August’s Regulatory News

Since 2014, the FCA has been at the vanguard of regulatory activities to foster innovation and reduce the barriers to entry for new products, business models and firms in the financial services industry. 2014 saw the beginning of Project Innovate, and along with the Monetary Authority of Singapore, the FCA was the first regulator to launch a ‘regulatory sandbox’ – a safe space for firms to test innovative products and services with live customers without the need for prior regulatory authorisation.

Earlier this year, in recognition that many of the innovations in FinTech firms are global in nature, the FCA asked stakeholders for their views on the creation of a global sandbox. The latest twist in this innovative tale came earlier this month with the FCA’s announcement that a Global Financial Innovation Network (GFIN) had been created in collaboration with 11 financial regulators and related organizations.

The accompanying consultation paper describes GFIN’s mission as

“a collaborative policy and knowledge sharing initiative aimed at advancing areas
including financial integrity, consumer wellbeing and protection, financial inclusion, competition and financial stability through innovation in financial services, by sharing experiences, working jointly on emerging policy issues and facilitating responsible cross-border experimentation of new ideas”

GFIN will have three main functions – as a network of regulators to promote information and knowledge sharing, provide a forum for joint policy work and discussions and to provide firms with an environment in which to test cross-border solutions. The initial group of organizations involved comprises the following

  • Abu Dhabi Global Market (ADGM)
  • Autorité des marchés financiers (AMF)
  • Australian Securities & Investments Commission (ASIC)
  • Central Bank of Bahrain (CBB)
  • Bureau of Consumer Financial Protection (BCFP, USA)
  • Dubai Financial Services Authority (DFSA)
  • Financial Conduct Authority (FCA, UK)
  • Guernsey Financial Services Commission (GFSC)
  • Hong Kong Monetary Authority (HKMA)
  • Monetary Authority of Singapore (MAS)
  • Ontario Securities Commission (OSC, Canada)
  • Consultative Group to Assist the Poor (CGAP)

All are committed to developing the idea further. However, the FCA is at pains to stress that the eventual membership is still to be determined.

The consultation period ends on 14th October 2018, after which the FCA and the other organizations listed above will consider the feedback and develop a timeline for the launch of the GFIN.

FCA Digital Regulatory Reporting pilot

As an economist at the Bank of England, Oliver Burrows wants to make policy decisions about financial stability based on data and data sets that reflect today’s financial environment. However, given the nature of the current regulatory reporting framework, it can take as long as three years to get hold of the right data, by which time the world will have moved on.

Each time a regulatory policy is issued that requires new or amended regulatory reports, the following actions all have to be taken:

  • Changing a particular report and rule in the handbook to ensure the data is included within regulatory obligations
  • Agreeing with the industry the precise definition of the data elements required for regulatory reporting
  • Sourcing new or amended data items and changing regulatory reporting systems to meet the new requirements
  • Submitting the new or amended reports so that the data finally shows up in the FCA’s reporting system, GABRIEL

This combination of actions is why a seemingly simple request for data from the regulator can take multiple years and cost a huge amount of money to finally make it onto Oliver’s desk.

As mentioned in our July Regulatory news – the Digital Regulatory Reporting (DRr for short) pilot is a cross-industry working group seeking technology solutions to change and fix some of these problems. The industry group comprises teams of people from Santander, Lloyds, Barclays, Nationwide, Credit Suisse and RBS/Natwest. As always the group has a diversity of organizational and individual views, but according to those who are familiar with the project, it is currently making good progress.  (See terms of reference here)

The pilot’s objective is to produce a prototype system that automates the end-to-end process of two separate regulatory reports – one retail and one wholesale. The first is part of the PSD001 report that the FCA requires under Chapter 16 of their handbook and the pilot of focussing on the regulatory requirement to report loan to income ratios, a topic which the FCA wrote about in its December 2017 bulletin.  The second is part of the Prudential Regulation Authority’s rule book, as required by the EU COREP (Core Reporting) regime, specifically the reporting of the  Common Equity Tier 1 ratio (CRR CET).

Various workstreams have been set up under the project, and whilst much of the focus remains on technology, there are many other aspects to consider such as:

  • Policy and rule making – e.g. how can natural language rules be disambiguated without changing the meaning of the regulation?
  • Architecture – how can a solution be designed which enables compliance checks whilst at the same time reducing the volume of data submitted to regulators?
  • Data Strategy – can APIs be used in smart ways to collect data from financial institutions?
  • Operating model – what capability and services would be needed to productionise the results of the pilot and how this would be governed?
  • Implementation impact to regulated firms – what challenges will the pilot solution pose for data sourcing and systems in financial institutions?

It is clear that financial institutions and regulators share many of the same pain points with regards to regulatory reporting and by working in such a collaborative and open manner, the DRr pilot promises to build on the previous Techsprint and move the industry forwards to a more streamlined and automated regulatory reporting process. Whilst it is likely to take several years before the full benefits of this project are realised, continued support from policy-makers, budget-holders and politicians should enable this initial level of momentum to be maintained.

 

The Reg Doctor @ RegTech for London

On 10th May, Dr Sian Lewin chaired a panel at the first RegTech for London event curated by Matt Elton of Finnolux. The event was themed around AML and KYC and asked the important question of ‘Do you really know your customer?‘. With the fifth EU Anti-Money Laundering Directive coming into force the day before, and the drive to really understand who beneficial owners are, it was a very timely event.

Donna Bales of the RegTech Roundtable Foundation, in a thought-provoking keynote, discussed how and why the Financial Services industry will transform over the next 5 to 10 years, the importance of technology in managing these changes and the challenges of effecting meaningful technological change in large financial firms. You can read her full keynote speech here.

Rosalie Koerts, Senior Sales Manager at Keesing Technologies in the Netherlands

Other highlights included hearing from arguably one of the oldest RegTech firms, Keesing Technologies, about real life examples of the challenges involved in verifying identify documents. It was also interesting to hear Sam Gibbons from CompliLearn talking about the variation in the maturity of regulation across various global regions – of particular use for RegTechs planning to enter new markets.

In a wide-ranging panel discussion, Sian not only demonstrated her crowd control skills but also facilitated a lively exchange about the role of compliance functions, whether compliance should be seen as a business opportunity and not just a cost and whether we will get to a point where the assurance of Trust can be marketed as a service.

If you would like to read more about the event, you can read this whitepaper.

Sign up to our community to ensure you are notified about new content, events or updates:

Sign Up

 

July’s Regulatory News

July has been a busy month for the UK and EU regulators, with the PRA publishing several consultation papers on Solvency II, the SMCR rules being finalised for insurers and all FCA registered firms and the EU’s fifth Anti-Money Laundering Directive entering into force on 9th July. We highlight here the regulatory news that is of the most relevance to our network of RegTech Professionals.

Operational Resilience

Reflecting the interconnectedness of the financial system, this jointly issued discussion paper by the PRA and FCA contains their latest thinking on operational resilience, described as the ‘ability of firms, financial market infrastructures (FMIs) and the sector as a whole to prevent, respond to, recover and learn from operational disruptions’. Whilst at first sight, this paper looks as if it is primarily concerned with business continuity and disaster recovery arrangements, it actually heralds a new approach to operational resilience which is more aligned to outcomes-focused regulation. The outcome in this instance is to minimise disruption and to mitigate the risks of that disruption to regulatory objectives such as consumer protection, financial stability and the efficient functioning of markets.

Three key elements of the regulators’ thinking in this approach stand out. The first is that firm and FMIs could be expected to work on the assumption that operational disruptions will occur and therefore understand the impact of a range of disruption scenarios on their business services. The second is that decisions around operational resilience – contingency planning, business continuity and even technology investment decisions – should be based on prioritised business services rather than business-critical systems and processes. Finally, the discussion paper suggests that firms develop a set of impact tolerances to inform risk appetite setting and form the basis of operational stress-testing scenarios.

Whilst there are existing provisions under a range of different legislation and regulatory rules, this indicates that regulators in the UK are gearing up for a more comprehensive and prescriptive framework to protect not just the financial and economic resilience of the financial system but also its ability to continue to operate in the face of  vulnerabilities such as cyber incidents, concentration risk and technological advancements.

Digital Regulatory Reporting

Building on the successful regulatory reporting TechSprint in November 2018, the FCA has published the terms of reference for the next stage, which is a six month pilot project to build on the proof of concept that was developed during the TechSprint and discover whether this might be scaleable as a solution for machine executable regulatory reporting. The aim is to build a prototype or minimum viable product across two use cases. Three separate workstreams will focus on data modelling and removal of regulatory ambiguity, the delivery mechanism for codified regulations and policy, legal and governance challenges respectively.

The following are the participating organizations in the pilot:

  • Barclays
  • Credit Suisse
  • Lloyds Banking Group
  • Nationwide
  • NatWest
  • Santander
  • University College Cork
  • University College London

The FCA will publish the findings of the pilot, and any technical output will be made available as open source code.

FCA Updates Cloud Guidance

For regulated firms considering RegTech solutions that are hosted in the Cloud, a lack of clear regulatory guidance about using Cloud technology has been a slight bone of contention. With the publication of the finalised guidance this month on this topic, the way ahead has become clearer, though firms that are dual regulated by the FCA and the PRA should always ensure both regulators are happy with the approach they adopt. According to the FCA, if a third-party is delivering services on behalf of a regulated firm it is considered outsourcing, and this includes cloud computing. Thus, rules about outsourcing also apply to Cloud based solutions, such as those in the Senior Management Arrangements, Systems and Controls sourcebook (SYSC).

The guidance offers a long list of items to consider in relation to topics such as risk management, oversight of the service provider, GDPR, business continuity and the relationship between service providers. Hopefully, this additional level of clarity will reduce barriers to the adoption of cloud-based solutions but that may be at the risk of even longer procurement life-cycles, as another layer of due-diligence and information security assurance is added to the process.