The role of RegTech in financial services - Colm Kincaid, Director of Securities Markets Supervision

Opening Remarks at the 8th DCU Fintech Symposium

Good morning. It is a great pleasure to be here and I would like to thank DCU for the opportunity to address its 8th Fintech Symposium. We are to hear from an excellent line up of speakers and I am sure that everyone here can look forward to a stimulating event.

I welcome the work of DCU in holding these symposia over the past two years. It provides an important forum for linking academia with industry and other stakeholders (including ourselves as regulators), creating opportunities for us to engage more closely with one another to work collaboratively in the field of technological development. Noting the specific focus of today’s symposium, I would like to give you some insight into one of our key supervisory initiatives over the next three-year strategic cycle - to harness data for better supervisory outcomes - as well as highlighting some of our key priorities when it comes to technology in financial services.

Changes in the financial services landscape and technological developments

The scale of financial regulation activity, both across Europe and in this jurisdiction, has grown significantly since the financial crisis. This period has also seen a transformation in the European regulatory landscape with the enactment of extensive legislation, bringing with it significant reporting obligations¹. At the Central Bank of Ireland, we have been adapting to this changing landscape through the combination of a revised organisational structure (including the establishment of a dedicated Financial Conduct Pillar – where my own Directorate sits), a more intrusive supervisory approach and through our close engagement with our European and international counterparts to shape the European and global framework of regulation.

The increase in financial regulation activity in this period has been accompanied by rapid technological development in the financial services sector. The business models and operations of financial institutions are changing rapidly, and in some respects quite radically, in line with technology advances, making FinTech an established part of how financial services are now delivered². 

Harnessing data for better supervisory outcomes

The extent and reach of this technology of course has implications for how we as regulators carry out our supervisory responsibilities. Just as we have sought to organise ourselves to deal most effectively with the increasing scale of financial regulation, we are similarly embarking on ways of meeting the challenges and opportunities associated with evolving technology and how it features in the provision of financial services. Our colleagues at ESMA have recently noted that just as FinTech is introducing changes to the way in which market participants offer their services, so too RegTech and SupTech will alter the way in which financial institutions and regulators respectively comply with the rules and supervise markets³. They have also expressed the view that a move towards a more data-driven and pro-active approach to compliance and supervisory monitoring will enhance monitoring of the financial sector and help ensure better outcomes for market participants and consumers⁴.

One of the statutory objectives of the Central Bank is the proper and effective regulation of financial service providers and markets, while ensuring that the best interests of consumers of financial services are protected. In this regard, we recognise that there is a clear need to ensure that users of financial services are protected regardless of the technology used when using those services. Analysis of data and information is therefore a core competency for the Central Bank when delivering on its mandate and we have made it a priority to develop our data analytics capabilities and related technology infrastructure, as recently reiterated in our published Strategic Plan 2019 – 2021⁵. This includes the Central Bank’s Unity Programme to deliver on our vision for an effective data management solution that meets the current and future needs of the organisation.

Securities and Markets Supervision

One of the distinct features of the work in my own area of securities and markets supervision is that it comprises huge quantities of data, much of which is reported by the entities we supervise under some of these recently introduced regulatory obligations. Our work involves dealing with millions of records a day in terms of policing this legislation, which can run to thousands of provisions. These data sets are too large and too frequent to review manually. So, we have a very particular need to use technology to facilitate the efficient transmission of data, and to read and understand that data once received. We are continuously looking to ways to improve our effectiveness in doing this, be that through our new machine-to-machine reporting channel for the submission of MiFIR transaction reports⁶, which we are finalising for launch, or our increasing use of technology to interrogate the information we receive.

Industry engagement forms a strong part of this, from engagement with bodies such as DCU, to meeting RegTech firms to learn more about their activities, to involving firms in the testing of our solutions. In the case of machine-to-machine reporting for example, a number of participating firms engaged with us in the testing of the reporting channel and we found that industry engagement and exchange of feedback to be a very valuable part of the development process. When operational, the machine-to-machine channel will facilitate greater automation of reporting, and it is our ambition that the vast majority (possibly as much as 80%) of our MiFIR transaction reporting traffic will migrate to our new machine-to-machine channel.

As I have noted on more than one occasion, technology developments in the securities markets have evolved to such an extent that we are no longer just regulating the conduct of individuals – we are now also regulating the conduct of machines acting across fractions of a second. We are essentially tasked with supervising activity that the human eye cannot see and the human brain cannot comprehend. Technology is vital in helping us perform this supervisory role. This is why we have made it one of our strategic initiatives to continue to develop our data analytics capabilities and our technology infrastructure to support our supervisory engagement and inform our judgements and decisions. We have a dedicated technical team in the Securities and Markets Directorate to gather and interrogate these large quantities of complex and diverse data and the use of technology to do so is at the heart of our daily supervisory tasks.

Deepening our ability to harness the benefits of technology is essential therefore to having a properly and effectively regulated securities market, namely one that:

• Provides a high level of protection for investors and market participants.
• Is transparent as to the features of products and their market price.
• Is well governed (and comprises firms that are well governed).
• Is trusted, by both those using the market to raise funds and those seeking to invest.
• Is resilient enough to continue to operate its core functions in stressed conditions and to innovate appropriately as markets evolve.

When I took up my current role, I was delighted to host a RegTech Sprint Roundtable in April of this year, attended by over 90 delegates from Ireland and elsewhere, across industry, international regulators and central bankers. The Roundtable discussed how rules could be written so that they can be both machine readable and human readable, facilitating swifter and more effective implementation. Through this combination of our own technical work, engagement with the RegTech community here and overseas and influencing the regulatory agenda at EU level and beyond, we aim to continuously improve how we deliver on our statutory mandate.

Algo Trading

One example of how we are increasingly using technology to supervise more intrusively is our work on algorithmic high frequency trading.

Algorithmic (or ‘algo’) trading is the use of computers to make and execute trading decisions based on imputed strategies, with limited or no human intervention. The nature and speed of algo trading means it can only be supervised effectively using a technology and data-led approach. The analysis we conducted on daily electronic transaction data reported by firms has resulted in greater visibility on algo trading in the Irish market and also given us more insight into the interconnectivity of trading on the market. By applying data analytic tools to firms’ transaction reports and market data we were able to build a better picture of the level of algo trading and we could ascertain that it was being used more extensively in the Irish market than initially reported. We are involved in ongoing discussions with the firms concerned in respect of our queries on reported levels of algorithmic trading. We are also continuing to engage with our colleagues in other national competent authorities and in ESMA on the definition of this activity in the relevant EU reporting requirements. 

Resilience

While I have mainly spoken about the work we are doing in the Central Bank, there is an equal necessity for financial service providers to invest in technology. Effective use of technological innovation can bring benefits and enable firms to harness data to proactively monitor, identify, and correct situations that can lead to poor outcomes. But firms must also ensure they are innovating responsibly and staying alive to any potential risks and downsides when introducing greater levels of technological intervention into the operation of their business. I note analysis conducted by Bloomberg that reveals that increasing regulatory requirements and expectations is the most challenging topic for financial institutions globally when managing risks and its prediction that the global demand for regulatory, compliance and governance software will reach almost 119 billion dollars by 2020⁷. In this context, a recent report published by FINRA⁸ notes that the increased use and integration of RegTech into compliance and regulatory systems also has the potential to introduce new vulnerabilities related to security, as RegTech tools may involve linking to and pulling in data from multiple internal and external sources on an ongoing basis. The report finds that this has the potential to lead to new sources of security risks and recommends that security risk management should be an integral part of the evaluation and implementation of RegTech tools; as of course it should be for all technology used by regulated financial service providers and those to whom they outsource activities. We expect that firms are taking the right actions to promote effective management of cyber risk and are strengthening their resilience to cybersecurity incidents and IT failures, with sufficiently robust systems and controls to minimise the potential impact on their businesses, reputations and the wider financial system. This includes having regard to the Central Bank’s published Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks⁹, which followed on from our supervisory work on this topic.

The ecosystem for innovation

Of course, if technology is to play its proper role in innovation, it needs the right ecosystem to support it. The regulatory framework forms a key part of that, and firms need to ensure that they innovate in a manner that adheres to both the letter and spirit of the legislation put in place to ensure financial stability and the protection of consumers and investors. Robust regulation by the Central Bank also forms a key part of this ecosystem, to ensure that the highest standards are set and met. However, it is also important that as regulators we provide the right forums for others to engage with us about innovation, including when considering the development of new solutions.

Earlier this year, the Central Bank launched its Innovation Hub to provide a specific location to better facilitate firms’ engagement with the Central Bank on innovation. Our engagement with firms through the Innovation Hub allows us to build on our existing intelligence on developments in the FinTech sector, get acquainted with new technologies before they enter the mainstream and aids our understanding of new business models, products and services which are emerging, the new ways in which financial services are being designed, developed and delivered and potential risks and mitigants.

I am delighted to say there has been a steady flow of engagement with the Innovation Hub, with the largest number of engagements coming from RegTech and payment businesses¹⁰. Part of our expanded industry engagement programme involves hosting regular FinTech and innovation events with stakeholders and events we have recently hosted under this banner include an Innovation Hub Information Session on consumer protection, authorisations and supervision. It also included an Innovation Hub event focusing on RegTech involving presentations by a number of firms on their business models and use of technology to our FinTech Network.

Conclusion

To conclude, technology now forms part of the basic fabric of financial services. At the Central Bank, we will continue to develop our use of technology to assist us in the delivery of our mission. Regulated financial service providers need to play their part in this, including by making sure their technology ambitions are based on firm technical foundations, targeted at bringing about real benefits for the financial system and its users while being resilient to failure and cyber attack. Only by doing so can we safeguard stability and create an environment where firms and individuals adhere to a culture of fairness and high standards that protects the best interests of consumers and investors, and that serves the wider economy.

I hope these insights will prove useful as you progress through today’s event and your own work in this important field. I wish you well with doing so, and I once again thank DCU for the opportunity to speak to you today.

-------------------------------------------------------------

¹ Such as MiFID II, EMIR, MAD II, UCITS V, PRIIPs, PSD2, AMLD IV, MCD and IDD.

² Bloomberg: "How RegTech closes the gap between technology and financial services", 26 April 2017.

³ Armstrong, Patrick (2018): "Developments in RegTech and SupTech", ESMA RegTechs: Feedback from First Experiments – Paris Dauphine University, 27 November 2018.

⁴ Ibid.

⁵ Central Bank of Ireland (2018), "Strategic Plan 2019 – 2021", page 17 "Strategic Theme: Enhancing Organisational Capability".

⁶ MiFIR encompasses the rules and guidelines on execution venues, transaction execution as well as pre- and post- trade transparency.

⁷ Bloomberg: "How RegTech closes the gap between technology and financial services", 26 April 2017.

⁸ FINRA (2018): "Technology Based Innovations for Regulatory Compliance (RegTech) in the Securities Industry", September 2018 http://www.finra.org/sites/default/files/2018_RegTech_Report.pdf

⁹ Central Bank of Ireland (2016): "Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks", September 2016.

¹⁰ Cross, Gerry (2018) "Hubs and spokes: remarks on innovation and outsourcing", 22 October 2018.