Got it. Good summary otherwise.
What I'm trying to figure out is how to introduce innovation in regulation without it becoming cronyism. The rules need to be non-prescriptive. There should be economic consequences for bad things, a system to detect bad things - but that system must be mutable, not static and fixed like law. They need to absolutely stop telling people how to make bad things not happen. This is the root of why regulation keeps causing horrible unintended consequences and stagnates innovation.
Financial services companies and banks are following rules that were written long before computers were in use. Changing the rules is a monumental pain in the ass in almost every major country, generally because as soon as bureaucracies grow around them, they become entrenched and impossible to dislodge. Is it really any wonder that the rate of innovation and improvement in financial technology has been stagnant for decades?
There's a chance for a fresh start here, but all I'm seeing are recycled paragraphs from old regulation. They need to throw that crap completely out, start with the problems they are trying to solve, and decide which of those problems are actually important, quantifying the problem with financials, not by making speeches. It's an exercise in economics.
Then, only if a problem is real enough to worry about creating unintended consequences, then think about mutable, dynamic ways to disincent the behaviour that causes the problems, or incent alternative behaviour, and only if the disincentive or incentives are non-prescriptive.
Some examples: Prescriptive (BAD): You must hire a chief cybersecurity officer.
Non-prescriptive (Good): Virtual currency businesses taking custody of funds must purchase insurance to cover 100% of the value of all customer deposits.
Bad example: regulators telling people who to hire because it sounds good.
Good example: insurance premiums will vary based on the level of security the company has in place, and if the security is entirely unacceptable, they will not be able to source insurance, keeping them from damaging consumers.
Now, I actually don't think this is a good idea either. I think people tend to figure this stuff out on their own, and trusted brands emerge. Lawyers aren't keeping banks safe, it's their risk and technology teams.
I think it might be time to completely rewrite their proposed rules again...