The German financial regulator BaFin has published the latest edition of its BaFinJournal (in German), its monthly specialist magazine and main news bulletin that consists of expert articles, interviews and reports on key national and international supervisory issues as well as official announcements. The March edition focuses on credit score, Solvency II for insurers, alternative investments and, probably most interestingly, on RegTech.
The BaFin isn’t exactly known to be at the forefront of the movement unlike other regulators, first and foremost the British FCA. However, to be fair to the institution based in Bonn and Frankfurt one has to understand the differences between the German setup and that in other countries. Unlike the FCA, for example, the German financial watchdog has no mandate for promoting innovation. When the ESAs joint report on innovation facilitators recently analysed the different kinds of innovation hubs and regulatory sandboxes that have been established in European member states, BaFin’s activity only played a small part. A regulatory sandbox as seen in the UK or the Netherlands would be unthinkable in Germany given the current circumstances and legal structure. Thus, the commitment to encouraging innovation in the interest of consumers as demonstrated by the FCA is in Germany traditionally more a matter of research and development centres. And the reason is simple: RegTech firms and their business models usually are not subject to regulatory supervision and as a result BaFin, in its role as a financial market supervisory authority, is not responsible for RegTechs. Nonetheless, BaFin has followed the developments in the sector and now, it appears, seemed to be a good time to take stock.
If you expected anything revolutionary, you’ll be disappointed though. In most parts – and since this is a report that isn’t addressed solely at experts in the field, it’s not really surprising – it is a mere summary of current events. RegTech applications promise financial institutions effective and efficient processes to fulfil their legal obligations, they have therefore grown in importance over the past few years and almost every day there are reports of new ideas and uses of RegTech in the financial sector, says BaFin and identifies increasing regulatory requirements and technological progress as the main drivers of this development.
The author continues to explain that there is no universally accepted categorization of Regtech applications and that the known fields of application are constantly expanding to new applications. At this point in time most applications can be used in compliance management, risk management, customer verification, fraud detection, and many other areas, which are explained however in a very limited form. The report also identifies the key technologies that are used in RegTech solutions (AI, Big Data, DLT etc.) and points to the points to the efforts of national and international organisations on the subject. BaFin tells us that these examine in depth RegTech topics, formulate common interests and try to standards, but leaves it at this attestation – maybe it will enlighten us in its own dedicated report in the not all too distant future.
BaFin also mentions that financial institutions have to address the question as to whether to build or buy solutions, but should bare in mind that when outsourcing to another company the ultimate responsibility remains with the management of the outsourcing company and as such must comply with the supervisory requirements for outsourcing.
Little new, and even though the report refers to the progress made, the smart money already invested and the opportunity RegTech presents, the German regulator cannot help itself and concludes by pointing to the numerous (possible) risks and responsibilities of authorities like BaFin: “Supervisors must continually monitor Regtech developments, as proper functional perception requires a comprehensive understanding of relevant solutions in practice.
In addition to the many potential benefits of new technological solutions, a supervisor must also take appropriate account of the potential risks involved. Due to their technical and procedural designs, RegTech applications can harbor a variety of risks, which would have to be analyzed and evaluated in individual cases.
The high level of data drivability of individual Regtech applications requires high data quality. Deficiencies in the data basis could lead to the derivation of unsuitable or erroneous statements of causation, which, moreover, could only have a low probability of discovery due to a high degree of automation. In addition, it must be ensured that the data relevant for the respective purpose of cognition are used for the analysis and not (only) those that are available with little effort.
Not only in Regtech outsourcing companies have to ensure that there are always qualified in-house personnel to ensure proper business organization that is familiar with the professional applications. In that regard, the job cuts to save costs through the use of Regtech limits. Depending on the importance of Regtech applications, companies should also consider them as part of their risk management.”
So, the focus is once more on risk rather than opportunity. SupTech and its potential for regulators who constantly risk (no pun intended) to be outwitted by criminals and financial wizards alike is a mere side note and you no longer wonder why London rather than Frankfurt is the leading RegTech hub. But at least they are talking about it…