The Regulators Are Optimising Their Use of Data. Are You?
By Carol Beaumier and Bernadine Reese
Consider these questions: Can financial institutions manage effectively in a world where issues and breaches are known to regulators before the chief compliance officer or anyone else in the organisation even learns about them? Are Compliance departments — and the institutions they serve — prepared to keep pace with the regulators’ efforts to develop data-driven insights? Or will they find themselves continually on the defensive, struggling to react and respond to regulatory inquiries and challenges?
A key point: It was only six years ago that the term “SupTech,” or supervisory technology, was introduced and started gaining prominence in the regulatory world. However, the use of technology and data science for supervisory purposes has been evolving over decades.
By the numbers: 71% of regulators globally report having SupTech initiatives and 50% indicate they have at least one SupTech application in operation.
Why it matters: For both the regulators and the financial services industry as a whole, the potential benefits of SupTech include increased efficiency and effectiveness of the supervisory process.
- With that promise comes a shift away from outdated, one-size-fits-all templates and manual procedures in favor of data push and data pull approaches that make use of structured and unstructured data.
- These approaches not only strengthen supervision, but also reduce its cost and burden.
- SupTech also holds the promise of better customer protection.
The success or failure of Compliance teams in guiding the institution in a data-led supervisory environment will depend, first and foremost, on the quality and availability of the institution’s own data.
The bottom line: We envision a dynamic supervisory environment in which regulators respond more quickly to market and individual institution developments. Their response will be based on the availability and their interpretation of more voluminous and timely data than they have been able to collect in the past. Financial institutions that are unable to meet these regulatory data challenges will find themselves at a significant disadvantage.
There are at least two reasons for supervisors to adopt SupTech. First, the technology available today could help supervisors achieve greater efficiency and effectiveness in pursuing their goals. Second, without investing in technology, supervisors may be unable to deal with developments in the financial sector itself (such as the rise of fintech) and any possibly related expansion of their statutory mandates.
Examples of current uses of data analytics by regulators:
- Identifying indicators of market abuse and insider dealing
- Credit risk assessments
- Sanctions screening testing (against a given data file)
- Identifying scams online
- Identifying and dealing with high-risk financial advertising
- Predicting the risk of misconduct for financial advisers based on factors like working experience and misconduct history
And potential future uses:
- Identifying potential greenwashing
- Performing initial supervisory reviews
Customer protection can be enhanced by SupTech in the following ways:
- Social media and online analysis and monitoring for high-risk indictors (e.g., high-risk financial promotions, scams)
- Dark web monitoring for scams, fraud and other financial crime
- Use of web scraping to identify high-risk financial products or indicators of poor product design and increased risk of poor customer outcomes
If you can’t explain it simply, you don’t understand it well enough.
Carol Beaumier is a senior managing director in Protiviti’s Risk and Compliance practice and leader of the firm’s APAC Financial Services practice. Based in Washington, D.C., she has more than 30 years of experience in a wide range of regulatory issues across multiple industries. Before joining Protiviti, Beaumier was a partner in Arthur Andersen’s Regulatory Risk Services practice and a managing director and founding partner of The Secura Group, where she headed the Risk Management practice. Before consulting, Beaumier spent 11 years with the U.S. Office of the Comptroller of the Currency (OCC), where she was an examiner with a focus on multinational and international banks. She also served as executive assistant to the comptroller, as a member of the OCC’s senior management team and as liaison for the comptroller inside and outside of the agency. Beaumier is a frequent author and speaker on regulatory and other risk issues.
Bernadine Reese is a managing director in Protiviti’s Risk and Compliance practice. Based in London, Reese joined Protiviti in 2007 from KPMG’s Regulatory Services practice. Reese has more than 30 years’ experience working with a variety of financial services clients to enhance their business performance by successfully implementing risk, compliance and governance change and optimising their risk and compliance arrangements. She is a Certified Climate Risk Professional.
There's a better way to manage the burden of regulatory compliance. Imagine if functions were aligned to business objectives, processes were optimised, and procedures were automated and enabled by data and technology. Regulatory requirements would be met with efficiency. Controls become predictive instead of reactive. Employees derive more value from their roles. The business can take comfort that their reputation is protected, allowing for greater focus on growth and innovation.
Protiviti helps organisations integrate compliance into agile risk management teams, leverage analytics for forward-looking, predictive controls, apply regulatory compliance expertise and utilise automated workflow tools for more efficient remediation of compliance enforcement actions or issues, translate customer and compliance needs into design requirements for new products or services, and establish routines for monitoring regulatory compliance performance.
 Cambridge SupTech Lab (2022), State of SupTech Report 2022, Cambridge: Cambridge Centre for Alternative Finance (CCAF), University of Cambridge. Available at www.cambridgesuptechlab.org/SOS.
 Leveraging a 2018 publication of the Bank for International Settlements (Innovative technology in financial supervision (suptech) – the experience of early users), SupTech is defined as the use of innovative technology by supervisory agencies to support supervision which is grounded in data collection and data analytics.
 Data strategy update 2022, Financial Conduct Authority, 24 June 2022: www.fca.org.uk/publications/corporate-documents/data-strategy-update-2022.
 AML/CFT Supervision in the Age of Digital Innovation, Hong Kong Monetary Authority, September 2020: www2.deloitte.com/cn/en/pages/risk/articles/aml-cft-supervision-in-the-age-of-digital-innovation.html..html.
 The SSM Digitalisation Blueprint: SRB Vision 2028, European Central Bank – Banking Supervision, 29 June 2023: www.bankingsupervision.europa.eu/press/speeches/date/2023/html/ssm.sp230629~1b6d3ba3d7.en.pdf.
 From data reporting to data-sharing: how far can suptech and other innovations challenge the status quo of regulatory reporting?, Bank for International Settlements (BIS), 16 December 2020: www.bis.org/fsi/publ/insights29.htm.
 “NBR-AFI Regional Training on Leveraging Financial Inclusion Data to Drive Inclusive Policy Development – Opening remarks by the Deputy Governor, National Bank of Rwanda,” Alliance for Financial Inclusion, 4 October 2022: www.afi-global.org/newsroom_speeches/nbr-afi-regional-training-on-leveraging-financial-inclusion-data-to-drive-inclusive-policy-development-opening-remarks-by-the-deputy-governor-national-bank-of-rwanda/.