Stanley Kubrick’s iconic 1968 movie 2001: A Space Odyssey featured a computer called HAL, which was designed as a labour-saving device. This creation was successful until HAL discovered existentialism and, perceiving itself to be under threat, decided to murder its human crew. While this was, of course, the work of science fiction rather than scientific fact, perhaps we are now on the cusp of science ‘faction’ – where fact meets fiction.
Data-driven regulation and compliance are key to future commercial success, with some regulators acting as public champions for new software in this area. Increasingly, the world’s leading regulators are trying to ensure that innovation is present in all financial sectors, and that the firms they regulate are using technology to offer superior services, manage risks more effectively and create new opportunities.
A regulatory sandbox can help encourage experiments in fintech within a well-defined space and duration. This allows the regulator to provide the requisite support
Do you remember playing in a sandpit as a child, using your imagination to create shapes and make things in a safe and controlled environment? A ‘regulatory sandbox’ is the term used to describe an enclosed environment in which innovation in financial technology can take place. The sandbox aims to promote more effective competition in the interests of consumers by allowing both existing and prospective licensees to test innovative products, services and business models in a live market environment, while also ensuring the appropriate safeguards are in place.
To this end, a regulatory sandbox can help encourage experiments in fintech within a well-defined space and duration. This allows the regulator to provide the requisite support, with the fourfold aim of increasing efficiency, managing risks, creating new opportunities and improving people’s lives.
The sandbox is an experiment for regulators and regulatees alike. It is the first time that many regulators have allowed licensees to test their products on consumers in this way; consequently, interest in sandboxes is growing rapidly.
Here comes the tech
Artificial intelligence (AI), the Internet of Things (IoT), big data, behavioural/predictive analytics and blockchain technology are poised to revolutionise regulation and compliance, and will create a new generation of regulatory technology (regtech) start-ups. Examples of current regtech systems include chatbots and intelligent assistants, robo-advisors, and the real-time management of compliance ecosystems using IoT and blockchain. Regtech systems also refer to automated regulation tools, compliance records that are stored securely in distributed ledger technology (DLT), and online dispute resolution systems. In future, regulations encoded as understandable and executable computer programs may also be possible.
Nowadays, automation is all the rage – but why is it happening and what are the benefits? The answer, in short, is money: cost savings and greater efficiency are both imperative to businesses. People are hoping that automation will reduce costs enormously for financial services firms and remove an intractable barrier for fintech firms as they try to enter financial services markets. Indeed, the UK Government has launched a Fintech Sector Strategy, which it hopes will bolster the country’s position as “the global capital of fintech” well beyond its exit from the EU.
Regulators collect huge volumes of data (increasingly from open sources), and thus have major opportunities for big data analytics. In general, big data allows the user to examine large and varied data sets to uncover hidden patterns, unknown correlations, customer preferences and more. Big data encompasses a mixture of structured, semi-structured and unstructured data that someone has gathered through interactions with individuals, social media content, survey responses and text from emails. Data can also be captured from phone call data and records, data sensors connected to the IoT, and so on. The ‘3Vs’ of big data are volume, variety and velocity, and all three – the volume of data being handled, the variety of that data and the velocity at which it is being created and updated – are increasing rapidly.
AI technologies, meanwhile, power intelligent personal assistants, robo-advisors and autonomous vehicles. There are three main branches of AI: the first is machine learning, which is a type of program that can learn without explicit programming and can adapt when exposed to new data. Natural language understanding refers to the application of computational techniques to the analysis and synthesis of natural language and speech. Finally, sentiment analysis is the computational process of identifying and categorising opinions expressed in a piece of text.
Closely related to big data is behavioural and predictive analytics, which looks at people’s actions. Behavioural analytics tries to understand consumer behaviour and helps software predict future actions. Predictive analytics, meanwhile, is the practice of extracting information from historical and real-time data sets to determine patterns and predict future outcomes and trends.
Finally, there is the much-discussed blockchain technology, the main types of which are DLT and smart contracts. Within the decentralised database of DLT, transactions are kept in a shared, replicated, synchronised and distributed bookkeeping record that is secured by cryptographic sealing. DLT’s proponents claim it has integrity, resilience, transparency and consistency. Smart contracts, on the other hand, are computer programs that codify transactions and contracts, which in turn legally manage the records on a distributed ledger.
It is conceivable that algorithms will begin to
make decisions that have
Of late, regulators have been looking at digital regulatory reporting (DRR), which promises to help firms comply with regulatory reporting requirements more quickly and efficiently. Further, it will make the information that firms send to regulators more consistent, and will also boost the amount of information that firms share with each other, particularly for the purposes of offsetting internal risks.
To this end, regulatory experts have been weighing up the pros and cons of removing ambiguity from reporting requirements and seeking a common data approach across regulatory reporting. In addition to considering mapping requirements for firms’ internal systems and a mechanism by which firms can submit data to regulators, standards are being used to help the regulator implement DRR. As such, application programming interfaces, DLT networks, a common data model and the removal of ambiguity from regulatory text are all now being explored.
Legal redress for algorithm failure seems straightforward: if something goes wrong with an algorithm, the firm ought simply to sue the humans who deployed it. However, it may not be that simple – for example, if an autonomous vehicle were to cause death, would the plaintiff pursue the dealership, the manufacturer, the third party who developed the algorithm, the driver, or the other person’s illegal behaviour? This paradox is part of a wider debate about whether or not algorithms ought to have legal personalities in the same way as companies.
Another important principle of law is that of agency, where a relationship is created when a principal gives legal authority to an agent to act on the principal’s behalf when dealing with a third party. An agency relationship is a fiduciary relationship; it is a complex area of law with concepts such as apparent authority, where a reasonable third party would understand that the agent had authority to act.
As the combination of software and hardware is producing intelligent algorithms that learn from their environment and may become unpredictable, it is conceivable that, with the growth of multi-algorithm systems, algorithms will begin to make decisions that have far-reaching consequences for humans. It is this potential for unpredictability that supports the argument that algorithms should have a separate legal identity so the due process of law can take its course in cases where unfairness occurs. The alternative to this approach would be a regime of strict liability for anyone who designs or places dangerous algorithms on the market – but this may well be a case of locking the stable door after the horse has bolted.
Another pioneering innovation in the use of IT solutions for practical compliance has been the British Virgin Islands’ formidable Beneficial Ownership Secure Search System. The jurisdiction established this in accordance with the Exchange of Notes agreement it signed with the UK in April 2016. This secure government search system satisfies global standards regarding beneficial ownership. It also balances the need for both disclosures of information about companies to the government and appropriate levels of privacy, thus ensuring companies share information rapidly and efficiently with law enforcement bodies.
The situation at present remains fluid. There are more and more signs of coordination between regulators of different nations; these are most welcome. For example, 11 financial regulators and related organisations have collaborated to create the Global Financial Innovation Network, building on earlier proposals to create a ‘global sandbox’ – a network for collaboration and shared innovation. This is a brave new world, and some regulators are taking the lead.
Before his victory at the Battle of Waterloo in 1815, the Duke of Wellington stated: “Time spent in reconnaissance is never wasted.” With this modus operandi guiding them, innovative financial centres such as the UK and British Virgin Islands deserve to achieve a victory of their own.
For more information: