What is RegTech?
The UK’s financial prudential regulator, the Financial Conduct Authority (the “FCA”), has recently published its Feedback Statement on Call for Input: Supporting the development and adopters of RegTech, where it outlined the result of its earlier Call for Input on how to support the development of “RegTech”.
“RegTech” is defined by the FCA as the application of “new technologies to facilitate the delivery of regulatory requirements”.
In short, RegTech promises to make sense of cluttered and intertwined sets of data, rapidly configure and generate reports using this data, and intelligently mine the data to realize its value (i.e. use the same data for multiple purposes). Some examples of applications of this approach are big data reporting tools that could increase regulators’ use of big data, to real-time system-embedded compliance evaluation tools that could improve operational efficiency in monitoring transactions, anti-money laundering and fraud risk. RegTech could potentially assist financial services providers comply with regulation in a more cost-effective and easier way, while also potentially allowing regulators to have access to, analyse and process an increasing amount of data.
Context of the Call for Input
The FCA recognized that in the aftermath of the financial crisis, the financial services sector has had to deal with more onerous reporting requirements and comply with stricter regulatory standards. Regulators are also facing new challenges in monitoring compliance, as they have to supervise the application of more regulation while having to review more data to measure risk. The FCA seeks to improve effective compliance and reduce the cost of regulation for both firms and the regulator, and it sees the development and adoption of RegTech as a way to help achieve this aim. The Call for Input was issued as part of the FCA’s Project Innovate, which was launched in October 2014.
In its Call for Input, the FCA sought views on the following issues: (1) what type of RegTech would make it easier for firms to interact with regulators, at a lower cost and lower administrative burden; (2) what role should the FCA play in order to foster development and adoption of RegTech in financial services; (3) specific regulatory rules or policies posing barriers to innovation of RegTech; (4) regulatory rules or policies that should be introduced; and (5) existing regulatory compliance or regulatory reporting requirements that would most benefit from RegTech.
Types of RegTech
The FCA categorized the types of RegTech that could benefit the financial services industry as the following, based on feedback received:
- Technology that allows more efficient methods of sharing information.
These include alternative reporting methods, shared utilities, cloud computing, and online platforms.
- At a base level, cloud computing, and open online platforms could be leveraged as universally accessible tools that would better enable firms to interact with regulators, promote improved collaboration and engagement amongst the various industry players in the financial regulatory ecosystem, and help provide accessibility to regulatory changes.
- Cloud computing and open online platforms would also be critical in enabling types of RegTech described in item #3 below – technology that simplifies data, allows better decisions and the creation of adaptive automation, such as big data analytics, risk and compliance monitoring, modelling/ visualization technology and machine learning and cognitive technology (artificial intelligence).
- A move to cloud computing and open online platforms could also enable financial institutions to de-shackle themselves from closed, archaic legacy systems and make a strategic leap to best-in-class systems (in terms of performance, security, and open standards) at a low cost, given that the cloud computing and open online platform applications and infrastructure could be accessed on a relatively low subscription basis with little to no long term capital outlays.
- Shared utilities, in which financial institution participants would collectively take part in contracting for and accessing 3rd party services, could substantially lower the administrative burdens and costs of such financial institution’s compliance. For example, a service could collect end-client information in a shared portal (e.g., information required by know-your-client rules) for the immediate use of all financial institution participants.
- Alternative reporting methods, which permit financial institutions to provide regulatory data in various formats would also be enabled by online platforms that permit for the development of application programming interfaces (APIs) (as described in item#2 below).
- Technology that drives efficiencies by closing gaps between intention and interpretation.
This is technology that makes the compliance process more efficient by closing the gap between the intention of the regulatory requirements and the subsequent interpretation and implementation within the regulated entity. Some examples of this type of technology are:
- semantic technology and data points models: semantic technologies encode meaning into content and data to enable a computer system to possess human-like understanding and reasoning. In one example of this technology (called linked data), links are created between data points within documents and other forms of data containers, rather than the documents themselves. In this way, regulatory text is translated into code.
- shared data ontology: an ontology represents knowledge as a hierarchy of concepts within a domain, using a shared vocabulary to denote the types, properties and interrelationships of those concepts. Ontology does to applications what Google does to the Web – instead of having to go to each web page and search for a piece of information, an ontology allows a user to search a schematic model of all data within the applications. This allows the user to extract relevant data from a source application, such as a CRM system, big data applications, files, warranty documents etc. From a compliance perspective, shared ontology allows the creation of a compliance management solution based on a shared conceptualization of the compliance management domain.
- application programming interfaces (APIs): this is technology which allows the integration and interoperability between systems (chiefly over the internet) and can reduce costs, increase efficiency and provide platforms for innovation.
- robo-handbooks and other robo-advice tools: these are computerized tools that are intended to deliver advice and guidance, and could allow firms to interact with regulation in order to understand the impact on their systems and processes.
- Technology that simplifies data, allows better decisions and the creation of adaptive automation.
Put simply, this is technology that simplifies and assists firms in managing and exploiting their existing data, supports better decision-making and makes ferreting out those who are not playing by the rules easier. Financial institutions are often challenged by the complexities of growing amounts of data stored in various locations in different formats and legacy compliance processes and systems struggle to keep up. What is needed are smarter, more efficient solutions – hence, RegTech. Examples of these types of technology include big data analytics, risk and compliance monitoring, modelling/ visualization technology and machine learning and cognitive technology (artificial intelligence).
- Technology that allows regulation and compliance to be looked at differently.
These include blockchain/ distributed ledgers, inbuilt compliance, biometrics and system monitoring and visualization.
Encouraging Adoption of Regtech
The FCA identified that, based on the feedback received, it can play a role in the development of RegTech by driving industry standards, encouraging improved collaboration and engagement and, possibly, FCA certification of RegTech.
In terms of why RegTech has not yet been widely adopted, respondents pointed to uncertainty over regulations, the stance of regulators and the credibility of unproven technologies. In addition, privacy legislation, the lack of standards in reporting, lack of accessibility to regulatory changes, as well as general infancy of the sector also proved a challenge.
Feedback suggested that the following would assist encourage the adoption of RegTech:
- Defining new regulations in a machine readable format. Similarly, the recent U.S. Department of the Treasury’s white paper on marketplace lending “Opportunities and Challenges in Online Marketplace Lending” also recommended, more generally, the release of government data in formats that can be easily processed by third party software (so called “smart disclosure”) as described in further detail in our recent post;
- Greater consistency and compatibility of regulations internationally; and
- Establishing a common global regulatory taxonomy.
The FCA report also outlined specific examples of RegTech that could assist with meeting regulatory requirements. These included global requirements such as Basel III, and more generally capital requirements and stress testing, as well as requirements under Dodd-Frank in the U.S.
RegTech in Canada
The Canadian financial services industry, like that in the UK, is subject to numerous regulatory requirements, particularly following the financial crisis. Many of these requirements are very similar, and Canadian firms, and regulators, would likewise benefit from additional technology tools facilitating compliance and reporting, where appropriate.
However, in seeking such benefits, attention must be paid to existing regulations that affect the adoption of RegTech in Canada. By way of example, the requirements set out in Guideline B-10, Outsourcing of Business Activities, Functions and Processes (“Guideline B-10”) issued by the Office of the Superintendent of Financial Institutions (“OSFI”) apply in the event that an entity that is deemed a “federally regulated entity” (“FRE”) under Guideline B-10 outsources one or more of its business activities to a service provider. In the financial services industry context, FRE’s include federally regulated banks, and Guideline B-10 could materially impact how the FRE’s must contract for, among other things, cloud computing solutions and online platforms.