When I concluded my final project report for the
Warwick Business School Executive MBA last year, one of the summary points was that financial services regulators would soon need to start looking at ‘technology as law’ and would need to write laws and policies to govern this change. Regulations would
become
endogenous rather than reactive as they are today. While this may look like something for the future, both regulators and member banks could find efficiencies in the near term by leveraging the advancements in technologies of both artificial intelligence
and blockchain. In this blog, we will explore how much money is spent by large financial institutions in keeping up with the ever changing regulatory landscape, how smaller enterprises are carrying risks of penalties due to their inability to catch-up with
the regulations and how regulators continue to have the dilemma on what’s the right level of regulations. Using examples of GDPR and MIFID II, we will see what are the current challenges faced by these enterprises and how we can apply a combination of AI and
blockchain to seek efficiencies and start moving towards ‘pro-active’ regulation and maybe one day to endogenous regulations!
Where is all the money spent?
Reading and understanding the regulations
The legal document for the GDPR regulation that came into force in May 2018 is about 100 pages long and has 11 chapters. And MIFID II that came into force in January 2018 is about 150 pages long with 88 articles full of legal prose. With these 2 regulations
going live in 2018, many banks and financial institutions had to hire more and more legal and compliance staff in 2017, budgets for compliance teams went up by 40% in 2017 in large financial institutions. Medium and smaller size enterprises usually don’t have
the luxury to set aside this much money for regulatory compliance. They then risk being penalised or diverting revenue generating funds towards ensuring compliance.
Modifying current systems to adhere to the regulations
Understanding the FCA Handbook is only part of the problem. The next big problem for banks and financial institutions is to then track and trace the path of their data and systems (often legacy systems that are more than 20 years old with no documentation!)
to be able report on the requirements of the regulation and prove their compliance. Take GDPR for example, many investment banks were still trying to understand what data if any is subject to GDPR compliance for them. And if there is any application, where
do they find it and how do they track it. Same with MIFID II – the requirements around communications recording – emails and phone conversation created substantial challenge. While most of the financial institutions did keep a record of these communications,
to ensure that they were timestamped and kept in order for compliance required changes to complex existing systems. These require truckloads of additional operations and IT staff.
Retrospectively catching up on regulations – The viscous circle
Inspite of years of regulations, we continue to see the need for coming out with newer regulations – to continue to protect the investor and to keep the markets efficient. The behaviours that lead to risks in the financial markets are all well hidden in
the data the market produces day in and day out. This very data is also used by the FIs to create new instruments and new trades which leads back to new risks in the market. This is a viscous circle of data insights leading to new revenue opportunities which
leads to new regulations which leads back to reporting on the same data!
The potential solution with AI and Blockchain at the core!
For those of you who have read my previous articles would have by now started finding the opportunities in emerging technologies to resolve these inefficiencies and create a seamless end to end process.
NLP and OCR for reading documents
Document reading, understanding and reasoning is one of the most advanced area of artificial intelligence that can be leveraged to read the long difficult legal prose around these regulations. Yes the initial job of creating the ontologies to help machine
understand the context could be time consuming but this is a one-time activity ( with very less incremental learning) that can then be used again and again and considerably reduce the effort required to understand new regulations. The machine read document
can then be used to create automated rules.
Smart Contracts for implementing the rules and blockchain to auto track the data
Once the document is read, it is possible to then create the rules that govern the regulation into automated smart contracts that govern the underlying data. The underlying data could be placed on an immutable blockchain that would create complete traceability
of the data without needing to retrospectively report on it. For example, in the case of GDPR, if all reference to PII data was placed on the blockchain as it happened and the rules that govern this regulatory compliance is written as a smart contract, all
the regulators need is a node on the blockchain to confirm adherence. Similarly, what if all voice and email data as they happen are placed on the blockchain, this would lead to automatic MIFID II communication compliance. Transaction reporting using a blockchain
and smart contract based system has huge potential to bring about efficiencies.
Machine learning to analyse the transaction data to propose the next regulations!
And what if we don’t stop there, what if we analyse all the transaction data on the blockchain (remember it is shared and available for the machine to read even though it is privacy protected for the individual bank) using machine learning techniques and
start seeking out patterns in that data that is starting to show the need for the next big rule to govern investor protection and market stability. Regulators could use this insight to then create the next regulations as smart contracts and proactive regulate
the transactions rather than reactively.
It is exciting to see that there are already initiatives underway (FCA’s Project MAISON) that have started to explore atleast the first 2 opportunities above to use AI and blockchain.
Will be good to see more such initiatives from other regulators as well. And maybe as we go forward, we could use machine learning as well and move to endogenous regulations.