Technology plays a huge role in nearly every aspect of financial services today. As the world moved online, tools and infrastructure to help people manage their money and make payments have burgeoned the world over in the past decade.
With much of the finance world now leveraging technology to conduct business, predict trends and deliver services, financial services regulators are also developing new technologies to monitor markets, supervise financial institutions and conduct other administrative activities. The emergence of purpose-built technologies to facilitate regulator oversight has, over the past few years, garnered its own moniker of supervisory technology, or suptech.
Interest in suptech is proliferating across the globe thanks to a diverse set of prudential and conduct regulators. A sampling of regulators developing suptech include the FDIC, CFPB, FINRA and Federal Reserve in the U.S.; the U.K.’s FCA and Bank of England; the National Bank of Rwanda in Africa; as well as the ASIC, HKMA and MAS in Asia. Several “super regulators” are also engaged in suptech efforts such as the Bank of International Settlements, the Financial Stability Board and the World Bank.
The strides in suptech demonstrate that creative thinking coupled with experimentation and scalable, easily accessible technologies are jump- starting a new approach to regulation.
In this post, we’ll examine a few core suptech use cases, consider its future and explore the challenges facing regulators as the market matures. The uses are diverse, so we’ll focus on three key areas: regulatory reporting, machine-readable regulation, and market and conduct oversight.
A quick general note: Nearly every financial services regulator is engaged in some type of suptech activity and the use cases discussed in this article are intended as a sample, not a comprehensive list.
But what exactly is suptech?
As a preliminary matter, we should quickly survey a few definitions of suptech to frame our understanding. Both the World Bank and BIS have offered definitions that provide useful outlines for this discussion. The World Bank states that suptech “refers to the use of technology to facilitate and enhance supervisory processes from the perspective of supervisory authorities.” It’s a little circular, but helpful.
The BIS defines suptech as “the use of technology for regulatory, supervisory and oversight purposes.” This is a similarly loose definition that describes the broader scope better.
Regardless of differences on the margins, the “sup” in these suptech definitions acknowledges the primacy of the idea that regulators’ objectives are to oversee the conduct, structure, and health of the financial system. Suptech technologies facilitate related regulatory supervision and enforcement processes.
Regulatory reporting
Regulatory reporting refers to a broad swath of activities such as financial firms providing trading data to regulatory authorities and regulators’ analysis of financial data or corporate information to determine the projected health or potential risks facing an institution or the market.
The MAS and FDIC are incorporating transactional and financial data reported by firms as a means to assess their financial viability. The MAS, in conjunction with BIS, has run tech sprints soliciting new ideas relating to regulatory reporting, while the FDIC has “a regulatory reporting solution that would allow ‘on-demand’ monitoring of banks as opposed to being constrained by ‘point-in-time’ reporting. This project is particularly targeted at smaller, community banks that provide only aggregated data on their financial health on a quarterly basis.”
The HKMA recently outlined its three-year plan for the development of suptech, which includes developing an approach to “network analysis.” The HKMA will analyze reporting data related to corporate shareholding and financial exposure to bring them “to life as network diagrams, so that the relationships between different entities become more apparent. Greater transparency of the connections and dependencies between banks and their customers will enable HKMA supervisors to detect early warning signals within the entire credit network.”
These reporting initiatives touch on a theme regulators have continuously struggled with: How to regulate markets and firms based on a reactive approach to historical data. Regulation and enforcement are often retrospective activities — examining past behavior and data to decide how to sanction an organization or develop a regulatory framework to govern a particular type of activity or financial product. This can result in an approach to regulation too rooted in past failures, which might lack the flexibility to anticipate or adapt to emerging risks or financial products.
Common throughout these regulatory reporting examples is the concept of collecting data more expansively and frequently to better understand market fluctuations and an organization’s financial health in closer to real time. Regulators are acknowledging that improved reporting efforts might help uncover early warnings about market gyrations or the risks facing a particular firm by constantly analyzing financial, corporate and transactional data.
Machine-readable regulation
Since written regulations and laws establish and empower regulators as well as define compliance mandates for financial institutions, making regulatory texts more interactive and digestible is another important focus for suptech.
As the BIS observed, machine-readable regulation can “help to narrow the gap between regulatory intent and interpretation. Machine-readable regulations could also help supervisory agencies to efficiently assess the impact of regulatory changes, consult on regulatory reforms, and reduce regulatory complexity.”
The FCA conducted a tech sprint centered on this use case in 2017. Regarding that exercise, it stated, “This tech sprint successfully proved that we are able to take a regulatory requirement contained in the FCA Handbook and turn it into a language that machines can understand. Using that language, machines can then execute a regulatory requirement, effectively pulling the required information directly from the firm.”
In another example, the FSRA in Abu Dhabi constructed a technical framework so that its regulations can be expressed as “a set of APIs and regulatory taxonomy for firms and fintechs to interact with dynamically.” The FSRA opened these APIs to organizations to create applications based on machine-readable regulation data.
Given the significant manual efforts involved in interpreting and implementing written regulatory mandates, the clarity and executability offered by machine-readable regulation is appealing. Financial services firms dedicate entire legal and compliance teams to reviewing the operational implications of new regulations and deploying associated controls to manage compliance.
A new regulation might outline how financial products can be marketed or dictate organizational requirements for establishing new entities that sell particular products. A new rule can impact how employees conduct business, the technologies underpinning those processes, and could necessitate the creation of new roles, responsibilities and reporting obligations.
As a result, the ability to deploy, execute and enforce new regulation via code is certainly appealing. Adding a level of automation through machine- readable regulation could, at minimum, make these processes more efficient, and in an optimal state, automatically execute certain changes gleaned from the regulatory code.
The advent of truly machine-executable regulation could reduce administrative overhead, mitigate risks related to human error and improve manual processes for the review, analysis and implementation of new rules.
Conduct and oversight
The category of conduct and oversight encompasses a broad range of use cases, so we’ll examine a representative sample here.
Two suptech projects analyze complaints submitted by customers to glean information about individual firm practices and broader market insights.
The Central Bank of Kenya (CBK) engaged in an analysis of customer- complaint data to better understand reporting trends as well as the patterns related to the subject matter of the complaints themselves. The World Bank observed that the project helped the CBK “identify emerging risks and unknown problems in the market.” Flagging unknown market problems from complaint data allowed the CBK to understand potential issues based on concrete data and confirmed its “capacity to discover topics without prior specifications or assumptions.”
Another key benefit of the CBK project was that by associating topics to the metadata, analysts discovered how complaints varied by bank or by time period, and whether there was a difference between complaints categorized as “open” or “closed.” The ability to understand bank-specific complaint issues or the incidences of particular types of complaints during a given time period offers additional data points that can be used for enforcement or investigations.
For example, if complaint data indicates a common bad practice among a group of banks, it may prompt a “horizontal sweep” of firms — examining a single issue across regulated organizations to determine how each firm approached it. These horizontal sweeps help regulators develop informed responses to pervasive risks or topics of concern.
The CFPB has engaged in several projects to analyze customer complaint data, mortgage data and consumer credit data from U.S. financial institutions to flag trends and issues. In the case of the CFPB, the results are published to the public and available to researchers and others who can search and examine it for their own purposes.
Complaint data helps regulators better understand and police firm conduct as well as understand broader market trends. As discussed above, the incremental ability to move from a reactive to a proactive approach to market and firm regulation can be extremely beneficial in anticipating disruptive events, whether at the market level, among a group of banks or at a single firm.
Another conduct issue that regulators must address are requirements that govern financial advertisements, which require them to be fair, balanced and not misleading. The volume and complexity of financial services advertisements are growing due to the proliferation of online ads and the dawning use of video and audio platforms to deliver these messages. The expanding volumes and complexity of advertisements pose challenges for regulators who must review it.
During a recent podcast, FINRA provided details about its use of technology for advertising oversight purposes, noting that it has employed machine learning and natural language processing techniques to aid in its reviews. While suptech is not mentioned by name, FINRA’s activities in this area clearly fall within its scope.
Finally, no visit to the Twitterverse is complete these days without stumbling head first into a conversation about Central Bank Digital Currencies. As the BIS has observed, CBDC offer potential suptech-like oversight benefits for “safeguarding public trust in money, maintaining price stability and ensuring safe and resilient payment systems and infrastructure.”
And, of course, many CBDC proponents suggest basing the currency on blockchain technology. Several banks have implemented or announced plans for CBDC pilots, so this is undoubtedly an issue we will hear more about in the future. In fact, the Banque de France and the MAS recently completed a CBDC cross-border payment and settlement experiment using J.P. Morgan’s Onyx blockchain network.
Challenges of suptech and its future
Given the breadth and complexity of suptech use cases, it should come as no surprise that regulators are facing the same challenges as technology startups and incumbents in fostering suptech initiatives. In fact, a read- through of recent surveys and reports about suptech include discussions about challenges like “the importance of senior management buy in” and the difficulties in finding appropriate computer programming expertise. These themes are well understood (and often lamented by) startups and Big Tech, who have been grappling with them for years.
However, in the suptech context, they may signal a level of maturity and acknowledgment that regulatory initiatives are keeping pace with the financial services and technology industries more broadly.
Additionally, oft-repeated mantras about the ubiquity of cheaper cloud computing and sophistication of open-source AI models are likely to fuel suptech’s continued evolution. Capabilities that facilitate quicker and more efficient suptech innovation without the need for massive capital expenditures will be useful.
On one hand, these challenges might suggest that regulators must now compete with startups in the talent, tooling and salary realms. However, the technological sophistication and practical implications of suptech might offer new career paths for those who want exposure to a different kind of work experience.
Perhaps educational certificates or courses to help job seekers develop specific suptech skills could create a unique niche for those looking to deploy their knowledge in an area of public interest and importance.
From an innovation perspective, the use of tech sprints and other modes of engaging outside organizations to assist in the development of suptech solutions is critical. Many regulators have developed public-facing innovation hubs to engage with startups and understand how technologies are evolving in the private sector. (Full disclosure: I have interacted with many of these teams in my role with Theta Lake). Perhaps suptech public-private partnerships may become more common and encourage more inclusive feedback loops among financial institutions, regulators and startups.
Regulators are breaking historical preconceptions about them as stodgy, staid and conservative organizations by developing original and effective suptech platforms. The strides in suptech demonstrate that creative thinking coupled with experimentation and scalable, easily accessible technologies are jump-starting a new approach to regulation. Given global regulators’ goals of market stability, transparency and consumer protection, the application of skill and effort to suptech should be welcomed by all participants in the financial system.
By Marc Gilman, General Counsel and VP of Compliance at Theta Lake.
