How Much Reliance on Technology is Too Much?
The last few years have seen a significant rise in regtech, technological solutions for compliance. These solutions can be hugely helpful to companies as their compliance burdens increase in scope and complexity, but they certainly don’t absolve organisations of the responsibility of fostering a culture of compliance.
with contributing authors Jenni Hill, Lara Gotti and Kirsten Scott
Australia has seen a rapid increase in the formation of “startup” companies as part of a global push by organisations seeking to provide technological solutions to streamline compliance practices and improve efficiency. These technological solutions are known as regulatory technology, or regtech. With regtech evolving rapidly, financial regulators such as the Australian Securities and Investments Commission (ASIC) are proactively engaging with industry stakeholders to ensure that regulations are flexible, appropriate and fit-for purpose.
Regulator Engagement
ASIC acknowledges the potential of RegTech to build a culture of compliance, to save time and money and to complement the work ASIC already does. Roundtables held by ASIC in February 2017 recognized that regtech developments present the opportunity to allow the financial services industry to move away from a “rear-view mirror” approach to a more forward-looking approach and to be proactive rather than reactive.
Following the roundtables, ASIC released a report on its proposed approach. The regulator aims to establish a regtech liaison group that will meet three times a year to facilitate networking and collaboration on initiatives that promote positive applications of regulatory technology. While a dedicated “liaison group” has yet to be established, stakeholder-led regtech groups are already firmly part of the regional landscape (including, in Australia, a dedicated RegTech Association).
ASIC also provides regtech innovators with informal assistance in relation to regulatory compliance through its “Innovation Hub,” established two years ago. This mutually beneficial arrangement allows ASIC to understand and adapt to developments in the industry and proprietors to ensure their products fit within the current scope of regulatory requirements.
The Innovation Hub allows regtech developers to gain direct access to senior members of ASIC to ensure their products meet compliance requirements. Regulation of regtech is an expanding focus of regulators, given the increasing acceptance and encouragement of technology as a tool for achieving efficiencies.
Later this year, ASIC intends to conduct a problem-solving event, described as a “hackathon.” The intention is to “stimulate thinking and approaches to deal with regulating problems commonly faced by the financial services sector.” The event will be similar to those run last year by regulators in the U.K. and Canada. Such events highlight the need for regulators to remain engaged with industry and to move forward together (and not at odds) with those driving innovation.
Regional Developments
Regulators across APAC are taking steps to address the fact that technology does not recognise territorial boundaries. In this regard, ASIC has entered into cooperation agreements with Malaysia’s Securities Commission (Suruhanjaya Sekuriti), Japan’s Financial Services Agency, Indonesia’s Otoritas Jasa Keuangan, Hong Kong’s Securities and Futures Commission and the Monetary Authority of Singapore.
These agreements promote information-sharing and collaboration, allowing regulators to liaise on developments and discuss ideas and approaches to the regulation of the industry. Most arrangements (with the exception of that with Indonesia) are referral arrangements, which provide businesses with access to regulators in jurisdictions in which they are considering operating. These developments reflect the impact of globalisation, benefit industry stakeholders and ensure that APAC remains at the forefront of this fast-developing industry.
Where is This all Heading?
ASIC’s February roundtables called for regulators to be open-minded and to take a technologically neutral approach. While the regtech industry evolves, this is necessary to ensure that regulatory bodies do not adopt unrealistic or untenable goals.
The challenge for regulators is to identify the point at which they must be assertive in stepping in to ensure compliance with pre-existing laws and reconsider the operational and – in the case of companies in the financial services sector – prudential risks arising from this “shadow infrastructure,” of which regtech is a part. Many financial institutions are outsourcing their compliance functions to regtech products or external providers. In some cases, these functions are becoming too integrated and intertwined with outside products and systems and too tailored to have other regtech providers to step in or for the institution to take back this function. What approach will the regulators take if there is a failure of the AML compliance function of an external vendor or an error in the system? Who will bear responsibility for any loss?
Companies and their officeholders will not be able to absolve themselves of their obligations simply by embracing emerging technologies. Outsourcing compliance to a service provider comes with risks. Due consideration must always be given to the effectiveness and accuracy of any outsourcing arrangement.
Law firms (including Clifford Chance) are working with clients to ensure that these new technologies do not fall foul of the onerous regulatory framework in place in the various jurisdictions in which companies operate. Innovation must be embraced, but not in a haphazard manner.
The real risk with any disruption caused by technological advances is ensuring that industry does not permit tools designed to drive efficiency to give rise to complacency. Regtech will provide organisations with considerable assistance in detecting and preventing breaches of common compliance issues, but it is not a complete solution.
Irrespective of the advances made in this area, organisations must independently continue to ensure a culture of compliance is maintained – a culture where human judgment is valued and not completely overlooked in favour of a technology-only approach.