The cost of regulatory compliance in financial services is continously rising as new obligations are emerging from time to time (more often when something “bad” happened, happens or is going to happen). The financial sector has to deal with every new obligation that has been implemented. At all costs. Costs that are affecting balance sheets from year to year and hampering sustainable growth.
Financial services are changing. We talk about automation, digitization and “execution” of big data as a way to solve problems with Know Your Customer and other issues but sometimes we forget that machine learning and artificial intelligence can significantly reduce time and cost of regulatory compliance. Such automated and frictionless solutions called RegTech may (and will) impact financial services in the upcoming years.
Unfortunately, IT solutions are just a part of the process (or a more appropriate word – transformation). We need machine readable and executable regulations (law-makers), more friendly and automated reporting mechanism and APIs (supervisory authorties) and shift in the internal culture and sufficiently educated officers. So, what have to be done to move RegTech to the next level? I will try to answer in this article.
RegTech is a broad term that refers to “[…] technology, particularly information technology, used in the context of regulatory compliance, including tasks such as risk management”. In a nutshell RegTech can be defined as all (IT) solutions that can support fulfilling regulatory obligations faster and automatically, typically with a support of machine learning and artificial intelligence, and quite often – in a cloud. This “trend” in regulatory compliance is growing, however, some identified barriers slow down this transformation (see Global Financial Innovation Network examples) that inevitably will lead to change in the whole ecosystem of financial services and will have a positive impact on customers (cheaper products).
More and more regulation
Financial services sector is one of the most regulated in the world. Protection of customer funds (safety) is one of the most important goals set by the regulators across the globe. “Execution” of this goal, however, generates huge costs for financial institutions and Fintechs as such institutions have to adapt their systems and infrastructures to rapidly changing regulatory environment.
One example is MiFID2 that changed the landscape of investment services in the European Union. Amount of obligations that investments firms (including banks) had to “absorb” along with the rising expenditures on legal compliance was (is) significant. To name one, the MiFID2 package (i.a. MiFIR) imposes on the institutions significant reporting obligations (i.a. referring to the executed transactions etc.) on a daily basis. For small institutions with a limited scope and amount of data to be delivered the biggest challenge was to create a proper reporting and archiving solutions with a limited impact on the day-to-day business as the amount of data was not enormously high.
For institutions that executing a vast amount of transactions every day the problem is more complex and difficult as they have to report and maintain data that may be called “big data”. Legacy systems and infrastructures if not based on cloud computing may not be enough to fulfill regulatory obligations without a friction.
This is just one example. In the European Union we have PSD2, CRR/CRD (next iteration is coming) or BRRD (2) and European Banking Authority (EBA) and local Competent Authorities guidelines (e.g. EBA on outsourcing) aimed at addressing various issues and topics, including EBA QnA.
How to handle this situation?
RegTech solutions are here to help. Machine learning, artificial intelligence together with the cloud based “big data” warehouses may increase speed and precision of the execution of regulatory obligations (cost of implementation if it is based on SaaS or IaaS is not that high in comparison to development of in-house solutions). Implementation of such solutions may also significantly reduce the cost of compliance in a long-term (it doesn’t necessarily mean that humans will lost their jobs – see articles 2 and 3 of Regulation 2017/589).
Ecosystem is not yet prepared
The main issue is, however, the fact the ecosystem for RegTech is not yet prepared. First issue we see is that regulations are not machine readable. Various RegTech solutions are aimed at limiting the time you need to find and understand a particular obligation. Best option is to prepare a checklist so you can just click on it and see what to do and if you are prepared – just upload necessary documentation/information and forward it directly to the regulator (look at UK FCA’s approach).
To achieve it we need a machine readable regulation. Algorithms require a clear data to prepare a proper checklist. If the regulation is not clear the algorithm may not be able to create unambiguous obligation “field”. It comes to another issue – who will be responsible (liable?) in case of fail? Algorithm? Institution? Programmer or IT provider? Ideally, regulations could be based on plain text and programming language but I guess it is 10-20 years from now and we need to find an interim solution such as less intricate law.
Let’s imagine that we have a readable and executable regulations. This is the first step as we have a report that can be sent to the regulator. But what about supervisory authorities? This is a moment where SupTech (Supervisory Technology) appears on the scene.
To accept such report the authority should have a connection (e.g. API) and application that allows market participants to share data and fulfill regulatory obligations. This is just one leg since the authority should be able to analyze (and concluded afterwards) the data provided, e.g. via natural language processing (NLP) and also react swiftly in case of any identified abuses. Authorities should therefore not rely only on people they hire but also on a technology they own or lease.
All dots connected?
To encourage all parties to use the RegTech we have to think about the whole ecosystem of financial services. Market participants should have unambiguity when it comes to the liability for providing data developed by the machine learning and artificial intelligence (will I be fully liable in case of fail?). The supervisory authorities should have tools to analyze data and produce outcomes (reports) that could be used to assess risks (including systemic risks) and support institutions (this includes also a good communication system). And law-makers. They should have more confidence in the technology and algorithms to create a better legal environment for all actors.
RegTech has other challenges. Financial institutions are always concerned whether using RegTech providers should be based on outsourcing agreements and whether they should maintain their own fall-back infrastructures and data archived. RegTech providers must have safe and efficient systems to protect data provided by the institutions (meeting regulatory expectations) and also experts that understand the specific regulatory environment. Supervisory authorities should be able to assess such systems and therefore should have expertise to do it properly. Law-makers should have a mandate to initiate the digital transformation of the financial services ecosystem and money to do that.
Not only reporting
RegTech is not only about reporting. It is also about knowledge-sharing, e.g. providing latest changes in law (in advance), risk-based monitoring of internal activity and supervision of practices within the organization. These solutions may only be implemented if we change our approach (trust) to technology. Automation will not completely eliminate burden that regulations are bringing but it may make it less heavy and expensive. Better world for all of us.