Rather than being the catalyst for compliance it could be, the regtech sector is impeded by its current abstractions. Evidology System’s Rupert Brown explains the shift that’s needed to propel regtech to greater success.
The Naming of Parts
The emergence of the regtech business sector as a specific categorization of technology companies in the past decade has been driven by the need to understand and control complex physical and data-driven business processes in which governments and the public had lost confidence as a result of the 2008 financial crash and prior corporate failures by organizations such as WorldCom.
Henry Reed’s 1942 poem about the components of a rifle – the bolt, the breech, the sling swivels – directly parallels the ways we describe the entities the regtech sector is trying to wrap its capabilities around, namely:
Each of the items above has a distinct purpose of describing artifacts and behaviors that underpin operational processes in all walks of life, yet they are often confused or blended, usually under the catch-all term “glossary.”
Less understood by most is that these terms form a chain that has both interlinked data items and increasing content complexity that starts with a simple list and ends up in a graph of nodes and links.
Who (and what) is the audience?
Historically, glossaries were intended to help readers new to a subject understand the complex terms in the document.
As companies – particularly government and military organizations – grew in size and process complexity, glossaries quickly became riddled with acronyms and semi-slang abbreviations to describe groups and roles within them that also needed systematic explanation to outside agents, such as politicians and independent auditors.
As an aside, it is rather sobering to discover that the U.K. Ministry of Defence combined glossary/acronym document is 25 pages longer than its U.S. Department of Defense equivalent!
It is clear from the way the majority of glossaries and acronym lists are published today that the intent is still to support the “casual” reader rather than to be a “definitive” content set. This dichotomy between the terms “casual” and “definitive” lies at the heart of the challenge the regulators and regtech sector must now face.
In truth, the “reader” is now in transition from a human to a machine (i.e., the “what” in the title of this section), because the scale and necessary precision of the text and numeric data across regulated industries – be they finance, pharmaceutical or transport – are beyond the capabilities of humans to assimilate and analyze with a pair of eyes and a highlighter pen.
This transition to machine-driven consumption of regulatory terminology requires “definitive” foundational content; AI might be able to interpolate missing points on a graph, but it cannot magically insert missing complex entity and activity definitions.
Perhaps the best example of the “casual” vs. “definitive” dichotomy are the glossaries published by the three main regulators of the U.K. financial sector (i.e., the Bank of England, Financial Conduct Authority and Prudential Regulatory Authority). Each of the published glossaries is a separate “pretty PDF” document and browsable website. None of them can be directly consumed in a machine-readable format despite all of those agencies trying to run innovation programs to implement automated regulatory specifications!
Curating, Managing and Distribution
If we are going to evolve from “casual” to “definitive” foundational entities to underpin both the definition and consumption of regulations, then we will need to adopt modern “agile” processes to manufacture and maintain the content.
The mechanisms used by the open source software movement are directly relevant and immediately applicable for addressing this – for example, the use of Wikis to capture and publish peer-reviewed draft content, followed by the use of distributed version control systems to formally manage change and provision content at scale in a standardized manner with attribution, lineage and regression, if necessary.
The “Designing Buildings Wiki” is a great example of an industry sector that has a large, complex and evolving peer-generated vocabulary with many regulatory and safety processes. Sadly, however, the output content isn’t machine-readable, but this would be easy to fix.
The International Dimension
Brexit and, more recently, COVID-19 have dominated the news agenda and will continue to do so for the foreseeable future, even considering the impending U.S. presidential election. These two cornerstone issues remind us that the management of regulatory entity data must operate with both a global perspective and scale: GmbH, Societe Anonyme and Delaware Corporations have relevance to U.K. business practices and law, whatever our geopolitical future holds.
This requirement brings significant extra “linear” volume to acronyms, abbreviations and glossaries, but we need to recognize that there are exponential complexity effects on taxonomies and ontologies because of geopolitical nuances.
Who should pay for all this?
If we are going to improve the way foundational regulatory entity data is managed and curated, there has to be a cost, and someone has to pay – a particularly difficult conversation to have in a time of global recession and operational distractions.
In truth, however, we are already paying for the operational friction that the current situation imposes. Many regulation-sensitive corporations have tried to build and operate entity data management systems similar to their reference data management platforms. These are expensive to maintain, especially when “scraping” websites that then randomly change their output HTML format in a rebranding exercise.
As well as the basic cost of change, there are the standards organizations – perhaps most notably, ISO – that seek to charge customers for the content they produce. It is no wonder that adoption of ISO 20022 has been a slow and painful process; the content is closely held by ISO and a virtual “cartel” of consultancies and systems integrators, rather than the smaller, nimbler companies that end up doing most of the real work and need access to the key specification terminology.
The history of the computer industry over the last 50 years should remind us all that open-source standards definitions and “good enough” implementations have almost always become dominant because they enable broad and rapid adoption and marketplace innovation. The twin failures of IBM’s PS/2 and OS/2 initiatives in 1987 are perhaps the clearest examples.
Change always comes at a cost, but the great majority of the hardware and software components needed to effect it are readily available at a very low incremental cost on global cloud platforms.
Is there real value in doing a “better job?”
There is a real danger that many senior executives involved in regulatory processes see them purely as a “cost of doing business” and just pay lip service to them whenever possible.
Initiatives such as the Enterprise Data Management Council’s (EDMC) FIBO initiative are widely regarded as “science experiments” by skeptics. The mechanisms and techniques used by the EDMC are fundamentally sound but, until they become visibly embedded both in the drafting and the analysis of relevant regulations, they will remain in the minority.
At least the EDMC have managed to produce some meaningful open-source content from their initiative, whereas the BIAN banking process definition effort has gone for the closed-source approach in partnership with ISO.
The “value” of an open source, publicly available set of regulatory entity data is particularly useful in sustaining compliance processes. Using it to scan chat systems such as Microsoft Teams or Slack and Discord to see how much of the conversational content is relevant has significant value, it can also be used to signpost users to more relevant platforms and identify hidden linkages that humans often cannot recognize.
If reliable regulatory entity data remains in its current Balkanized form, with a patchwork archipelago of content management and consumption processes, then the regtech sector will remain stuck with its current abstract sector classification label rather than being a catalyst for significant compliance and efficiency improvements.
Moving from “casual” management and publishing to a systematic and “definitive” set of mechanisms to deliver public regulatory entity data with global scale, reach and relevance is not a complex technical problem.
The role of the state must not be underestimated in all of this – if governments and supranational organizations such as the EU and UN can rationalize their regulatory definitions and terminologies, then it facilitates much more accessible government and would provide a strong nudge to other significant industry consortia.
It does, however, require sustained, credible leadership and perhaps the effort needed is best summed up by the words of the Duke of Wellington at the Battle of Waterloo: “Hard pounding, gentlemen. Let’s see who pounds the longest.”