If one were to imagine the ideal financial supervision system of the future, it would probably look very different from what we have today. Financial institutions would report details of transactions to a central utility, from which regulators would be able to extract information in real time. They might monitor markets through multiple screens in futuristic control rooms, picking up systemic risks with the help of flashing lights and heat maps.
Data reporting requirements have increased dramatically since the 2007–2008 financial crisis, but central banks and regulators admit they cannot yet use this data to build an accurate picture of risk in the financial system. The evolution of regulatory technology, or regtech, might help deal with this problem – and some central banks are actively exploring opportunities – but there is a long way to go.
“We recognise there are issues in data reporting that need to be addressed,” says Tom Henderson, senior manager in the change and data management division at the Bank of England. “Duplicate data is often collected in multiple reports, and it can take several years to implement a new reporting requirement, by which time the original policy reason for the report may well have passed. Definitions also need to be improved so that the data that is reported always matches what has been requested.”
The proliferation of reporting requirements presents an opportunity to leverage advanced technologies such as artificial intelligence (AI) and machine learning. Just as the fintech wave has capitalised on the increased automation of financial markets over the past decade, regtech offers the promise of bringing new efficiencies to reporting, allowing regulators to make better sense of reported data.
“Public authorities generally recognise that new reporting requirements have created additional statistical work for commercial banks, not least to enhance the quality of the granular information to be provided,” says Bruno Tissot, head of statistics and research support at the Bank for International Settlements. “A number of these authorities are working with regtech firms to support banks in enhancing their reporting models, including through the use of innovative approaches such as AI and advanced big data techniques.”
Tissot, who also heads the secretariat of the Irving Fisher Committee on Central Bank Statistics, sees the need for a much more intuitive reporting framework than currently exists.
“The objective for banks is not simply to address new individual reporting requirements on an ad hoc basis. A key goal is to develop a flexible, granular information system with all necessary identifiers to be able to aggregate granular data and respond to new information requests over time, as well as to evolving business needs,” he says.
Meeting the data challenge
If deployed effectively, regtech has the potential to bring major advances and efficiencies in reporting. Big data and AI techniques could reduce the potential for inaccuracies in reported data, while also allowing central banks to significantly improve the way they organise and analyse data.
Luca Enriques, professor of law at the University of Oxford, identifies four distinct types of regtech. In a short paper published earlier this year, he noted that market participants might use regtech for their operations or compliance, whereas supervisors and central banks might use it for oversight or policymaking purposes.
“Macro-prudential supervisors are closely following the evolution of regtech because they all now receive a wealth of data about what is going on in the financial system, but they recognise that the human eye is insufficient to process this data and they need more advanced technology,” says Enriques.
Data monitoring has always been part of the mandate of central banks, but the focus on transparency at the core of post‑crisis regulations has led to a proliferation of reporting requirements. Just as financial institutions have had to overhaul their internal systems to generate the right data and report it in a timely manner, central banks are beginning to recognise they also need better systems if they are to make sense of the reports.
“New regulations over the past decade have created a massive new pool of data that didn’t previously exist, so there is a major opportunity for central banks to use this data to obtain better insights and achieve better regulatory outcomes,” says Douglas Arner, professor of law at the University of Hong Kong.
Enthusiasm for exploring regtech varies across the central bank community, with some institutions already surveying and testing new approaches while others wait to see how the technology evolves. But the data challenge shows little sign of diminishing, with the likelihood of further reporting requirements being layered on top of existing ones.
UK regulators have been among the earliest explorers of the ways in which technology could be used to improve regulatory reporting. The Financial Conduct Authority and the Bank of England held a two‑week TechSprint in November 2017, during which participants developed a proof of concept to make reporting requirements machine readable and executable so firms could map requirements directly to their data and generate automated reports. The work has continued this year with a call for input to further develop the concept.
“We are thinking about how we could express our regulation and data requirements in a form that is more amenable to machine interpretation because we recognise that, as we ask for more granular information to be reported, technology could be used to reduce the burden on individual firms,” says Henderson.
“This is still at an early stage, but one could imagine a granular data model that is agreed by regulators and standardised across the industry,” he adds. “If all firms adopted this model, we could ask the relevant questions to extract the dataset we need without the firms having to submit an entire copy of everything every quarter – this could save time and resources for all parties.”
The UK is not the only country to think in these terms. The Monetary Authority of Singapore has been actively encouraging greater testing and experimentation with new technologies through its regulatory sandbox initiative, while other central banks are already looking to regtech for solutions to their reporting challenges.
The Netherlands Bank (DNB) has long sought to foster greater innovation in fintech, and in 2016 established a regulatory sandbox with the Netherlands Authority for the Financial Markets to support the testing of new ideas and technologies. DNB is developing a proof of concept for a system to manage data across multiple divisions.
“All central banks are now struggling with the large volume of data that is coming in and the fact that reports are submitted to meet the requirements of individual mandates. We supervise multiple sectors and we need to eliminate duplications and omissions in our data while also controlling access rights to different datasets,” says Iman van Lelyveld, senior policy adviser at DNB.
Beyond the proof of concept
The early progress in these countries highlights the potential for regtech to realise substantial improvements in financial data and reporting. But challenges will inevitably arise when central banks move beyond the proof‑of‑concept stage and begin to implement systems.
Enriques highlights four possible challenges in the transition to the new regtech environment: human resources, governance, cyber security and operations. On human resources, central banks and regulators have historically been largely staffed by lawyers and economists, but if they are to take full advantage of the boom in regtech, they must now recruit more IT and data specialists.
The governance challenge is related to human resources because institutions might struggle to manage major technological changes if senior management and boards don’t fully understand regtech products and their implications. If just one or two individuals have a sophisticated understanding, Enriques says, it may lead to unconstrained power within their organisations in the adoption and implementation of new systems.
“Increasingly, central banks and regulators are making senior appointments and creating new functions, such as chief data officers, so they can work on visualising data and using analytics and heat maps to monitor the financial system and identify risks and concerns as they arise,” says Arner.
Cyber security is a growing concern across all sectors, but if supervision and reporting becomes more systems‑based, regulators will need to redouble their efforts to defend themselves against attackers.
Enriques also sees the potential for operational challenges if the same regtech systems are pitched to both regulators and regulated firms. To some extent, this could be positive as it will ensure interoperability, but as authorities advance their surveillance and monitoring, financial institutions might find new ways to evade detection.
“If the same products are sold to both the regulators and the regulated, there wouldn’t necessarily be a conflict of interest, but there would be a higher risk that the product will not always be the ideal one for both parties. There is also a risk the market would get ahead of regulators and find ways to get around their detection systems, so this is a delicate process,” says Enriques.
Taking the lead
While large commercial banks are generally likely to employ more talented technologists and develop more intuitive systems than central banks, it doesn’t necessarily follow that they will lead the way in every aspect of technology. On the adoption of cloud computing, for example, some regtech practitioners see greater progress among central banks and regulators than among commercial banks.
“Some regulators are already taking advantage of cloud services, but we’re still having discussions with commercial banks about whether their infrastructure can be put on the cloud. For many institutions, it is still much easier to maintain the status quo and legacy infrastructure rather than trying to do something differently,” says Brian Lynch, chief executive of RegTek Solutions, which was founded in 2017 and focuses on regulatory reporting.
The opportunities provided by regtech need not be constrained to cloud computing and more efficient data analysis, however. There has also been some exploration of how machine-learning techniques might be deployed to allow automated analysis of regulatory texts to generate reports without the need for human intervention.
This would require buy‑in from regulators and market participants as there would, in all likelihood, need to be a standardised methodology approved by regulators. However, given the volume of resources currently deployed to interpret and act on complex regulatory texts, this advanced use of technology could reap major efficiencies and reduce the resource burden that currently falls on both regulators and the regulated.
“Realising the true promise of regtech will depend on the regulations being made as machine readable as possible,” says Enriques. “The rules have to lend themselves to being processed and digitised by algorithms without human intervention. Some regulators are more attuned to this opportunity than others and are already investing and testing technologies.”
As early analysis of such techniques continues, there will be more short‑term steps to improving the quality of data in the financial system. Accurate reporting depends on every institution, product and transaction having the correct, uniformly recognised identifiers, but while there was a major effort to ensure full adoption of identifiers ahead of regulatory deadlines, this remains a work in progress.
Identifiers could be considered the first step towards a successful reporting framework. If not done properly, it will affect the quality of reporting and subsequent decision‑making. “For any reporting system to work properly, we need to make sure all of the metadata is accurate and the reported data is of the right quality. The consequences of not getting this right can be severe because it can lead to inaccurate analysis and poor supervisory decisions,” says DNB’s van Lelyveld.
Lynch echoes this point, adding that market participants need to take ownership of data quality at the outset. “Poor data quality is a major issue in the industry, and there is a lot of technology out there for cleansing and validating data,” he says. “Most regulators don’t see it as their job to analyse or remediate data quality, but rather to use reported data to measure and manage risk. The problem is, if regulators are relying on poor quality data, reporting does not achieve its objectives.”
In the long term, regtech offers the opportunity to bring significant improvements to the reporting landscape, and it will be up to both the public and private sectors to capitalise on that opportunity.
Enriques suggests four distinct, but not mutually exclusive, roles for supervisors to play in the evolution of regtech: actively develop regtech products, buy products developed by others, facilitate or co‑ordinate market developments or supervise regtech firms. Different agencies will naturally be inclined towards their own approaches, but it is becoming increasingly clear that central banks are more attuned than ever to the need to take an active role in the evolution of regtech.
“Central banks have a lot of datasets in different areas such as payments, research and supervision, and they are increasingly willing to bring these together in a more standardised and user‑friendly format,” says Tissot. “Data quality has become a big issue, with the increasing reliance on entity‑ and transaction‑based rather than aggregated datasets. Machine learning and AI can be used to improve the quality of these datasets in a more automated way: to reduce duplication and correct inaccuracies, for instance.”
As scrutiny of this evolving sector continues, independent academic analysis should help guide practitioners on the path forward. While there are clearly some operational hurdles to overcome – including human resources, cyber security and governance – observers believe the success of regtech in the official sector depends also on a cultural transition towards a mindset that embraces technological change.
“The biggest shift that is needed to realise the promise of regtech is increased cultural awareness at senior levels of official institutions of the need to understand what is going on in financial markets and the risks that are emerging from digitisation. Advanced technology really should create opportunities for regulators to do their jobs better, which is to be welcomed and nurtured,” says Arner.
The financial services sector might still be a long way from the futuristic control tower in which risks are quickly identified, but for central banks already actively exploring regtech, the future looks bright. Technology offers a promising way to navigate the complex reporting landscape, which has proved challenging.
Clair Mills, head of the change and data management division at the Bank of England, says: “There is a lot that would need to happen to do this on an industrial scale, and so far we have only taken baby steps with a small group of large firms to identify what might be possible. Ultimately, if we could move towards a more accurate, flexible and granular dataset, it would reduce the burden on firms and create a more thematic, detailed view of financial markets for regulators.”