Home Data SupTech on the rise: financial supervisors explore innovative technology

SupTech on the rise: financial supervisors explore innovative technology

Kristin Tornling, Martina Verić, Moad Fahmi and Ian Hall (moderator) at Global Government Fintech Lab 2023


Representatives from Norway, Croatia and Bermuda described how their authorities are using supervisory technology (SupTech) and barriers to greater uptake

Against the backdrop of global financial services’ digital disruption and transformation, the use of technology for regulatory, supervisory and oversight purposes – known as ‘SupTech’ – is on the rise worldwide.

Almost three-quarters of financial authorities are engaged in SupTech initiatives but these efforts largely remain in the ‘experimentation’ stage, according to an authoritative report published six months ago.

The ‘State of Suptech Report 2022’, compiled by the Cambridge Centre for Alternative Finance’s SupTech Lab based on a survey of 134 financial authorities from 108 jurisdictions, highlighted and explored this trend.

The overall field of SupTech – which is one of six priorities in the Bank for International Settlements Innovation Hub’s 2023 work programme – was described by the report’s authors as ‘relatively nascent but rapidly and necessarily accelerating to address the needs of supervisors in the face of novel and newly-magnified risks introduced by a financial sector that is digitalising and generating supervisory data at an exponential rate.’

Seventy-one per cent of authorities indicated that they have engaged in SupTech efforts, with the main focus on improving data collection and ‘basic’ analysis, the report found.

To explore the opportunities and obstacles for SupTech take-up, the Global Government Fintech Lab 2023 featured a panel session with representatives from authorities in Norway, Croatia and Bermuda. Topics examined included authorities’ SupTech structures, procurement, techniques and tools.

RELATED ARTICLE Sink or swim: financial authorities dive into data write-up of Global Government Fintech Lab 2023’sHow can financial authorities capitalise on data to improve what they do?’ session, which featured: Gavin Curran, head of the Central Bank of Ireland’s markets supervision division; Mari-Liis Kukk, head of the innovation department in Estonia’s Financial Supervision and Resolution Authority; and Fintech Ireland founder Peter Oakes

Norway looks to accelerate digitalisation

Kristin Tornling

Kristin Tornling, senior adviser and former head of digitalisation and innovation at the Financial Supervisory Authority of Norway (Finanstilsynet), kicked off the session with an overview of how her organisation approaches SupTech.

She is managing a major internal project from 2022 to 2026 (backed by the Scandinavian country’s finance ministry) looking to accelerate digitalisation through investment in technology such as cloud services, artificial intelligence (AI) and robotic process automation (RPA).

The authority is looking to become ‘data-driven’ and adopt a ‘risk-based’ supervisory approach, forming part of a data-sharing ecosystem in Norway “where we share data across the public sector but also with industry,” Tornling said.

“We really want to have an efficient collaboration with our supervised entities, which also introduces a lot of SupTech tools and technology,” she continued.

Finanstilsynet has undertaken “several” AI projects “to flag suspicious transactions and behaviours”.

She described one cost-effective project as having “really increased the digital transformation within our organisation by automating admin tasks but also doing supervisions in a wholly different manner than what we’re used to” (see later in this article for further detail).

Finanstilsynet is stepping up efforts to improve employees’ “digital competence” and is also planning “major” procurements, she said. In terms of procurements the authority is planning to create a new cloud-based data warehouse with analytical tools, while another will be for new ‘reporting solutions’, Tornling said.

Croatia alert to ‘completely new animals’

Martina Verić

Martina Verić, who is head of Croatian Financial Services Supervisory Agency (Hanfa)’s funds and investment firms supervision division, framed her perspective as being from a “very small” regulator in a “very small” market within the 27-member European Union (EU).

She highlighted two main SupTech challenges in this context: the growing volume of data and the growing volume of regulation (in Croatia’s case, from the EU).

She divided data-related challenges into two types. First, ‘plain data or normal data’, for example data contained witin financial and transaction reports. These contain “types of data we know how to manage”. Here Hanfa’s main challenge is “addressing the size and maybe the speed of computation,” she said.

Second, Verić described “completely new animals” hurtling onto the radars of supervisory authorities and bringing “lots” of challenges. “Digital assets, crypto assets, non-financial reporting, language processing: this is a completely different environment, which requires a completely different set of knowledge to address it,” she said.

In terms of Hanfa’s internal structure, a central IT team is responsible for data warehouse maintenance. Verić described a unit in charge of systemic risks and consumer protection as “most developed” with regards to data collection and processing. Data analysis is undertaken within each supervisory division.

Internal knowledge-sharing involves workshops that also help to build “internal capacity”, she said.

Bermuda’s Fahmi sets out challenges aplenty

Moad Fahmi

Moad Fahmi, senior adviser for supervision (financial technology) at the Bermuda Monetary Authority (BMA), took a front-foot approach to his opening remarks, setting out challenges – and describing them (collectively) as reasons why authorities “need to learn [from] and maybe [be] a little bit more like firms that we supervise – the fintech firms – in our approach to SupTech”.

First, he said, that the “complexity” of companies being supervised is constantly increasing. “They’re complex because they rely more on outsourcing, they use novel technologies but also because they cut across different financial sectors, especially when they adopt the platform-type of business model,” he said.

The speed of change is supervisors’ second challenge. “When we think about our SupTech strategy, we need to think about how do we build IT resources, procurement resources that can deal with that speed of change, and that can enable end-users to develop the right tools at the right moment that they need.”

“The speed of change is due not only to technology, but it’s also due to the way that these companies develop with the ‘lean start-up’ model,” he continued. “Technically, we should not really care about such small firms because they have very low risk to our jurisdictions – the impact that they pose is fairly minimal. [But] they may grow very rapidly.”

Thirdly, tech companies have growing prominence in finance. “As regulators, we have to deal more and more with technology companies, and that brings a whole host of challenges. Regulating technology companies must be very different than regulating financial institutions. So, for example, we’ve had to think about [whether] we should regulate iCloud service providers,” he said.

Fourthly, he flagged ‘interconnectedness between institutions’, as illustrated by high-profile private-sector “digital asset failures” over the past year. “Do we need to rethink what ‘systemic’ means and what does it mean for the SupTech tools that we develop?,” he asked. “In particular, do we need to use social-media data a bit more as it may have predictive powers, as we’ve seen in the fallout of the US regional banks.”

Fifthly, Fahmi – who previously worked at the Autorité des marchés financiers (AMF) in the Canadian province of Quebec – mentioned companies’ cross-border growth. “Firms may develop slowly in one jurisdiction, then, by the flick of a switch, be in a new jurisdiction,” he observed. “What does it mean for the SupTech tools that we develop? Should we, at some point, connect SupTech tools between jurisdictions? Should we start having discussions on how we are able to share the data and insights of our systems that we are developing, if we think these companies are global at the moment or may become global?”.

RELATED ARTICLE BIS Open Tech debuts with ‘potentially game-changing’ SupTech tool – an article (1 April 2022) on an ‘open’ platform for sharing nascent financial and statistical software as public goods being launched by the Bank for International Settlements (BIS)

Supervisory authority sizes (headcount)
The panel were asked the size of their respective authorities:
Financial Supervisory Authority of Norway: 320 full-time employees
Croatian Financial Services Supervisory Agency: 200
Bermuda Monetary Authority: 260
(for comparison, the UK’s Financial Conduct Authority had 3,791 full-time equivalent employees in 2022)

Let’s talk about texts

The session’s Q&A section saw the panel asked to expand on how their use of technology was evolving to match the growth in the volume and varieties of data available for scrutiny.

Verić elaborated on her opening observations, saying that “traditionally the financial industry is about numbers” and supervisors “have to draw conclusions from those numbers”. “This is something we’ve been doing for decades now, and we are good at it. The problems that come with those kinds of data and those kinds of analytics I think will be more easily solvable.”

The bigger challenge today and in the future is presented by “non-financial data – basically, texts”, she said. “This is not something you can put in a box and say: ‘it’s five, it’s good [or] it’s four, it’s not good’. You have to make a conclusion on something and this is very challenging.”

She provided a couple of examples. First, the challenge of assessing prospectuses of EU UCITS (Undertakings for Collective Investment in Transferable Securities) funds in respect of ESG (environmental, social and governance) risks. “For instance, it [could be] five sentences on ESG risks. You cannot say it’s [rated] five or four, it’s good or bad – you have to make a conclusion on whether it’s good or not.”

Second, she mentioned the challenge of assessing social media and companies’ marketing outputs. “This is something that requires another set of skills,” she said. “You have to scrape through websites, through social media, you have to acquire all that data, you have to validate it, you have to – again – make a conclusion on whether they’re in line with regulation or not. I see this as quite a big challenge right now.”

On top of this are emerging asset classes and operators. “This part will, I think, again become about the numbers,” she said. “But, at this point, it requires the regulator to acquire a completely new set of skills in order to oversee it.”

Tracking social media sentiment

Fahmi described how the BMA has been working with new SupTech tools, including for ‘sentiment analysis’ of social media, in response to the digital finance revolution.

“In 2018, the government wanted Bermuda to become a digital asset hub and our organisation was tasked with developing the regulatory framework,” he explained. “When we considered what type of tools we need to properly regulate that market we quickly came to the realisation that most of everything that’s happening within the digital asset space is happening online, on ‘crypto Twitter’ and on Reddit and everywhere else where regulators do not usually necessarily [go] – I’m not saying we don’t, we probably increasingly do, but five years ago, we didn’t have the tools to do that,” he said.

The BMA worked with a company to develop a tool that ‘scrapes’ select social media sources and uses natural language processing (NLP) to “assign sentiment analysis or a sentiment score to all of the information about our entities or applicants,” he explained. “We have a ‘search’ function within it. But there are also dashboards for our entities, and we are able to monitor, in real time, overall sentiment about our entities. If there’s a significant decrease in that sentiment, we can then drill down into what triggered that decrease, and start asking questions.”

“We do not take decisions solely using that information and that score, but it can definitely trigger human intervention,” he said, adding that the tool had “led to a few occasions where we were [still] reactive but faster”.

Tools and their suppliers

The BMA’s engagement with the SupTech tool’s supplier also potentially offered lessons, Fahmi told the Lab audience.

Typically the authority’s project management office or IT department would be “directly involved with vendors”, he explained. But on this occasion Fahmi’s team “had the latitude to use a different procurement process… and then develop it directly between my sector and that provider.”

“If we want to build local licences, I think we need to rethink some of those procurement processes,” he said.

Fahmi was asked the extent to which the BMA had worked with the supplier to develop the tool.  “The supplier at the time [of initial engagement] was very small,” he responded, saying that the supplier had gone on to “secure quite a few contracts with the US government”. He pointed out: “I think that [with] engagement with smaller firms that are doing kind of niche things, [you] have to keep in mind that as they grow, they will change.”

The BMA also uses further SupTech tools, for example, a ‘blockchain forensics’ tool. “I think a lot of people are using these tools, especially for AML/ATF [Anti-Money Laundering/Anti-Terrorist Financing] purposes,” he said.

“One of the things that we’re doing now with the vendor is we’re looking at how can we actually use it for prudential purposes,” he continued. “So, is there blockchain data that is an early-warning signal for prudential problems? We’re trying to use the case studies of the multiple [banking] failures of last year to say: ‘well, can we use that data to infer potential problems within firms more rapidly?’.”

The BMA’s data science and analysis team has also developed a tool (called ‘Insight’) with ‘predictive capability’ based on the creation of dashboards based on financial returns and annual returns, he said.

‘Driving some of our digital transformation’

Tornling spoke of the importance of striving to ensure that multiple departments are positively engaged with the possibility of experimenting with new technology.

“The different business areas like their processes and things to stay the same. But when they are driving the change, it’s really powerful,” she said.

“They [colleagues] were out doing supervision and saw that all the banks and investment firms had these really great tools [when] doing training and compliance. And [colleagues] said: ‘Why don’t we have that? Why can’t we develop tools for us to make our supervision much easier?’. We said: ‘OK, let’s go in and let’s have a look at these tools’,” she said, explaining the background to Finanstilsynet choosing to engage a “very small” Norwegian firm that was doing compliance training within banks.

Typically the authority would have had “quite highly skilled, educated” team members transcribing supervised entities’ conversations (to monitor for potential market abuse) – something that was “really expensive”. By piloting use of the company’s tool – which, Tornling said, achieved about 90 per cent accuracy – the authority was able to “broaden out our supervision massively”, processing “a lot more data and doing a lot of search-engine words and sentiment analysis”.

Tornling said that colleagues across the authority were enthused by the tool’s capabilities and it was “driving some of our digital transformation [across] our organisation.”

She added: “I find it very interesting working with these small companies doing innovations because we are a small supervisor as well – we have some of the same interests”.

Fahmi said the reaction was similar across the BMA to its sentiment analysis tool. “Every time I talk to another department about it, [they’re] like ‘can we get that tool, too?!’. So, I think exploring technology – just like our firms are doing –  and testing things will result in change for the better.”

Kirstin Tornling, Martina Verić, Moad Fahmi and Ian Hall (moderator) at Global Government Fintech Lab 2023

Skills evolution and breaking up silos

An audience question prompted further discussion on supervisory authorities’ structures and skillsets in the context of SupTech.

Tornling responded that Finanstilsynet see[s] very good results when we mix different kinds of competencies into permanent teams”.

Verić praised younger team members for often being “much more flexible” to newer ways of working, highlighting their willingness to use data analytics (and subsequent reports). She also identified the importance of having a “really good business analyst”.

“It’s really important to have someone who has the expertise on the IT side but also on the business side,” she said. “If you don’t have a very good connection there, everybody [keeps to] their own business, they’re not communicating very well, and things cannot work out.”

Fahmi was of the view that “most” regulators increasingly appreciated that their inclination and commitment to ‘transform digitally’ had to match the very firms they are supervising.

The BMA operates an Innovation Council, with “about 50” of the authority’s 260 team members participating in its projects. The Innovation Council had, Fahmi said, created an “internal digital suggestion box that also serves as kind of internal Reddit where people can ask questions: it’s open to anyone, anonymous and people can comment.”

“When we think about the fact that there’s convergence between different financial services, and we’re usually structured in silos, it’s very helpful if someone from the banking team can help someone from my team on credit risk with a specific question,” he said.

‘Need to empower users’

The session concluded with the panel asked to highlight the biggest obstacle they perceive to be impeding their uptake of SupTech tools.

“For me, it’s not about the tools – it’s about how we structure ourselves,” Fahmi said. “We need to empower the users who are seeing [supervision-related] problems on a day-to-day basis. As managers, and as organisations, I think we have to simply give them the tools and that means rethinking some – not everything – of our procurement, innovation and technology development processes. I think this is the key to a good SupTech strategy.”

Verić answered that she saw internal cultural resistance to change among ‘traditional’ mindsets as a major impediment to progress. “I think trying to animate them to engage is one of the big challenges,” she said.

Tornling closed with an observation that summarised the Global Government Fintech Lab’s spirit of international knowledge-sharing.

“We’ve had a very good tradition in the Nordics on co-operating. Supervisors, also together with the Netherlands, created some really good solutions,” she said. “I think that’s the way going forward – co-operating more across different supervisors and creating solutions together. Also, creating flexible solutions – regulation is changing extremely rapidly. And also, one last thing: ensure any tool is user-friendly.”


Watch the session in full (it runs from about 04:31:40 to 05:19:35 if clicking on the full-day event video) => https://www.globalgovernmentfintech.com/lab/live/