A more intensive use of technology in risk-based supervision models can give rise to an even more sophisticated RegTech generation… thanks to SupTech
The irruption of technology in the financial industry is transforming this sector in a variety of forms, most notably in the rapid development of technologically-based innovations in the provision of financial products and services, collectively called FinTech, bringing disruptive products, services, and business models. Examples of FinTech developments are peer-to-peer lending platforms, robo-advisors, crowdfunding platforms, cryptocurrencies and digital payments.
These innovations have been possible thanks to the development of certain fundamental technologies, including Big Data analytics (large volume of data collected through the Internet and other data that organizations generate), artificial intelligence (software that can carry out decision-making, predictions, and pattern recognition by learning without logic-based algorithms but recognizing patterns), cloud computing (use of remote and shared servers hosted on the Internet to store, manage and process data) or distributed ledger technology (database shared between multiple parties to execute mutually agreed-upon transactions based on some consensus mechanism).
These same technologies have begun to be used in financial sector solutions aimed at resolving regulatory requirements, mainly achieving operational efficiencies in meeting those tasks. These innovative tools, defined collectively as RegTech, are being implemented as solutions for compliance with client identification standards in the context of AML and KYC requirements, as well as standards imposed in the context of client/investor protection and market integrity, such as those recently enacted in the European Union under the MiFiD II Directive. Likewise, several solutions have emerged focused on the management of financial risks, mainly solvency risks in the banking and insurance sectors.
However, the current RegTech developments correspond to a response from the financial industry to specific regulatory demands and to the need of automation of supervisory reporting, rather than the application of data analysis and intelligence in order to reduce the probability of non-compliance.
Nevertheless, the development of new technological solutions available to regulators, combined with a risk-based supervision approach, will encourage the industry to develop more sophisticated tools embedded into the financial entity’s processes and its governance and that will interact closely with its risk management function.
«The development of new technological solutions available to regulators, combined with a risk-based supervision approach, will encourage the industry to develop more sophisticated tools embedded into the financial entity’s processes and its governance and that will interact closely with its risk management function».
Although the current state of the art in technology provides the regulators an open field on which to develop multiple supervisory initiatives, these advances have been scarcely exploited by them. However, making use of traditional technological tools and other more sophisticated ones, such as Big Data analysis, has begun to arise timidly a stream of supervision projects with applied technology, for which the term SupTech has been coined.
SupTech and supervisory approaches
There are two main approaches to financial supervision, which usually complement each other. On the one hand, traditional supervision approach focuses on the detection of regulatory non-compliance after its manifestation (ex-post approach). This regulatory breach is within a spectrum that can range from mild (formal flaws) to severe (e.g. insolvency). The risk-based supervision approach, on the other hand, implies allowing the supervisor to act in advance of a breach of regulation by any of the supervised entities (ex-ante approach), thereby monitoring the risk factors that could trigger a breach.
In the case of traditional supervision, SupTech technology tools have emerged to help regulatory agencies digitize data and automate the supervisory process including, for instance, complex financial exposures among firms or the detection of market integrity breaches in securities markets (e.g. collusive behavior, price manipulation), using data analytics and pattern recognition systems, to study trading behaviors.
The following diagram puts this idea in perspective. Making use of information resulting from the activities carried out by the financial institution. Some of these activities may result in regulatory trangresions, and in that case, the detection triggers a sanction from the regulator, which constitutes an input to the compliance function. Although new developments in data technology have allowed supervisory agencies to access and process more data in an efficient way, the logic of the traditional supervision process remains unchanged and the response of financial institutions is limited to minimizing the occurrence of non-compliance through the imposition of additional controls, but without entering into the processes and incentives that facilitate these situations.
But the greatest potential of technology can be achieved in risk-based supervision which, as indicated, does not seek transgressions to the regulation, but rather identifies vulnerabilities or risk factors, that is, conditions that could potentially imply a future regulatory transgression. Under this understanding, it is essential that regulators use their powers of inspection in a creative and efficient manner.
For those supervisory agencies that have implemented a risk-based supervision model, these technological advances represent a deep vein in which to work. As can be expected, to identify vulnerabilities and risks, the most powerful and at the same time probably the most underemployed tool is the analysis of data, and particularly the more modern solutions linked to what is known as Big Data analysis and machine learning.
By gathering intelligence from unstructured data, SupTech is creating opportunities for supervisory agencies to collect and analyze unstructured but useful data with greater efficiency, which could provide valuable information in relation to the regulatory risks the financial institutions are incurring. Thus, in terms of customers and investors protection, Big Data analysis would allow, for example, to understand the evolution of the customers profile in an aggregate form and the products and services they are contracting, including the risk they are being exposed, as well as scanning the nature of information that investors or potential customers are receiving, or analyze if in aggregate terms, investments are according to customers/investors historical financial behavior or verify to what extent thousands (or millions) of clients are being provided their benefits in a timely and error-free manner. In the case of solvency control, it would allow to recognize historical patterns of financial distress and contrast them with the financial situation reality of the entity. Also in the case of solvency risk, this solutions could also detect indirect financial interrelations. The same machine learning tools could be incorporated in the analysis of transaction patterns or firms’ financial exposure, allowing the detection of market integrity risks.
«By gathering intelligence from unstructured data, SupTech is creating opportunities for supervisory agencies to collect and analyze unstructured but useful data with greater efficiency, which could provide valuable information in relation to the regulatory risks the financial institutions are incurring».
The bottom line is that this type of monitoring will provide regulators with a more precise guide regarding the entities with the highest regulatory risk and the business areas that require the most attention, exercising in turn a more demanding and sophisticated involvement by the financial institutions in terms of managing their risk of regulatory compliance.
Putting it all toghether
This could lead to the development of a new generation of RegTech innovations, with a greater intelligence and analysis component. For example, it will involve new types of solutions that can use as input the mass of regulatory provisions and relate the different regulations to the firm’s business lines, and integrate the regulatory objectives with the risk management function, and with the internal audit function.
Likewise, RegTech must consider technological tools to anticipate breaches, allowing part of the regulatory compliance function to be included in the risk management function of the company, in order to implement a proactive and preventive vision of compliance.
Also, instead of focusing on the results of the activities, the compliance function may use artificial intelligence tool in order to detect unacceptable patterns and suggest new ways of managing those processes.
To conclude, the new technological tools open the possibility of processing large amounts of data, including financial information, sales data, customers/investors’ profiles and other data that can generate patterns and anticipate regulatory risks. The supervisory agencies should be aware of the need to get up the technology curve. To the extent that this occurs, it could lead to the development of a new generation of RegTech innovations, with a greater component of intelligence and analysis.