Compliance and regulatory developments in the light of digitalisation
November 2020 | PROFESSIONAL INSIGHT | RISK MANAGEMENT
Financier Worldwide Magazine
November 2020 Issue
Digitalisation is a phenomenon that concerns every sector and all aspects of corporate governance. However, it is particularly relevant in the context of financial services regulation. From a legal perspective, digitalisation can be a source of risks and uncertainty. However, in the form of regulatory technology (RegTech), which is used to ensure compliance with existing due diligence regulations, it can also offer new opportunities in the area of compliance. In this article, the challenges of new and innovative technologies and opportunities for compliance associated with digitalisation are discussed, with a focus on corporations in the financial sector and legal aspects.
The main challenges posed by digitalisation relate to combatting offences, such as money laundering, in which criminals hide the origin of illicit funds and integrate these funds into the legitimate economy, and terrorist financing, as well as offenders’ fraudulent use of new technologies. In particular, innovative technologies frequently offer anonymity and legal uncertainty, making it possible for offenders to conceal their criminal assets, initiate transactions which cannot be traced back to them and operate in legal grey zones.
In response to these risks, regulating authorities have imposed on financial service providers increasingly strict due diligence regulations. Therefore, compliance is becoming more and more tedious and expensive. Many banks use sub-optimal, manual know your customer (KYC) procedures. KYC alone thus imposes significant costs on banks. These costs are boosted by additional expenditures resulting from opportunity costs and fines for non-compliance with due diligence regulations.
Although innovative technologies increase compliance risks in relation to the abovementioned offences, they also offer solutions to mitigate these risks. In particular, financial service providers use RegTech within the scope of compliance, reporting, monitoring and management to make internal processes more efficient. Innovative RegTech approaches to compliance use technologies such as supervised machine learning (ML), unsupervised ML, natural language processing (NLP) and distributed ledger technology (DLT).
In supervised ML, the algorithm uses previously collected data sets to create ‘knowledge’. These data sets are labelled. Banks mainly use supervised ML to identify transactions which could be related to money laundering. In this regard, knowledge could be created using the label, which would indicate whether a transaction is suspicious or not, as well as information about the transaction, such as sender, receiver, amount, time, previous transactions and more. The bank would use data which has already been reviewed by compliance experts to train the algorithm to be able to recognise patterns in transactions to help determine whether a transaction is suspicious or not. These patterns can thereafter be applied to data which has not yet been labelled or scrutinised, such as new transactions.
In the area of securities law, supervised ML can be used to prevent price manipulation and insider trading. Insider trading can be identified via publicly available information regarding the market behaviour of securities, on financial performances and pertaining to ownership structure. These approaches, however, only cover insider transactions in the stock market. In addition, offenders use countless deception strategies, such as the use of straw people who conduct a transaction under their own name on the insider’s behalf, to ensure that a transaction cannot be traced back to them. Models that are based on supervised ML use data on previously identified cases of tampering to identify market manipulations. One limitation of the approach is that the available sets are unlikely to cover all potential forms of market manipulation.
In terms of money laundering and terrorist financing prevention, supervised ML can be used during transaction analysis. Transactions that differ significantly from previous transactions in terms of amount transferred, receiver, etc., are flagged. The main challenges of this approach are that analysis must be conducted in real time, there is a large amount of data to be analysed and that expert knowledge is required to accurately identify risks. Supervised ML helps with differentiating between suspicious and unsuspicious transactions, so that selected transactions can be analysed in more depth. Older generations of algorithms have been associated with a high number of false positives, thus increasing the cost of compliance analyses.
Within the scope of competition law, supervised ML offers opportunities relating to the identification of cartels, for instance to uncover price agreements in public procurement. In particular, supervised ML can be used to screen tenders for suspicious activity. Moreover, supervised ML can help to identify vertical price rigging, such as arrangements between manufacturers to determine a minimum or maximum resale price for their goods.
Unlike supervised ML, unsupervised ML does not require labels. The intention of unsupervised ML is to create clusters or sub-groups of similar data within a dataset. Based on the data alone, homogenous groups are created. One area of application is emails – many platforms use unsupervised ML to assign users to a cluster, for example based on their country of residence.
In the financial sector, unsupervised ML can be used to identify suspicious transactions without requiring labels or prior knowledge. Via unsupervised ML, customers can be clustered based on data such the average amount they transfer to other parties. If a customer conducts a transfer that does not conform with the regular pattern of the cluster, the transaction can be subjected to further scrutiny from the compliance department (so-called outlier detection).
With NLP, computers are trained to understand and process human language, for example to be used in smartphone voice command. Furthermore, NLP is frequently used in social media networks to identify false reports or fake news. The frequency in which certain words or phrases are used in a post can give an indication of its legitimacy.
In banking, NLP is frequently used to analyse documents. In particular, documents are imported into the system and then classified based on their importance and potential irregularities. If a document is flagged as suspicious, an in-depth analysis can be conducted by the firm’s legal team. The method is particularly useful when many documents must be viewed, as it helps reduce time investment and costs. Moreover, NLP can be combined with ML to reduce the number of false positives. In these cases, connections between transactions which have been flagged as suspicious and known offenders or sanctioned corporations can be identified.
With the use of DLT, access to available data can be shared between all market participants in financial and other sectors. The ledger’s programming guarantees the integrity of the shared data, which is why no third party, such as a regulatory authority, is required to monitor the process. One popular example of DLT is the blockchain which facilitates secure, transparent and irreversible peer-to-peer transactions without the involvement of a financial services provider. These aspects, however, can be abused by criminals to launder money or defraud other peers. In particular, digital currencies that are powered by a distributed ledger are usually highly anonymous, which makes it difficult to trace incriminated funds back to their beneficial owner, and once approved, a transaction cannot be reversed, meaning that mistakenly transferred funds (such as in a fraud case) cannot be reclaimed by the sender.
In the financial sector, DLT can also be used within the scope of KYC. KYC intends to identify business partners, beneficial owners, and the origin of funds and financial flows to prevent money laundering. Every financial service provider must conduct KYC when entering a business relationship with a new customer. Because KYC is immensely expensive when conducted by each financial service provider or bank individually, DLT could be used to store customer data so that the procedure must only be conducted once, and all financial service providers in the respective jurisdiction would be able to access the data. The costs could be shared between them.
To foster innovation, the UK and Switzerland have established ‘regulatory sandboxes’ that allow companies such as FinTech start-ups to test innovative business models under relaxed regulatory circumstances. These sandboxes help increase regulatory certainty by uncovering regulatory gaps and demand for action and stimulate competition in the local financial market. Liechtenstein fosters innovation via a ‘regulatory laboratory’ in which experts from the financial market authority support FinTech start-ups by answering regulatory questions and guiding them through the approval procedure.
In conclusion, the implementation and application of innovative technologies within the scope of RegTech offer manifold opportunities to optimise existing compliance procedures. Although they pose certain risks, mainly pertaining to money laundering, terrorist financing and fraud, technologies such as distributed ledgers or ML come with the advantage that they facilitate a standardisation of compliance regimes and sharing of relevant data among financial services providers and between financial services providers and regulatory authorities. Hence, time lags, inefficiency and irrational costs can be decreased. In this regard, one major challenge that especially established banks face is that they usually each employ different IT systems which are not compatible and thus hinder the establishment of standardised solutions. Newly established companies in the financial sector, on the other hand, can implement more flexible systems and solutions that are based on innovative technologies. To test out innovative business models, jurisdictions can implement regulatory sandboxes or laboratories based on the UK, Swiss or Liechtenstein model.
Fabian Teichmann is an attorney at law and public notary and Marie-Christin Falker is a research associate at Teichmann International (Schweiz) AG. Dr Teichmann can be contacted on +41 (71) 260 2440 or by email: teichmann@post.harvard.edu. Ms Falker can be contacted by email: falker@teichmann-law.ch.
© Financier Worldwide
BY
Fabian Teichmann and Marie-Christin Falker
Teichmann International (Schweiz) AG