(This article is the first one in a series about regulations and Regtech)
The first time I remember walking into a bank, I was just a kid. I was there with my mum who had to deposit some cash. The building was huge and everyone looked so knowledgeable and professional. For my family, it was the safe place where they would store their hard-earned savings, the trustworthy institution…
Now, I guess most of us stopped blindly trusting financial institutions a while ago. The Global Financial Crisis highlighted that on the path of making profits, bankers had resorted to unethical ways to exploit their dominant position to pursue bigger gains at the expense of their customers; and this despite being supervised according to the highest ethical standards, by a number of regulators and central banks around the world.
It’s not a new story, just the most recent chapter in a series that doesn’t sound very reassuring. Let’s look at the last few decades in UK only. In the 90’s the regulatory system came under scrutiny after the collapse of Barings Bank. The Bank of England was blamed for the incapability to operate its control functions over banks and shortly afterwards an independent body, the Financial Services Authority (FSA, previously SIB) took over these functions. The BoE itself, had formerly taken the responsibility, in 1979, from the Department of Trade and Industry (DTI), because the DTI had proved unable in regulating banks leading to the Secondary Banking Crisis of 1973-75. And in turn FSA was questioned after the GFC, and ultimately abolished in 2012, replaced by two new institutions: the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), part of the Bank of England. Again.
If it sounds like a mess, it is. And there are corresponding stories covering different periods and different countries. In fact there were 11 major financial crashes in the 18th century, 18 in the 19th and more than 30 in the 20th. There are reasons for this: financial institutions manage huge amounts of money on such scales that costs of scale surpass economies of scale. They are deeply routed into the economic and political backbones of most countries and this could impact their judgement. Furthermore, they are exposed to significant conflicts of interests and opportunities of exploitation of info-asymmetries and dominant position.
Regulators’ unenviable job is to protect customers and at the same time to prevent financial crises from posing risks to the stability of the banking system and to the whole economy. On the other hand, rules and regulations build barriers to entry that in turn favour concentration and undermine competition, which is the very element that could make the market more balanced and ultimately safer.
We can therefore understand why, in trying to strike the correct balance between encouraging increased competition and preserving stability and safety, there have been regulatory cycles in the financial industry with regulations becoming looser (i.e.: from the late 80s) or more stringent (i.e.: at the beginning of the 70s). We are now in one of the toughest periods ever.
In the past 50 years banks have grown global, supported by enough technology to allow semi-automation of part of their activities, but still with a stubbornly archaic organization. Despite their reputation would at times be hugging omnipotence, their approach to people management has frequently been thick, obsolete and myopic, compartmentalized and with low to in existent design of processes. So much so that risk functions and compliance have been largely dependent on information being fed to them manually or through some basic workflow automation techniques by other departments, in a reactive mode. They often had little alternatives other than rely on the good judgement and integrity of front-office, that was commonly in obvious conflict of interest.
The GFC has exposed the weaknesses in these processes and has prompted an effort from policy makers, regulators and financial institutions themselves to enhance controls, tightening the strings to win back customers’ trust and to avoid hazardous behavior that could endanger the stability of the system.
Pressured by a wide wave of new regulations, in the rush to meet deadlines and avoid fines (exceeding $320 Billion since 2008), while stuck with legacy systems, banks have been forced into implementing contingency plans. Staggeringly, basing them mainly on manual handling of issues. In fact, by the end of 2014, Citi had added a total of 30,000 people to their function.
A very expensive patch working that looks dooming in sight of the rise of Fintech startups, for at least two important reasons:
- These nimble companies represent the most modern and farsighted type of competition in the sector and regulators are adopting a lighter approach in their respect, as they couldn’t otherwise bear such high costs of compliance, neither probably would at any point of their growth. Regulators are therefore having a hard time finding the optimal balance between eliminating barriers to entry, fostering innovation, avoiding regulatory arbitrage and creating a safer financial environment;
- New technologies will keep posing new questions and opening regulatory voids. Bitcoin, crypto currencies and ICOs are just few of these. As regulators catch up with faster deployment of tech solutions in the sector, regulations in the sector will get to evolve faster and faster. Patch working from incumbents will become more and more frequent. Until it gets unsustainable.
Stable solutions won’t be easy to implement but are the only way forward for financial institutions. These cannot prescind three fundamental pillars: technology, organizational infrastructure and culture.
Progress made in the technology landscape holds the potential of generating solutions which will enable a locked down implementation of regulations. Technologies like Big Data, Machine learning, Artificial intelligence, IoT and Blockchain have such a potential.
Regtech originates at the junction of regulations and latest technology developments. It can be seen as “the use of new technologies to solve regulatory and compliance requirements more effectively and efficiently”. Regtech is much more than an essential tool in the hands of financial institutions, to streamline internal controls and monitoring, and to comply with requirements. It will be the very instrument for regulators too, to manage complexity and cope with tech led changes to the financial markets. As Bank of England defines it – “Regtech allows for a real time and proportionate regulation that identifies risk and enable more efficient compliance”.
In the early 2000s the engineering team at Amazon found out that their monolithic infrastructure, organized by competencies, was progressively becoming slower at evolving and adapting as it grew bigger. The concept is widely accepted in the tech field, where microservices supplant monoliths when companies’ complexity grow – and teams get re-organized – as per Conway’s Law. The same concept is valid, with a few adaptations, in any high complexity environment that needs to evolve quickly. In fact, although compliance and app development are very different activities, making use of networked cross-functional teams of front office, middle office and IT experts can lead to much faster and safer implementation of change.
Even without a full course in Self-Determination Theory, we know that external regulations and compliance are the poorest forms of motivators, just one step ahead of total amotivation. Instead of proposing change as a legal enforcement, stable solutions have to be built embracing new policies with a deep cultural change at the core.
It’s ambitious to think that someone would just abide to rules for pleasure, but an innovative structural approach can – and has to – make for it, moving the target behaviours towards a more sustainable form of individual motivation.
A famous example of transforming an unpleasant task in an enjoyable activity, at corporate level, was given by Microsoft. In 2012 they managed to have 4500 employees willing to sit for free and look at half a million dialogue boxes and find about 7,000 bugs in there, that Microsoft was able to fix. How did they manage to accomplish this? Microsoft gamified the process. They launched the Language Quality Game, they explained to employees what a vital part of Microsoft, their opinions and cultural experiences were (Ok, it will be a tad uneasy for some financial institutions to make this sound credible, but change has to happen in the brass first). They told their workforce that they were valued and could use their knowledge to help Microsoft launch global products and services. And ultimately they explained that it was a chance to compete against other Microsoft offices because there was a leader board about how many bugs each one would find.
The result was an unexpected success, a triumph of smart design of processes, and gamification.
If you are trying to improve the design of your processes or aiming to align with regulatory requirements, and want to scope change from a cultural, infrastructural or tech perspective, or if you are a founder willing to build a regtech startup, reach out to us at firstname.lastname@example.org to explore together how to develop your project to the next level.