FNT104

• Retired Partner - PwC Canada

• Vice President - ISACA Toronto

• Professor - U of T, Seneca

• CPA, CA, CISA, CRISC
   

• Born in Iran, Grew up in Pakistan

• Studied Medicine, Ended up in Finance/IT

• Multi-lingual: 10 languages

• Explorer: 6 continents, 15 countries
   

• Key to success... Curious + Lazy = Innovative
   

When I started working with clients in the financial services sector, my first impression of the industry was that it was highly regulated, static, boring ... Boy, was I wrong !

I was right when I said it was highly regulated. But static and boring? Not at all.

It turns out that Financial Services is one of the most important industries.  As the expression goes – 'money makes the world go round'.

Since I started in consulting, I’ve seen a lot of changes. However, over the past few years, the change rate has been exponential. Whilst going digital used to be a nice thing to do, it is now a must for serious financial services institutions.

The application of new technologies to financial services creates loads of opportunities for disruption, as well as many job opportunities for the people that have the right skill set. However, getting up to speed in this sector is not that easy. You need to do your homework well.

It is no secret that Millennials, and generations following them, prefer to manage their money through online banking as opposed to walking over to physical branches for any of their banking operations. FinTech is made for them.

The word FinTech comes from Financial Technology. It refers to the group of products and services that introduce innovation into the financial services sector through use of modern, innovative and emerging technologies.

FinTech integrates various types of financial services into the day to day lives of customers. It is basically redefining financial services in the 21st century.

Originally, the term applied to technology used only in the
back-end offices of established financial institutions.

It has now expanded to include various innovations in technology, including RPA (Robotic Process Automation), Cryptocurrencies, Blockchain, AI (Artificial Intelligence),
ML (Machine Learning), and IoT (Internet of Things).

It is hard to pinpoint when FinTech actually began, but the middle of last century is a good reference point:

• Credit Cards were first introduced in the 1950s.  Until then people used cash to pay for purchases.
• ATMs were introduced in the 1960s, meaning that people no longer had to visit physical bank branches for everyday transactions.
• Electronic stock trading commenced in the 1970s.

• In the 1980s, banks started using mainframe computers and other state-of-the-art recordkeeping systems and data storage facilities.

• In the 1990s, e-commerce business models begin to thrive with the growth of Internet. Dot-com companies boom.

• The 2000s were the post Y2K era. Dot-com goes bust. Fiduciary fraud by well-known companies mandates SOX in 2002. Financial crisis of 2008 enforces stricter compliance.

• Starting 2010, emerging technology becomes a buzzword.
  AI and IoT start popping up everywhere. RPA takes a strong foothold.  Bitcoin and its underlying Blockchain become infamously popular, spawning numerous other blockchains and crypto-currencies.

• By 2020, Covid-19 Corona virus spreads across the world.  WFH (work-from-home) becomes the new norm, thereby necessitating tech innovation to compensate for physical distancing.

During the past 70 years of FinTech developments, innovators have created sophisticated treasury management, risk management, data analysis, and trade processing tools for financial services firms and institutional banks.

Currently, FinTech is digitizing retail financial services through crowdfunding platforms, robo-advisors for retirement and wealth planning, payment apps, mobile wallets, and the like. FinTech provides access to alternative and private investment opportunities, as well as online lending platforms.

... and financial services regulate how fast it spins.

Disruption caused by FinTech drives the financial industry to be smarter and more agile and allows it to deal with important problems in the world.

For example, automated investing paves the way for all social classes, rich or poor, to invest online and see returns on their money. It also allows people in developing countries to transact, even if they don’t have a bank account.

Yet, FinTech has a lot of room for growth and improvement.

Fintech is not a new concept.  

The evolution of Fintech
has unfolded in 3 stages,
which we characterize as:

• Fintech 1.0   (1866 - 1967)
• Fintech 2.0   (1967 - 2008)
• Fintech 3.0   (2008 - present)

Finance and technology have had a long history of mutual reinforcement, from early calculation technologies like the 'abacus', to the emergence of double entry book-keeping in the late Middle Ages and Renaissance.

The late 1600s saw a European financial revolution featuring the rise of joint stock companies, insurance, and banking − all based on double entry book-keeping − which was essential to the Industrial Revolution.

In the late 19th century, technologies such as the telegraph helped to forge cross-border financial connections. This was followed by rapid post-World War II technological developments. By the end of this period, a global telex network had been implemented. By 1967, the digitization of analogue systems into digital environments began to take shape.

The late 1960s and 1970s saw rapid advances in electronic payment systems, including establishment of the Inter-Bank Computer Bureau in UK in 1968 and US Clearing House Interbank Payments System in 1970.  Reflecting the need to link domestic payment systems, SWIFT Society of Worldwide Interbank Financial Telecommunications) was established in 1973, followed shortly after by the 1974 collapse of Herstatt Bank.

The crisis created by the collapse of Herstatt Bank served as a catalyst for the establishment of the Basel Committee on Banking Supervision of the Bank for International Settlements in 1975.  This was the first major regulatory initiative for Fintech.

1987’s 'Black Monday’ (October 19, 1987) saw stock markets crash globally; another reminder that global markets were technologically interlinked.

Advances in the mid-1990s underscored the initial risks with complex computerized risk management systems, with the collapse of Long-term Capital Management after the 1997-98 financial crises in the Asian and Russian markets.

Emergence of the internet in the 1990s provided a foundational change that made Fintech 3.0 possible.

A confluence of factors emerged between 2007 to 2008, which provided the impetus for Fintech 3.0 in developed countries. The brand image of banks was severely shaken. A 2015 survey reported that Americans trusted technology firms far more than banks.

The GFC (Global Financial Crisis) damaged bank profitability and the regulation that ensued drove compliance costs to record highs.
Timing of the GFC also played a critical role in Fintech’s development.

This phase required high levels of smartphone penetration and sophisticated application programming interfaces (APIs), which would not have existed had the GFC occurred even 5 years earlier.

The key differentiating factors of Fintech 3.0 have been the rapid rate of development and the changing identity of those who are providing financial services. Start-ups and technology firms have challenged established financial institutions by offering specific, niche services to consumers, businesses and incumbent financial institutions.

Fintech 3.0 has also been characterized by the rapid growth of companies from ‘too-small-to-care’ to ‘too-large-to-ignore’ and finally ‘too-big-to-fail’.

This landscape raises the important question for regulators of precisely when they should begin to focus on certain industry participants. This is why evolution of Fintech requires similar developments in RegTech. 

Today, Fintech impacts every area of the financial system globally, with the most dramatic impact perhaps in China, where technology firms such as Alibaba have transformed Finance.

History is witness that China’s inefficient banking infrastructure and high technology penetration made it a fertile ground for Fintech.

Emerging markets, particularly in Asia and Africa, have also begun to experience what we characterize as Fintech 3.5 – an era of strong Fintech development supported by deliberate government policy choices in pursuit of economic development.

Fintech development in Africa has been led by telecommunications companies on the back of the rapid uptake of mobile telephones and the underdeveloped nature of banking services.

Mobile money – the provision of basic transaction and savings services through e-money recorded on a mobile phone – has been particularly successful in Kenya and Tanzania.

Mobile money has significantly spurred economic development by enabling customers to securely save and transfer funds, pay bills and receive government payments.  

M-Pesa remains Africa’s best-known success story.

Regtech refers to technological solutions that streamline and improve the regulatory processes surrounding Fintech.

In contrast to Fintech’s inherently financial focus, Regtech has the potential to be applied in many regulatory contexts, both financial and otherwise. Further, while Fintech growth has been fueled by start-ups, Regtech has emerged in response to top-down institutional demand arising from the exponential growth of compliance costs.

The evolution of Regtech may be classified in 2 stages, pre and post GFC:

•  Regtech 1.0   (pre GFC)
•  Regtech 2.0   (post GFC)

In the 1990s and 2000s, institutions encountered increasing regulatory challenges as they became more global, catalyzing the development of large compliance and risk management departments.

By the 1980s, financial technology was being employed to facilitate risk management as finance itself became increasingly reliant on IT systems. Financial engineering and Value at Risk (VaR) systems became embedded in major financial institutions, and would ultimately prove to be among the major contributing factors to the GFC.

By the beginning of the 21st century, the financial industry as well as regulators suffered from overconfidence in their ability to apply a quantitative IT framework to manage and control risks. 

Regulator overconfidence manifested in the unduly heavy reliance of the Basel II Capital Accord on internal quantitative risk management systems of financial institutions. This false sense of security was brutally exposed by the GFC, which led to the end of the first iteration of Regtech, aka Regtech 1.0

Another illustration of Regtech 1.0 is the monitoring of public securities markets. Regulators rely upon trade reporting systems maintained by securities exchanges to detect unusual behavior. The GFC exposed the limitations of these systems, as they could not shed light on transactions that occurred off the exchange.

Regulators around the world reacted by mandating the reporting of all transactions in listed securities, regardless of where they took place. 

The stringent reporting requirements had to be met with enhanced regulator IT systems to analyse the reported information – an enhancement which ultimately became part of the next stage of Regtech’s development, i.e. Regtech 2.0

These waves of complex regulation drastically increased compliance costs. Plus, regulatory fines and settlements increased exponentially. Adding to rising costs was the increasing fragmentation of the regulatory landscape.

Despite attempts to establish similar post-crisis reforms, regulatory overlaps and contradictions between markets were not uncommon and financial institutions unsurprisingly looked to Regtech to optimize their compliance management.

The post-GFC regulatory requirements provided the foundation for a shift towards a proportionate, risk-based approach – a Regtech 2.0 – underpinned by efficient data management and market supervision.

Regtech 2.0 makes heavy use of Emerging Technologies that came into play around the turn of the century. 

Blockchain, RPA (Robotic Process Automation), IoT (Internet of Things), AI (Artificial Intelligence) and DL (Deep Learning) are just some of the examples of new technologies that were consumed and which demonstrate the potential for automating consumer protection, market supervision and prudential regulation.

Regtech 2.0 primarily concerns itself with the digitization and datafication of regulatory compliance and reporting processes.

Not only does it represent the natural response to the digitalization of finance and the fragmentation of its participants, but it also has the potential to minimize the risks of the regulatory capture which occurred prior to GFC.

Examples of fertile areas for Regtech development include:

• application of big data approaches,
• strengthening of cybersecurity, and
• facilitation of macroprudential policy. 

With respect to big data, regulators are starting to consider technological solutions for the management of AML/KYC information produced by industry participants, notably suspicious transactions reports.

Strong IT capabilities to analyse the data provided are paramount if regulators are to achieve the underlying objectives of such requirements.

Cybersecurity represents one of the most pressing issues faced by the financial services industry and further underscores the necessity of continued regulatory development.

The shift towards a data-based industry is inevitably accompanied by a rising threat of theft and fraud.

Macroprudential policy offers yet another promising ground for Regtech.

It ultimately seeks to soften the severity of the financial cycle by utilizing large volumes of reported data to identify patterns and changes over time.

Central banks are making progress in identifying leading indicators of financial instability in the form of data ‘heat maps’, which alert regulators to potential problems identified through quantitative analysis and stress testing large volumes of data.

Risk data aggregation requirements have now been established by the Basel Committee (in ‘BCBS 239’) which encourage institutions and regulators to focus on near real-time data delivery and analysis.

Regtech 3.0 is the future of Regtech. Fintech is shifting its focus from the digitization of money to the monetization of data, making it necessary for new frameworks to accommodate concepts such as data sovereignty and algorithm supervision. The data-centricity underpinning the evolutions of Fintech and Regtech represents the early stages of a profound paradigm shift from a KYC to a KYD approach. As this unfolds, regulators must invest heavily in the development of proportionate, data-driven regulation to deal effectively with innovation without compromising their mandate. One important aspect is the design of core elements of financial ecosystems in order to leverage technology to achieve major regulatory objectives of financial stability, integrity, inclusion and balanced development.

The longstanding marriage of technology and finance has been continuously evolving. In the near future, regulators will come under increasing pressure to adapt to the newly fragmented market comprising major banks, established tech firms and lean start-ups.

Regtech can be employed to not only assist authorities to monitor and
regulate industry participants, but to identify when to do so.

In the wake of increased compliance burdens, regulators will need to work
with Fintech and Regtech players to understand how data is collected and processed, harmonize compliance requirements across markets, and enhance not only data sharing among regulators but the ways in which such data is used.

Regtech presents benefits to both industry and regulators by:

• empowering financial institutions to effectively control costs and risks,
• presenting new opportunities for Fintech start-ups and tech firms, and
• allowing the development of continuous monitoring tools.

Regtech’s truly transformative potential lies in its capacity to enable real time monitoring of financial markets. Markets are evolving to rely more on data. The institution with the most data will be best placed to assess the borrower’s credit risk, and those institutions are increasingly likely to be large tech companies or retail conglomerates, rather than banks.

The paradigm shift from KYC to KYD is inevitable. 

FNT104