Criminal Law Journal 261, 261–2. and healthcare.13RD Balicer and C Cohen-Stavi, ‘Advancing Healthcare Through Data-Driven Medicine and Artificial Intelligence’ in B Nordlinger, C Villani and D Rus (eds), Healthcare and Artificial Intelligence (Springer, 2019) 9.


Dmitry Demidovich / Shutterstock.com

Today’s laws are designed to deal mostly with “things”, tangible things, capable of being possessed and which, if sold, no longer belong to the seller. Data differs from things. You can transfer data about you to another and still possess it; or your bank can share data about you with another bank and all three entities have rights over it. Just as agriculture requires water, this data-driven transformation requires laws to protect and facilitate the use of data, and limit its misuse. Current, poorly adapted, laws often produce lose-lose outcomes – both thwarting innovation and not protecting consumers from data misuse. Regulation of innovative enterprises may retard their growth if it applies onerous regulatory requirements that only big banks can readily afford. Laws reduce cybersecurity in myriad ways by not being adapted to a data-driven world. Our tick-the-box consent model for data is a contractual approach suited to the sale of things – if you don’t like one apple buy another – but hopelessly adapted to a world with effectively only one social media platform, one major software provider and one search engine, and in which only 6% of people read privacy statements.14Consumer Policy Research Centre, CPRC 2020 Data and Technology Consumer Survey (Report, 7 December 2020) 18 <https://cprc.org.au/publications/cprc-2020-data-and-technology-consumer-survey/>. This project will analyse all these issues.