Regulatory Technology

Publication Date
Systemic Risk Centre Special Papers SP 14
Publication Authors

Technology changes society. Financial services and their regulation is not immune from this. Indeed, distributed ledger technology and artificial intelligence have the potential to change the way in which financial services are delivered and regulated. This paper discusses the use of technology for the purpose of financial regulation. The hope is that this will increase the effectiveness and efficiency of financial regulation.At present regulatory technology is in the very early stages of development. The authors therefore start by reviewing the technology that is inspiring those who are attempting to create regulatory technology. They analyse distributed ledger technology, which was originally developed for cryptocurrencies, but can also be used to maintain and share records of other assets or of anti-money-laundering information. They also discuss the use of artificial intelligence and machine learning for the purpose of financial regulation.After that the current work of the UK Financial Conduct Authority (FCA) on model driven and machine executable regulation will be examined. This work has so far not been analysed in the literature. Distributed ledger technology has shown ways of sharing information that could be used to enable the regulator to access records held by regulated entities. This could remove manual processes from current reporting requirements. It would enable the regulator to access data held by regulated entities in real time.Going further into the future the regulator could stop reviewing individual data points and use artificial intelligence and machine learning to analyse the data held by regulated entities. Software could be developed that identifies patterns and flags anomalies helping the regulator and regulated entities to identify risk as it emerges. This would create a new way of evaluating the risk profile of regulated entities.At present the regulator issues rules in natural language. Regulated entities develop their own individual solutions of compliance. They take the risk of falling short of the expectations of the regulator. In the future compliance could be as easy as for the regulated entity as uploading regulatory software which collects and reports data automatically and perhaps even autonomously.The paper highlights that there will be a learning period during which the limitations of the technology will reveal themselves. An important contribution of the article is that the translation of natural language into computer code changes meaning. Programming involves policy choices. This point has so far not been articulated in the literature or in the communications issued by the UK Financial Conduct Authority or the Bank of England.The article contributes further to the existing debate by arguing that the regulator's response needs to be informed by five criteria that have been developed to evaluate the quality of regulation: democratic legitimacy; accountability of the regulator; fair, accessible and open procedure; expertise and efficiency. These criteria need to be built into regulatory technology. Programming is more than an exercise in computer science. The regulator needs to determine an appropriate level of involving itself in the creation and maintenance of regulatory software. It needs to invest resources enabling its staff to understand the technology, anticipate problems and develop an appropriate response.The paper then connects the five quality criteria with five regulatory strategies: command regulation, meta-regulation, co-regulation, enforced self-regulation and self-regulation. It shows how each of these could be used for regulatory technology and analyses the respective advantages and disadvantages against the background of possible use cases for regulatory technology.The article points out that the precision inherent in computer language comes at the price of a reduction in flexibility which, if only for the time being, will limit potential use cases. Moreover any application needs to be designed in a way that allows human actors to take into account factors that do not easily reveal themselves in data. Regulatory technology needs to be designed in a way that allows both the regulator and regulated entities to retain a view of the overall picture. There is also a risk that high levels of standardisation influence the business model of regulated entities making them more similar and leading to higher levels of systemic risk. Another trap to be avoided is regulatory capture which makes it all the more important that the regulator invests in its own expertise.Following the financial crisis self-regulatory strategies have been unpopular. The command approach that has followed the crisis has been criticised for being too limiting and expensive. It is tempting to use the availability of new technology as an occasion to go modify the overall approach to regulation. The article makes the point that the availability of new technology does not affect the incentives of regulated entities. Technology is neutral. It serves those who develop it. There is no technological reason allowing us to have more faith in the ability of regulated entities to align business interests with regulatory standards. Moreover the use of technology will introduce a new type of service provider to this area of the law. Technology firms have their own business model which affects the type of services they are able to provide. In addition the market for the analysis of data is already very concentrated. This limits the bargaining power of all but the largest regulated entities and also affects the ability of the regulator to represent the public interest.The regulator is currently at the stage of testing possible technological solutions in consultation with regulated entities. It will need to invest further enabling it to adequately oversee the application and maintenance of regulatory technology as it emerges.