The rise of SupTech: a win-win for financial market regulation


Over the past 10 years since the financial crisis, there has been a seismic shift in the regulatory landscape affecting all financial services firms. In order to avoid another meltdown, new rules and regulations have been created, and regulators have become increasingly more vigilant at policing compliance with the myriad of new rules.

More recent developments also include the innovative contributions of new ‘financial technology’ firms (FinTechs), the internet of things (IoT), cloud services, artificial intelligence (AI), distributed ledger technologies (DLT) and many more evolutions that may require not just new regulations, but a completely different way of regulating and auditing the sector.

All of this means that both financial institutions and regulators need to look at smart solutions for infrastructure, data and analytics and we have already witnessed the rise of RegTech, with specific technology solutions focused on regulation. 2018 is now shaping up as the year when RegTech and the emerging ‘supervisory technology’ (SupTech) will each come into their own, and as they mature they must become part of a joined up landscape to ensure robust safeguards.

How to monitor the risks

New ‘non-bank’ players are also expanding rapidly in the FinTech market with both established and more recent enterprises creating new business models and launching new products. The aim of this is to take advantage of the increased data storage and infrastructure opportunities cloud technology allows, as well as a faster time-to-market provided by automated processes.

The changing landscape of finance, whilst bringing new opportunities, also brings new risks that must be adequately monitored and mitigated, both internally and by external regulators. The increased automation of data also opens up questions about data protection and privacy. Increased use of technology requires increased cybersecurity and there are specific concerns around cross border data flows and jurisdiction for borderless technologies such as DLT and audit trails for the automated decision-making that is a product of ML and AI.

Financial institutions (FIs) are increasingly utilising RegTech to streamline their regulatory compliance processes. The same technologies that are driving FinTech innovation are now being used to ensure FIs implement the latest regulatory changes, monitor compliance and report correctly to the various supervisory bodies. Data gathering and analytics are improving daily, unstructured data (such as complex documents can be scanned to identify new regulatory requirements), and processes are being automated to allow compliance whilst cutting costs.

The automation of know your customer (KYC) and client onboarding processes and the increasing sophistication of transaction monitoring is helping to identify and prevent financial crime at source, whilst the collection and analysis of risk data is being refined to an ever more granular level. These solutions together with automated reporting are improving regulatory compliance within FIs, but without a similar revolution for the regulators, there is a risk that reported data will not be adequately analysed to understand the underlying trends.

Regulating the data

As well as the huge amounts of data being provided to regulators for current compliance initiatives, there are also decisions to be made on how new technologies, business models and products should themselves be regulated and whether a fundamental shift needs to occur in the global regulatory processes.

The data sent to the regulators is in pre-defined formats, defined by rigid templates, which are often specific to a regulation, regulator or jurisdiction, making it very difficult for regulators to share data or run complex analytics to identify root causes. The adoption of SupTech by regulators promises to help streamline the ingestion, analysis and reporting of financial trends on a global basis across multiple markets and regulators. However, it is vital that SupTech solutions should include a shift away from traditional templates towards the collection of raw data from the FIs, including unstructured data such as documents, emails and videos.

The gathering of even more data by the regulators implies that data collection, aggregation and storage processes must be improved. This could be achieved by hosting the data in the cloud and automating the collection and aggregation process as either a ‘push’ from the FIs or a ‘pull’ by the regulator.

The collection of raw data would then enable the formatting to be the responsibility of the regulator. If the data were held in a single authoritative source, regulators globally would be able to run analytics over it using their preferred models. With a federated data model, national regulators could run root cause analysis and share findings in the same way as national crime prevention units.

To the future

Another advantage of moving to this type of model is that data is harvested dynamically rather than at set periods, as is the current norm.

Re-engineering the data collection and aggregation for individual regulators could be a current solution to the immediate problem, but the sharing of data in a federated model will require a shift in approach from the wider supervisory community. New borderless technologies such as DLT may also require increased data sharing and even supra-national regulation.

Looking into the future, the new technologies offer a wealth of solutions to regulatory supervision that could transform the way compliance is monitored and analysed. ML algorithms and an improved interoperability are a pathway to real-time solutions and even predictive supervision. This could lead to increased and shared analytics, but to achieve a joined up future landscape that allows for new scenarios across new regulations, the building blocks must be put in place now.

As with FinTech and RegTech, SupTech needs clean, relevant data that uses a common data dictionary for advanced analytics; it needs the flexibility and increased capacity of cloud storage; and it needs automated processes, which have been properly re-engineered to remove redundant and manual steps.

Once the foundations for SupTech are secure, the benefits for both regulators and the market could be of huge!