Section III: Potential Challenges and Related Factors

By offering new ways for financial institutions to engage and interact both internally and externally, the metaverse may provide new opportunities and present novel challenges. For example, market participants have noted that the metaverse may offer new methods to engage with and educate a broader group of investors, particularly younger investors who are beginning their investing journey. The metaverse may also provide ways to improve operational efficiencies through enhanced collaboration within firms. However, several challenges remain, including those related to technology development and adoption as well as risks associated with privacy and cybersecurity. The following section highlights a few challenges and factors that firms may wish to consider as they explore applications on the metaverse or implement a metaverse strategy.

Challenges

Resource Needs

Firms may wish to consider the types of technological and personnel upgrades they would need to develop and implement a desired metaverse application or an associated metaverse strategy. As part of this process, firms may want to map out their distributed data storage plans for optimal metaverse performance and scalability, as storing data locally may not be possible for live immersive applications that require significant real-time cloud streaming.⁹⁵ Depending on the level of sophistication of the metaverse application, firms may also wish to consider the capacity of their current wireless infrastructure to determine whether it is sufficient for the desired application.⁹⁶ In addition, firms may want to ensure they have staff with the appropriate skill and expertise to support the development of metaverse-based applications. This may involve hiring properly trained talent and investing the time and expenses to train existing personnel. 

Data Privacy and Protection

Consumers and business leaders list privacy among their top concerns in a future metaverse.⁹⁷ Extensive data collection could mean that users have the potential to reveal far more behavioral data, including body language cues, retina tracking and other biometrics.⁹⁸ The better the digital representation of a person, the more personal information firms may be able to collect. Firms engaging in metaverse-based interactions may consider whether they have adequate controls to protect their customers’ rights and to shield them from bad actors acquiring their personal data.⁹⁹ As the metaverse continues to develop, protecting personal information and ensuring ethical use of data may be a significant concern, particularly when virtual environments intersect with real-world personal data.¹⁰⁰ Accordingly, demonstrating sufficient privacy protections, ensuring appropriate recordkeeping and clearly disclosing personal data that is collected and with whom it is shared may be a key feature in promoting trust within various metaverse environments. 

Cybersecurity

Cybersecurity remains an area of focus within the securities industry and with regulators.¹⁰¹ Business leaders have also indicated that cybersecurity is their top concern with respect to the metaverse.¹⁰² A recent report highlighting cybersecurity risks within the metaverse noted that, “[w]hile phishing and social-engineering attacks continue to be a top threat vector in our current digital ecosystem, the risk of bad actors impersonating your personal virtual banker/adviser or your boss/colleague and giving you directions to execute malicious tasks in a virtual room only gets compounded in the virtual world.”¹⁰³ 

Apart from the specific cybersecurity challenges noted above, firms may also wish to consider additional risks and ways to enable them to continue to fully comply with their regulatory obligations. These include the increased threat vector potentially caused by introducing any new application to an environment, which data are shared with metaverse applications and whether there exists a potential for data leakage. Firms may assess how metaverse technology, particularly when offered by vendors, are compatible with their own internal operational and compliance systems, and they may examine the entirety of their network segmentation and access controls to ensure that new devices and applications adhere to firm cybersecurity policies. Doing so may help limit the potential for enhanced cybersecurity risk as well as limit other errors and inefficiencies. 

(De)centralization and Interoperability

There are various other factors that firms may wish to consider when exploring applications on the metaverse or implementing a metaverse strategy, including the trade-offs associated with decentralized and centralized metaverse platforms and the current limitations on interoperability. A centralized metaverse generally refers to a platform that is run by a corporation or similar entity, while a decentralized metaverse generally refers to an environment governed, in varying degrees and in certain respects, by a community and software protocols. Each environment offers its own sets of benefits and risks that firms may wish to consider.¹⁰⁴ Firms may also wish to consider the current limitations associated with interoperability between different metaverse platforms when selecting a platform and determining how to implement a metaverse strategy. Market participants have also noted that, going forward, developers of applications, games and platforms in the various virtual worlds may not see economic incentives or practicalities to achieving true interoperability and there may be friction in this area.¹⁰⁵