A picture is worth a thousand words. But, ever thought how a picture can authenticate if the right person is behind the wheel when you book a taxi service?
Uber is proactively using a “selfie-powered” real-time identity (ID) check to create a more secure and trusted experience for its riders. It’s a reality that current transportation service regulation is struggling to keep pace with the business model innovation of taxi aggregators like Uber. However, with Uber’s efforts around self-regulation, transportation service regulators can evaluate if and how innovations like the real-time ID check can be adopted as part of formal regulation.
Today, the digitally-enabled high velocity of business transformation and new business models require faster regulatory responses and a stronger commitment to trust and security in digital services. As a result, regulators are adopting new technologies to develop agile regulatory interventions that meet regulatory objectives and drive innovation at the same time. In the financial services sector, for example, UK’s Financial Conduct Authority (FCA) is assuming a more proactive role in protecting consumer interest. The FCA has introduced price caps on payday lending to protect consumers from spiraling debt and default. In addition, it is recommending that firms and credit reference agencies engage in real-time sharing of customer information. With this rich data and big data analytics, FCA can tackle the issue of consumers taking multiple high-cost and short-term loans from several providers at the same time.
RegTech: Technology first in a digital-first world
Regulatory Technology (RegTech) based on emerging technologies such as artificial intelligence (AI), automation, big data analytics, cloud and blockchain can enable regulators to develop advanced regulatory solutions for effective regulatory compliance. These solutions include robo-handbooks that enable machine-readable access to regulation and reduce the cost of regulatory change, AI for real-time compliance monitoring of trade and transactions, and blockchain for better Know Your Customer (KYC) compliance and enhanced transparency in fund utilization.
RegTech presents new opportunities for regulators to design and deploy agile regulatory interventions at an unprecedented scale to:
Prevent misconduct and contain systemic risks: Regulators can now shift from ex-post audits and analysis to a system of built-in preventive compliance. For example, with blockchain and smart contracts, regulatory breach can be made virtually impossible by design and default. These contracts are encoded into the system and executed without middlemen using a distributed ledger to exchange products, services and money in a transparent, compliant and irreversible manner.
Review structured and unstructured data for an entire population rather than for samples: The National Bank of Rwanda (NBR), for example, uses an electronic data warehouse system to automate and streamline reporting processes that facilitate market supervision. The bank has access to data on the adoption levels of different financial products and uses these insights for improving financial inclusion in the country.
Reduce compliance expenditure and complexity: Automated regulatory reporting and use of behavioral analysis using AI to detect unusual trading activity or insider trading are a few examples of how technology can help regulators reduce the gap between intent and implementation.
Regulators can adopt a three-pronged approach to embrace RegTech:
Engage closely with the regulatory stakeholders: Regulators should continuously be in listen-and-learn mode with the industry, government agencies, the technology ecosystem, RegTech accelerators such as the RegTech for Regulators Accelerator (R2A) and the academia. Much like technology startup incubators, these regulatory stakeholders can help regulators rapidly build innovation capacity and transfer technology and RegTech adoption learnings across markets. This way regulators can tailor RegTech solutions to specific market and geographic needs.
Test the waters with the “regulatory sandbox”: Regulators must develop sandboxes to enable regulatory accelerators to develop and test regulatory technologies, tools and solutions in a controlled environment at lower cost. In the future, we envision regulators offering digitalized regulations through Regulation as a Platform (RaaP) to make regulations easier to comprehend and adopt. Technology ecosystem partners like tech startups and regulated businesses can develop regulatory compliance applications on the platform to ensure better compliance at reduced costs.
Build the workforce of the future: The regulator of the future will be an analytics-driven organization with multi-skilled teams comprising data scientists, behavioral scientists and technology specialists. This will mean a major shift not just in regulators’ IT infrastructure and operations, but a culture change to reimagine work and pivot their workforce to learn new skills for the digital age.
Preparing for the future of RegTech, today
While embarking on this technology-led transformative journey, regulators must also respond to an inherent opacity in how technologies like deep learning work in that they may run afoul with data privacy regulations. With increased reliance on the cloud for running RegTech applications and regulations becoming digitalized and encoded through RaaP, cyber resilience becomes even more critical.
Regulators must also evaluate the risks associated with the increasing use of technology. While automation can drive better efficiencies and effectiveness, regulators should be ready to mitigate rapid spread of systemic risks due to flawed implementation. They must continuously test and evaluate RegTech solutions using a strong metrics framework. Clearly, the time is right for regulators to rethink their traditional roles in the digital context and leverage technology to transform their operations and enable disruptive innovation and sustainable business growth. In our next blog post, we will focus on the importance of developing secure next-gen software in a privacy compliant manner and discuss the techniques involved.