Artificial intelligence: The future of regulation?

The raft of new rules imposed on regulated financial institutions in the aftermath of the global financial crisis has a huge compliance cost. Could artificial intelligence offer efficiency gains?
Artificial intelligence: The future of regulation?
David Hardoon – Monetary Authority of Singapore
David Hardoon, Monetary Authority of Singapore

In November 2017, the UK Financial Conduct Authority (FCA) and the Bank of England (BoE) held a two-week ‘TechSprint’, bringing together members of the financial services industry to examine how technology could be used to make the current system of regulatory reporting more efficient. 

The results may prove to be ground-breaking. Participants managed to successfully develop a proof of concept (PoC), which embedded regulation into an algorithm – instead of the current set-up in which regulators issue rules that firms take months to interpret, before then requiring further time to adjust and adapt their systems to conform. 

According to Andrew Burt, chief privacy officer at data management firm Immuta, the results from the PoC suggest regulatory changes could be implemented immediately, while financial institutions could demonstrate compliance faster and more cost-efficiently, easing the compliance burden on regulators and financial services organisations alike.

The TechSprint has made possible “a future in which regulations are directly embedded into software”, Burt says. 

In the PoC, the FCA was able to take a regulatory requirement from its handbook and translate it into a language a machine could understand. Using this language, other machines were then able to execute the regulatory requirement, “effectively pulling the required information directly from the firm”, says Nick Cook, head of regulatory technology and advanced analytics at the FCA.

While the possibility of machine-readable and machine-executable regulatory reporting was proved using only a small subset of reporting rules within the FCA’s handbook, Cook believes – in theory – the concept could be expanded to all regulatory reporting requirements in the future. 

Regulatory clampdown

The BoE’s chief economist, Andrew Haldane, estimates the cost of the global financial crisis at somewhere between $60 trillion and $200 trillion. It is therefore unsurprising that governments asked regulators to firm up rules and prosecute institutions found guilty of breaching existing regulations. Some of the world’s largest banks – including Bank of America Merrill Lynch, BNP Paribas, HSBC, JP Morgan and UBS – were hit with large fines. In the US alone, financial institutions have spent more than $160 billion on fines for non‑compliance.

Since 2009, large swaths of new regulation have been introduced in an attempt to make the financial system more resilient. The number of rule changes global financial institutions must adhere to on a daily basis has trebled since 2001 to an average of almost 200 revisions a day, according to Thomson Reuters. 

John Byrne, chief executive of regulatory technology – or ‘regtech’ – firm Corlytics, believes the figures may even be slightly higher. “Firms receive around 220 regulatory notices daily. That’s 50,000 a year. Now imagine that each one of those notices are around 100 pages long – that’s five million pages a year firms have to read and decipher,” he says. 

Not only has the volume of regulation increased, its nature and scope has also changed. The second Markets in Financial Instruments Directive, the Foreign Account Tax Compliance Act and the General Data Protection Regulation all have an impact on multiple geographies and domains, presenting an additional challenge for regulated institutions. 

Some institutions have significantly increased the number of compliance professionals they employ. Data from HSBC shows the UK bank increased its compliance head count from 1,750 to 7,000 between 2007 and 2016. And HSBC is not the exception; the overall cost of compliance is estimated at up to $1 billion a year for a major bank. 

Martyn Evans, chief of consulting at Altus Consulting, says one in four financial institutions globally spend 5% of their net income implementing regulatory change. “This is not the answer to achieving compliance in the long term – it’s not sustainable,” he says. 

In total, the global cost of regulatory compliance is estimated to be around $80 billion and could reach $120 billion in the next five years, according to Thomson Reuters. And while some believe the peak of new regulatory requirements brought in post-crisis will soon tail off, others suggest it could become the norm.

“The change has indeed been the increase in the sheer volume of regulations in terms of both frequency and granularity,” says David Hardoon, chief data officer at the Monetary Authority of Singapore. “However, recent focus has been on data quality, machine readability and automation.”

John Byrne – Corlytics
John Byrne, Corlytics

A different approach

Technology already offers part of the answer to the greater regulatory burden – as it already does for many other processes in banking. But these technology services do not yet help financial institutions cope with the constant influx of new regulation. 

“Technology will be the most significant factor in delivering compliance in the long term, but the current solutions only solve specific issues,” Evans says. In other words, he highlights that regulatory reporting is still a strain for many. In the UK, the FCA demands firms under its jurisdiction send reports based on specifications in the handbook and legislation applicable to the European Union.

Reporting institutions can often find it difficult to meet these obligations; it requires significant effort to navigate and interpret regulation and there is often a need to rely on external professional services providers to understand what information the regulator needs and when. 

Firms then implement and codify these interpretations into their in-house regulatory reporting systems. Each firm does this manually, which creates the risk of different interpretations and inconsistent reporting. 

“Whichever way you look at it, there are currently a lot of inefficient processes that try to close the gap between what the handbooks are trying to achieve and what is actually reported,” says PJ Di Giammarino, chief executive of regulatory analysis firm JWG

Market solutions

A number of regtech firms have attempted to make these processes simpler. 

Speaking at an event in London in February this year, Mark Holmes, chief executive of tech firm Waymark, explained how artificial intelligence (AI) can be integrated into existing systems to scan and dissect the reams of regulation sent to firms daily. 

AI can help connect firms to relevant information, and can aggregate data to then break regulation down into a universal language,” he said. Waymark’s solution applies a natural-language processing system that sits within a firm’s current system and parses through the regulation documents, effectively translating them into a marked-up HTML file. 

Firms are then able to discern which parts of the regulation are applicable to them and send it to the right part of the business to be implemented in whichever way it sees fit. 

New start-up Covi Analytics offers a similar solution with its product Cmile. Like Waymark, Cmile dissects the information within regulatory documents and extracts the relevant sections based on a customer’s specific requirements.

The information is then compiled onto a dashboard and colour-coded to allow financial institutions to see whether a piece of regulation has been enacted by the relevant department. 

The software can also provide industry benchmark information to highlight to financial institutions where they rank among their peers in terms of compliance. However, chief executive of Covi Analytics Waleed Sarwaar says this is heavily dependent on more institutions using the software to get an accurate reading. 

Nick Cook – Financial Conduct Authority
Nick Cook, Financial Conduct Authority

Intelligent regulation

One firm, however, has gone a step further and taken the tech to the regulator. 

In September 2017, the FCA became the first regulator to publish an intelligent regulatory handbook. The handbook, which is used by thousands of regulated financial institutions and their advisers daily, is more than 20,000 pages long and contains binding regulatory obligations and guidance for firms. Partnering with Corlytics, the FCA sought to “democratise the handbook”, making it more accessible. In doing so, it hoped to transform the handbook from a legal document to a fully searchable database. 

“We put a metadata structure – much like that used by Google – in place, transforming the handbook from a comprehensive legal index to a highly accessible tool for all users,” Corlytics’ Byrne explains. 

The software essentially tags words and phrases with a central taxonomy, making it machine-readable; 3,000 metadata tags were added to the original text. 

“The teams have gone to different sections of the handbook and machine-learnt them. Then, using a combination of regulatory lawyers and data scientists, they have auto-tagged the rest of the handbook,” Corlytics said in a statement at the time. 

A similar approach is used in certain sectors of the medical profession – most notably in cancer research. By analysing the text, using machine-learning analytics, oncology research has made great strides in the diagnosis of certain forms of cancer. In one approach, a machine is ‘trained’ using a dataset of sample images of tumours that have been classified by a physician. The computer uses the classification information to develop its own pattern-recognition criteria with which to identify tumour types. 

“At Corlytics, we have moved into the same building as a lot of specialist medical data scientists to better understand what they do. Using trained models, we are able to teach them how to understand and interpret the data,” Byrne explains. 

“To best do this you need subject experts who can program and understand analytics, working alongside data scientists,” he adds. “Lawyers – in our case – who can code; we have swapped the oncologists with regulatory lawyers. Their training makes for consistent and accurate analytics.”

Corlytics’ solution is the first step towards standardised regulation, an initiative that, if devised on a global scale, could exponentially reduce the regulatory burden. 

According to Hardoon, for standardised regulation to be implemented, the industry would require a common understanding of data – a centralised data taxonomy and data model could be one option to achieve this. 

“Standardised data would facilitate smoother data collection and sharing, and reduce regulatory reporting burdens. It would also improve overall standards of governance and analysis,” Hardoon says. 

However, he also notes there would need to be some form of flexibility to allow for individual firms’ specific circumstances and interpretations. “Industry‑wide data standards and taxonomies may be most effective when developed though joint industry efforts and collaborations,” Hardoon says. 

Machine execution

While machines can now read digitised regulatory documents, will it be possible in the future for new regulations to be implemented automatically? 

Chief executive of TrackMyRisk, Matt Hodges-Long, believes this is extremely likely. “For this to happen, firms need to have their regulated processes mapped as data so the impact of the regulatory change and the response could be automated,” he says. 

The FCA’s latest TechSprint revealed that some regulation already lends itself to being implemented by a machine, but the current structure of most regulation makes it difficult for the information to be translated. “Regulation tends to be principle-based, but firms want to be told what to do and how to adhere to the regulation,” Cmile’s Sarwaar says.

As a result, for regulation to be machine-executable there needs to be a change in how it is written and constructed. “For machine-executable regulation to be a reality, we need to start disambiguating parts of the regulation – we need more uniformity,” says Byrne. “Instead of lawyers being the only people involved in drafting rules, it needs to be done by a broader cohort, so a greater degree of precision can be established. 

“We need to go back to understanding how regulation is formed, why it is formed and who the users are.” 

Having worked with the FCA, Byrne believes it will take a number of years before entire regulatory handbooks become machine-executable. In the meantime, he suggests regulators begin examining which aspects of regulation can be automated. 

“We are a very long way from achieving this [machine-executable regulation] right now, but the FCA’s work indicates a direction of travel as the costs and complexity of regulatory compliance are unsustainable for some,” says Hodges-Long. 

Hardoon agrees that machine-executable regulation will be in place within the next 10 years, but stressed not all regulation would lend itself to be structured in such a way. Machine-executable regulation will only be implementable in cases where it is “clear, unambiguous and quantitative in nature”, he says. For example, there are already automated limits in place for trading to curb excessive volatility. 

“Some features that are required for machine-executable regulation to be implemented include the use of accurate and timely data,” Hardoon says. “The data must have well-established data lineage for accountability and traceability.” 

However, even in these instances, Hardoon says the fundamental difficulty for any form of regulation will be the identification and assessment of its intention, which he believes computers will not be able to discern.

Intelligent architecture

While the race towards machine-executable regulation is well on its way, there is still a long way to go, with some financial technology firms calling for regulation and compliance enforcement to keep pace with the speed of innovation.

There are signs, however, that other regulators are moving ahead aggressively in this area. A number of regulators in the US, including the newly formed Consumer Financial Protection Bureau and the Federal Communications Commission (FCC) are converting their regulations into digital format. For the FCC, this has simply involved transforming its PDF regulation into an XML format, opening up the possibility for the document to be read by a machine. As Byrne says: “The next phase will be to implement an intelligent architecture.” 

“We envisage that the future of regulation is one that will undoubtedly include consumption of significant amounts of data, leverage on automation and the exploration of AI and machine learning,” Hardoon says.


This feature forms part of the Central Banking Risk-based supervision focus report, published in association with Vizor

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here:

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have a Central Banking account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: