RegTech: Building a Better Financial System1

RegTech: Building a Better Financial System1

CHAPTER 16 RegTech: Building a Better Financial System1 Douglas W. Arner, Jànos Barberis, Ross P. Buckley Contents 16.1 Introduction 359 16.2 RegTe...

138KB Sizes 0 Downloads 54 Views

CHAPTER 16

RegTech: Building a Better Financial System1 Douglas W. Arner, Jànos Barberis, Ross P. Buckley Contents 16.1 Introduction

359

16.2 RegTech: A Framework of Analysis

360

16.3 RegTech in the Financial Services Industry

362

16.4 Data Driven Regulation

364

16.4.1 Big Data

365

16.4.2 Cybersecurity

365

16.4.3 Macroprudential Policy

366

16.5 Looking Forward

367

Notes

368

16.1 Introduction Since the 2008 Global Financial Crisis (‘GFC’), regulatory and technological developments have changed financial markets, services and institutions in unexpected ways.2 ‘FinTech’, the use of technology to deliver financial solutions, is one aspect of these changes. Its rapid evolution demands a similar evolution of RegTech.3 ‘RegTech’, a contraction of the terms ‘regulatory’ and ‘technology’, describes the use of technology in the context of regulatory monitoring, reporting and compliance.4 Automation of processes allows for better, more efficient risk identification and regulatory compliance.5 Recently two pain points have arisen in the financial services industry, which drive the development of RegTech and support our vision. On the expense side, post-crisis fines have exceeded US$200 billion,6 and the ongoing cost of regulation and compliance has become an industry-wide concern.7 On the revenue side, competition from FinTech companies threatens up to US$4.7 trillion of revenues.8 As with FinTech,9 the GFC represented Handbook of Blockchain, Digital Finance, and Inclusion, Volume 1 DOI: 10.1016/B978-0-12-810441-5.00016-6 Copyright © 2018 Elsevier Inc. All rights reserved.

359

360 Chapter 16 a turning point in RegTech development.10 However, the factors underlying, and beneficiaries of, RegTech are quite different. Start-ups (increasingly partnering with, or being acquired by, traditional financial institutions)11 have led FinTech growth, whilst RegTech has arisen from the huge costs of complying with new institutional demands by regulators and policy-makers.12 In one survey, 87% of banking CEOs considered these costs disruptive.13 This provides a strong economic incentive for more efficient reporting and compliance systems to better control risks and reduce costs. Furthermore, massive increases in the volume and types of data reported to regulatory authorities14 represent a major opportunity for the automation of compliance and monitoring processes. For the financial services industry, the application of technology to regulation and compliance could massively increase efficiency. For regulators, RegTech enables a move towards a proportionate risk-based approach where access to and management of data enables more granular, effective supervision of markets and market participants.15 This can minimize risks of the regulatory capture witnessed prior to the GFC and respond to the increasingly digital nature of finance.16 Furthermore, applying technology to regulation facilitates the monitoring of financial markets participants that are increasingly fragmented by the emergence of FinTech start-ups.17 Enhanced reporting accuracy and decreased compliance costs are not new incentives.18 However, with the digitization of the financial services industry, the gap between the accuracy, and costs, of manual and automatic compliance and monitoring has widened. Combined with recent advances in data science and analytics, RegTech’s growth can be understood as process automation to substantially decrease both compliance costs and the potential for regulatory actions and fines.19 Early signs of real-time, proportionate and efficient regulatory regimes are emerging. However, automating and streamlining regulatory processes is only an incremental evolution toward a more efficient regulatory framework.

16.2 RegTech: A Framework of Analysis The GFC and post-crisis financial regulatory reforms transformed the way financial institutions operate, reducing their risk-taking, profitability and spectrum of operations.20 Extensive post-crisis regulation has dramatically increased the compliance burden on financial institutions, adding to the direct cost of regulatory penalties.21 These changes were intended by the post-crisis regulatory reform agenda,22 which has driven RegTech’s emergence; we return to this issue in Section 16.3. www.elsevierdirect.com

RegTech: Building a Better Financial System

361

With this dramatically altered environment has come the rapid evolution of FinTech. While this term has only gained popularity in the past three years,23 the interaction between finance and technology has a long history.24 Today, FinTech impacts every area of the financial system globally, most dramatically in China, where technology firms Alibaba, Baidu and TenCent (‘BATs’) have transformed finance and posed new regulatory challenges.25 Furthermore, since 2016 regulators in the United States, UK, Australia and Singapore have attempted to better understand FinTech market dynamics and develop new regulatory approaches.26 According to the FCA: ‘RegTech is a subset of FinTech that focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities’ (emphasis added).27 This pragmatic assessment of RegTech today underestimates RegTech’s true potential.28 RegTech is not only an efficiency tool. It is a pivotal change that could trigger a paradigm shift in regulation. Viewed holistically, RegTech represents the next logical evolution of financial services regulation and should underpin the entire financial services sector. In the near future, the application of technology to monitoring and compliance offers massive cost savings to established financial companies and opportunities to emerging FinTech start-ups, IT and advisory firms.29 For regulators, RegTech enables continuous monitoring that improves efficiency by both liberating excess regulatory capital,30 and making it faster to investigate non-compliant firms.31 RegTech however offers more: the potential of continuous monitoring capacity, providing close to real-time insights, through deep learning and AI filters, which identify problems in advance rather than enabling enforcement action after the fact. This would be a profound transformation in the approach to both finance and its regulation. While FinTech has an inherently financial focus, RegTech has the potential for application in various contexts from monitoring corporations for environmental compliance to monitoring trucking companies for speeding infractions. As our financial system moves from one based on Know-Your-Customer (’KYC’) principles to a Know-Your-Data (’KYD’) approach, a new regulatory paradigm dealing with everything from digital identity to data sovereignty, extending beyond the financial sphere, must evolve. It is therefore critical to distinguish RegTech from FinTech. The conception that RegTech is a subset of FinTech may come from the fact that the GFC catalyzed both. However, their underlying causes were different. RegTech’s emergence is attributable to: (1) post-crisis regulation requiring additional data disclosure from supervised entities32 ; (2) data science developments (particularly AI and deep learning), which can structure unstructured data33 ; (3) economic incentives to minimize rising

www.elsevierdirect.com

362 Chapter 16 compliance costs; and (4) regulators’ efforts to make supervisory tools more efficient to foster competition and uphold their mandates of financial stability and market integrity.34 FinTech’s emergence is attributable to: (1) financial market deficiencies caused by the GFC and resulting regulatory responses; (2) public distrust in the financial services industry; (3) political pressure for alternative sources of finance for small and medium enterprises; (4) unemployed financial professionals looking to apply their talents; and (5) the commoditization of technology and market penetration of the Internet and mobile phones.35 FinTech post-GFC has grown organically as a bottom-up movement led by start-ups and IT firms, whilst RegTech has grown in response to top-down institutional demand and encompasses three distinct, but complementary groups. Firstly, financial institutions and the financial industry are increasingly applying technology to meet regulatory demands. Secondly, regulators need to use technology to address challenges of monitoring and enforcing new regulatory requirements in rapidly developing cross-border markets. They must also deal with rapidly emerging FinTech technologies and entrants. Regulators must develop regulatory approaches that allow innovation but limit risks to consumers and financial stability.36 Thirdly, policy-makers and regulators will face the challenge of rapidly transforming financial systems, and building the necessary infrastructure to support their regulation, which will necessitate the increasing use of RegTech and close cooperation with industry participants. To date, RegTech development has primarily been driven by the financial services industry wishing to decrease costs.37 Increasingly, going forward, it is likely to be driven by regulators seeking to increase their supervisory capacity. We therefore expect RegTech to focus more on business-to-business (‘B2B’) solutions in contrast to FinTech which focuses on business-toconsumer (‘B2C’), as well as B2B, solutions.38

16.3 RegTech in the Financial Services Industry Financial institutions applied technology intensively to risk management and compliance in the 1990s, with regulators relying heavily on such systems. However, the GFC fundamentally altered that paradigm. Regulators globally have since implemented extensive regulatory reforms, which have driven global firms to develop global centralized risk management and compliance functions.39

www.elsevierdirect.com

RegTech: Building a Better Financial System

363

RegTech’s emergence can be largely attributed to the complex, fragmented and ever-evolving post-GFC regulatory regime. Financial supervision, in response to growing regulatory complexity, inevitably required greater granularity, precision and frequency in data reporting, aggregation, and analysis.40 Examples appear in capital and liquidity regulations under Basel III, stress testing and risk assessments in the UK, US and EU, and reporting requirements imposed on OTC derivatives transactions resulting from Group of 20 (‘G20’)/Financial Stability Board (‘FSB’) agreed approaches and as implemented – in conflicting fashions – in the context of Dodd–Frank or the EU’s EMIR.41 Rising compliance costs made innovative technologies a natural solution to compliance requirements.42 As reported, ‘[t]he annual spending by financial institutions on compliance is estimated to be in excess of US $70 billion.’43 It is no wonder the industry turned to RegTech for cost-effective solutions. Second, deepening regulatory fragmentation has given rise to an additional layer of compliance burdens for financial institutions. Regulatory overlaps and contradictions between markets led financial institutions to turn to RegTech to optimize compliance management.44 Third, the rapidly evolving post-crisis regulatory landscape introduced uncertainty on future regulatory requirements, placing a premium on financial institutions enhancing their adaptability.45 RegTech may have taught financial institutions how to ensure compliance in a changing environment through iterative modeling and testing. Finally, regulators are motivated to become familiar with RegTech to ensure financial institutions comply with regulations in a responsive manner.46 RegTech adds value to regulators by helping them understand, in closer to real-time, innovative products and complex transactions, market manipulation, internal fraud and risks.47 New technological developments additionally allow for new forms of market monitoring or reporting processes.48 The Bank of England is closely observing RegTech development, stating that (emphasis added): Firms have started to make progress in response to the limitations of existing surveillance solutions, including the use of new technology and analytics which go beyond the key-word surveillance and simple statistical checks previously used by firms to detect improper trading activity...49 As noted, this was initially driven by post-crisis regulatory reforms, with the application of technology the enabling factor. In 2014, Goldman Sachs established what is now its second largest office in Bangalore (Bengaluru), India, with capacity for 9,000 staff.50 Other major financial institutions, including

www.elsevierdirect.com

364 Chapter 16 JP Morgan, Citibank, Barclays, and HSBC, have many staff in centralized support operations in India, especially in Bangalore, Mumbai, New Delhi and Chennai. Rather than traditional back office or call center operations, these are focused on integrated global risk management and regulatory compliance. In the context of customer on-boarding/account opening and KYC operations, these functions may be centralized in India (or elsewhere) for all operations of a global financial services firm.51 Likewise, with respect to extensive reporting requirements, financial institutions now look to centralized operations to gather necessary data globally on a real-time basis so that they have a clearer picture of operations and risks and can repackage the information to meet regulatory requirements.52 Ironically, these operations resemble pre-2008 trading floors, with rows of desks with telephones and multiple screens to allow continuous monitoring and communication across the institution. From a regulatory standpoint, these separately incorporated subsidiaries are not regulated as banks in their host jurisdiction, as they are not conducting ‘banking’ activities requiring licensing and regulation. Rather, they are subject to domestic outsourcing rules of the jurisdictions of the group entities they support.53 Consequently, an entirely different way of addressing compliance is emerging – one driven by technology and regulatory change and comprising the most sophisticated level of RegTech today, the first element of a new post-crisis RegTech 2.0. RegTech’s increasing prevalence in industry requires regulators to adapt and adopt technology within their own internal processes, which comprises the second element of post-crisis RegTech 2.0 discussed in Part IV.

16.4 Data Driven Regulation While regulators’ lack of financial and human resources is generally a barrier to RegTech development (particularly in developing countries), regulators have had notable successes combining technology and regulation.54 Relative to the private sector there has however been a lag in regulator adoption of RegTech. Nonetheless, large market incidents have prompted regulatory (re)action. Regulators have used technology since the 1980s to monitor and enforce market integrity in exchange-traded securities markets, with the US Securities and Exchange Commission (‘SEC’) leading globally.55 Regulators and the financial industry have long worked closely in the evolution of robust technological and regulatory solutions to issues regarding cross-border electronic payment systems and securities trading and settlement systems. However, with the increasing information reported to regulators and new technology such as AI and deep learning, there is potential for more to be done in terms of automating market supervision, consumer protection and prudential regulation.56 The pace of FinTech innovation has also proven challenging.

www.elsevierdirect.com

RegTech: Building a Better Financial System

365

RegTech’s evolution in the financial industry highlights the rate of change within industry. However, regulators themselves provide an example of the relatively wide gap between ITenabled systems in the industry and the lack of IT-enabled solutions among regulators. Regulators are becoming aware of this due to the simple necessity of dealing with the masses of data which industry is required to deliver.57 Given these data streams are designed to ensure financial stability and market integrity, it is essential that regulators develop systems to appropriately monitor and analyze these data sets.

16.4.1 Big Data AML/KYC has so far provided a fertile area for RegTech development in the post-crisis financial services industry. However, the information produced by the financial services industry – particularly suspicious transactions reports – is an area where regulators are beginning to consider technological solutions to assist monitoring and analysis. Failure to develop the IT capabilities to use new data provided will undermine underlying policy objectives.58 This also provides an opportunity for collaboration between regulators and academia to produce a greater understanding of market behavior and dynamics.59 Regulators have successfully used technology in reporting transactions in public securities markets. Today, regulators rely heavily on the trade reporting systems of securities exchanges to detect unusual behavior which can trigger potential regulatory investigation and enforcement.60 Such systems illustrate the use of RegTech 1.0 in the pre-crisis period. Since 2008, such systems have proven to be limited by their lack of information on activities taking place off the exchange, which is concerning given the majority of trading in many markets occurs off-exchange via ECNs and ‘dark pools’.61 US and EU regulatory reforms are set to change this by mandating reporting of all transactions in listed securities, regardless of where those transactions take place. Regulators must match this with IT systems that monitor and analyze information and apply this approach across their regulatory roles. This is the second element of an emerging RegTech 2.0. However, we need to move beyond this to develop a new approach.

16.4.2 Cybersecurity Cybersecurity concerns highlight the necessity of further regulatory development.62 As the financial services industry becomes digitized and data-based, there is an increasing risk of attack, theft and fraud from hackers. The 2016 Bangladesh central bank heist, implemented via SWIFT, exposed the vulnerabilities of existing frameworks. Unsurprisingly, this is a focus area for regulators and organizations including the FSB and Basel Committee.63 This adds to

www.elsevierdirect.com

366 Chapter 16 the natural attention placed on the issue by financial institutions themselves: cybersecurity is among the most significant risks they face.64 Cybersecurity should be a key concern for data intensive FinTech start-ups, who may fail to comprehend the need for security because they live in a digital, data-abundant world. Whilst the scarcity of money drove the development of secure vaults and payment systems, data abundance may not create the right incentive for firms (beyond reputation risks) and can clearly harm consumers. Cybersecurity is the clearest example of how FinTech demands RegTech. However, RegTech’s greatest potential is in the area of macroprudential policy.

16.4.3 Macroprudential Policy Pre-2008 regulation focused on the soundness of individual financial institutions, assuming that if each bank was financially sound, then the whole financial system would likewise be stable. The GFC fundamentally altered this view and since the crisis there has been a new focus on macroprudential policy, with the G20 tasking the IMF, FSB and BIS with the development of related early warning systems to prevent the build-up of risks which lead to financial crises, thereby ultimately either preventing crises or minimizing their severity. Macroprudential policy focuses on overall financial system stability, based on holistic analysis and focusing on interconnections and evolution over time.65 Numerous jurisdictions have implemented new institutional frameworks to support macroprudential policy, including the Financial Stability Oversight Council (FSOC) in the US and the European Systemic Risk Board (ESRB) in the EU. These have also been tasked to develop and implement macroprudential policies to support financial stability. Macroprudential policy thus seeks to use the extensive data reported to regulators to identify patterns and reduce the severity of the financial cycle. Some progress is being made in identifying potential leading indicators for future financial instability.66 It involves quantitative analysis of large volumes of data searching for interconnections and implications. The ever-increasing volumes of data being reported can feed into these analytical processes. Already, central banks such as the Federal Reserve, the European Central Bank and the Bank of England are using data ‘heat maps’ to highlight potential issues arising from automated analyses of data (such as stress tests).67 These early efforts highlight the likely future direction of RegTech with respect to macroprudential policy. Simultaneously, regulators are continually identifying needs for even more data.68 Ever-increasing reporting requirements further drive the need for RegTech processes and the necessity of centralized support services to collect and produce the required data at the required frequency and in the required format. In particular, the Basel Committee has set

www.elsevierdirect.com

RegTech: Building a Better Financial System

367

requirements for risk data aggregation and reporting which are driving internal processes in financial institutions and regulators, with an increasing focus on near real-time delivery, with near real-time analysis hoped to follow.69 Significantly, the FSB and IMF have identified the need to harmonize reporting templates for systemically important financial institutions and simplify data analysis.70 These developments show the first important steps on the way to better regulation through technology, but highlight challenges for other regulators regarding expertise, access to technology and financial constraints. They also set the stage for the application of more sophisticated big data tools including deep learning and AI.

16.5 Looking Forward The speed of FinTech innovation, combined with the dramatic progress witnessed in some developing countries warrants that RegTech be used not only to make financial regulation more effective and affordable, but to reconceptualize and redesign financial regulation in line with the transformation of financial market infrastructure.71 As FinTech gradually moves from digitization of money to the monetization of data, the regulatory framework must be rethought to cover notions previously unnecessary such as data sovereignty and algorithm supervision. At this stage, the sustainable development of FinTech will need to be built around a new RegTech framework. This requires a sequenced approach. First, a holistic approach that focuses on building twenty-first century infrastructure to support market functions is required. This is clearest in the context of SWIFT, with efforts now focusing on developing an improved structure to support global payments. On the technological side, blockchain allows the replacement of clearing and settlement methods devised in the nineteenth century.72 India’s recent introduction of a multi-level strategy to support FinTech evolution and innovation demonstrates how RegTech 3.0 could look in emerging markets. Second, appropriate regulatory responses to FinTech innovation must be developed. This core aspect of RegTech 3.0 has been challenging for regulators.73 One group of participants argue for a laissez-faire approach, so as to only put regulations in place once FinTech has developed.74 This was largely China’s approach until 2015. Because of numerous negative experiences, since mid-2015, China has instead focused on implementing a complete regulatory framework for FinTech.75 The traditional financial services industry – arguably fearful of competition from new entrants unhindered by complex and expensive regulatory and compliance requirements – typically argues in favor of similar treatment for all. In our view, the key is to balance risk and potential innovation by working closely to understand industry developments while making sure similar activities are regulated in similar ways

www.elsevierdirect.com

368 Chapter 16 to prevent regulatory arbitrage.76 Regulatory arbitrage together with excessive reliance on financial institutions’ internal quantitative risk management systems were two factors underlying the GFC.77 It underlies the post-crisis focus on addressing risks of shadow banking. Simultaneously, there should be a multi-level approach which applies graduated regulatory requirements to firms based upon their level of risk, and often correlating with size. Recent FinTech experience – particularly in Africa and China – highlights the challenge of rapid development and the potential to move from ‘too small to care’ to ‘too big to fail’ very quickly.78 This prompted China to reevaluate its regulatory approach.79 This also highlights the necessity of monitoring new developments across the financial system, in order to understand both what is happening and its implications. This is now taking place internationally through the FSB in conjunction with the IMF and BIS, to identify and raise awareness of new developments that may quickly arise in other markets.80 Third, regulatory sandboxes have been a central focus in the context of appropriate FinTech regulation. Perhaps the greatest potential for the sandbox tool is the testing of new RegTech approaches by industry and regulators. The transformative potential of RegTech is for it to be used to reconceptualize the future of financial regulation by leveraging new technology. We are beginning to see elements of RegTech 3.0 emerge, with technological progress changing both market participants and infrastructure, with data as the common denominator. The practical consequence of this is a transformation from a KYC to a KYD approach. As our financial system moves beyond KYC to KYD, we will move into an entirely new regulatory paradigm that must deal with everything from digital identity to data sovereignty and that has the potential to extend beyond the financial sphere.81 For regulators, this implies that: data security and use will be vital for consumer protection; prudential regulation will focus on algorithm compliance; and financial stability will be concerned with financial and information networks. The shift represents a market-wide reform which must be sequenced. The emergence of FinTech companies, combined with wider use of regulatory sandboxes, offers a unique opportunity to pilot this regulatory architecture that is proportionate, efficient and data-driven before market-wide implementation. FinTech requires RegTech.

Notes 1. This chapter is derived from a much longer article: Douglas W. Arner, Janos N. Barberis & Ross Buckley, “FinTech, RegTech and the Reconceptualization of Financial Regulation”, 47 Northwestern Journal of International Law and Business (2017).

www.elsevierdirect.com

RegTech: Building a Better Financial System

369

The authors gratefully acknowledge the financial support of the Hong Kong Research Grants Council Theme-based Research Scheme (Enhancing Hong Kong’s Future as a Leading International Financial Centre) and the Australian Research Council Linkage Grant Scheme (Regulating a Revolution: A New Regulatory Model for Digital Finance); the substantial input of Dr Cheng-Yun Tsang, and the research assistance of Sarah Webster and Jessica Chapman. 2. See Douglas W. Arner, Janos Barberis & Ross P. Buckley, The Evolution of FinTech: A New Post-Crisis Paradigm?, G EORGETOWN J. I NT ’ L L. (forthcoming 2016); ROSS P. B UCKLEY & D OUGLAS W. A RNER , F ROM C RISIS TO C RISIS : T HE G LOBAL F INANCIAL S YSTEM AND R EGULATORY FAILURE (2011). 3. See I NSTITUTE OF I NTERNATIONAL F INANCE , R EG T ECH IN F INANCIAL S ERVICES : T ECHNOLOGY S O LUTIONS FOR C OMPLIANCE AND R EPORTING 5–8 (March 2016). 4. See Christophe Chazot quoted in I NSTITUTE OF I NTERNATIONAL F INANCE , R EG T ECH : E XPLORING S O LUTIONS FOR R EGULATORY C HALLENGES 2 (Oct. 2015). 5. See S ANTIAGO F ERNANDEZ DE L IS , ET (March 2016).

AL .,

R EG T ECH , THE N EW M AGIC W ORD IN F IN T ECH 1

6. See Jeff Cox, Misbehaving banks have now paid $204B in fines, CNBC (Oct. 30, 2015), http://www.cnbc. com/2015/10/30/misbehaving-banks-have-now-paid-204b-in-fines.html. 7. See, Thomson Reuters Annual Cost of Compliance Survey Shows Regulatory Fatigue, Resource Challenges and Personal Liability to Increase throughout 2015, T HOMSON R EUTERS (May 13, 2015), http://thomsonreuters.com/en/press-releases/2015/05/cost-of-compliance-survey-shows-regulatory-fatigueresource-challenges-personal-liability-to-increase.html. 8. See, The Fintech Revolution, T HE E CONOMIST (May 9, 2015), http://www.economist.com/news/leaders/ 21650546-wave-startups-changing-financefor-better-fintech-revolution. 9. Arner, Barberis & Buckley, supra note 1. 10. See Institute of International Finance, supra note 2: at 1. 11. See, Banks Rushing to Collaborate with FinTech Startups, F INEXTRA (Sep. 16, 2016), https://www.finextra. com/newsarticle/29443/banks-rushing-to-collaborate-with-fintech-startups; EY, F INTECH : A RE BANKS R E SPONDING A PPROPRIATELY ? (2015); Andrew Meola, 1 in 5 European Banks Would Buy FinTech Startups, B USINESS I NSIDER (July 17, 2016), http://www.businessinsider.com/1-in-5-european-banks-would-buyfintech-startups-2016-6/?r=AU&IR=T. 12. See Gregory Roberts, FinTech Spawns RegTech to Automate Compliance, B LOOMBERG (June 28, 2016), https://www.bloomberg.com/enterprise/blog/fintech-spawns-regtech-automate-compliance-regulations/. 13. Fernandez de Lis, et al., supra note 4: at 1. 14. See Institute of International Finance, supra note 2: at 5–8. 15. See I MRAN G ULAMHUSEINWALA , S UBAS ROY & A BIGAIL V ILJOEN , I NNOVATING WITH R EG T ECH – T URNING R EGULATORY C OMPLIANCE INTO A C OMPETITIVE A DVANTAGE 10 (2015). 16. See Douglas Arner and Janos Barberis, FinTech in China: From The Shadow?, 3(3) J. F IN . P ERSPECTIVES 23 (2015). 17. GPFI, G20 H IGH -L EVEL P RINCIPLES FOR D IGITAL F INANCIAL I NCLUSION 12 (2016).

www.elsevierdirect.com

370 Chapter 16 18. Institute of International Finance, supra note 4: at 1; Thomson Reuters Annual Cost of Compliance Survey Shows Regulatory Fatigue, Resource Challenges and Personal Liability to Increase Throughout 2015, supra note 9. 19. D ELOITTE , R EG T ECH IS THE N EW F IN T ECH : H OW AGILE R EGULATORY T ECHNOLOGY IS H ELPING F IRMS B ETTER U NDERSTAND AND M ANAGE THEIR R ISKS 4 (2015). 20. See Ross P. Buckley, Reconceptualizing the Regulation of Global Finance, 36 OXFORD J. L EGAL S TUD . 242 (2016). 21. See Cox, supra note 5. 22. See F INANCIAL S TABILITY B OARD , I MPLEMENTATION AND E FFECTS OF THE G20 F INANCIAL R EGULA TORY R EFORMS : R EPORT TO THE G20 (Aug. 2016); Buckley & Arner, supra note 2; R ECONCEPTUALIS ING G LOBAL F INANCE AND ITS R EGULATION (Ross P. Buckley, Emilios Avgouleas and Douglas W. Arner (eds.), 2016). 23. See, Fintech: Interest over Time, G OOGLE T RENDS, https://www.google.com/trends/explore#q=fintech (accessed Sep. 19, 2016). 24. See Arner, Barberis & Buckley, supra note 1; Andrew Lo, Moore’s Law vs. Murphy’s Law in the Financial System: Who’s Winning? (Bank for International Settlement, Working Paper No. 564, May 2016). 25. See Weihuan Zhou, Douglas W. Arner & Ross P. Buckley, Regulation of Digital Financial Services in China: Last Mover Advantage, 8 T SINGHUA C HINA L. R EV. 25 (2015); Arner & Barberis, supra note 15. 26. See ASIC, Fintech: ASIC’s Approach and Regulatory Issues 10–12 (Paper submitted to the 21st Melbourne Money & Finance Conference, July 2016); ASIC, Further Measures to Facilitate Innovation in Financial Services (Consultation Paper No. 260, June 2016). 27. Feedback Statement, Financial Conduct Authority, Call for Input on Supporting the Development and Adopters of RegTech, 3 (July 2016) emphasis added. 28. Id. See Arner, Barberis & Buckley, supra note 2. 29. Adrian Shedden & Gareth Malna, Supporting the Development and Adoption of RegTech: No Better Time for a Call for Input, B URGES S ALMON 2 (Jan. 2016), https://www.burges-salmon.com/-/media/files/publications/ open-access/supporting_the_development_and_adoption_of_regtech_no_better_time_for_a_call_for_input. pdf. 30. See Citigroup, Comment Letter on Regulatory Capital Rules: Enhanced Supplementary Leverage Ratio Standards for Certain Bank Holding Companies and Their Subsidiary Insured Depository Institution, 3 (Oct. 21, 2013), https://www.federalreserve.gov/SECRS/2013/October/20131030/R-1460/R-1460_102113_111420_ 579523237031_1.pdf. See John Heltman, Long-Term Liquidity Plan Is Costly and Redundant, Banks Argue, A MERICAN BANKER (Aug. 12, 2016), http://www.americanbanker.com/news/law-regulation/ long-term-liquidity-plan-is-costly-and-redundant-banks-argue-1090708-1.html. 31. Daniel Gutierrez, Big Data for Finance – Security and Regulatory Compliance Considerations, I NSIDE B IG DATA (Oct. 20, 2014), http://insidebigdata.com/2014/10/20/big-data-finance-security-regulatory-complianceconsiderations/. 32. See Institute of International Finance, supra note 2: at 5–8. 33. Id., at 12–14.

www.elsevierdirect.com

RegTech: Building a Better Financial System

371

34. See, e.g., BASEL C OMMITTEE ON BANKING S UPERVISION , C ORE P RINCIPLES FOR E FFECTIVE BANKING S UPERVISION 30–31 (Sep. 2012). 35. Arner, Barberis & Buckley, supra note 1. 36. See O FFICE OF THE C OMPTROLLER OF C URRENCY, S UPPORTING R ESPONSIBLE I NNOVATION IN THE F EDERAL BANKING S YSTEM : A N OCC P ERSPECTIVE (March 2016). 37. See Institute of International Finance, supra note 2: at 1. 38. See generally WARREN M EAD , R ICHARD I FERENTA & ROBERT H IBBERT, A N EW L ANDSCAPE : C HAL LENGER BANKING A NNUAL R ESULT (May 2016). 39. See EY, C ENTRALIZED O PERATIONS – T HE F UTURE OF O PERATING M ODELS FOR R ISK , C ONTROL AND C OMPLIANCE F UNCTIONS (Feb. 2014). 40. Institute of International Finance, supra note 2: at 5–8. 41. Id. See also F INANCIAL S TABILITY OVERSIGHT C OUNCIL , S TUDY ON THE E FFECTS OF S IZE AND C OM PLEXITY OF F INANCIAL I NSTITUTIONS ON C APITAL M ARKET E FFICIENCY AND E CONOMIC G ROWTH C ARRIED O UT AT THE D IRECTION OF THE C HAIRMAN OF THE F INANCIAL S TABILITY OVERSIGHT C OUNCIL (March 2016). 42. See Eleanor Hill, Is RegTech the Answer to the Rising Cost of Compliance?, FX-MM (June 13, 2016), http: //www.fx-mm.com/50368/fx-mm-magazine/past-issues/june-2016/regtech-rising-cost-compliance/; Andrew Cornell, AgTech, ResTech, RegTech, FinTech – Actual Solutions or Techno-Babble?, ANZ B LUE N OTES (Feb. 23, 2016), https://bluenotes.anz.com/posts/2016/02/is-regtech-the-answer-to-billions-being-spent-oncompliance-and-reporting/; James Eyers, Welcome to the New World of RegTech, F INANCIAL R EVIEW (June 20, 2016), http://www.afr.com/technology/welcome-to-the-new-world-of-regtech-20160619-gpmj6k. 43. Kate, A Report on Global RegTech: A $100-Billion Opportunity – Market Overview, Analysis of Incumbents and Startups, L ET ’ S TALK PAYMENTS (April 18, 2016), https://letstalkpayments.com/a-report-on-globalregtech-a-100-billion-opportunity-market-overview-analysis-of-incumbents-and-startups/. 44. See Hill, supra note 41. 45. See id. 46. See Eyers, supra note 41. 47. See Hannah Augur, Regtech: The 2016 Buzzword is Turning Heads, DATACONOMY (May 3, 2016), http: //dataconomy.com/regtech-the-2016-buzzword-is-turning-heads/. 48. See Institute of International Finance, supra note 2: at 11–14. 49. C HARLES ROXBURGH , M INOUCHE S HAFIK & M ARTIN W HEATLEY, FAIR AND E FFECTIVE M ARKET R EVIEW: F INAL R EPORT (June 2015). 50. See, Goldman Sachs to Invest Rs 1,200 Crore in Bangalore, T HE T IMES OF I NDIA (Sep. 25, 2014), http:// timesofindia.indiatimes.com/business/india-business/Goldman-Sachs-to-invest-Rs-1200-crore-in-Bangalore/ articleshow/43383998.cms. 51. See B EARING P OINT, S URVEY: S HARED S ERVICES I NDUSTRY S PECIFICS AND T RENDS IN THE E URO PEAN FS M ARKET 7–10 (2011). 52. See EY, C ENTRALIZED O PERATIONS – T HE F UTURE OF O PERATING M ODELS FOR R ISK , C ONTROL AND C OMPLIANCE F UNCTIONS (Feb. 2014).

www.elsevierdirect.com

372 Chapter 16 53. See generally D ELOITTE , S HARED S ERVICES H ANDBOOK : H IT THE ROAD (2011). 54. Chris Brummer, Disruptive Technology and Securities Regulation, 84 F ORDHAM L. R EV. 977 (2015). 55. See, e.g., US S ECURITIES AND E XCHANGE C OMMISSION , R EPORT TO THE C ONGRESS : T HE I MPACT OF R ECENT T ECHNOLOGICAL A DVANCES ON THE S ECURITIES M ARKETS (1997); see also T ECHNICAL C OMMITTEE OF THE I NTERNATIONAL O RGANIZATION OF S ECURITIES C OMMISSIONS , R EGULATORY I SSUES R AISED BY THE I MPACT OF T ECHNOLOGICAL C HANGES ON M ARKET I NTEGRITY AND E FFI CIENCY (Oct. 2011). 56. See Maryam Najafabadi, et al., Deep Learning Applications and Challenges in Big Data Analytics, 2 J. B IG DATA 1 (2015). 57. UK G OVERNMENT C HIEF S CIENTIFIC A DVISER , F IN T ECH F UTURES – T HE UK AS A W ORLD L EADER IN F INANCIAL T ECHNOLOGIES , 48 (March 2015), https://www.gov.uk/government/uploads/system/uploads/ attachment_data/file/413095/gs-15-3-fintech-futures.pdf. 58. Ravi Kalakota, RegTech – Regulatory/Risk Data Management, AML and KYC Analytics, P RACTICAL A NA LYTICS (Jan. 17, 2013), https://practicalanalytics.co/2013/01/17/data-management-aml-and-kyc-analytics/; see also in Australia: KPMG, T EN K EY R EGULATORY C HALLENGES FACING THE BANKING & C APITAL M ARKETS I NDUSTRY IN 2016 2 (2015). 59. See UK Government Chief Scientific Adviser, supra note 119: at 56. 60. T HE B OARD OF THE I NTERNATIONAL O RGANIZATION OF S ECURITIES C OMMISSIONS , T ECHNOLOGICAL C HALLENGES TO E FFECTIVE M ARKET S URVEILLANCE I SSUES AND R EGULATORY T OOLS : C ONSULTA TION R EPORT 14–15 (August 2012). 61. Public Statement, U.S. SEC Commissioner Luis A. Aguilar, Shedding Light on Dark Pools (Nov. 18, 2015), http://www.sec.gov/news/statement/shedding-light-on-dark-pools.html#_edn5. 62. See F INANCIAL S TABILITY OVERSIGHT C OUNCIL , FSOC 2016 A NNUAL R EPORT (2016). 63. See, e.g., T HE B OARD OF THE I NTERNATIONAL O RGANIZATION OF S ECURITIES C OMMISSIONS , C YBER S ECURITY IN S ECURITIES M ARKETS – A N I NTERNATIONAL P ERSPECTIVE (2016). 64. See Sarah Dahlgren, Executive Vice President of the Federal Reserve Bank of New York, Speech at the OpRisk North America Annual Conference, New York City: The Importance of Addressing Cybersecurity Risks in the Financial Sector (March 24, 2015). 65. See I NTERNATIONAL M ONETARY F UND , F INANCIAL S TABILITY B OARD & BANK FOR I NTERNATIONAL S ETTLEMENTS , E LEMENTS OF E FFECTIVE M ACROPRUDENTIAL P OLICY (Aug. 2016). 66. Id. See BIS Committee on the Global Financial System, Experiences with the Ex Ante Appraisal of MacroPrudential Instruments (CGFS, Paper No. 56, July 2016); Blaise Gadanecz & Kaushik Jayaram, Macroprudential Policy Frameworks, Instruments and Indicators: A Review (BIS Irving Fisher Committee on Central Bank Statistics, Paper, Dec. 2015). 67. See IMF, FSB & BIS, supra note 64. 68. See F INANCIAL S TABILITY B OARD & I NTERNATIONAL M ONETARY F UND , T HE F INANCIAL C RISIS AND I NFORMATION G APS : S ECOND P HASE OF THE G-20 DATA G APS I NITIATIVE (DGI-2) – F IRST P ROGRESS R EPORT (Sep. 2016).

www.elsevierdirect.com

RegTech: Building a Better Financial System

373

69. With thanks to Kevin Nixon of Deloitte and formerly of the Institute of International Finance for this point. BASEL C OMMITTEE , P RINCIPLES FOR E FFECTIVE R ISK DATA AGGREGATION AND R ISK R EPORTING (Jan. 2013). 70. Id. 71. See WEF, T HE F UTURE OF F INANCIAL I NFRASTRUCTURE (Aug. 2016). 72. ACCENTURE , B LOCKCHAIN T ECHNOLOGY: P REPARING FOR C HANGE (2015). 73. Arner, Barberis & Buckley, supra note 1; Zhou, Arner & Buckley, supra note 50. 74. See, e.g., FinTech Regulation in China, Hong Kong, and Singapore, N ORTON ROSE F ULBRIGHT (May 10, 2016), http://www.nortonrosefulbright.com/knowledge/publications/139380/fintech-regulation-in-china-hongkong-and-singapore; Deborah Ralston, Let’s Not Regulate Away the Competition Fintech Can Bring, T HE C ONVERSATION (Aug. 6, 2015), https://theconversation.com/lets-not-regulate-away-the-competition-fintechcan-bring-45496. 75. Andrew Meola, China Just Hinted It Could Increase Fintech Regulation, B USINESS I NSIDER (June 29, 2016), http://www.businessinsider.com/china-just-hinted-it-could-increase-fintech-regulation-2016-6/?r=AU&IR=T. 76. See G20, H IGH -L EVEL P RINCIPLES FOR D IGITAL F INANCIAL I NCLUSION (2016). 77. See also US F INANCIAL C RISIS I NQUIRY C OMMISSION, T HE F INANCIAL C RISIS I NQUIRY R EPORT – F INAL R EPORT OF THE NATIONAL C OMMISSION ON THE C AUSES OF THE F INANCIAL AND E CONOMIC C RISIS IN THE U NITED S TATES (2011). 78. Arner, Barberis and Buckley, supra note 2. 79. Zhou, Arner and Buckley, supra note 24. 80. See Huw Jones, Global Regulators Move Closer to Regulating Fintech, R EUTERS (March 31, 2016), http: //www.reuters.com/article/us-g20-regulations-fintech-idUSKCN0WX21J. 81. See e.g., WEF, A B LUEPRINT FOR D IGITAL I DENTITY – T HE ROLE OF F INANCIAL I NSTITUTIONS IN B UILDING D IGITAL I DENTITY (Aug. 2016).

www.elsevierdirect.com