Global regulators’ views on technology: innovations and expectations

Until recently, some financial regulators have seemed reserved, even trepidatious, when it comes to grappling with and addressing technological change. However, the tide is turning fast and we’re now seeing regulators tackling the issue head-on. With this in mind, we explore some of the differing views and expectations of regulators across the globe.

Technology is transforming the financial services industry faster than ever, from the trade floor, to the way businesses interact with consumers, and even the methods used by regulators to exercise their powers. One thing is for certain, the pace of change is quickening: it’s constant and inescapable. As the industry awakens to this idea, we take a dive into the views and expectations of a handful of global regulators when it comes to tech.

UK – Financial Conduct Authority: enabling change through “tech-activism”

In April 2019, the FCA published its business plan for the coming year. Technology stands out as a prominent theme throughout. The FCA’s stance is unambiguous: it’s prioritising tech and weaving it into plans for the coming year, both in its internal processes and what it expects to see from the regulated.

Financial crime and anti-money laundering (AML) are highlighted as a cross-sector priority. In particular, the FCA sets out plans to use “intelligence, data and technology to improve our approach to anti-money laundering, bribery and corruption.” The FCA is embracing change and seeking new solutions to legacy problems, perhaps unsurprising given that, due to technological advances, financial crime is more sophisticated than ever. Essentially, it intends to develop new technology to tackle the dangers and challenges that emerging technology creates. It’s fighting fire with fire and “supporting the use of innovative technologies through the work of RegTech to strengthen industry defences”.

A second cross-sector priority for the regulator is a focus on “innovation, data and data ethics”. The FCA recognises that “data and technology are increasingly driving change in financial markets” and points to its “longstanding strategic commitment to supporting innovation”, which has included measures such as the Regulatory Sandbox and RegTech Techsprints. The FCA has further demonstrated its commitment to tech and innovation with the appointment of Nick Cook as its first ever Director of Innovation in March. Commenting on his role in a speech delivered in June this year, Cook noted that, as well as being the “natural step in [FCA’s] innovation journey”, it also was in keeping with CEO Andrew Bailey’s recent comments that “regulation has traditionally been summed up by three verbs: to forbid, to require, to permit”. In his view, another phase should be added to this approach; to enable change – a regulator should enable change to happen that is consistent with its objectives.

Cook directly addressed the FCA’s views on tech, as well as those of the wider industry. He noted that there is a lingering awkwardness surrounding whether regulators should take the lead in encouraging or insisting that firms invest in and embrace new technology, or whether it should remain “technology-neutral”: “should we talk solely in terms of “outcomes” while remaining “agnostic” or can we show a preference for certain technologies?”. The answer, he concludes, is that technology is embedded in the delivery of financial services and a fundamental driver of consumer outcomes – “it seems to me untenable for regulators and central banks to not have an opinion”.

Instead, Cook endorses the concept of “tech activism”, listing examples of instances where the FCA “has been vocal in [its] desire to see further innovation and progress,” such as financial crime and AML. The FCA will continue to push forward with its pro-tech agenda, he adds: “these will not be the only occasions or areas where we call out the specific issues and problems to which we would like to see further innovation and progress”.

The message coming out of the FCA is bold and forward- thinking, but one might ask whether their actions will live up to their words. While we are yet to see any tech-specific enforcement, where firms are actually penalised for failing to embrace new systems, we are seeing the FCA tackling issues posed by tech. In September 2019, the FCA brought legal action against a former VTB banker after he was found to have deleted WhatsApp messages that he allegedly knew to be relevant to an investigation. This was the first time the regulator has charged an individual with this crime under the Financial Services and Markets Act, and we would hazard may not be the last.

Firms are similarly experiencing a different approach from the regulator. One Behavox roundtable attendee, Head of Surveillance at a Tier-1 multinational bank, commented that FCA had been “quite aggressive” in its directions regarding “fixed income, its calibration and the systems people are using”. He noted that the FCA was getting prescriptive in saying that new compliance technology “can’t just be out of the box – it must be tailored to your firm’s specific area of risk.” As a result, this firm brought in some data scientists and took steps to tailor its controls and systems: “we fine-tuned it, we’re not just out of the box now.” Another roundtable attendee in New York commented that, when considering global regulators’ approaches to tech, the UK regulator is “right up there”.

US – Securities and Exchange Commission: Smart-tech needs smart people

A recent disciplinary action brought by six US securities exchanges saw a registered broker-dealer fined $60,000 for its reliance on manual processes. What was particularly interesting was that the exchanges found no instances of abuse or errors by the broker. However, the decision outlined that the manual process used was not a reasonable system of risk management control or supervisory procedure. In other words, a manual system in itself was enough to warrant disciplinary action. If this is the approach taken by the exchanges, might this be the eventual course of action from the regulators?

The US Securities and Exchange Commission (SEC),much like FCA, is yet to take enforcement action that specifically references a firm’s use (or failure to use) of technology. That said, the SEC has alluded to such failings in recent decisions, specifically those concerning supervision and reporting systems. In July 2019, the SEC settled a $25m charge with Nomura Securities International Inc after it found the firm to have inadequately supervised its traders in their sales of mortgage-backed securities. The SEC determined that Nomura had insufficient compliance and surveillance procedures in place. It is not a big stretch to suggest that even though there was no direct reference to the use of technology, this might be what the enforcement team concluded in analyzing the firm’s supervisory adequacy.

Much like other global regulators, the SEC encourages the use of technological systems and innovation across firms, but is also using it to bolster its own regulatory regime. As Steven Peikin, Co-director of the Division of Enforcement at the SEC, highlighted in his keynote speech at the Southeastern Securities Conference 2019: “in recent years, the Division has developed a number of proprietary tools and capabilities for analyzing vast quantities of data to identify suspicious patterns…In the past year, the Commission also brought significant insider trading cases that may not have been possible without our ability to analyze voluminous amounts of data, including trading data and communications metadata.”

The SEC’s implementation of tech to fortify its existing regulatory regime carries into the SEC’s Office of Compliance Inspections and Examinations (OCIE), as highlighted by SEC Chair, Jay Clayton, in his keynote remarks given at the Mid-Atlantic Regional Conference in June 2019. In particular, Clayton noted that OCIE is turning to data analytics, which is “an increasingly important part of OCIE’s risk-based program, and OCIE has developed proprietary tools for analyzing data in support of the program.”

HAL, or the High-Frequency Analytics Lab, is one such proprietary tool developed by OCIE “to enhance the SEC’s capabilities in examinations and oversight”. It gives SEC staff an oversight of market microstructure, which includes high-frequency trading. OCIE has also developed NEAT, or the National Exam Analytics Tool. As Clayton highlighted, this “allows examiners to collect and analyze large datasets of trading records to identify potentially problematic activity and better understand a firm’s business during examinations. These reports help to identify registrants engaging in potentially unfair market practices, and to shed light on major market events.”

The SEC is harnessing technology, meaning two things for firms: firstly, the regulator is smarter in its own processes and more likely to catch out malpractice; and secondly, the regulator will be expecting firms to take similar steps to upgrade their own systems.

An anonymous source who used to be on the staff at OCIE told Radar that, while SEC ramps up its efforts to employ tech from the inside, it might lack the staffing ability to truly take full advantage at this moment in time: “the whole challenge for the Commission right now is that they have a lot of data and a lot of reports but the older generation are just not comfortable analyzing that and making the most of the insights that lie within the data. There is huge potential in the analytics there but the right people need to be working on it and applying it.”

What is interesting here is the direct parallel that can be drawn between regulator expectations of firms, and the reality that meets them: we often hear at roundtables that regulators put pressure on firms to modernise their systems, but in order to glean meaningful insights from those new systems there has to be a significant investment in staff, which is often stopped by budget availability. For instance, until recently, the SEC has been faced with an industry-wide hiring freeze.

US – Financial Industry Regulatory Authority: Facilitating innovation

When it comes to deployment of technology, FINRA is looking to keep ahead of the curve. In July 2018, FINRA Haimera Workie, Head of FINRA’s newly created Office of Financial Innovation, views the new office as a “facilitator” rather than a prescriptive regulatory body. RADAR / 7 issued a special notice seeking comment and ideas on how it could best keep current and help its members to understand the potential in FinTech. In September 2018, it released a RegTech report, focusing on developing technology to support compliance functions in the securities industry and exploring the implications it would have on broker-dealers.

FINRA has consistently portrayed itself as a regulator keen not only to embrace, but to get ahead of, technological change. This culminated in April 2019 with the opening of FINRA’s new Office of Financial Innovation; a department that focuses on improving innovation and collaboration within FINRA, regulators and the wider industry. Radar sat down with the Head of the new Office, Haimera (Haime) Workie, and FINRA’s Director of Financial Innovation, Kavita Jain, to better understand its attitude towards emerging tech and trends.

The pair started working together around two years ago with the initial launch of FINRA’s innovation outreach initiative, from which the Office of Financial Innovation was born. Rather than being an instructive or prescriptive regulatory voice, the Office was created as a support tool for member firms. As Workie pointed out, “it was designed to ask firms about what pressure points they’re seeing in terms of being able to bring their ideas about innovation to fruition”.

While some regulators set out technological expectations of firms under their jurisdiction, FINRA’s attitude is that of “facilitator”. Workie explained “as firms are having issues or challenges, we try to have conversations with them, and to the extent that we can see things that they should be considering…we give information about how they should be approaching the issues.” The office frequently publishes whitepapers with topics ranging from RegTech to blockchain. Jain notes that while these whitepapers are useful to firms, they are also helpful for FINRA insofar as it “maintains an ongoing dialogue, so that we can keep our finger on the pulse and get a better sense of new technologies”.

As well as white papers, FINRA’s office also engages the industry through conferences, regional roundtables, symposiums, investor education groups and annual conferences. These aren’t just limited to financial services firms either, “we invite other players in the ecosystem too, like vendors, academics and economists”. FINRA strives not just for tech-awareness, but to have a deep understanding of new technologies. This allows the regulator to tackle industry issues from a position of knowledge and expertise and to anticipate challenges before they affect investors, firms and regulators alike.

Despite FINRA’s investment and expertise regarding innovation and technology, it remains non-prescriptive in terms of what technologies it expects its members to adopt. Workie commented “we’re technology agnostic in the sense that the requirements are really what the rules state so it’s frequently around having reasonable policies and procedures. So if they have different techniques, whether they’re manual or technology enhanced, we tend to be agnostic so long as they’re meeting their requirements as set out in the context of the rules.”

But, as Jain points out, technology within the financial services industry is “not always driven by regulatory requirements”. From FINRA’s perspective, “technology could really transform all segments of the financial services industry”: from customer interaction, chat-bots, wealth management, trading, research and even the compliance function. The biggest challenge posed by tech? Training staff to manage it. Echoing the concerns raised by the anonymous source at SEC, Jain added, firms need to “ensure people know their roles, what they’re doing and what they’re permitted to do with the tech. Insider threat is a huge problem”.

Australia – Securities and Investments Commission: Embrace tech or explain why not

Of all the global regulators we’ve spoken to, ASIC has been the most bold in taking a prescriptive approach to their expectations of regulated firms and their use of emerging technology. In March 2019, ASIC’s Director of Financial Services, Michael Saadat, announced an “if not, why not” approach will be adopted to force banks to explain when they aren’t using the latest technology – including systems used by start-ups. While many global regulators have merely been implicit in setting out their expectations, ASIC is far from unequivocal.

This has since been followed up in ASIC’s 2019-23 corporate plan, in which it sets out a vision of a “fair, strong and efficient financial system for all Australians”. Much like the message coming out of the FCA 2019-20 Business Plan, ASIC’s vision of the future is founded on technology. Over the next four years, ASIC plans to roll out a new enforcement strategy, with an increased focus on “more intensive supervision” and “a greater use of next-generation regulatory tools”, including artificial intelligence, behavioural science and data analytics.

Innovation, technology and behavior are a common thread throughout the 52-page document. ASIC highlights that its Office of Enforcement, which was established in 2018, will play a crucial role in overseeing the use of emerging technologies to enhance its enforcement capabilities. Moreover, the regulator has made a commitment over the next four years to “facilitate advancements in technology that are beneficial to consumers, investors and markets”. It will do this by “supporting the Fintech, supervision technology (Suptech) and Regtech sectors through [its] Innovation Hub.” ASIC hopes that such steps will move to deliver better outcomes, both in terms of regulatory compliance and consumer experience. It will also allow the regulator to understand and anticipate the potential harms that technological changes can bring about. ASIC is joining the global movement, alongside other regulators, to encourage new ways of thinking to achieve compliance goals, and forming new teams to ensure such action is taken.

ASIC has launched numerous programs and initiatives that demonstrate its commitment to the cause. In 2018 it launched an investigation into how natural language processing could transform tech. In September 2019, ASIC hosted a Regtech Voice Analytics Symposium. In his opening speech, ASIC Chair James Shipton expressed his vision for Australia as “a world-leader in the development and adoption of Regtech.” He added: “ASIC can see a future where artificial intelligence, including machine learning, text analytics, voice analytics, and other technologies are a seamless component of financial services firms’ business models…a future where firms can record, store and analyse all communications with consumers using these tools.”

ASIC is not tech-agnostic, nor does it pretend to be. However, it remains to be seen how it will transpose these tech-positive attitudes into its enforcement approach.

Singapore – Monetary Authority of Singapore: Embracing tech, but not expecting it

The Monetary Authority of Singapore (MAS) appears to be obsessed with technology, releasing new initiatives to boost innovation and technological change almost monthly.

This obsession is nothing new – as MAS’s Assistant Managing Director of Technology, Vincent Loy, recently pointed out, MAS has been issuing guidance relating to technology risk management since 2001. In 2016, it launched a FinTech Regulatory Sandbox. While other regulators have since introduced Sandboxes to help firms innovate, MAS went further and launched “Sandbox Express” “to provide firms with a faster option to test innovative financial products and services in the market”. MAS wants new tech and it wants it now.

MAS could be seen as ahead of the rest in terms of innovation- focused regulation. However, in some areas it keeps pace with other global regulators. For instance, in March 2019 it unveiled plans for a technology group; a group that “brings together expertise in data analytics, information technology and cybersecurity to support MAS as a digitally enabled and secure organisation and strengthen the supervision of technology risks in the financial sector”.

As for how technology will affect the financial services workforce, MAS is acutely aware of the challenges that technology poses for its staff. Chief Data Officer, Dr David Hardoon, recently opined, “one of the key tasks of MAS is to work with the industry to build a smart financial centre with a skilled and adaptable workforce”.

Much like FINRA, MAS understands that training and re-skilling of staff is essential to the effective implementation of new tech. Its response “is not to avoid it but to equip workers so that they can take on the higher value job roles that technology will enable.” This is demonstrated in its recent launch of a “Skills Framework for Financial Services”, which helps employers conduct skills training across all business lines. MAS has already taken steps to train its own employees, and is re-skilling those whose jobs are altered by the emergence of new tech: “for example, many bank tellers, whose job roles have been impacted by technology, have since been re-skilled and re-deployed as digital ambassadors, video tellers, customer service officers, and even chatbot trainers.”

However, while MAS is acutely aware of the presence of tech, and has taken steps to facilitate and innovate around it – there is little to suggest that they’re expecting firms to get on side. While other regulators have set out (whether implicitly through enforcement action or explicitly in speeches) an expectation that firms should be moving towards automated systems, MAS has been less bold, less prescriptive so far.