RegTech & Regulatory Reporting: Part 2: The Reporting Solution

Part 1 of the blog (which you can read here) showed how the gathering, aggregation and sharing of quantitative risk data and qualitative information is fraught with existing challenges that are ever-increasing given the tightening regulatory landscape. These challenges typically related to the increasing granularity data required by regulators, legacy IT systems, data protection laws and cross-jurisdictional differences. However, the following new technologies could contribute to soothing these data management and aggregation pains.

Developments in security and cryptographic technologies can benefit from information sharing by ensuring data integrity and also protecting privacy, all while improving the effective report of information to the apposite bodies such as regulators and cross-jurisdictional subsidiaries. In achieving a suitable equilibrium in the transparency/confidentiality dichotomy, two classes of cryptographic tools exist: secure multiparty computation and methods for attaining privacy on the individual level, in statistical data releases. Abbe et al. (2011) noted that unlike other industries in which intellectual property is patentable, the financial industry relies on trade secrecy to protect its business processes and methods, which can obscure critical financial risk exposures from regulators and the public.

They developed methods for sharing and aggregating such risk exposures that protect the privacy of all parties involved and without the need for a trusted third party. Their approach employs secure multi-party computation techniques from cryptography in which multiple parties are able to compute joint functions without revealing their individual inputs. In their framework, individual financial institutions evaluate a protocol on their proprietary data which cannot be inverted, leading to secure computations of real-valued statistics such as concentration indexes, pairwise correlations, and other single- and multi-point statistics. Potential financial applications include: the construction of privacy-preserving real-time indexes of bank capital and leverage ratios; the monitoring of portfolio investments; financial audits; and the publication of new indexes of proprietary trading strategies.

Another application of cryptography to information sharing is Data Storage Cell Level Security. This enables and ensures only the relevant and specific information is made available to individuals according to their authorisation access. The data’s ingestion and parsing process would tag each unique metadata component by property, object, and access type, thereby eliminating the need to structure the raw data, instead enabling individuals with the ability to search across the entire data set. This cell-level security allows organisations to control data security challenges, even for large data sets, by leveraging access controls to all data objects that manifest in the overall platform framework. The structure used to build the security labels is sufficiently expressive to manage composite visibility requirements yet it does not increase the load on existing approbation systems, allowing users to encode Boolean or natural readable language expressions and attributes.

The technical nature of the technology may be complex but the theory is relatively simple. For example, analyst A in country A is able to see client C's name, account identifiable information and activity however analyst B in country B, is only permitted to view client C's information that has been disclosed by country A outside its jurisdiction.

Standardised shared utility functions can be enabled through the use of open platforms and cloud technology. Within a single financial institution, shared utilities could provide a service for different subsidiaries. When these shared utilities supply solutions to multiple institutions across the industry e.g. Know your Customer (KYC), it would allow banks to focus on their core value function and competitive advantage and also benefit from the economies of scale for services that can be outsourced. This has the benefit not only of reducing cost but also encourage the standardisation of data (a key challenge as noted in Part 1) thus generally simplifying regulatory compliance. This, however, is notwithstanding the challenges that utilities will present including confidentiality, security and reliability.

The challenge of organising and, in turn, analysing large volumes of unstructured data could be improved through the deployment of data mining algorithms based on machine learning due to their ability to recognise compound and discontinuous patterns in big data sets. Unstructured data is information that either does not have a pre-defined data model or is not organized in a pre-defined manner such as text, audio, video files or No-SQL databases. This contrasts with structured data which adheres to a pre-defined data model and is therefore straightforward to analyse. Data mining algorithms are far more effective at analysing large quantities of non-uniform and multiplex data.

One technology that appears perfectly applicable to solving the transparency/confidentiality paradigm is blockchain. Blockchain, by design, could be the conduit that allows regulators real-time and direct access to information regarding financial institutions. A blockchain network has no central authority and since it is a shared and immutable ledger, the information is open for everyone to see. Therefore anything that is built on the blockchain is totally transparent and thus accountable as each transaction leaves a 'block' in the chain creating a digital breadcrumb trail that regulators can use to audit institutions. The advent of blockchain could render the reporting function obsolete, replaced by regulators' participating in a transaction related distributed ledger. This automated, real-time record of transactions would allow regulators to more effectively and efficiently analyse the financial health of institutions. The potential of this technology is reflected in the many calls for blockchain to replace the centralised clearance and trade reporting contracts as a way of providing transaction clarity.

With all the hype and buzz surrounding the potential of blockchain to be the all-conquering panacea it is quite easy to get carried away without considering questions that remain over the technology's efficacy. Technical questions remain including the ability of blockchain to adapt to high-volume, real-time uses but also the standardisation of systems and data required. However, more macro-level questions arise beyond the capability of the technology itself. A technology built on a system where a supervisor has direct access to all individual transaction raises a plethora of questions regarding confidentiality and security. Questions arising about blockchain are not only technical but also one of morality; the governance function, the compliance capability and the effective role of supervisors. Blockchain ensures a transparent audit trail but transparency increases vulnerability especially in regard to customer data, not only to external parties but within the compliance process itself. Afterall, quis custodiet ipsos custodes? Who will guard the guards themselves?

Perhaps these questions are less to do with the technology and more to do with the compliance function in general however discussion regarding the ethical and moral implications of technology should not be ignored.

We have discussed many applicable technologies that could help reduce the regulatory reporting function within financial institutions. From crytpography to standardised shared utility functions, data mining to blockchain - each technology has the power to ease the pain points financial institutions face. However, with new technology comes new questions and firms should always look to question not only the technical implications of technology, but also the legal, ethical and moral ramifications. This is to ensure firms not only comply with obligations set out by regulators, but also compliance with the standards expected by their customers and society as a whole.

To learn more about regulatory reporting from industry experts sign-up to our webinar at 5pm June 4th here.