Financial Regulation for the Digital Age

Financial regulators must adopt new strategies to keep up with changing technology.

Financial regulation is entering the digital age, converting tools and strategies from analog to digital design. In the next decade, this transformation will reach critical mass and do for regulation what digitization does for everything else—make it better, faster, and cheaper.

Financial institutions and their regulators have always been active technology adopters. Both finance and regulation are already extensively automated. The existing regulatory system, however, essentially takes analog-era processes and information flows—all of which began on paper—and speeds them up with computers. The digital age requires regulators to rethink entirely how they operate.

Analog-era thinking encourages financial regulators and risk managers to assume that data and computing power are scarce and expensive. Regulators must extrapolate from small slices of information to divine potential problems. For example, bank examiners select samples of files that signal possible risks and noncompliance, meriting further investigation.

Regulators also rely on reports that aggregate and summarize average bank performance information, rather than accessing large datasets of information from individual banks that may contain significant nuances, anomalies, and trends. Sampled or summary data may not include certain problems, or may camouflage problems in the surrounding information—requiring regulators to invest significant time and resources to uncover them.

Regulators also rely on outdated information. Banks submit a Consolidated Report of Condition and Income—known as the Call Report—to their regulatory agencies on the last day of each quarter. This means that regulators often review information that is four or five months old. Some regulatory reports are only submitted on an annual basis.

In addition, analog processes store information in places and formats that are not interconnected. Data sit in one-off spreadsheets, reports, and databases that are generally siloed from other institutions—or even other divisions within the same institution. Regulators and risk managers must exert extensive manual effort simply to gather information from different sources and enter it into spreadsheets before they can analyze it.

The Federal Deposit Insurance Corporation (FDIC) estimates that its examiners spend 400,000 hours a year entering loan information into spreadsheets, even though most of the underlying loan files are already digital. Since manual work is costly and resources are limited at both financial institutions and government agencies, it is inevitable some issues go undetected.

These information limitations mean that regulators are dealing with large blind spots where they simply cannot see risk trends and problems, especially during periods of high volatility such as the COVID-19 pandemic. And a solution to one problem may only exacerbate another.

The non-transparency challenge is growing rapidly as the financial industry digitizes both its product offerings and backroom operations. Digital growth moves at exponential speeds, which often makes the pace of change appear gradual before it spikes sharply upward, catching people by surprise with unexpected issues.

Digitization is not just about speeding up analog processes. It is about fully redesigning them by leveraging cheap and ubiquitous data and computing power. Once the information in the financial system is converted into digital form, it can flow in new ways at new speeds. Regulators can use artificial intelligence tools—such as machine-learning and natural language processing—to collect, sort, combine, and analyze data. Such tools would transform the scale, timeliness, and usefulness of the data that regulators rely on when overseeing the financial sector.

Regulators throughout the world are recognizing the risks and opportunities in the shift to digitization. The first movers have been the Financial Conduct Authority (FCA) and the Bank of England in the United Kingdom, and the Monetary Authority of Singapore. The FCA has invented highly innovative ways for regulators to modernize themselves. In 2014, the agency launched Project Innovate and a regulatory sandbox in which both financial startups and incumbents can run controlled tests on innovative products and practices.

Two years later, FCA introduced regulatory “techsprints.” Modeled on the tech sector’s hackathon technique, techsprints bring regulatory and industry experts together in small teams with software developers and designers competing to solve specific regulatory problems. The teams do not produce white papers or working groups, but rather they produce prototypes of actual solutions, which can then be incubated into new regulatory tools.

Nearly 60 countries have now adopted sandboxes. The techsprint model is spreading as well, helping countries tackle challenges such as money laundering, online purchase of child sexual abuse material, regulatory reporting, financial inclusion, and financial challenges for consumers with mental health conditions. In March 2021 the FCA partnered with the nonprofit organization I cofounded––Alliance for Innovative Regulation––to run a global techsprint on the disproportionate impact of the COVID-19 pandemic on women.

The U.S. Consumer Financial Protection Bureau is running a series of techsprints, starting with one to improve the disclosures that consumers receive about financial products. The FDIC has also run a long-form techsprint with a rapid prototyping project to modernize the Call Report.

Several regulatory areas are especially ripe for disruption. One is anti-money laundering. The United Nations estimates $2 trillion in annual global money laundering and reports that current methods catch less than 1 percent of it, despite tens of billions of dollars spent yearly on compliance costs. The ease and low risk of laundering generates profitability for crimes such as trafficking in illegal drugs, weapons, endangered wildlife, and human beings. The FCA, the Bank for International Settlements (BIS), Mexican regulators, and Financial Crimes Enforcement Network are developing new techniques to enable greater pooling of data and machine-learning techniques that can reveal large-scale patterns of crime, while still protecting privacy.

Another promising frontier is Digital Regulatory Reporting (DRR). Regulators such as the FCA, BIS, the G-20, the Monetary Authority of Singapore, the FDIC, and the New York State Department of Financial Services have developed DRR initiatives. The goal of DRR is to convert financial information into digital form that can be easily and inexpensively reported or even obtained by regulators as needed, with appropriate limits and controls. DRR can equip regulators with complete information in real time, enabling them to assess risk trends while also reducing industry’s regulatory costs.

The FCA estimates that a DRR system could save billions of pounds per year, while also increasing regulators’ knowledge. If regulators had a DRR system in place before 2008, they may have been able to prevent the financial crisis because the system would have signaled an early warning on the potential danger of subprime mortgage risk.

An important part of DRR systems is machine-readable regulations. Many regulators have begun innovative work in this area. The Financial Industry Regulatory Authority (FINRA) is building a taxonomy of its rules that enable electronic tagging, allowing computers to read requirements and track updates. FINRA and the U.S. Securities and Exchange Commission (SEC) also use artificial intelligence to monitor external “big data” for signs of potential market misconduct, enabling sharper targeting during investigations. The Philippines central bank, meanwhile, prioritizes suspect market participants partly by analyzing data from a chatbot that receives consumer complaints.

Some countries, such as the United Kingdom and Singapore, have gone further and tested self-implementing regulations, known as “machine-executable” regulation. These systems would allow regulators to issue rules in the form of computer code. Regulated firms could plug the code into their systems and generate reports automatically. A 2017 FCA techsprint testing this idea produced an accurate report in twelve seconds, rather than the months required under the analog status quo.

Such initiatives are young but growing rapidly. They point to a future for financial regulation that is more effective and efficient than ever before—fit to meet the challenges of the digital age.

Jo Ann Barefoot

Jo Ann Barefoot is the CEO & Co-founder of Alliance for Innovative Regulation.

This essay is part of an 11-part series, entitled Regulation In the Era of Fintech.