The FATF's emerging interest in regtech
Chris Hamblin, Editor, London, 27 October 2017
In May, the Financial Action Task Force held a fintech/regtech forum at PayPal’s headquarters in the Californian town of San Jose. The FATF’s aim was to provide a platform for some constructive dialogue.
British former regulator Neil Jeans reported at the time: "The forum identified that fintech solutions do not necessarily present any more ML/TF risk than traditional financial service providers. It was accepted that the ML/TF risks are similar, but may present themselves in different ways.
"There was an appreciation that lack of knowledge or understanding of FinTech solutions is contributing to a higher risk perception, with a general acceptance that even the ML/FT risk of Bitcoin, which has been around for a number of years, aren’t fully understood or able to be articulated. Fintech and regtech solutions are providing new and innovative way[s?] of detecting ML/TF."
The forum developed a set of vague principles for fintech and regtech (financial and regulatory IT) and agreed to "formalise fintech and regtech on the FATF agenda," whatever that meant. The principles are so vague that they make no grammatical sense, but the first is a stab in the direction of governments and the private sector working together; the second is a promise to help governments, the private sector and academia look at financial innovations, the third is a desire to spot problems and collaborate in dealing with them; the fourth is to be on the lookout for innovations that present opportunities to mitigate risks; the fifth is to make the 'expectations' of regulators clear; and the last is to make regulation fair and consistent (a mountain that no regulator has yet climbed). Conference-goers referred to this list as the 'the San Jose principles.'
According to the RegTech Association, regtech products tend to do the following things.
- Verify identities – this includes know-your-customer/customer-due-diligence (KYC/CDD) procedures, anti-money laundering (AML) screening and detection.
- Monitor transactions – for some reason the association includes not only fraud and suspicious transaction monitoring but "employee behaviours surveillance."
- Manage risks – aggregating risk-related data for capital planning and liquidity reporting, as well as modelling, scenario analysis and forecasting with stress testing.
- Regulatory reporting – the management of data that regulators want.
- Compliance – monitoring and tracking the current state of compliance against upcoming regulations, plus the real-time computation of margins.