On October 9, 2020, the Financial Stability Board (FSB) published a report on the use of supervisory (SupTech) and regulatory (RegTech) technology. This report summarizes the outlook, challenges and opportunities of SupTech and RegTech from the perspectives of FSB members, including Canada’s Office of Superintendent of Regulated Institutions (OSFI). More importantly, the report examines almost 30 case studies from regulators across the world highlighting the progress made and some of the challenges encountered along the way. Generally, there is consensus on the benefits of SupTech and RegTech. However, the challenges related to the implementation of these new tools continue to endure.
This Report follows prior developments in RegTech and SupTech. As discussed in our prior posts, “RegTech” can be understood as describing new technologies that facilitate the delivery of regulatory requirements. “SupTech”, on the other hand, can be described as the use of technology to support supervisory agencies to carry out their regulatory functions. The combination of “SupTech” and “RegTech” can provide a more efficient and effective regulatory process for both the supervised institutions and financial authorities.
FSB Members Survey Results
FSB members have identified various demand and supply drivers supporting the implementation of SupTech. Most members ranked enhancing efficiency and effectiveness and improving insights as the most important demand drivers.
From a supply perspective, most members ranked (1) data strategy, (2) machine-readable data and (3) artificial intelligence techniques as the most important drivers. A smaller proportion of members identified (1) APIs/micro services, (2) artificial intelligence application, (3) data availability & third party integration, (4) distributed ledger technology and (5) cloud computing as the most important supply drivers. Based on these findings, members acknowledge that SupTech promises to provide enhanced capabilities, better data collection and visualization, real-time monitoring and cost reductions.
That said, SupTech also poses various risks and challenges for members. From a data perspective, members are facing challenges with (1) data standardisation, (2) data quality and (3) data localisation. In addition, the increased reliance on technology has caused members to be confronted with increased cyber-risk, data security issues, resource requirements and costs. There is also a concern related to third-party dependencies, which may put a member’s reputation at risk. The complexities of new regulatory systems could also create additional barriers for new SupTech and RegTech service providers.
Most authorities indicate having a SupTech strategy in place or being in the process of developing one. Members, for their part, have identified key factors to ensure the successful implementation of SupTech strategies:
- buy-in from regulator’s senior management;
- involvement of front-line supervisors;
- implementation of ‘fast fail’ strategies;
- attraction of appropriate SupTech talent; and
- collaboration with external parties.
However, the study shows that even after having implemented effective strategies, some authorities continue to be challenged by operational concerns, such as insufficient financial resources, insufficient resources to assess and implement potential tools and difficulty recruiting the right talent.
There has been an overall positive response to the use of RegTech among authorities and regulated institutions. Survey results show that approximately one third of members implemented RegTech strategies. Typical applications target (1) Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT), (2) fraud detection, (3) risk management and (4) regulatory reporting.
Results also reveal that a majority of regulated institutions and authorities support RegTech, despite the fact that two thirds of the institutions do not have formal RegTech strategies in place. Authorities continue to worry about the operational and cyber risks associated with the use of RegTech by regulated institutions, which are using RegTech in increasing numbers to address matters such as know your client (KYC), identity verification, risk management and monitoring and stress testing.
The Search for Talent
Survey results indicate that attracting the right talent remains a source of concern. Members require a talent pool with the appropriate technical knowledge and understanding of regulatory frameworks and of regulatory expectations. Members indicate having the requisite technical expertise but, in some cases, lacking the appropriate programming languages. To address these gaps, authorities have developed online and in house training programs and increased their focus on recruiting information technology engineers.
Data Collection, Storage, Management and Analysis
Other important areas of future focus point to data collection, storage, management and analysis. In its discussion paper, Transforming data collection from the UK financial sector, The Bank of England blames the heterogeneity and incompatibility between data held by regulated institutions and those held by authorities for the high cost and time drain of data collection efforts.
The FSB survey has identified various trends among FSB members to address this concern. One solution is the development of Application Programming Interfaces (APIs) or micro service interfaces that allow regulated institutions to submit data in a safe and secure manner. Since 2015, authorities in a wide range of jurisdictions have transitioned from a “push” to “pull” strategies in collecting data. In the past, push strategies required institutions to deliver data to authorities in pre-defined manners. However, with pull strategies, authorities can now draw data from regulated institutions as and when needed. This change in approach has the potential to streamline data collection as regulated institutions can sign off on one data set instead of on multiple reports.
Common Data Standard
Authorities are also proposing to develop a common data standard to further streamline data collection efforts. Several are now scraping open source data from search engines to enhance their supervisory intelligence, but which can also create unanticipated data storage issues. To tackle these issues, authorities have been turning to cloud solutions, which, along with institutions, they are currently using for their non-core activities. Further leveraging these solutions, however, could cause new operational, governance and oversight challenges, as well as an overreliance on third parties for critical strategic and operational functions.
Use of Machine Learning
Ancillary to data collection and storage is data analysis and visualization. With the implementation of enhanced data measures, authorities also hope to improve their analytics capabilities. The analysis of case studies around the world has demonstrated that machine learning (ML) has been used predominantly for purposes of validation, plausibility, processing and analysis of data.
These include a number of examples related to the COVID-19 experience, which has served both to increase interest in SupTech and RegTech, but also to illustrate where authorities have been able to deploy these solutions to support remote working, crisis response and enhanced surveillance and supervision.
Authorities are hoping to leverage ML to analyze large volumes of transaction data for AML/CFT purposes. They are also hoping to expand the use of ML tools to analyze unstructured data through scanning public and institution-specific information. Despite the interest, survey results indicate that the use of ML tools are still restricted to micro prudential and misconduct analysis. Members report that there are continued challenges in developing, testing and implementing tools for market surveillance.
In Canada, OSFI stated in 2019 that “[t]he promises of Technology (Regtech and Suptech) provide opportunities to increase the scope and efficiency of our assessments and the focus of our interventions. […] To make the most of these technologies requires more than just a software solution. That is why OSFI is looking at its talent management strategy, supervisory process and data structures to be sure that our supervisors continue to have the right tools to oversee institutions effectively.”
On September 15, 2020, OSFI launched a three month consultation on technology risks in the financial sector, addressing some of the areas outlined above including cybersecurity risk, third party risk management, advanced analytics, data and the use of cloud solutions. In addition, one of the topics raised in the consultation paper was whether OSFI should continue to take a principles-based regulation approach or move to a more prescriptive, rules-oriented, approach in some cases. A move to a more rules-based approach could potentially lead to opportunities to further leverage SupTech and RegTech in Canada, as such an approach can be easier to automate and address by way of technology solutions.
On October 13, 2020, the Financial Services Regulatory Authority of Ontario (FSRA) also launched a consultation on regulatory effectiveness and efficiency. FSRA is inviting the general public and all stakeholders to review and provide feedback on its proposed 2021-2022 Statement of Priorities and Budget. One of the proposed focuses for next year is to enable innovation. It also identified a need to modernize its processes and systems. With new technology, FSRA hopes to interface with clients to close information gaps and improve data analytics to monitor economic impacts on sectors and consumers.