Friday, Nov 27, 2020

Supervising the New Normal: SupTech in the Post-COVID-19 World

Part of the New Normal Series. This episode features:

Pei Hong Mok, Chief Examiner & Executive Director of the Inspection & Supervisory Methodologies Department, MAS

Alejandra Castorena Olivares, General Director, Methods and Procedures for Supervision, National Banking and Securities Commission (CNBV), Mexico

Moderated by Clive Briault, Chair, Toronto Centre’s Banking Advisory Board

Read the full transcript

November 25, 2020

Clive Briault:

Hello everyone. Good morning. Good afternoon. Good evening. And welcome to another episode of
Toronto Center's virtual webinars series on supervision post COVID-19. Today, we have 150 registered
attendees for this webinar from 38 different countries. My name is Clive Briault and I'm the chair of
Toronto Center's Banking Advisory Board. And with us today, our distinguished panelists are Pei Hong
Mok, executive director from the Monetary Authority of Singapore and Alejandra Olivares Castorena
who's general director methods and procedures for supervision at the National Banking and Securities
Commission of Mexico. So welcome too Pei Hong and Alejandra. It's great to have you with us today.

Clive Briault:

Managing through the pandemic and adjusting to the new normal has not been easy for financial
supervisors. As its contribution to this efforts in late September, Toronto Center published the most
comprehensive practical, and cross-sectoral guide to supervision in the COVID-19 world with input from
a wide range of supervisory authorities and standard setters. I dearly encourage you to read it. And we'll
put up a link to it in the chat function in a moment. But COVID-19 outbreak has accelerated the trend
towards the increased use of technology digitalization within the financial sector. Most people expect
this shift to continue and not to be reversed. The business model of financial institutions is going to
become more digitally based as they accelerate the adoption of technology. But meanwhile, the
combination of these general trends and the constraints on undertaking on-site visits to supervised
firms, has increased the pressure on supervisory authorities to adapt their own supervisory practices
with the help of technology. What is known as supervisory technology or SupTech. And today we're
going to focus on this use of technology to improve the effectiveness of supervision.

Clive Briault:

We do very much intend to leave time for your questions towards the end of this webinar. So do please
use the Q&A tab on your Zoom page to submit your questions. And finally, by way of introduction, I
would like to thank the key sponsors of Toronto Center, namely Global Affairs Canada, Swedish Cider,
the IMF, Jersey Overseas Aid, USAID, and Comic Relief. And I would also very much like to thank Demet
Canakci and Diana Bird of Toronto Center, who have worked so hard to bring you this quality seminar.
But let's begin with the questions and answers. And let's start if we may with you Pei Hong and ask the
question, what are supervisors hoping to achieve through the increased use of technology and data?

Pei Hong Mok:

Thank you, Clive. Maybe I'll start with a few introductory remarks and I will dive right in. Technology is
indeed transforming the financial sector. Technology has always featured in financial services, but in the
last decade, there was a steep increase in the application of various technologies in financial services, by
both existing players and new entrance, including [inaudible 00:03:46], RegTech firms and other digital
players. The drivers are well-recognized, substantial increase in availability and granularity of data,
which lend themselves to data analytics and ability to derive better insights, improve infrastructure,
such as cloud computing and APIs, increase ease and affordability of data storage and exploiting large
volumes of data. So the financial landscape and consumers expectations are changing as well. And
financial institutions are reinventing to stay ahead. So data gives financial institutions better insights
that allow better customer segmentation and product marketing efforts. If done well, financial
institutions can predict what customers need or want and offer them even before they ask for it.

Pei Hong Mok:

This gives them the competitive advantage if done well. Increasing regulatory requirements is also a key
driver for financial institutions to turn to technology, to improve regulatory reporting compliance and
risk management. This is in fact the area that's fueling the RegTech space. And we are seeing, in fact, I
recently saw a report of a growth in the RegTech market. We've about more than a thousand RegTech
firms globally. And over the last five years, the global private investments in RegTech has expanded. And
more recently we talked about the COVID-19 pandemic. It has accelerated the drive to digitization.
Customers are encouraged to adopt online and digital channels instead of physical visits to branches. So
in Singapore, our recent private sector survey of retail customers noted that 70% of respondents have
used online banking frequently since the start of the pandemic.

Pei Hong Mok:

So we are also embarking in paperless and digitization initiatives to facilitate remote working
arrangements and reduce face to face interactions. What all this means is regulators like ourselves also
constantly need to refine our supervisory approaches. And SupTech is now a strategic priority for an
increasing number of authorities and the recent FSB report if you-all have seen it, most autocracies
already have in place a SupTech innovation or data strategy or are in the process of developing one. So
in MAS our SupTech division, which I oversee has an overarching objective of an enabling effective and
efficient financial supervision through the application of technology and data analytics. And we achieve
this by several ways. So developing platforms to provide timely and relevant data and information to
supervisors, applying data analytics techniques to identify from specific risks or emerging risks in the
sector or the system, developing tools to outman surveillance and inspection capabilities, as well as
strengthening supervisors skillsets in data science, through partnerships in projects and training. I shall
stop here, my three minutes is up and I'll hand over to Alejandra. Yeah.

Clive Briault:

Okay. Thank you very much for that, Pei Hong. Yes, moving on to you then Alejandra, can we ask you to
describe the effect that the COVID-19 pandemic has had in accelerating the technology based
innovation for supervisory agencies and within that, what are the expectations and goals that your
authority is trying to achieve from the implementation of SupTech?

Alejandra Olivares Castorena:

Yes, of course. So as Pei has already said, we can see that COVID-19 has accelerated technology based
innovation and it may lead to a more accelerated adoption of SupTech in all regulatory and supervisory
agencies. So you have already said that there have been operational restrictions resulting from COVID.
So they have limited entry to supervise financial institutions and traveling. So suddenly supervisors had
to conduct supervisory reviews remotely. So they have suspended on-site reviews. They have limited
them to priority inspections and they have replaced them with a remote reviews. So there is another
effect and it is the economic damage that results from lockdowns and the reduction of economic
activity. So these puts some pressure in supervisors to prevent and monitor or increases in risks and
vulnerabilities of the financial institutions.

Alejandra Olivares Castorena:

So they need to react proactively in order to maintain the financial stability of the financial systems. So
when you are in a context in which there are operational restrictions, you need to improve analytical
capabilities of supervisors. And you have to enhance surveillance by using technological tools. And this is
why SupTech becomes more relevant in these days. You need to gather more granular information and
maybe you will need to monitor real-time data for a timely detection of emerging risks. So you will need
to be more efficient in processing and analyzing this information. And you will need an intensive
monitoring of key risk indicators to have early interventions from supervisors. So Pei already said that
there was a general trend to digitalization and it was before also, I can say that it was before, but now
this COVID-19 is leading to a more intensive use of technology, also from the providers of financial
services.

Alejandra Olivares Castorena:

So now we can see some publications. And I can share with them afterwards, share with the audience.
And that in this period, supervisors have been using new ways of SupTech to address some challenges
that they can find. So we also have human resources restrictions and financial restrictions. So if you can
have adequate and scalable technological tools and solutions, supervisors might be in a better way to
effectively engage with these emerging and heightened risks. So CMBB has been working in different
SupTech initiatives that I can talk about them later, but we are hoping to have a more effective and
proactive monitoring of risk. And we are working in enhancing our surveillance activities. And we have
decent enhance brilliant supervision from March, 2020. And we are a working in addressing this new risk
priorities by using remote supervision. So SupTech will be a key tool for 2020 and 2021 for the CMBB.

Clive Briault:

Right. Thanks a lot for that, Alexandra. Some interesting drivers there for the use of SupTech. Let's move
on to what exactly you're doing in terms of a use of technology and how that's helping to enhance
supervision. So Pei Hong, which new technologies have you used to automate your supervision of the
industry through SupTech? And how has that in practice helped to enhance supervision?

Pei Hong Mok:

Yeah. I can share a few use cases of how we use technology to outman supervision. But before that, I
thought useful to highlight the process of how these cases, these use cases are identified and prioritize
quite quickly. So MAS is an integrator supervisor that supervises some banks, insurers and capital
market intermediaries are under one group. And supervisors and inspectors identify areas that we
benefit from digitization and digitalization. And there's a difference between the two, if the audience
find useful, I can explain later. And in some cases, for example, our inspection processes, we have
undertaken a business process, re engineering exercise, or BPR, to identify pain points and potential
solutions. So we have a list of pain points or areas that supervisors then will benefit from technology or
data analytics.

Pei Hong Mok:

And then we have the SupTech team with a diversity of competencies, data scientists skill in Python or
Tableau. They're good at visualization. They know AI/ML network analysis, et cetera. So we kind of try to
map the use cases and the supervisory needs with the SupTech competencies and prioritize them based
on the impact in terms of contribution to our supervisory objectives of efficiency and effectiveness.
Some of these are more transformative and impactful as they benefit multiple departments. For
examples, the use tech analytics on financial statements. They can benefit smaller entities like fund
managers and security brokers, but they can also be applied to banks and insurance. Although the
specifics of what we look up for in each sector will differ. And similarly developing a model for predicting
financial distress would be useful to different sectors.

Pei Hong Mok:

I would just quickly share a use case and happy to share more if there is time. And this is not really
specific to COVID-19 because we've been doing this since even before. And it's a very common use case
for both the RegTech and SupTech space and that's for AML, anti-money laundering. And we use a
network analysis for the STRs or suspicious transaction reports. So our AML department has applied
network analysis techniques to suspicious transaction reports or STR for short, as well as data collected
from financial institutions and intelligence from law enforcement agencies. So this has allowed us to
identify networks of suspicious transactions or suspicious activities across the financial sector. And this
has come a long way. And I personally recall many years ago as a supervisor, I was reviewing the hard
copies of the STRs and with no benefit of insights from other STR sparked by other financial institutions,
or intelligence from other agencies. It is a very silo and manual process in the past. And it was
impossible for any individual to review the many STR sparked by the financial institutions and make
sense of them without the help of data analytics.

Pei Hong Mok:

So the use of the network analytics too, has helped to identify clusters of individuals and entities that
exhibit suspicious behaviors. And this has helped us to target inspections, more focused inspections, as
well as follow up by our offsite supervisors with the relevant financial institutions. The data inputs for
these network analysis comprised mainly of information from structured data views in the STRs. For
example, the names of persons, the companies, the relationships, and the fund flows. And we are
working to further enhance this by adding transactional information to these data sets and maintain it
with an LP natural language processing to extract information from the unstructured textual data within
the STRs. So for example, the narratives explaining the unusual nature of the customer transactions and
the relationships between counter parties to incorporate in the network analysis for a richer analysis. So
I think to wrap up my part, I think technology and data analytics have great potential to improve our
supervisory capabilities. And we're beginning to see only the initial benefits. And I think that's much
more to experiment, and this is an area where regulators can come together to exchange ideas and
learn from one another. I shall stop here. Thank you.

Clive Briault:

Okay. Thanks a lot, Pei Hong. And a very interesting specific example there of the use of SupTech and
data analysis. So turning to you again, Alejandra. That's an example of a way in which SupTech can go
hand in hand with using new and additional sources of data and information in that case analyzing
documents. But I know that other supervisors have already began to explore the use of social media. So
can you give us a bit of flavor of how the CMBB is using data and other information in its
implementation of SupTech

Alejandra Olivares Castorena:

I'm muted. So CMBB efforts to implement supervision technology have started in 2018. So it's recent.
But we had to deal with some challenges in supervision. First of all, we have a great number of
supervising entities, almost 5,000. So I would say in big numbers, half of them are supervised more
comprehensively in the main significant activities. And the other half is exclusively supervise for
AML/CFT. Also we have new supervised entities resulting from the new FinTech law, the financial
technology institutional law. So we [inaudible 00:19:53] it implied for CMBB, a more technological
approach for information reception and processing, according to the nature of these new supervised
entities. Also, we have to deal with more than 600 reports for 20 supervised sectors. And it's quite a lot
in [inaudible 00:20:17] reports.

Alejandra Olivares Castorena:

And also as a starting point CMBB was using some years ago, basic tools for analyzing information. So it
was not a great idea for us. Also, we have all supervisory agencies, these limited human resources to
develop on-site and offsite supervision activities with large volumes of information to process. So we
really need to do something about it. So the objective was to improve our capabilities, to address all
these new challenges and the innovation challenges and emerging risks. So we saw SupTech as a way to
support our activities. And we started with two main areas of the development of SupTech, first of all, is
data collection and the other is data analytics.

Alejandra Olivares Castorena:

And CMBB, first of all, started to adapt its infrastructure and improve its analytical skills. So in terms of
infrastructure, in 2019, we started to develop a SupTech platform and that will allow the receptions,
storage and processing of the automated processing of information. So in the first stage, we will be
receiving information from financial technological institutions through application programming
interfaces [inaudible 00:21:56]. And also we'll be receiving well, storage and process, AML/CFT large
volumes of information that we gather from regulatory reports, but also from the information collected
from on-site supervision or information requests. So we will be finishing this platform... We have already
developed almost all of the first stage of the platform, and we are expected to finish this in 2021. But in
the other field, in terms of analytics, we have been... Also the platform in the first stage, has provided
some analytical dashboards to analyze these large volumes of information, and start with descriptive
analytics, and then we will be moving to advanced analytics.

Alejandra Olivares Castorena:

So in advanced analytics, we have been working in sprints or in pilots. So in 2019, we started a project
and we finished it in this year, in the first part of this year, to apply big data tools and artificial
intelligence in two business cases, one of them was for popular financial sector and the other one was
for financial technology institutions. And we were trying to predict the behavior of the credit portfolio
and also do some segmentations and classifications of entities according to their risk profiles and
identifying some patterns in their activities. And also we are doing some, we can say, SupTech labs. And
we are mostly interesting in this phase in COVID-19, in credit risks, financial fraud and these
segmentations of entities to continue with this. So in this last quarter of 2020, we are starting another
project with the World Bank and we will be adopting and implementing analytics in three different
priority areas. It will be to continue AML/CFT, risk managing and risk analysis, to identify patterns and
predict some behavior. We will be also working in credit risk and financial for this I already said. And we
will also be developing supervisory capabilities. All over they're getting station because what happens in
some supervisory agencies is that knowledge is not spread evenly.

Alejandra Olivares Castorena:

And you have these small groups of more qualified individuals, but what we need to do here in the
CMBB is to provide all these technological tools and resources for all supervisory areas and
departments, so that they can use in different business models and business needs. So we have been
developing a top-down strategy because we think that it will work for us better, because it has some
important benefits like data management. We can have this data warehouse also for cybersecurity and
security information issues that we need to deal with. We can work in a common infrastructure, we can
have these high skilled groups of people to deal with different business problems. So we are now
working in these advanced analytics strategies, and in this priority of course CMBB.

Clive Briault:

Okay, great. Thanks for that, Alejandra. Some very interesting initiatives there. And clearly some will
take quite a long time to bear fruit, but I'm sure an investment is well worth making. Let me just at this
stage ask you both one of the questions which has come up from the participants. So let me encourage,
please, all the participants do please put your questions up on the Q&A icon button. But there's one
question here saying basically that we can see in the financial sector, that firms are making a lot of use
of apps around opening bank accounts, information, security, [inaudible 00:27:38], protection and the
like, to what extent can SupTech help supervisors to supervise that kind of activity? So Pei Hong, any
thoughts on that? Is SupTech actually a benefit when it comes to supervising some of those FinTech type
applications and developments?

Pei Hong Mok:

Well, I think for this, there are two things we look up for. One, is info security and the cybersecurity of
these digital platforms, if that's what you call them. And the other thing that we look out for, and this is
something we're studying quite keenly is adapt patterns, whether these digital platforms is from a
market conduct perspective, whether this digital platforms use interface UX, UI that are designed to
mislead or trick users into making some unintended choices. So conduct patterns could be quite
prevalent in the ecommerce space. At least when we study in our jurisdiction, it's not so prevailing in the
financial sector space, but it's worth more studying is something quite interesting. And we are actively
studying this as part of the preemptive supervision. So I think these are some areas that we are looking
out for as to the application of technology. Maybe not yet, hasn't caught up on this space, but this are
the two emerging risk areas that we are looking at. Yeah.

Clive Briault:

Okay. Thanks a lot, Pei Hong. And same question to you, Alejandra. I mean, any experience of using
SupTech to help supervise elements of FinTech? Sorry, you're on mute.

Alejandra Olivares Castorena:

So we haven't started dealing with apps but I think that there are some publications also that there is a
way to deal with those. So our FinTech, our technology financial institutions will be starting to operate in
2020 and 2021. So we will be working in analyzing all these behaviors in this year. So we haven't started
yet, but this is a priority because they will start operations and we will be dealing with all these different
new ways of of providing financial resources. And we will be using SupTech for analyzing those, but we
haven't started yet.

Pei Hong Mok:

Can I add?

Clive Briault:

Oh, yeah. [inaudible 00:30:58].

Pei Hong Mok:

Yeah. So to the extent that this digital platforms make use of AI/ML solutions to, whether to do their
customer segmentation or to target customers, or to make credit decisioning using AI/ML. So this is an
area where we are looking at as well. So we have developed a set of principles called FEAT, F-E-A-T,
which stands for fairness, ethics, A would be accountability, T would be transparency. And this is
guidance to the industry to say that, when you use your AI/ML solutions, please ally them to these four
principles. And in helping the industry to do that MAS has set up a consortium and are coming up with a
very test tool which helps the industry to assess their AI/ML solutions against the FEAT principles. And I
think we'll be making some announcements during our FinTech festival and do look out for that as well.
So this is an area where we see increasingly, even incumbent banks or new digital banks or digital
platforms, are using AI/ML to do various things like credit scoring, customer segmentation, something
that we are keenly looking into to make sure that they adhere to the FEAT principles, if that helps. Thank
you.

Clive Briault:

Okay. Thanks very much. And one question specifically to you, Pei Hong. Could you elaborate a bit more
please on the proposed idea of the model predicting financial distress?

Pei Hong Mok:

Yeah. So we are still exploring this model, and I think is a bit difficult because... And we haven't
experienced a lot of failures here. So I think it's difficult to predict a bank failure, but bank distress that is
possible. So we kind of make use of certain factors to determine distress although failure is a bit hard to
model because of the length of the data history. But I must say this is very nascent and somewhat
difficult to do because of data cleanliness issues as well. But just to share, I've seen some vendors doing
it. And it can be quite impressive and useful if done well. And I'm really looking forward to a model that
actually gets us an alert preemptively... And I think this model I have seen is on listed companies. And if
we can see that going forward the listed company indeed goes into trouble, meaning that the model is
effective, and can be tested and proven, I think it can be really a very powerful tool. Unfortunately, we
are in the nascent stages of developing this. So hopefully if there's an opportunity we can share more in
future. Yeah. But not at this stage. Unfortunately.

Clive Briault:

Okay. Thanks very much for that. Let me say we may have to wait a little while before we get the full
response to that question, but thanks for that. Alejandra, moving back to you. You've mentioned a few
times in your answers various issues relating to the capacity and expertise of the supervisory authority.
So from your experience, what do you see as the main challenges in driving technological innovation by
a supervisory authority? And what is required for a successful implementation of SupTech?

Alejandra Olivares Castorena:

Yes. So from our experience, we have already said that SupTech can generate several benefits for
supervisory agencies. And there is no step back because we have these several challenges that we have
already listed and we need to advance our supervisory activity, but SupTech also needs the
development of capabilities and we have to address some important challenges. So I would say the
challenges can be grouped in three, for me, can be grouped in three different areas. First of all, I would
say infrastructure on data, the other one would be human capabilities. The third one would be to have a
solid strategy in the organization.

Alejandra Olivares Castorena:

So in terms of infrastructure, so supervisory agencies will need to have enough technological resources
to receive, to store, process information. But also data is a very important part of feed because we will
need data quality [inaudible 00:36:42] and data completeness from different periods of time, from
several years, most of the times. And they are crucial to develop advanced analytical models for
effective prediction or classification. So in terms of infrastructure, it can be adapted on time, according
to supervisory needs and advances. So you can start from your basic infrastructure and then you can
build on that.

Alejandra Olivares Castorena:

In terms of capabilities, I think that this is a very important challenge for supervisory agencies because
the traditional supervisory profile is more prudential, more financial economic, they have economic and
financial skills, but not really technological skills. In many cases, they don't even know which
technological tools are available, how to use them. So it's important to understand which are those gaps
in their organizations and deal with them to improve and support supervision. So supervisory agencies
should implement training programs, but maybe they should hire new professionals with these new
skills or be supported with an international organization or a private company.

Alejandra Olivares Castorena:

Also supervision technology needs a multidisciplinary group of people within the organization, with
supervisors because they will bring the business cases, of course. IT department, data and analysis
department like leading group with cross functional activities, and they will be also developing these
capabilities because you might also need data scientists and data engineers and so forth. So in terms of
the strategy, we have to see that SupTech strategy is gradual, but you need to define it. Before, some
organizations use a top down strategy, others bottom up strategies. I have stated before that I think that
for a big organization, like CMBB, the top-down strategy works better for many issues of data
infrastructure and supervisory needs, and the spread of knowledge and so forth. So it's important to
have a leading group with strong leadership skills, and have a very good understanding of supervisory
needs and also technological tools. And have these good coordination with all the team members.

Alejandra Olivares Castorena:

So another thing that I think meets an important challenge for SupTech is that SupTech needs to be
integrated with normal or previous processes, with internal processes. And it's because sometimes we
have these SupTech projects or other initiatives, and there are not really integrated in the organization.
And also another thing when supervisory agencies are starting in this process, they might have to deal
with cultural challenges to adopt SupTech. So I think that this takes some years for organizations to
know. And they also have to invest in human resources and technological resources. So this is something
that needs top management approval or also the approval from the board. So you really need to state
the benefits and the objectives of implementing SupTech in order to address all these challenges.

Alejandra Olivares Castorena:

So about the effective implementation, as I said, a solid and achievable strategy. Also assigning
adequate financial and human resources for that. Engagement from top management and from all the
different involved departments, it can be helpful to work in sprints or in having short term goals with a
long-term vision. So that you can advance in gradual implementation of SupTech. Also the roles of the
different departments should be clearly defined, benefits should be acknowledge all over the
organization. You have to recognize existing gaps and capability needs. And you have to adopt the kind
of strategy that better deals with your organization. If it's top down as in CMBB, let's do it. And also Pei
also said that strong coordination with other supervisory agencies, I think that is very helpful because
you can learn from different models that have been applied in different parts of the world.

Clive Briault:

Okay. Thanks for that. Very comprehensive list there of the challenges and how you're addressing them.
Pei Hong there's a similar question for you from the audience, but also get perhaps a slightly different
way round. What do you see as the main risks to you as a supervisory authority from the use of
SupTech? And what could possibly go wrong?

Pei Hong Mok:

Well, to the extent that we use AI/ML models in our solutions, what we expect of the industry, we
should also subject ourselves to them. So I earlier talked about FEAT, fairness, ethics, transparency,
accountability. So to the extend that I think we deploy AI/ML solutions internally, we also want to make
sure that the data, the inputs we use does not systematically disadvantage or have any inherent
unintended biases within the data. And to the extent that they affect the FIs, we should be transparent,
but I think we have not advanced to such a stage, but this is something I think in our minds that even as
we subject the industry to such standards internally, we should be able to stand up and live up to such
standards as well. So essentially, also the[inaudible 00:44:58] of black boxes. We done to create black
boxes that supervisors... So [inaudible 00:45:11] when certain people establish certain models, there has
to be continuity, explainability and the rest should be able to understand. And I think when we started
out building some prototypes and proof of concepts, we have some very good supervisors who are
really well equipped with the data analytics and programming skills to build tools that help them
supervise better. But when they leave, nobody could take over their coats and nobody could
troubleshoot their tools.

Pei Hong Mok:

So we learned as we move along and some of these things when they pass the pilot stage and move into
more production stage, the entire enterprise governance standards and principles should apply to some
of these tools. Yeah, I hope that kind of share some of the experience that we have. Yeah. And maybe
just to share a couple more lessons learned is we shouldn't automate inefficient processes. So I talk
about BPR earlier. Many companies, including MAS, we have adopted RPAs, robotic process automation.
And we have benefited from this. We have saved many hours by automating manual processes. These
are useful for quick and easy wins, but in my personal experience is that RPAs don't typically deliver
fundamental or radical changes as I suppose to perhaps other types of initiatives. So we shouldn't
automate inefficient processes is a takeaway that I have. Yeah. Maybe I'll stop there. Yeah.

Clive Briault:

Okay. Yes. Great. Thanks for that. And one, I think also related question that's come in is about the
concerns out there with respect to the concentration in the provision of some services. I guess cloud
computing might be an example of that. And I suppose thinking about that and thinking about the use of
larger data sets by supervisors as part of their SupTech, it may be that supervisory authorities like
financial institutions, end up making quite a lot of use of third parties. And in some cases, those third
parties will be heavily concentrated players, large concentrated players. So you share some of the same
problems as do financial institutions. I'm not quite sure which of you would like to pick up on that aspect
of the question. Is there a risk that you're too heavily exposed to a large market provider of some of
these SupTech type services? Alejandra perhaps...

Alejandra Olivares Castorena:

It's very simple. Yes, third party dependencies are risky. So yes, it's a risk that we need to take into
account. So we are thinking about [inaudible 00:48:47] kind of a model for storaging and processing
information just to, not to be so dependent of third party providers, but yes, cloud services are a very
good example of that.

Pei Hong Mok:

Yeah. I think that cloud providers, there is a potentially a concentration issue because we are seeing
about three or four cloud service providers, three or four big ones, that are commonly financial
institutions use. And we monitor the concentration risks quite closely. As for third party service
providers, not for us, but more for the financial institutions, when they engage FinTech or RegTech firms
to help their own risk management initiatives or compliance initiatives, we make sure that the financial
institutions conduct due diligence on these third parties, service providers, and assess their track record,
their reputation, their technical capabilities, their ability to ensure that the data is stored and protected.
We do expect them to do this kind of due diligence particularly focusing on a data security and info
security. Yeah. So these are some of the expectations that we do convey to the financial institutions
when they engage third party vendors.

Clive Briault:

Thank you very much for that. Two interesting answers there. Moving on to something a little bit
different, a question about the use of SupTech for undertaking risk assessments of supervised firms. So I
suppose one way of presenting this question would be to ask, how far do you think SupTech could go in
more or less automating the risk assessments of a financial institution?

Pei Hong Mok:

So yes, I think that it will not replace all the risk metrics for CMBB. So we will be using our existing tools
and SupTech will be very useful for supporting several activities, especially if we need to classify predict,
do this segmentation or try to analyze some behaviors, some patterns in financial entities, but I see it as
a compliment. So how we see it today is you have a business case, I was looking at a question of credit
risk, and then you will develop a model to tackle these kinds of risks. So they were asking, how are you
dealing with that? So I would say that some months ago, we just tried to predict and have some results
in terms of predicting positive portfolios according to some risk metrics, and based on risk metrics and
some credit information from origination and its behavior on time. But as we can advance in this kind of
analysis, we will be using more and more information to improve your models.

Pei Hong Mok:

So you can use analysts reports, you can use more indexes, credit ratings, and a variety of sources like
news and things like that. Also, you can do this cross sectoral analysis. So the way that we can see it is
that we can improve a particular analysis of a particular risk. And you can support supervisor's decisions
and you can have like a deep analysis of some kind of problematic that you want to deal with. But of
course we will still be using our existing tools. We have some tools that we think that they are solid such
as our risk metrics and our strategical analysis of the business models of the financial entity. So I think
that this is a very good compliment for financial institutions that will help us to tackle vulnerabilities in a
better way.

Clive Briault:

Okay. Pei Hong, anything to add to that in terms of risk assessment in financial institutions?

Pei Hong Mok:

So I picked up on the credit risk thing that Alejandra shared, and I thought, I'm not sure whether it's the
same thing, but I thought I share a use case from us. And maybe the regulators on the call can also share
their experience. So what we realize when we go for inspections, especially credit risk inspections, right?
When we review the banks, credit underwriting, risk management and provisioning framework and
processes, we typically have to select samples of borrowers to review the robustness of the banks credit
assessment. And we typically take 20 or 30, depending on the time we have. And depending on the
experience of the inspector and the complexity of the loan of the borrower, it may take half a day to
three days to review a borrower. So we are exploring and developing a tool to automate the data
analysis process by using algorithms and statistics.

Pei Hong Mok:

So instead of sampling, we want to build an API or some file transfer protocol that will pipe directly from
the bank's credit risk management system, get all the information and pipe it back to our own database.
So instead of sampling, we now have the entire population of the borrowers and their financials and
other statistics. And we feed it through an algorithm, which will then estimate a loan grade. So this is
our own challenger model. It will estimate the loan grade and identify outliers. So we compare our
challenger models grades with what the banks have, and this will allow us to zoom in on those so-called
outliers, are those disparate ones. And it allows us to focus our inspection, resources and attention on
the ones that we ought to spend more time on. So I thought this is kind of a game changer for us. Firstly,
from sampling to full population. And secondly, it allows us to identify outliers and focus our resources
on those that are of concern. Thanks.

Clive Briault:

Great. Thanks very much for that, Pei Hong. And in fact, I think [inaudible 00:57:13] there's a different
question that was raised about how SupTech might be able to enhance the effectiveness of on-site
supervision. So I think you've given a very good practical example of that as well. So as we near the end,
perhaps I can just ask one final question to you, both and ask for answers of no more than one minute
each please. What do you think the use of SupTech will look like in your authority in five years time? So
Alejandra over to you first.

Alejandra Olivares Castorena:

We have started with AML/CFT supervision and also with FinTech entities. So in five years, I think that
we will be dealing with all supervised sectors, not just these two sectors. And we will have this already in
place, analytical models that we can be working on, and we can be using for enhanced surveillance. So
the way that we saw surveillance before, I guess that it will, we will never go back to that. I think that Pei
had raised a very important point, we were analyzing samples, now, we will have the whole pictures of
all the universe of information. So we will be analyzing full information. We will be using all data
available or most of it, because this is a very important supervisory issue. We are not using all the
information in some cases. And I think that is a very important challenge for us. And we'll be having less,
maybe, we will be having less on-site reviews and more of-site supervision in the following years. I think
that 2020 is the starting point of it. And I think that this is something that will change the way that we
supervise forever. So I think that SupTech is a very important part of it.

Clive Briault:

Thanks very much. Pei Hong, final word to you, please.

Pei Hong Mok:

Yeah. And I'm hoping to see more predictive data analytics and something I would like to achieve myself.
So currently a lot of analytics we do are more descriptive. I'm hoping that in five years time, things will
be more predictive. And the other thing is my personal preference. I mean, we are using emails as our
main model to do work. I'm hoping in five years time, when we go to the office, we will look at
surveillance dashboards like those futuristic things that we can move around instead of using emails and
the usual work documents and all that. Yeah. Yeah. Some [inaudible 01:00:30] remarks.

Clive Briault:

Oh, not at all. Not at all. So a predictive prediction for five years time. And so I very much hope that
works. Okay, well, thank you very much then to both of our panelists, Pei Hong and Alejandra for some
fascinating answers. Thank you also to you who have joined this webinar for asking 70 questions. I'm
sorry, we didn't quite get to the end of all of them, but I hope we nevertheless managed to cover the
majority of them to your satisfaction. So thank you very much for joining. We started on time. It was
always my intention to finish on time. So on that basis now it's back on the hour. Thank you very much.
And have a great rest of the day to all of you. Thank you.

Pei Hong Mok:

Thank you. Bye.

Alejandra Olivares Castorena:

Bye. Thank you.