Compliance heads at banks say they are now serious about onboarding technology solutions, partly because of regulatory pressure, and because third-party solutions are becoming a lot easier to use.
As regulators such as the Hong Kong Monetary Authority and the Monetary Authority of Singapore adopt “suptech”, supervision technology, it is spurring banks to respond.
“If firms don’t keep up with regtech, they run the risk of their regulators know more about their business than they do,” said Tom Jenkins, partner and head of risk consulting at KPMG China. He spoke at a conference organized by the Asia Securities Industry and Financial Markets Association.
Authorities are increasing their reporting demands and deploying artificial-intelligence-based analytics to review the data they receive. Technology is also creating its own compliance requirements, such as the explosion in cloud computing, which has led to scrutiny over data sharing. The only viable solutions are also tech-based.
Banks turn to regtech
The sheer size of the challenge means banks are wise to establish a governance formula, particularly around things such as how to explain an AI’s output, embed accountability, protect data privacy, and instill measures around fairness (such as with monitoring how lending algos work).
“More banks are putting in place a more structured process before launching new AIs,” said Aveline San, managing director and head of compliance for Asia Pacific at Citi, also speaking at ASIFMA’s event.
Simon Young, head of compliance for Hong Kong at DBS, said, “Over the past 12 months, more banks are thinking about using technology for compliance and reporting, and enhancing the quality of risk management.” That’s particularly true for regtech and lending tech, he said.
Drivers of adoption
In Asia’s financial centers, the regulators are actively pushing firms to upgrade their regtech capabilities. The HKMA has a blueprint for 2025 that includes requiring banks to present regtech plans. MAS is operating a grant scheme to help banks fund digitization, as well as supporting new tech platforms to digitize data gathering around areas such as ESG reporting.
Another driver was the shift to remote working caused by the COVID pandemic. “That forced the adoption of surveillance technology, so companies could monitor their staff use of mobile phones,” said Kelly-Ann McHugh, director for Asia Pacific at MyComplianceOffice, a regtech company.
- Read more:
- Regtech trends | Ashish Rai, FIS | DigFin VOX Ep. 18
- Fano Labs seeks to create regtech standard
- David Hardoon deploys AI at Aboitiz’s UnionBank
This may explain why, according to InvestHK, regtech is the fastest-growing subset of the city’s fintech ecosystem.
“Regtech is booming,” said Chivy Chan, senior vice president at Haitong Securities in Singapore. “We’re seeing financial institutions adopting it for KYC, funds monitoring, and regulatory reporting.”
Banks and brokers in hubs like Hong Kong and Singapore are going to increase their use of regtech, be it using in-house solutions or vendor products. But there remain barriers to mass adoption.
First is that certain compliance activities or products require more data than may be available. San at Citi says ESG reporting needs isn’t matched by the availability of quality data, particularly if compliance teams want to flag greenwashing.
Second, digital assets and crypto also raise challenges around how to surveille markets, participants and portfolios. There’s no agreed workflows or rules, or even a common definitions of what’s a bad activity, such as a wash trade. Surveilling how a firm’s personnel trade crypto in private is almost impossible right now.
Third, a related challenge is how to monitor offchain activities, not just what happens on a blockchain. Neither banks nor vendors have systems that can combine offchain and onchain views of what’s happening.
Fourth, AIs present the problem of “explainability”, but regulators often have no clear or coherent concept of this either. MAS has established a task force, Veritas, to lay out principles of ethics in AI. This is broader than compliance, but regtech may be needed as a way to explain actions or reports to regulators.
Fifth, each market in Asia has its own regulation, and its own language – which makes it difficult to scale a voice-to-text AI from Thailand to Taiwan.
Sixth is the human resource needed to “do” regtech well. The good news is there’s a large and growing number of regtech companies offering solutions. The bad news is there’s a large and growing number of regtech companies offering solutions – that must be explored and vetted. Regtech companies struggle to deal with individual procurement processes from one bank to the next. Then these solutions need to be integrated into data, contracts, surveillance, reporting and other functions.
The final – and biggest – challenge for regtech is cross-border data sovereignty rules. DigFin’s next story will explore the scale of the problem, and potential solutions.