My previous piece on RegTech highlighted how regulation has evolved over the past decade to keep up with the emerging technologies disrupting the current business & finance model. Albeit moving at a slower pace, RegTech is trying to play catch up with the startups in this new tech dominant economy. Regulation is changing at the fundamental level as it moves from the notion of KYC (Know your customer) to KYD (Know your data). This change is emanating from the fact that we are moving from a system where we regulate people to one where we will be regulating data that involves processes, automation & algorithms. This transition would mean for the regulators to have a different mindset as well as the skill set to perform their job efficiently. We will be looking at comparing the elements that will bring about this transition but before that, let’s review a couple of major changes that will need to happen on the regulatory side.
From the regulatory mindset perspective, they have to realize that “technological neutrality” is not a starting point anymore – this concept has been very important to regulators over the years to prevent them from chasing any new technology but with the technology cycles getting shorter & shorter, this theory does not hold anymore. Let’s put this into perspective – every time the technology changes you go to the regulator & ask for a suggestion on an authorized technology, the regulators are going to get overwhelmed with such requests. Therefore, they will be shifting their focus on what you as a customer are trying to achieve with the automated process involved & make sure that process is compliant & not worry about what technology was used to achieve this. This, however, can become a problem if the regulators don’t understand how the algorithms & automation of the products work at the code level. They need to be able to understand how the data is being used at this level to perform their role of consumer protection, financial stability & market competition.
The other core change will be bringing about new team members to the regulatory team to better perform their functions as regulators. The most important addition in this regard would be of Data Scientists. Just like the Financial institutions & Technology companies, the Regulatory authorities will keep on adding more data scientists to their team as the need for handling a bigger volume of data increases.
Moving on to a comparative analysis of how regulation is done today with how it will take place in the future.
- Consumer Protection —> Data Protection: The current model safeguards the clients by making sure that their money doesn’t get lost or misappropriated. With the new precious commodity being the data, which can be used by the consumer to take a financial decision or from a monetization perspective, the security & privacy of their data would become paramount.
- Capital Regulation —> Algorithm Sandbox: Companies have capital control requirements in place currently to mitigate the risk but going forward it’s going to be about algorithm compliance involved in the process automation. Regulators will be doing due diligence on the automated system before it is allowed to operate in the market.
- Financial Stability —> Financial Networks: While the previous emphasis on the financial stability of an organization is important it doesn’t encapsulate the dynamism of the current & future technology-driven financial systems, connecting companies & individuals. Therefore regulating a financial network would become more important.
- Prevent bad behavior —> Promote good behavior: A Major positive development following the financial crisis has been the Preventing of Conduct risk, companies have still been able to find their way out of reprehension by utilizing loopholes in the current regulatory regime. Going forward regulators can set a system in place where good behavior is reinforced & rewarded to strengthen the quality of financial networks.
- Re-active —> Pro-active: Traditionally, Regulators have taken a reactive approach to fix problems & we saw the manifestation of this in the last financial crisis when safety valves were put in place after that fact. However, with the speeding up of technological changes, the reactive approach is quickly becoming redundant. Regulators will need to be forward thinking on how the FinTech environment will change tomorrow so they can be prepared for it today.
- Reporting compliance —> API compliance: Currently, the financial institutions are sending reports to regulators about specific questions. A common question being asked of the financial institutions by the regulators has been the impact of FinTech companies on their businesses. This question has therefore changed the behavior of the financial firm on how the technology is impacting their business model, the current reporting process becomes tedious & cumbersome. A better way in the future would be the process of API (Application Program Interface) compliance where the regulators can pull the information directly from the financial institution to analyze the shocks from external factors like FinTech. This would allow regulators to supervise the firms without inducing a change in their behavior or wasting time.
- Licensing barriers —> Deep Learning barriers: Financial markets today are regulated by the number of licenses issued to operate in the space as financial institutions. For example, only firms with banking licenses can operate as banks. Come tomorrow, the barrier to entry will be the quality of the algorithm used in the automation of the processes by the financial institutions or technology companies. Data gathering based on the algorithm would be incredibly personalized & the customization and individualization, which will eventually represent the experience barrier to entry.
With the disruption of the current business models picking up the pace, regulators have a lot of catching up to do with their response or be left out in the dust.