Thursday, July 20, 2017 07.01 AM / Patrick Armstrong
Regulatory Technology: Reshaping The Supervisor-Market
Participant Relationship –Digital Innovation - Opportunities & Risks Posed By
Disruptive Changes & Emerging Technology
Financial Forum, Paris France - Patrick Armstrong Senior Risk Analysis Officer,
Innovation And Products Team
is a great pleasure to be here at the Europlace Financial Forum and I would
like to warmly thank the conference sponsors and, in particular, the Global
Association for Risk Professionals, for inviting me to be here.
the global economy marks one decade since the worst financial crisis since the
Great Depression, it is clear that the rules of the game have changed.
Technological developments are accelerating exponentially while both policymakers
and market participants are racing to keep pace. As supervisors, we along with
economists, firms and individuals are all wondering what the financial markets
of the future will look like so that we can seize the immense opportunities
that will emerge, minimize, and prepare for the inevitable risks.
introduce hardship to many, in the form of slow (or negative) growth, job
losses, societal tensions and political turmoil. The one that began in 2007 was
no exception, although its magnitude and breadth are extraordinary. However,
changes driven by financial crises can introduce benefits as well, as weaker
market participants fall away and capital, both human and financial, is drawn
to those sectors providing the most attractive returns. The economy reorganizes
and becomes more efficient, stimulating innovation and challenging the existing
This is why I
would like to discuss an emerging field with immense potential within the world
of finance and regulation --- regulatory technology or “RegTech”. I will begin
my remarks by providing some context in terms of change, and then I will
discuss the role of the securities market supervisor and how we go about
approaching the topic of financial innovation and regulatory technology in
particular, then what I see as the responsibility of market participants.
Finally, like any good regulator, I will conclude by suggesting some risks.
First, some context
Since I began my
career in banking almost 30 years ago, certain things have changed. Back then,
sitting at my desk in Bank of Boston’s corporate lending department, through
the haze of cigarette smoke wafting from the desk in front of me, I could just
make out the figure of the secretary with an IBM electric typewriter in front
of her. In contrast, we on the youthful cutting edge, used word processors that
upon reflection were little more than glorified typewriters. Fax machines were
the norm for distant communication, while only a privileged few used large,
clumsy mobile phones. Within the bank’s computing center were refrigerated
rooms of mainframe and mini computers whizzing away. On them were names many of
you may never had heard of --- Wang and Digital Equipment Corporation or DEC
--- because they no longer exist. My bank was a ‘vertical’ one-stop shop for
the client where beyond corporate lending we managed their investments, held
their savings, provided checking and offered and serviced their mortgages.
innovation and financial technology in particular have done much to change the
way in which we work and communicate. That portable computer we may have first
used, such as early generation Toshiba or ThinkPad was expensive, slow and oh
so heavy. Today that portable PC has been largely replaced by the smart phone,
which comes at a fraction of the cost and weight, and is capable of doing so
much more. As well, we know that many of the services my prior employer
provided are facing heavy competition in the form of e-mortgages, mobile
payments, peer to peer lending and automated advice.
that survived the financial crisis still have in place proprietary IT systems
from 20 to 30 years ago. Those systems frequently do not communicate with one
another, are very expensive to run and maintain, and are prone to crashes and
susceptible to cybercrime. In the world of the cloud, big data and artificial
intelligence, those systems cannot accommodate the benefits that flow from
these innovations. Instead, we have seen the emergence of a host of competing applications
that are comparatively inexpensive to operate, less prone to failure, more
secure and much better able to accommodate the developments we have seen in
artificial intelligence and machine learning.
With this backdrop
in mind, I will now turn to Regulatory Technology, which at its most basic
means the use of digital technologies to better design, monitor and evaluate
The use of
technology to undertake compliance monitoring existed for many years prior to
the financial crisis of 2007. In that sense, we view the current generation of
technologies emerging to meet compliance needs as evolutionary rather than
revolutionary. However, what is different about today?
the regulatory requirements placed on market participants have certainly
increased greatly over the past ten years. However, many of those regulations
came in response to the known market failures that led to and exacerbated the
crisis. Others reflect the increasingly complex nature of global financial
Second, for our
part as regulators, we believe the move towards a more data-driven and granular
approach will improve the design of regulations, enhance monitoring of the
financial sector and help ensure better outcomes for market participants and
consumers. The use of RegTech is an important tool in supporting that process.
Third, as the
financial services sector becomes increasingly digitalized and data-driven the
advantages of technology-driven monitoring compared to less automated
alternatives have become more and more evident.
Fourth, we have
seen over the past few years a sharp drop in the costs of computing power and
storage. This enormous increase in capacity is acting as an important catalyst
for artificial intelligence and machine learning based tools, which are
extremely data-intensive. Many of these tools are at the heart of the RegTech
renaissance and could not be deployed in a non-digital infrastructure.
As a student of
financial innovation, the emergence of RegTech seems to me a predictable
response to the post-crisis regulatory agenda. It is a clear example of what we
call the “regulatory dialectic”, whereby regulatory action on the part of
public authorities is met by a private sector response designed to ameliorate
the impact of the regulation. In some cases, this response may aim to side-step
regulations, which may prompt the authorities to tighten the regime further. In
other cases, market participants respond in order to manage their regulatory
requirements more efficiently. RegTech fits in to the latter scenario, designed
to help firms adapt to regulation in an effective, cost efficient manner.
I will now turn to
the role of the regulator in using RegTech. I will focus on ESMA’s own dual
experience of being a user and a facilitator of RegTech.
First, a few words
about ESMA and our work on financial innovation. ESMA’s focus is on European
securities markets and it has as its primary objective to promote investor
protection, orderly markets and financial stability. It achieves this by:
assessing risks to investors, markets and financial stability, completing a
single rulebook for EU financial markets, promoting supervisory convergence and
directly supervising credit rating agencies and trade repositories. In
addition, specifically in terms of innovation, ESMA is in charge of ensuring a
coordinated approach to the regulatory and supervisory treatment of new or innovative
financial activities in the securities markets.
to Monitoring Financial Innovation
ESMA has developed
a framework to analyse financial innovation and its impact on markets and
consumers. The framework provides a principles-based approach to the work both
in terms of the range of financial innovation we track as well as the tools we
employ. In designing the framework, we have been guided by the three core
objectives of ESMA --- investor protection, financial stability and orderly
markets. The ESMA objectives serve to ground the analysis of financial
innovation. We bring to the subject a balanced approach, both protective and
Within ESMA, we
are a major user of data as part of our supervisory practices and
macro-prudential monitoring. However, as we are a young organization, formed in
2011, we have the benefit of having been born into this world as a ‘digital
native’. We maintain almost 100 data registers and databases. Some of the
primary ones stem from regulations you are no doubt familiar with --- EMIR, CRA
Regulation, AIFMD, EMIR, MiFID/MiFIR, MAR (European Markets Infrastructure
Regulation, Credit Rating Agencies, Alternative Investment Fund Directive, Markets
in Financial Instruments Directive/Markets in Financial Instruments Regulation,
Market Abuse Regulation. )
Within our many
databases, there exists a wide range of data records ranging from hundreds of
records for some to tens of millions for others. The underlying fields vary
from detailed metrics on Alternative Investment Funds to MiFID based investment
firms, trading facilities, and counterparties to name but a few. Without having
digitized the way in which we request and process the data, we would have soon
found ourselves overwhelmed.
The end goal of a
data-driven supervisory process is to shift from a retrospective to a
forward-looking approach. The fast growing amount of data reported to
supervisors combined with technological improvements in fields such as
artificial intelligence and machine learning allows for the potential of a much
more automated supervisory process. Failure on the part of regulators to
develop the technological capabilities to use the regulatory data undermines
the policy objectives that gave rise to the data.
We also act as a
facilitator, to encourage the digitalization of entities with whom we interact.
In our contact with both Member State regulators and with market participants,
we have required data be transmitted in a digital format that can be easily
processed and analysed. We have worked closely with Member State regulators,
not all of whom are digital natives as many existed long before ESMA, to
develop tools to ensure this digital delivery of data. In turn, as they receive
much of this data from the market participants that they oversee, they have
encouraged the digital transformation of the underlying market participants.
then, as major users of supervisory and macro-prudential data, and as
facilitators of its production and transmission, have a key role in the
evolution of RegTech. Of course, financial sector institutions also have a
major part to play. What developments are we seeing in the private sector?
of Financial Institutions
parallels between the adoption of FinTech – the use of digital technology to
power innovation in financial products and services – and that of RegTech.
Since the financial crisis, the majority of new entrants into financial
services have brought with them a shared competitive advantage, namely
financial technology. We see this in online payment services, foreign exchange
processing, automated advice, and crowd sourcing.
In response, many
incumbent firms have begun to adopt such technologies as part of their business
strategy whether through acquisition, partnering or in-house development. The
technology frequently allows the firm to deliver services at a fraction of the
cost previously charged. As a consequence, we witness an ongoing reduction in
physically staffed locations, as these digitally focussed incumbent
institutions move their business online allowing them to focus on improving the
quality and efficiency of their services,
Just as many firms
are turning to technology to deliver financial services in a more cost efficient
manner so too are they allocating capital to technology that allows them to
meet their regulatory requirements. Customer data such as checking account
information provides firms with valuable insight into the product needs of
their clients. Increasingly, the technology is being employed in a predictive
manner to anticipate client behaviour. The data housed within a financial
institution, if processed and analysed effectively, can likewise be a valuable
source of insight. It provides a more effective and cost efficient way to
monitor such compliance activities as anti-money laundering or know your
However, the ‘big
data’ that exists in these systems are only made usefully realizable if the
institution can make it available in consistent digital format. Only then, can
it be deployed to better anticipate not only the product needs of customers
from a FinTech perspective but also regulatory requirements from a RegTech
financial institutions, including the major banks have been among the first
movers in the use of RegTech post-financial crisis. As mentioned earlier, the
extensive regulatory reforms and compliance requirements that have been
introduced over the past 10 years are among the more important reasons for the
adoption of these tools. As regulations emerge, the firm must identify which
ones apply to a given part of the institution, analyse the implications of the
rule, and assign oversight for the monitoring of it. Indeed, some specialist
RegTech firms are emerging to meet this need. Many established financial firms
operate in multiple geographical jurisdictions, with differing regulatory
requirements across those areas. It is for this reason that most are
increasingly looking to technology as a response.
clearly brings many benefits in helping firms fulfil regulatory requirements
and in helping regulators monitor and supervise effectively, it is not without
risks. As part of our balanced approach to regulation at ESMA, we need to take
care to identify these risks and to look at them in an objective manner.
Tasks, Not Responsibilities
The first risk I
will highlight relates to a major structural shift in the financial sector
brought about by FinTech and RegTech – that of disintermediation. When
collaborating with RegTech firms, financial institutions cannot delegate
responsibility for their compliance and risk management activities. Instead,
the ultimate responsibility remains with the regulated financial institution.
While greater specialisation brings efficiency gains, it means there is a risk
that full oversight does extend all the way down the value chain. Additionally,
while established financial firms have experienced compliance staff, this may
not be true of all new entrants in the sector, who may be unaware of exactly
how far their responsibility extends.
is a major concern across sectors, and of course security needs are especially
acute in the financial sector. It is clear that the migration to a digital
centralized data infrastructure increases a firm’s vulnerability to attack,
theft and fraud. At the same time, large datasets are essential to the
algorithms that power digitalised financial services. We must develop mind-sets
in which client data is viewed with the same level of security as that given to
money placed in secure vaults. To achieve this, we may need to promote
increased real-time collaboration between financial sector institutions on
digital security matters.
A final set of
risks I wish to highlight relate to the differential adoption of new
technology. Failure on the part of market participants to adapt to the newer
digitalized infrastructure presents business risk that may separate winners
from losers in the coming years. As well, failure to adapt to a more automated
regulatory compliance process may leave participants with platforms ill suited
for the current regulatory framework. For their part, regulators must migrate
to a digital based supervisory process, only then can they cope with the volume
of data they will soon receive.
At the start of
the financial crisis 10 years ago, I do not think anybody thought that we would
still be suffering from the aftershocks a decade later. We cannot see into the
future, but if I had to speculate, I would think that if we had some of the
regulations, as well the tools and technology that we have discussed today, in
place then, the results would have been very different.
as FinTech is introducing changes to the way in which market participants offer
their services, so too RegTech will [alter the way in which financial
institutions and regulators comply and supervise/reshape the regulator-market
nexus/relationship]. Implemented correctly and monitored effectively, RegTech
has the potential to improve a financial institution’s ability to meet
regulatory demands in a cost efficient manner.
as regulators, we are constantly looking for tools to improve the way in which
can better supervise market behaviour. Provided both parties manage this
process of change suitably,, we can work towards putting in place an effective,
fair and transparent financial services sector that stimulates growth and
benefits society as a whole.
look forward to the interesting debates and discussions that will unfold here
today. Thank you for your time this morning.