Toronto Centre provides high quality capacity building programs and guidance for financial supervisors and regulators, primarily in developing nations, to advance financial stability and inclusion. Since inception, Toronto Centre has trained over 28,000 officials from 190 jurisdictions.

Reimagining Financial Supervision
Tuesday, Oct 11, 2022

Reimagining Financial Supervision

The panel discussed the future of innovation in financial supervision and the challenges and opportunities facing financial regulators, post-pandemic.

They examined:

  • Redesigning financial regulation for the digital age
  • Responsible use of technology
  • Pre-conditions for a “digital regulator”
  • Major Risks; cyber risk, bias, black box, data protection/ privacy, and operational risk
Listen to the Podcast:


Watch the Webinar:

Read the full Transcript

 

Speakers:

Jo Ann Barefoot

CEO & Cofounder, Alliance for Innovative Regulation

 

Nick Cook

Head of Global Strategy & Partnerships, Alliance for Innovative Regulation

 

Host:

 

Arvind Baghel

Program Director, Toronto Centre

 

Date:

 

October 11, 2022

 

Transcript:

 

Arvind Baghel:

Good morning and welcome everyone. I'm Arvind Baghel, program director at Toronto Centre. Welcome to this webinar about innovation in financial supervision. Since its establishment in 1998, the Toronto Centre has focused on providing high quality capacity building programs for financial sector supervisors. We have trained more than 18,000 supervisors from 190 jurisdictions. We remain committed to increasing the capacity of financial supervisors and regulators to enable change in their agencies and to build more stable inclusive financial systems. Financial supervision has been about managing and mitigating the risk of financial innovation at financial institutions, ensuring financial stability and safeguarding the interest of investors, depositors and policyholders. 

 

While this remains the primary mandate of financial service regulators, it's becoming increasingly clear that regulators themselves must innovate, considering the changed financial landscape that we find ourselves in. Some would argue that there is a need to transform the financial supervision regime as it exists. In fact, the pandemic has forced regulators to innovate. Virtual meetings, remote working, cloud computing and enhanced analytics are now in the lexicon of most, if not all, financial service regulators. As supervisors, you have to manage the rapid expansion and surge of technology. The train of progress is moving fast, and while you must safeguard against abuses, you also don't want to be an obstacle to progress. FinTech, RegTech, SupTech, big tech, big data and privacy, AI and machine learning all go hand in hand. They also bring to mind activities or entities outside the regulatory perimeter are subject to unclear supervisory responsibilities. These are important challenges for supervisors and national authorities. They require a risk based approach to supervision. They also require a cross sectoral approach across banking securities, insurance, and multi-stakeholder to deal with the many challenges and risks.

 

Finally, while digital finance and FinTech provide opportunities for financial inclusion by erasing distances and barriers to inclusion, if not regulated properly, they could also lead to instability and loss in financial inclusion gains. Here to provide insights to the challenges and opportunities facing financial service regulators are two individuals who have been trailblazers in the brave new world of the digital regulator. I'm delighted to welcome Jo Ann Barefoot. She's the CEO and co-founder of the Alliance for Innovation Regulation, host of the global podcast show, Barefoot Innovation and Senior Fellow Emerita at the Harvard University Kennedy School Center for Business and Government. She has been deputy controller of the currency, partner at KPMG and chairman at Trillion Risk Advisors and a staff member at the U.S. Senate Banking Committee.

 

Jo Ann was named FinTech Woman of the Year in 2021 by Finovate, recognized as a senior leader on the Women in FinTech Power List 2021 by Innovate Finance and selected to the Forbes list of 50 Over 50. In the prior year she was inducted into the FinTech Hall of Fame by CB Insights in 2021. AIR was honored in fast companies world changing ideas award. Jo Ann's accolades and achievements are too numerous to list, but her ideas and thought leadership is what we will learn about during this webinar.

 

Also, a warm welcome to Nick. Nick Cook is head of global strategy and partnerships at Air based in London. He was previously the director of UK Financial Conduct Authority innovation division, including the agency's RegTech and tech sprint initiatives, it's data and analytics strategy, machine learning endeavors, and the innovate program, encompassing the regulatory sandbox innovation and digital policy and industry facing direct support services. Nick was responsible for creating and developing text prints as a new methodology for regulatory innovation and public private collaboration, designing a model that is now widely emulated around the world. While at the FCA, Nick chaired the Global Financial Innovation Network, GFIN and ISO FinTech Network. He's a certified chartered accountant with nine years of forensic investigative experience in the U.K. FSA and KPMG.

 

More detailed bios for Jo Ann and Nick are included in the webinar link. Jo Ann and Nick bring perspectives that are informed by their regulatory background and deep understanding of the potential of FinTech and RecTech ideas for financial supervisors. Jo Ann and Nick, welcome to this Toronto Centre webinar. I'm going to start off with a number of questions I have for Jo Ann and Nick and encourage the audience to send in their questions in the Q&A link. 

 

Jo Ann, welcome. I'd like to start with asking you to share a bit about AIR. We are in a virtual room full of financial service regulators, possibly AIR's target audience, can you share with us an overview of AIR's mission and vision and why should it be relevant to financial service regulators?

Jo Ann Barefoot:

Thank you so much, Arvind. It's a pleasure and honor to be here. I'm such an admirer of the Centre's work, so we really appreciate you having us today. And you're right, this is our target audience, our favorite people, our financial regulators. AIR is a nonprofit organization based in the United States, but global in scope. We were founded in 2019, so three years old, by myself and David Eric. And our mission is to help the financial regulatory sector modernize for the digital age to help assure that we have a fair and resilient financial system. We are great believers that regulators are the key to getting things right in the midst of this incredible technology set of revolutions that we're all living through.

 

And we like to say that financial regulation is an invisible force in everyone's life. People may not be thinking about it, but financial regulation is helping make sure that the economy is stable, that opportunities are there for credit or for business investment or that you're not discriminated against or not preyed upon, or that we don't have money laundering. The whole list of important work that we do. And we think it's critical that the regulators need to be able to keep up with the tech change that's underway in the industry, which is being transformed by technology and also that they need to keep their own technology up to speed in the digital world to be able to stay on top of it, to get the data they need and analyze it well and understand where the risks are.

Arvind Baghel:

That's great, Jo Ann. AIR’s white paper published in July 2020, explains why it's necessary to redesign financial regulation for the digital agent, offers a roadmap to the digital regulatory system. Could you share what were some of the key imperatives for change and have these been reinforced by events and experiences of the past couple of years? What did you see as key challenges, and have we made progress addressing any of these?

Jo Ann Barefoot:

Yeah, thank you for asking this. So our paper was called the RegTech Manifesto, which we intentionally chose a provocative name in hopes of getting people to distinguish it from other white papers. And the thesis of it, as you say, is that there's an urgent need for change. It's going to take a long time to implement it all, but there's no ability to delay getting to work on it. The paper points to the exponential nature of technology change. The fact that the pace of computing power as Moore's law has taught us, has been doubling and redoubling every two years. And that creates a particular type of risk in which change looks gradual for a long time and then suddenly spikes upward in sort of a hockey stick shape curve. And what we worry about for regulators and for the industry as well is people getting caught underneath that curve and not being able to catch up because it's still speeding up.

 

And so we work on how to help regulators use data better. The manifesto argues that the regulators are going to need digitized data, which as we know, all the data around us is being converted to digital form by the day, by the hour. And also the analytical tools to be able to put it to good use AI tools such as machine learning and natural language processing, and that they're going to have to understand and use blockchains and so on. And I know we're going to talk about this as we go, but we do in the manifesto layout, lay out a roadmap for a pathway for how you can transform your own regulatory agency. And yes, Nick was pointing out to me just a couple days ago that the predictions in the manifesto have been coming true and more. It predicted a lot of things that are already happening, and the world is only speeding up further. The paper's only two years old and it doesn't say anything about some of the things we're going to talk about today that are really new cutting-edge changes. We commend it to your viewers today.

Arvind Baghel:

Thanks, Jo Ann. I think as you pointed out, the rate of changes is exponential, and I know Nick, you've worked with the FCA during times of changing responsibilities, regulatory authorities and several emerging market jurisdictions around the world have had market development as part of their mandate. As the digital economy and financial innovation expands beyond regulatory and national boundaries, regulatory authorities in the west have also implicitly or explicitly embraced market development and with it innovation as part of their remit. How do you see regulatory mandates evolving, including innovation, climate, gender diversity, and other social development goals? And is there a risk of diluting the prudential and conduct and mandates of financial regulators?

Nick Cook:

Thanks Arvind. And hi everyone. Thanks for involving us and inviting us to this discussion. It's a big question. You spoke about lots of different mandates there and lots of different changes. I mean, it's definitely the case that we've seen more recently, several financial regulators intensifying their focus on climate risk, particularly. They were not sort of a topic of discussion a few years ago. Regulators focusing on both the kind of physical risk of climate change, such as the impact of extreme weather on economies and individuals and businesses. And also the risk of the transition to the net zero economy that increasingly all governments seem to recognize is an important part of our future. Central banks are also active in this space now. Many have begun to either direct or encourage commercial banks and other institutions to consider climate related risks in the strategies, their governance and their risk management.

 

Many central banks are also looking at how they allocate capital and how they lend and aligning their own investment strategies with decarbonization goals. And I think, I mean partly this is about managing risks for the macro economy. Partly it's about regulators and banks aligning with societal trends and in some cases political demands. But I don't personally see a risk of dilution of a prudential mandate. I mean, arguably climate presents the most profound, widespread, significant macro prudential risk of our current times. We've seen various analysis around how climate stocks can have a significant impact on financial markets. Substantial losses if markets abruptly re-priced climate risk. That can have big impact on investment funds, it can impact on insurers, and then it can trigger corporate defaults credit losses, and that will have an impact on banks. So there is a very obvious intrinsic relationship between climate risk and regulators and central banks focus on climate risk and credential management.

Arvind Baghel:

That's great. Yeah.

Nick Cook:

I mean when it comes to the objective of financial inclusion, you can look towards the sustainable development goals. I mean, financial inclusion is referenced in I think about eight or nine of the SDGs. Everything from the obvious relationships to eradicating poverty to focus on in reducing hunger, promoting sustainable agriculture, achieving better gender equality. So there's a lot of focus within the sustainable development goals around financial inclusion. And I would argue that exclusion is a conduct issue in itself. I think leaving vast numbers of people underserved by financial markets, vast waves of society not protected in financial markets, that's a conduct issue.

 

So, I see that this inclusion mandate is partly aligned to a desire for wealth generation and poverty alleviation, but is also about ensuring that as people are brought in, they are treated fairly, they are protected, and that institution conduct is reasonable. So yeah, I think you'll keep seeing this change innovation. Was a nice to have or viewed as a nice to have for many regulators and is now recognized as an absolute must have. There is no thought to kind of sit back and let the innovation occur. Regulators have to be involved, they have to lean in and they have to change themselves to meet the demands of today and tomorrow.

Arvind Baghel:

Thanks, Nick. Yeah, I'm glad to hear that you don't think regulators mandates are being diluted, but clearly they are challenged and the future of financial services by extension of financial supervision is inextricably linked to technologically enabled innovation. What role do you see for financial regulators in influencing the responsible use of technology?

Nick Cook:

So I have a personal position around the technology neutrality position of many regulators. I personally find that a very flawed position. I think vendor neutrality is desirable and appropriate. I think technology neutrality is suboptimal in our current environment, our markets, our society. The way in which outcomes and values are delivered in financial markets is enormously influenced by the technologies that are used and the way in which those technologies are brought to bear within institutions. And my concern is that this position of technology neutrality can lead to some ignorance, but it can also create uncertainty for market participants, which can stifle desirable innovation and change as well. So I would prefer to see regulators adopting a more curious, inquisitive position, exploring the genuine and nuanced risks and opportunities of new technologies and solutions.

 

I think to do that, regulators have to recognize what today's approach is, and yesterday's technology has contributed to some of the market failures that we see. Regulation is a response to market failure. And I would argue that massive exclusion of certain populations is a market failure. And that has been precipitated by expensive technologies, labor intensive processes, and various other aspects of the financial system. So I think I'd like to see regulators that are curious, but also recognize that today's status quo isn't good enough. And recognizing that technology that was developed for the last decade or before, is in most cases not likely to be fit for purpose for a risk focused regulator. So regulators need to be genuinely risk focused. There is a lot of risk being carried in all technologies.

 

So I think regulators should be leaning out to understand and explore these new technologies. I think they will best accelerate their knowledge of technologies by experiencing them and using them directly. So we talk bit more about that today. And I think in order to do that, regulations will also have to broaden the community that they engage with, the sources of human and intellectual capital that they work with and the places from whom and the individuals from whom they can learn needs to be grown out. So I think it does sort of encourage or require a more public, private collaborative learning process for regulators as well.

 

I think finally, I'd just, in terms of shaping technology, change, I think it's going to be increasingly important that regulators share their own learnings with one another more widely and more freely and more frequently. We all know that regulators have finite capital, both money and people and time. And surely it's therefore most efficient and desirable for regulators not all to be learning the same thing, but instead to be learning from one another's mistakes, one another's successes. And where appropriate collaborating to build and shape common solutions for regulators around the world.

Arvind Baghel:

That's great. Thank you. So there's a quick question here from the audience, Jo Ann or Nick, you could address this question. What is the name of a AIR's white paper published in July 2020? 

Jo Ann Barefoot:

It's called the RegTech Manifesto.

Arvind Baghel:

Yeah, thank you. And it's on the website, right?

Jo Ann Barefoot:

Yes.

Arvind Baghel:

AIR's website.

Jo Ann Barefoot:

And we also have a series of papers that I researched when I was at Harvard University that is an even longer treatment of the same issue. So those two together. Our website is: www.regulationinnovation.org

Arvind Baghel:

Great. And Nick, here's a question from Jasmine, what do you mean by gender neutrality is desirable as opposed to technological neutrality?

Nick Cook:

That was a poor pronunciation on my part, I said vendor as in the provider company, company neutrality. So regulators shouldn't be saying, "We like this technology provided by this company." But what they should be increasingly saying is, this technology... So I don't know... A complete perfect map system in an AML solution is not appropriate anymore. We want you to use [inaudible 00:22:17] maps, or we want you to use phonetic maps, but we're not going to tell you whether that comes from IBM or Microsoft or a reg spec. But vendor neutrality, not gender.

Arvind Baghel:

Okay, good. Thank you for that clarification. So I guess Jo Ann, you have talked about the role of big tech in some of your podcasts. The invisible hand of big tech is becoming omnipresent. Increasingly, financial services are moving to the cloud platform. Machine learning and AI services offered by cloud providers are being used by more traditional and FinTech companies. How should financial supervisors engage with big tech to promote the financial stability mandates?

Jo Ann Barefoot:

Well, first, financial services regulators are going to be engaging with big tech in a whole wide range of ways. And they're all going to increase as these companies are offering financial services as we grapple with data and privacy issues and many other ways. But in terms of the cloud issue, I'll pick up on what Nick was saying about the problem with a tech neutrality position on the parts of regulators, and perhaps this will be controversial with the audience. But we think that everyone has to move into the cloud. Cloud computing is a stronger, better way to handle technology than traditional on-premises computing is for most situations.

 

And why is that? Even though it intuitively may seem insecure to be in the cloud, the reality is these systems, if they're properly done, are more secure than traditional systems and be beyond that. They're massively more flexible. With a cloud system, you can just pay for what you're using on a given day rather than having standing gigantic capital investment in static systems that then when you need to upgrade them and modernize them, you have to go through a whole other capital project. So the industry and the regulators will be moving into the cloud, that's going to raise lots of problems and challenges and risks, and these need to be figured out and managed.

 

The FinTechs are already in the cloud and it's giving them an advantage over the incumbents that are not in the cloud because they can be more nimble, they can be more efficient, they can change with the times much more easily. In terms of the regulators, some are in the cloud and some are on their way and some haven't gone there yet. But Nick's point on tech neutrality applies here because we think that the regulators in general have, this is a gross over generalization, but have sort of signaled skepticism of cloud computing environments that has been changing and they probably need to begin to signal nudging into this better era of digital technology. And the companies that go there are going to be able to do compliance better. They're going to be able to adapt to changing times better, they're going to be more efficient in terms of their ability to turn a profit in a dynamic environment. And so it's a journey that we're all going to need to take together.

Arvind Baghel:

Great. So I guess one of the reluctance is to get into the cloud is confidentiality and privacy type issues. Do you see any solution to that or is there some thought about private clouds for regular?

Jo Ann Barefoot:

Yeah, sure, and Nick, feel free to join in on this, but yes, I think we'll see lots of private cloud environments and as well as public cloud environments. You mentioned our podcast show Barefoot Innovation, we've just done two episodes recently with innovation leads at U.S. agencies, one at the Federal Reserve Board and the other at our municipal securities regulator. And the latter has gone fully into the cloud and then rearchitected their entire tech system and they're using a public cloud environment. But I think we'll see many regulators using private clouds, but you need to have that ability not to be using static analog era IT.

Nick Cook:

I think it has been an easier transition mostly for let's say western markets and/or large economies where there have been massive cloud providers building local infrastructure. It's much easier for us in the United Kingdom to decide to go into a cloud environment when the actual physical premises and the contractual arrangements they're all U.K. based. But there is a challenge for emerging markets who don't have local cloud solutions. And then on top of that, it's complicated further by bandwidth. 

 

So if you're relying on remote cloud provision, you need to have good connectivity. And again, in some markets that has been harder to secure than in others. So we're seeing good solutions for satellite broadband rolling out across larger regions so maybe that starts to solve the bandwidth. But there are still some questions around developing the right legal and governance frameworks to be able to use cloud instances that are perhaps not within a single jurisdiction but they're outside of a jurisdiction. And that's a complex issue to regulate something through.

Arvind Baghel:

That's great, yeah. So obviously there are some challenges that regulators face as you've mentioned. What are some of the preconditions for being able to transform financial supervision? And I'm going to direct a question to Jo Ann and then to Nick. Jo Ann, can you discuss some of the preconditions and what needs to change in the traditional mindset of financial service regulators? What are some of the cherished beliefs of regulators that need to change?

Jo Ann Barefoot:

So I'll start by saying we never criticize regulators. We love regulators, that they have the hardest job in all of this. They're not like a private company that can move fast and break things, right? Regulators need to get things right. So when we talk about changing mindsets, it's not intended as a criticism, but at the same time we think a lot of change is needed. And remember the technology exists to do what needs to be done. It may not be in the hands of regulators yet in the form of supervisory tech, but once we commit to making the changes that are needed to get more data and to analyze it better, the tech solutions are not the problem. The problems are the cultural and experience issues of the regulators.

I think a few of the mindset issues, one is sort of the bias that what we are used to seeing is the safest choice. 

 

Nick is quite an expert on logical fallacies and puts these in more scientific categories than I do. But that confirmation bias, I guess, it is that what I'm familiar with is safe is simply not the case in a lot of this work. And in fact, the important thing that's happened here is the world is moving from the analog age in which we do things that have evolved from the days when we were putting everything on paper, to now the digital age where information is starting as a zero or a one, a digitized information item.

 

And as you do that, the new generation tools are better. It's like new generation telephones are better than old telephones. New generation digital cameras can do things that you couldn't do with your analog camera. And regulators are comfortable seeing what they've seen before, for good reason. A lot of the new things are not yet tested, embedded, and they will need to be. But being forward thinking and ready to embrace digital solutions, I think might be the biggest issue. And then going with that, I think there's tremendous need for education. We actually have an education offering for regulators, our elevate program to just sort of teach tech 101, which most regulators need.

 

And then maybe the last thing I'll mention, and I know this one regulators hate, is as we make this shift, regulators are going to have to be willing to allow some safe harbors because these new tools are going to find problems that the old ones didn't. They're going to find money laundering that the bank never found with its old tools. They're going to find credit discrimination that you couldn't find with your old tools. And the industry will be reluctant to adopt and embrace better tools if they think the regulator may punish them for their past sins. And I think we need to think hard about this. We didn't punish doctors for not using penicillin before it wasn't. And we're going to have to have that kind of thinking about the change. So those are a few mindset issues that I think are challenging.

Arvind Baghel:

That's great. Thank you. So before I go to Nick for this question, there is the question in the chat from Calvin. Do you see financial regulators and supervisors embracing more virtual ways of doing regulation and supervision as a result of all the adjustments forced by COVID? And do you want to answer that, Jo Ann?

Jo Ann Barefoot:

Absolutely. COVID speeds up technology in so many ways, and every regulator that I know will tell you that they made lots of changes in COVID, and one of them is going to more remote and virtual reporting and supervision and oversight.

Arvind Baghel:

That's great. Thank you. So Nick, going to you on the issue of preconditions, relevant skills are possibly an issue. What key skills gaps for regulators and supervisors do you see, or key skills required to be a successful financial regulator in today's world of tech enabled services?

Nick Cook:

So I mean there's some well discussed and well known technical skills around greater comfort with programming and coding, software engineering, data science and machine learning. But we must also remember that those individuals and capabilities need other skills and investments and things like data engineering, data management, data architecture. It's not just about investing in those that analyze and deliver meaning from data. It's also about making sure the backend infrastructure and architecture is appropriate. But also importantly I think is developing the skills to then leverage that data and that insight. It's one thing to create really high quality analysis of an issue by leveraging more complex, more varied, more timely data sets. It's quite another thing to then act on that. So regulators also need to invest in the kind of skill of interpretation and build up skills and confidence to rely on data driven insight to take action. So that's a completely different kind of internal cultural piece that needs to be worked on.

 

Also, as Jo Ann articulated, there aren't necessarily solutions out of the box, already for regulators to use for all of their needs. So there is a period of kind of innovation prototyping iteration that needs for occur, and that requires some different skills as well. So skills around kind of facilitation, skills around agile methodologies, and then also this mindset of being willing to embrace learning through experimentation and failure. And again, that's a kind of different kind of cultural mindset within an organization. There are then some software skills and maybe perspectives or positions that regulators would need to develop a bit more. So one is that is comfort with being vulnerable, with being willing to admit that there's a challenge or an issue that you don't yet have a solution to. Regulators don't always like talking openly about the things they are not doing very well, but for various reasons, various very understandable reasons.

 

But in my experience, that kind of ability to be honest and humble can be a really powerful fourth multiplier in bringing intellectual capital and human capital into a regulator. There's something about kind of comfort with the discomfort as a skill in itself. And then there're all sorts of other bits around kind of design thinking and human centric design. So our existing regulatory systems, existing financial systems haven't met the needs of all systems in our society. And in part that's because the product, the processes and the policies have not all been designed with the end users in mind. 

 

So kind of human centric design skills are another kind of component of I think a regulator in this decade. And then I think the final thing I would add is we've seen a real growth of interest in of broader psychology and behavioral science skills. So understanding how people behave, how people make decisions, that's a really important component of designing appropriate and effective regulatory regimes. And we interact differently with technology than we do with humans. 

 

So this kind of whole field of behavioral science, behavioral psychology I think is another kind of skill area that alongside the well covered data science and agile methodology, kind of technical skills will need to be developed. I think finally the thing I would mention is diversity. So I've highlighted specific skills, but I think a really important thing for regulators to focus on is the diversity of their workforce, both in terms of the kind of social demographic. Definitions of diversity, be it gender, be it age, be it ethnicity, but also in terms of kind of cognitive diversity. Many of the challenges we face are what are sometimes called wicked problems. 

 

There is no single obvious solution for these problems. And evidence shows that teams with access to different ways of thinking and individuals with different ways of being are far more successful in both conceiving of solutions and then delivering them efficiently. So I think there's something about hard and soft skills, but there's also this piece around it's generally what is the organizational diversity of the regulator.

Jo Ann Barefoot:

Arvind, could I just jump in on that?

Arvind Baghel:

Yes.

Jo Ann Barefoot:

One of the things that Nick did... So AIR was thrilled when Nick joined us a year ago. It's just been transformative for us, and as many of you do, he not only led innovation at the FCA, but he led a lot of the important tools that the FCA created and one of them was the regulatory tech sprint. And AIR now puts on regulatory tech sprints. We just did one with the Reserve Bank of India, one with the U.S. State Department on corruption and they have lots of different topics. 

 

The genius of the tech sprint is that it does what Nick just said, it brings a diversity of skills to solving a difficult problem so that you're putting together regulatory experts and software engineers at same time working on the same problem side by side. And you get results that neither group alone could have come up with. And we just think this is one of the keys. The more we see high collaboration across agencies with the tech sector, with industry and government appropriately working together, this is what's going to accelerate progress.

Arvind Baghel:

This is great and I really like how both of you have put together the technical, the behavioral and the diversity issue. It all hangs together and it's so critical that we as regulators recognize that there is that need for diverse thinking and different ideas and to actually deal with the challenges that we face. So that's excellent. And of course, financial service models are evolving and changing. We are hearing about open banking and adoption of cryptocurrencies are set to transform bank business models. The blockchain and smart contracts are transforming insurance business. So my question to each of you is, what in your view are the top three transformative techno developments for financial services, and what are the implications for financial service regulators? So I'll start with Jo Ann first.

Jo Ann Barefoot:

Top three?

Arvind Baghel:

Yep.

Jo Ann Barefoot:

The big sweep of it is that the change has been exploding because on the one hand we are digitizing data, so that would be the underlying fuel for this. And then that then in turn has made it practical to use new technologies like artificial intelligence and machine learning and natural language processing. Those two, either one of those without the other doesn't get you anywhere. But now that we have both together, what we worry about for regulators in part is that they can't see into the system because it's changing so fast using the techniques that we've used before. So those two would be huge.

 

And maybe the third one I would put in the same category is the crypto and blockchain and move toward decentralized finance or DFi. These are mold breaking technologies. We sometimes look at the issues that are on the plates of our legislatures and regulators in finance and just think that we're talking about the wrong things. Those may be important, but what's coming is this gigantic set of change that we don't know how we're going to deal with it. Ask yourself, how do you regulate a DAO, a Decentralized Autonomous Organization? It isn't an entity. It doesn't have a banking license. It's a decentral collection of people in an open source arrangement working through smart contracts to do financial activities. How are we going to regulate that? There might be some answers to that, but as we think about the shift that we're going into in Web3, which I think maybe we're going to talk about in a few minutes, the challenge to regulators is enormous. So I could pick a lot of others, but I would pick those three.

Arvind Baghel:

Wow. Yeah. So Jo Ann, just as an example of decentralized autonomous organization, would you put the crypto exchanges in there or are they something more esoteric than that.

Jo Ann Barefoot:

Yeah, most of the crypto exchanges would not be in there. They are, they're normal entities and therefore we can do our, your customer requirements on them and regulate them in traditional ways. But people are starting to ask if you have DAOs, are you going to have to have the regulator be a participant in the DAO somehow? Maybe give it a veto power. So I don't know, but we need to definitely think outside the box with some of these changes that are coming.

Arvind Baghel:

Great, thank you. So Nick, the same question to you. What in your view are the three, that make your list of the top three transformative technologies?

Nick Cook:

So I won't disagree with any of Jo Ann's, but we didn't agree in advance what we were going to talk about. So I wrote three very different ones down. So I've given mention to privacy enhancing technologies or PETs, there's a broad suite of these. There're things like, and good luck to the translators for this bit, there are things such as homomorphic encryption. Things such as differential privacy, zero knowledge proofs, might be something some people have heard about. Crypto nets. There're all sorts of different privacy enhancing technologies. But what they ultimately are is new technologies that enable a secure sharing or analysis of data, including across organizational and international boundaries without removing privacy protection around that data.

 

And so, these technologies, I think can and will be transformative in things like the fight against financial crime and money laundering. They will be highly instrumental in managing some of the big cyber risks in our financial system. And they'll also be very important at an individual level in protecting citizens’ reasonable expectations around the privacy of their data, and enabling systems to exert more control over what data they share with whom and how. So, this whole field of privacy enhancing tech would be one of one that I would mention.

 

The second I would mention would be agent-based models and simulation technologies. Some of these are based on deeper reinforcement learning, not all of them. But to give a sense of how these might be useful, they will allow us as to develop or create very advanced virtual versions of our financial systems and our wider economies and societies, which I think will take things like risk modeling and emerging risk identification and stress testing and things like that to a completely new level. But they'll also offer opportunities for regulators to simulate and test policy and other interventions in a sort digital twin of the real world before they then implement it in the real system. So this hopefully will give an opportunity for regulators to be more experimental with their policy and their other interventions. And will reduce the emergence of unexpected or unintended consequences of regulatory actions. So agent based models and simulations I think will be really important.

 

And then you have smart contracts. I think smart contracts have in some cases been unlucky due to their association with cryptocurrencies. Smart contracts are of game changer. In their simplest form, they are a program stored on a blockchain that executes them, runs when certain pre-determined conditions are met and will have enormous transformative potential in their use cases. Everything from changing the way trade finance works in financial markets through to things like regulated reporting and how regulators can capture and collect information from institutions. They will change insurance markets and enable things like automated insurance pay out. They may even change the way in which financial institutions are sanctioned by regulators. You could be automatically sanctioned when certain events and triggers occur.

 

And then of course they have massive utility in settlement and trading systems as well. But ultimately what they will enable is the removal of various expensive labor-intensive intermediations in financial markets. And by reducing that cost, again, there'll be a really strong accelerant of financial inclusion, but also a fairer, cleaner and more robust financial markets as well. So I think smart contracts are going to be huge. They just need to kind of disentangle themselves from some of, I guess the bad noise, the negative energy around certain cryptocurrencies and scams.

Arvind Baghel:

So that's great. Nick, I can only already see you moving into these new ideas and developments. I know you have had a pioneering role in developing the FCAs Sandbox and text prints, but I guess Sandbox is something that regulators in many jurisdictions are clearly using. Can you share with the audience, I know Jo Ann touched on the text sprints, can you share a little more about how financial service regulators are leveraging tech sprints or any of the other technologies that you've talked about. Certainly the privacy enhancing ideas that you touched on, differential privacy certainly comes to mind. And if you could talk about some of that.

Nick Cook:

Yeah, sure. So I mean, Jo Ann mentioned this briefly, but a tech sprint as an event that brings together participants from basically across financial services, but also individuals outside of financial services to try and develop technology based ideas, proof of concept prototypes to address specific challenges. Now some of those address market challenges, so specific needs of regulated institutions around KYC or financial crime monitoring or enabling access through things like digital identity. So some of them are focused more in the kind of FinTech side of the market, looking at how solve industry issues. Some of them have been focused more on reg tech or supervisory tech needs. And so they have been used for a range of different focus areas and use cases. Again, at their core they leverage diverse and broad public, private, intellectual capital. And so they're fabulously useful for regulators to draw on sources of knowhow expertise and skills that they may not have within the institution.

 

But they can also be really powerful in establishing relationships and connections within an innovation ecosystem, so relationships between maybe large incumbents and smaller tech startup. Maybe it's relationships between academia and regulators. So it can be very effective in developing those relationships. Some, as I say, have focused on SupTech, but some are focused on reg reporting or crypto post surveillance. And so the sprint is basically a chance to accelerate learning, experimentation, ideation and texting of different technologies and ideas. Some sprints then lead into formal programs of acceleration, investment, incubation. Some of those might go in-house into the regulators. Some of them continue to be outside as kind of consortium of industry in endeavors. Some are funded, some are not. So there's very, very different models.

 

I guess the simplest thing to say is we've seen them use effectively in multiple markets for a range of different use cases. There are various different designs and formats that colleagues on the call can consider. The FCA and AIR have also published pretty deep manuals and guides for how to design and execute sprints and I know Jo Ann and I would be happy to follow up with anyone on the call that is interested to hear more about them.

Arvind Baghel:

Thank you. So there's a question from the audience. With the world becoming more digital at an exponential rate and data becoming the new gold, how do we hold true to our morals and not start seeing people as numbers to monetize, but people whose right is privacy and transparency on how their data is being used? Basically how do we ensure privacy by design without the regulator needing to be overbearing in enforcement? How can jurisdictions build privacy cultures? Maybe you might have a thought on that, Nick.

Nick Cook:

It's a big question.

Arvind Baghel:

Yeah.

Nick Cook:

I mean be being entirely blunt. Some instances do require some enforcement activity to reshape behavior. Others can be built around the societal establishment of morals and ethics that people sign up to and engage with. Some market practice can be influenced frankly by consumers actions. So their choice to transact or not to transact with certain market participants can influence those that win and those that lose in the medium and long run. I think the other piece here though is there is a place and there is a need for consumer education around these risks. Now some regulators have a mandate to do that directly with consumers, others don't. But in those markets where they don't, they do need to be thinking about from whom consumers are learning, from whom consumers are gaining information about how to protect themselves.

 

But I think there is an establishing recognition of the need to kind of shift the dynamic between who holds and contains and controls data. Which at the moment, bluntly in our sort of web-two world is largely controlled by governments and commercial institutions. One of the promises, and maybe this is spin, but more one of the promises of Web3 is that you can decentralize ownership of data in a more profound way and you can start to allow consumers to actually protect and manage their data and their privacy more carefully and more thoughtfully. So I think it's a combination things in response to the world. I think maybe there is a space tech, enforcement, education. Setting standards for the industry to abide by, enforcement. And then I think some of the technology innovations that we're seeing, privacy enhancing tech for instance, will play an important role in enabling consumers to protect themselves and manage their own privacy.

Jo Ann Barefoot:

Could I just add very quickly-

Arvind Baghel:

Yes. 

Jo Ann Barefoot:

... that on this, the claim from the Web3 world is that they can solve the privacy problem by decentralizing control and using blockchain technology to enable us to protect our information. And also to create a new economic model so that we won't have the Web2 problem in which our data is being monetized and that's paying for the whole thing. And I think it's worth pondering in a group of regulators like this that if Web3 is as big as people suggest it may be, it's going to be the financial regulators from the forefront shaping what this environment will be like. That was not the case with Web2. It was happening and then the financial world adopted the things that came out of the worldwide web. But in this case, all the early use cases are focused on, or many, many of them are focused on financial services, and so the people on this call are going to be really involved in what should be allowed and not allowed what needs to be known and not known about regulating these new systems.

 

Arvind Baghel:

Jo Ann, I'm always amazed by our insight of the tech world and in awe of your knowledge of some of the things that are happening out there. Could you explain the metaverse to real world financial regulators? And should regulators, of course you've said should be considering at least learning about Web3, but should regulators be considering having a presence in the meta world or metaverse or Web3?

Jo Ann Barefoot:

Well you're nice too, the fact that you appreciate my knowledge. I don't pretend to be an expert deeply in any of these technologies, but we do think all the time about what they may mean. And the metaverse basically is emerging with an alternative world, place, whatever word we want to use, that is leveraging virtual reality, VR augmented reality, and mixed reality. And people will increasingly spend time there doing things that we normally do in the real world. The leading use case by far has been gaming scenarios. And it is so real that commerce is now underway in some of these gaming environments. And real world companies are providing real world services with real money inside these gaming environments. And that means yes, I think they will increasingly need to be regulated.

 

And some of the big banks already have bank branches. So if you go play a game where you're running around in the metaverse doing whatever it is that you want to do on your game and you need some money to buy something to do your game, you might go into the bank branch and take money out of your account. And so there's a blurring between the real and the unreal here. This is going to have huge societal implications. That's beyond our scope maybe to talk about today.

 

But it's not just gaming, it's also going to be bringing these same techniques to transforming how many activities are done, including conferencing and communication and the way people meet. And that in turn is going to change where people live and how they travel and so on. Massive, massive changes coming. And again, I think increasingly a blurring of the line between what we think of as finance and financial regulation versus the rest of the world. Another piece of this is embedded finance too, is going to make it harder for financial regulators to reach into other activities and regulate the piece of them that are financial. So big challenges.

Arvind Baghel:

Great, thank you. I'm not sure I understand all of the implications here, but certainly a lot happening in this metaverse, which should pique the interest of regulators. My ex-colleague Calvin is always insightful on these ideas. And his question is, what impact do you think the development of quantum computing may have on financial regulation and supervision? I'm sure both of you have had some thoughts and ideas on that.

Nick Cook:

So I'm going to go first in that I think you're fine to stretch the non technologies views on these matters. But what I would say is I guess the two main issues that get flagged a lot around quantum are its potential to compromise or override existing encryption and security protocols? The quantum is very good at undertaking tasks that basically require brute force and there are many security systems that can be breached by brute force. Millions, billions of attempts at finding a password, for instance. 

 

So there is a threat to the underlying security infrastructure of financial markets that quantum poses.

There are also kind of potential for quantum to have a massive impact on things like high frequency trading and the way in which trading strategies and trading businesses operate. But then also quantum potentially offers some opportunities around solving really complex things like optimization problems. So regulators are often optimizing between prudential risk management, conduct risk management, climate risk management, et cetera, et cetera. And things about optimization problems are also well suited to quantum computing techniques. So there may be ways in which regulators can better hone and develop their regulatory infrastructure systems, policies, processes leveraging quantum. Beyond that, I'm going to hand it back to Jo Ann, who can give you a more informed view of quantum computing.

Jo Ann Barefoot:

Not a bit beyond what Nick has said.

Arvind Baghel:

That was great. Yeah. Thank you. No, certainly the power of quantum computing is going to be the key factor here as you've pointed out, Nick. So that's great.

Nick Cook:

I see a question about Web2, Web3. Would you like me to take that one?

Arvind Baghel:

Yeah, please go ahead.

Nick Cook:

So Web1 was the initial worldwide web, which was broadly a consumption-based web experience. So you could go to a read only website and you could consume content, a bit like going to a library and opening a book. Web2 was the development of the kind of commercial and social web where we as users didn't just consume read only information, but we also were able to promote and publish content. Create our pages, create social network profiles, set up businesses. And so it led to the growth of the eCommerce and the social media revolutions that we're now very familiar with. But what they also did in Web2 was centralized content and data in the hands of large, big tech institutions.

 

So, I create content for Instagram for instance. I gain nothing from doing that. Instagram gains from that by monetizing my content with advertising. I'm effectively producing data and material for a lot of commercial institution and our consumer free web service, our free product for doing that. Web3 refers to what's sometimes called the decentralized internet, one owned and controlled more by its users and its builders and its content creators, than it is controlled by governments and corporations. 

 

So the dream is that actually if I was a music producer, I was taking photos of my family or whatever it may be, but as I'm adding content on, I retain more ownership and right over those. And the infrastructure that implements the web free experience is a much more decentralized one, leveraging the processing of smartphone, your pc, rather than leveraging massive centralized servers. Say WhatsApp, Instagram, Facebook, Google. It's a very different type of web. Web2 was sometimes referred to as the social web. Web3 is sometimes referred to as the decentralized web.

Arvind Baghel:

That's great.

Jo Ann Barefoot:

Can I add something really quickly to that?

Arvind Baghel:

Please.

Jo Ann Barefoot:

When we think about the potential of Web3 and the decentralized finance DeFi, I would urge people to, if you missed it, look at the Economist article on DeFi from about a year ago. It had an example that I find is really helpful in thinking about it, which is let's us imagine the situation of a fashion model who today will have her picture taken and the photographer owns the picture and should she become a supermodel later or whatever the pictures were valuable, it's not hers. Potentially we're going to a system in which content creators and people who are originating valuable content might be able to own an NFT, a non fungible token or some kind of a token that would give them an ownership stake in what they create as it moves on. And because of the incredible computing power and low cost and versatility of these systems, you could have a system in which we actually change the economic models through which we are rewarded and gather income and wealth. And again, very thought provoking I think.

Arvind Baghel:

Excellent. I guess I will ask one more question and then try and cover a lot of the risk related questions that we have had on our chat. So, the decline in cryptocurrencies recently has been in the news and so have been the discussions of the role of financial regulators. How should these be regulated and who should be regulating these and can regulators use blockchain tech to modernizing financial supervision? That's questions for you, Jo Ann. Maybe you have some thoughts and ideas in these.

Jo Ann Barefoot:

So this is definitely an area that's going to be evolving and becoming more clear over the next coming years. And the short answer is it depends what the cryptocurrency or crypto asset is doing. There's a tremendous amount of controversy about what crypto activities should be classified as securities and come under the securities regulatory regime. How much is commodities, how much of it is being used as currency for payments and so on, that will impact which regulators should be at the table. One of the things that we like to urge people to think about is that whichever regulator is overseeing these new assets and methods should be using a digital first approach. We think that the growth of these areas creates an opportunity to begin to move to digital regulatory reporting, DRR, which Nick's work at the FCA led a lot of research and thinking in this.

 

Because, think about it, these firms are all tech firms. They're not financial firms with legacy technology. They are young tech firms. Everything they have is digital and it makes them able to move into this more nimble digital regulatory environment. So we think the method is important. We at AIR did a tech sprint with the state of New York on digital regulatory reporting for crypto firms and just looked at the ability to get real time information, full information, not periodic reports, not sampling of information, not summary metrics, but actual real data that would empower the regulators.

The other thing I'll say is that, as you said, the volatility in this market has been shocking and clearly there's going to be a lot of work on rethinking the investor protection model. How many people are being drawn into these incredibly, at best, they're incredibly risky and at worse some of them have been scams, and how best should we be protecting people? But at the same time, there is a big movement of financial inclusion advocates saying, don't equate solving that problem with keeping average people out of these markets where there is a potential for good investments and wealth building. If we're going to have a whole new worldwide web innovation round driven by crypto and blockchain technologies, people are going to be able to invest in it and get wealth. And we shouldn't limit it to people who are already wealthy to be at that table. There was a conference last week in Washington D.C. By the Black Blockchain Summit, and among other things they sold t-shirts saying Satoshi is black. And there's a lot of interest in democratizing access whilst not allowing people to be victimized. So very complicated again.

Arvind Baghel:

Thank you. That's a whole topic for discussion for our whole new webinar, I would think. But that's very useful. And clearly as you know, regulators try to get into digital regulatory reporting, they would need to have AI and ML kind of expertise to be able to deal with the real time kind of.

Jo Ann Barefoot:

Exactly.

Arvind Baghel:

Great. So no discussion with regulators can be concluded without talking about risk and risk mitigation. So while this webinar has been about financial service, been about innovation, we would be amiss if we didn't talk about risk and risk mitigation. Can each of you address the two or three top risks associated with supervisory tech solutions and can regulators mitigate those risks? So I'll start with Nick, what do you think are the two or three top risks that regulators need to be wary of?

Nick Cook:

So I think one that pretty well covered when it comes to any say finance or analytics program is around buyer and around the potential for the analytics output to be influence by subjective input really. So one needs to understand how representative is the data that's feeding the model. And what I add is what one should though consider is that humans can be incredibly biased too. And so I think there needs to be an informed and grown up discussion about is the algorithm delivering outcomes that are discriminatory, and is pointing it towards the issues because of certain characteristic? Are there certain parameters in the models that are having a disproportionate impact on the model's output? So there needs to be that consideration of how basic quality, integrity, variety impacts the bias of the model. But we also need to make sure we compare that buyer to an appropriate base. And the appropriate base is not to assume that a technology, the existing process is free from bias. It absolutely won't be, It will have bias as well. So we need to make those adjustments appropriately.

 

I think there's also, there are some really human risks around tech. I spoke about one of them earlier. Frankly, the risk of it not being used. The risk about it does not get adopted, it does not replace existing processes in an organization. It sits alongside and doesn't actually drive an efficiency gain within the institution. It doesn't deliver greater effectiveness. And maybe that's because of a lack of trust in the system, lack of understanding, a lack of awareness for how to utilize it. But it can also come from other fears, other issues. Labor displacement, the fear of the machine taking over my job for instance can create environments that are highly resistant and suspect being deployed. So I think there's a need to build understanding around how these tools and solutions can help colleagues deliver on the mission that they care about within a regulatory or central bank agency. And helping people understand that this isn't about this replacing high value human thought. This is about reducing low value repeat task and driving greater consistency and quality in what we're trying to perform. So I think there's a human risk that's non-implementation or resistance.

 

And then I guess the other big one that kind of links into bias would be around kind of privacy and appropriate utilization of data. So just because we can access data and we can use it, doesn't necessarily mean we should. And increasingly regulators will look towards data sources that are less familiar to them. Maybe it's public data from social media platforms, maybe as a government institution, they have access to highly sensitive data assets as well. And sort of being able to consider the privacy and confidentiality considerations of these data assets.

 

Just because you can find these won't impact, doesn't mean that it's appropriate legal or morally just to leverage the data in that way. We came across that challenge when we did things like web scraping at the FCA. Starting to scrape massive content from the public web, and so we had to get legal advice on whether that was an appropriate thing for a regulatory agency to do it. And broadly it was because it was much about mystery shopping or some other agency that we could undertake. But I think thinking through those kind of legal and privacy risks is an important part of development.

Arvind Baghel:

Great. Thank you. So Jo Ann, a quick list from you and summary. So I'll turn over to you.

Jo Ann Barefoot:

I agree with Nick's list, so I'll add one refinement maybe, which is a specific risk is model risk management, MRM. We're actually working on a paper on this and you could get the model right, try to get it right the first time, but continuing to keep it right, that the data is accurate, that the people who are using it correctly is an incredibly challenging thing that feeds into all these same risks on cyber and privacy and bias. And I guess the one that I'll add is risky as all of these are, and they're full of risk and full of problems, there's no doubt about it, we think that maybe the biggest risk of all is not changing.

Arvind Baghel:

Yeah, the risk of inertia.

Jo Ann Barefoot:

Inertia. Nick became famous in our world long before we brought him on board with AIR for being at a meeting with regulators, Nick, and I remember you saying that at the FCA, you all had realized that if you held still and took time to figure out, if you took two years to figure out what you should do or waited for what to do would become clear, you would be accelerating backwards. And that if you took two years, you'd end up 10 years behind and then still wouldn't be clear what to do. Back to what he said a little bit ago, that you have to get comfortable with uncertainty and move forward. Because in that delta between the exponential pace of tech change and the linear pace of our regulatory change, it's filling up with risk every day that we're either going to miss risks or we're going to make them worse. We have to move forward.

Arvind Baghel:

Thank you. That's really very useful to know and understand in conclusion. So I'm going to give both Nick and you another minute each because we are coming to the end of our session. Do you have any final words of wisdom that you have to share with us? So I'll start off with Nick. Nick, final minute before we close?

 

Nick Cook:

Sure. Yeah. Well firstly, thanks everyone for joining this session. I guess my final comment would be that as much as the technological changes that we see present the kind of scary scenarios and create uncertainty and concern for many of us, and there are new risks, there are absolutely new risks that we have to get comfortable with. There is also just enormous opportunity for us to develop both financial systems that are fairer, more inclusive. But also that we can develop regulatory strategies, regulatory processes that are far more effective, that allow us as people that care about delivering value through our society, people that care about protecting the consumers that we exist to serve. I think we have a massive opportunity in the years ahead to leverage technology in this kind of fight for good. And yes, we have to get some comfort with the discomfort of learning and trying new things and engaging with new folks and experience the new things.

 

But I think that the future is very, very bright if we lean towards it and if we head towards it. As Jo Ann said, "If we stand still, this just gets worse." So we have to find ways and seeing a couple hundred people on this call is really uplifting because I think one of the ways we move forward is we move forward together. We learn from each other, we collaborate, we share our deepest fears, we share our big successes. And through doing that, we will progress to a point where we can do the things that we really care about and deliver value in our society.

Arvind Baghel:

Thank you, Nick. Jo Ann, final word to you before I close out. Thank you.

Jo Ann Barefoot:

We regulate finance for stability, consumer protection, financial inclusion, preventing crime and terrorism and increasingly also for climate change. Finance is the life's blood of healthy societies. We have to get it right. And so I think our advice is to regulators, as hard as it is to find ways to speed up, there's so many reasons why it's hard to move faster, and yet we don't really have the luxury of not figuring out how to move faster. And I'll just say AIR exists to help financial regulators, so if we can be helpful to anyone on the call, just reach out to us, we would love to talk with you.

Arvind Baghel:

Thank you very much, Jo Ann. Thank you both, Jo Ann and Nick on behalf of the Toronto Centre and the attendees at this webinar, thank you for sharing your thoughts and ideas and expertise. And to our attendees, we hope you found this webinar gave you insight into the changes facing supervisors and regulators and some ideas on what supervisors can do to successfully navigate the changes that lie ahead.

 

In closing, I once again ask you to join me in thanking our speakers, Jo Ann Barefoot, Nick Cook. I would also like to take this opportunity to thank Casey and Judy for facilitating the webinar and our translators who have no doubt had some challenges in dealing with some of the technology-terms. But thank you very much. 

 

Last but not least, thank you all for attending. And a note of thanks to our funders, Global Affairs Canada, the Swedish Sida, the IMF, Jersey Oversees Aid, UNCDF and for the generous support of the Toronto Centre's mission. Thank you all. The webinar has now ended. Thank you.

1

 

Jo Ann Barefoot

CEO & Cofounder, Alliance for Innovative Regulation

 

Nick Cook

Head of Global Strategy & Partnerships, Alliance for Innovative Regulation

 

Host:

 

Arvind Baghel

Program Director, Toronto Centre

 

Date:

 

October 11, 2022

 

Transcript:

 

Arvind Baghel:

Good morning and welcome everyone. I'm Arvind Baghel, program director at Toronto Centre. Welcome to this webinar about innovation in financial supervision. Since its establishment in 1998, the Toronto Centre has focused on providing high quality capacity building programs for financial sector supervisors. We have trained more than 18,000 supervisors from 190 jurisdictions. We remain committed to increasing the capacity of financial supervisors and regulators to enable change in their agencies and to build more stable inclusive financial systems. Financial supervision has been about managing and mitigating the risk of financial innovation at financial institutions, ensuring financial stability and safeguarding the interest of investors, depositors and policyholders. 

 

While this remains the primary mandate of financial service regulators, it's becoming increasingly clear that regulators themselves must innovate, considering the changed financial landscape that we find ourselves in. Some would argue that there is a need to transform the financial supervision regime as it exists. In fact, the pandemic has forced regulators to innovate. Virtual meetings, remote working, cloud computing and enhanced analytics are now in the lexicon of most, if not all, financial service regulators. As supervisors, you have to manage the rapid expansion and surge of technology. The train of progress is moving fast, and while you must safeguard against abuses, you also don't want to be an obstacle to progress. FinTech, RegTech, SupTech, big tech, big data and privacy, AI and machine learning all go hand in hand. They also bring to mind activities or entities outside the regulatory perimeter are subject to unclear supervisory responsibilities. These are important challenges for supervisors and national authorities. They require a risk based approach to supervision. They also require a cross sectoral approach across banking securities, insurance, and multi-stakeholder to deal with the many challenges and risks.

 

Finally, while digital finance and FinTech provide opportunities for financial inclusion by erasing distances and barriers to inclusion, if not regulated properly, they could also lead to instability and loss in financial inclusion gains. Here to provide insights to the challenges and opportunities facing financial service regulators are two individuals who have been trailblazers in the brave new world of the digital regulator. I'm delighted to welcome Jo Ann Barefoot. She's the CEO and co-founder of the Alliance for Innovation Regulation, host of the global podcast show, Barefoot Innovation and Senior Fellow Emerita at the Harvard University Kennedy School Center for Business and Government. She has been deputy controller of the currency, partner at KPMG and chairman at Trillion Risk Advisors and a staff member at the U.S. Senate Banking Committee.

 

Jo Ann was named FinTech Woman of the Year in 2021 by Finovate, recognized as a senior leader on the Women in FinTech Power List 2021 by Innovate Finance and selected to the Forbes list of 50 Over 50. In the prior year she was inducted into the FinTech Hall of Fame by CB Insights in 2021. AIR was honored in fast companies world changing ideas award. Jo Ann's accolades and achievements are too numerous to list, but her ideas and thought leadership is what we will learn about during this webinar.

 

Also, a warm welcome to Nick. Nick Cook is head of global strategy and partnerships at Air based in London. He was previously the director of UK Financial Conduct Authority innovation division, including the agency's RegTech and tech sprint initiatives, it's data and analytics strategy, machine learning endeavors, and the innovate program, encompassing the regulatory sandbox innovation and digital policy and industry facing direct support services. Nick was responsible for creating and developing text prints as a new methodology for regulatory innovation and public private collaboration, designing a model that is now widely emulated around the world. While at the FCA, Nick chaired the Global Financial Innovation Network, GFIN and ISO FinTech Network. He's a certified chartered accountant with nine years of forensic investigative experience in the U.K. FSA and KPMG.

 

More detailed bios for Jo Ann and Nick are included in the webinar link. Jo Ann and Nick bring perspectives that are informed by their regulatory background and deep understanding of the potential of FinTech and RecTech ideas for financial supervisors. Jo Ann and Nick, welcome to this Toronto Centre webinar. I'm going to start off with a number of questions I have for Jo Ann and Nick and encourage the audience to send in their questions in the Q&A link. 

 

Jo Ann, welcome. I'd like to start with asking you to share a bit about AIR. We are in a virtual room full of financial service regulators, possibly AIR's target audience, can you share with us an overview of AIR's mission and vision and why should it be relevant to financial service regulators?

Jo Ann Barefoot:

Thank you so much, Arvind. It's a pleasure and honor to be here. I'm such an admirer of the Centre's work, so we really appreciate you having us today. And you're right, this is our target audience, our favorite people, our financial regulators. AIR is a nonprofit organization based in the United States, but global in scope. We were founded in 2019, so three years old, by myself and David Eric. And our mission is to help the financial regulatory sector modernize for the digital age to help assure that we have a fair and resilient financial system. We are great believers that regulators are the key to getting things right in the midst of this incredible technology set of revolutions that we're all living through.

 

And we like to say that financial regulation is an invisible force in everyone's life. People may not be thinking about it, but financial regulation is helping make sure that the economy is stable, that opportunities are there for credit or for business investment or that you're not discriminated against or not preyed upon, or that we don't have money laundering. The whole list of important work that we do. And we think it's critical that the regulators need to be able to keep up with the tech change that's underway in the industry, which is being transformed by technology and also that they need to keep their own technology up to speed in the digital world to be able to stay on top of it, to get the data they need and analyze it well and understand where the risks are.

Arvind Baghel:

That's great, Jo Ann. AIR’s white paper published in July 2020, explains why it's necessary to redesign financial regulation for the digital agent, offers a roadmap to the digital regulatory system. Could you share what were some of the key imperatives for change and have these been reinforced by events and experiences of the past couple of years? What did you see as key challenges, and have we made progress addressing any of these?

Jo Ann Barefoot:

Yeah, thank you for asking this. So our paper was called the RegTech Manifesto, which we intentionally chose a provocative name in hopes of getting people to distinguish it from other white papers. And the thesis of it, as you say, is that there's an urgent need for change. It's going to take a long time to implement it all, but there's no ability to delay getting to work on it. The paper points to the exponential nature of technology change. The fact that the pace of computing power as Moore's law has taught us, has been doubling and redoubling every two years. And that creates a particular type of risk in which change looks gradual for a long time and then suddenly spikes upward in sort of a hockey stick shape curve. And what we worry about for regulators and for the industry as well is people getting caught underneath that curve and not being able to catch up because it's still speeding up.

 

And so we work on how to help regulators use data better. The manifesto argues that the regulators are going to need digitized data, which as we know, all the data around us is being converted to digital form by the day, by the hour. And also the analytical tools to be able to put it to good use AI tools such as machine learning and natural language processing, and that they're going to have to understand and use blockchains and so on. And I know we're going to talk about this as we go, but we do in the manifesto layout, lay out a roadmap for a pathway for how you can transform your own regulatory agency. And yes, Nick was pointing out to me just a couple days ago that the predictions in the manifesto have been coming true and more. It predicted a lot of things that are already happening, and the world is only speeding up further. The paper's only two years old and it doesn't say anything about some of the things we're going to talk about today that are really new cutting-edge changes. We commend it to your viewers today.

Arvind Baghel:

Thanks, Jo Ann. I think as you pointed out, the rate of changes is exponential, and I know Nick, you've worked with the FCA during times of changing responsibilities, regulatory authorities and several emerging market jurisdictions around the world have had market development as part of their mandate. As the digital economy and financial innovation expands beyond regulatory and national boundaries, regulatory authorities in the west have also implicitly or explicitly embraced market development and with it innovation as part of their remit. How do you see regulatory mandates evolving, including innovation, climate, gender diversity, and other social development goals? And is there a risk of diluting the prudential and conduct and mandates of financial regulators?

Nick Cook:

Thanks Arvind. And hi everyone. Thanks for involving us and inviting us to this discussion. It's a big question. You spoke about lots of different mandates there and lots of different changes. I mean, it's definitely the case that we've seen more recently, several financial regulators intensifying their focus on climate risk, particularly. They were not sort of a topic of discussion a few years ago. Regulators focusing on both the kind of physical risk of climate change, such as the impact of extreme weather on economies and individuals and businesses. And also the risk of the transition to the net zero economy that increasingly all governments seem to recognize is an important part of our future. Central banks are also active in this space now. Many have begun to either direct or encourage commercial banks and other institutions to consider climate related risks in the strategies, their governance and their risk management.

 

Many central banks are also looking at how they allocate capital and how they lend and aligning their own investment strategies with decarbonization goals. And I think, I mean partly this is about managing risks for the macro economy. Partly it's about regulators and banks aligning with societal trends and in some cases political demands. But I don't personally see a risk of dilution of a prudential mandate. I mean, arguably climate presents the most profound, widespread, significant macro prudential risk of our current times. We've seen various analysis around how climate stocks can have a significant impact on financial markets. Substantial losses if markets abruptly re-priced climate risk. That can have big impact on investment funds, it can impact on insurers, and then it can trigger corporate defaults credit losses, and that will have an impact on banks. So there is a very obvious intrinsic relationship between climate risk and regulators and central banks focus on climate risk and credential management.

Arvind Baghel:

That's great. Yeah.

Nick Cook:

I mean when it comes to the objective of financial inclusion, you can look towards the sustainable development goals. I mean, financial inclusion is referenced in I think about eight or nine of the SDGs. Everything from the obvious relationships to eradicating poverty to focus on in reducing hunger, promoting sustainable agriculture, achieving better gender equality. So there's a lot of focus within the sustainable development goals around financial inclusion. And I would argue that exclusion is a conduct issue in itself. I think leaving vast numbers of people underserved by financial markets, vast waves of society not protected in financial markets, that's a conduct issue.

 

So, I see that this inclusion mandate is partly aligned to a desire for wealth generation and poverty alleviation, but is also about ensuring that as people are brought in, they are treated fairly, they are protected, and that institution conduct is reasonable. So yeah, I think you'll keep seeing this change innovation. Was a nice to have or viewed as a nice to have for many regulators and is now recognized as an absolute must have. There is no thought to kind of sit back and let the innovation occur. Regulators have to be involved, they have to lean in and they have to change themselves to meet the demands of today and tomorrow.

Arvind Baghel:

Thanks, Nick. Yeah, I'm glad to hear that you don't think regulators mandates are being diluted, but clearly they are challenged and the future of financial services by extension of financial supervision is inextricably linked to technologically enabled innovation. What role do you see for financial regulators in influencing the responsible use of technology?

Nick Cook:

So I have a personal position around the technology neutrality position of many regulators. I personally find that a very flawed position. I think vendor neutrality is desirable and appropriate. I think technology neutrality is suboptimal in our current environment, our markets, our society. The way in which outcomes and values are delivered in financial markets is enormously influenced by the technologies that are used and the way in which those technologies are brought to bear within institutions. And my concern is that this position of technology neutrality can lead to some ignorance, but it can also create uncertainty for market participants, which can stifle desirable innovation and change as well. So I would prefer to see regulators adopting a more curious, inquisitive position, exploring the genuine and nuanced risks and opportunities of new technologies and solutions.

 

I think to do that, regulators have to recognize what today's approach is, and yesterday's technology has contributed to some of the market failures that we see. Regulation is a response to market failure. And I would argue that massive exclusion of certain populations is a market failure. And that has been precipitated by expensive technologies, labor intensive processes, and various other aspects of the financial system. So I think I'd like to see regulators that are curious, but also recognize that today's status quo isn't good enough. And recognizing that technology that was developed for the last decade or before, is in most cases not likely to be fit for purpose for a risk focused regulator. So regulators need to be genuinely risk focused. There is a lot of risk being carried in all technologies.

 

So I think regulators should be leaning out to understand and explore these new technologies. I think they will best accelerate their knowledge of technologies by experiencing them and using them directly. So we talk bit more about that today. And I think in order to do that, regulations will also have to broaden the community that they engage with, the sources of human and intellectual capital that they work with and the places from whom and the individuals from whom they can learn needs to be grown out. So I think it does sort of encourage or require a more public, private collaborative learning process for regulators as well.

 

I think finally, I'd just, in terms of shaping technology, change, I think it's going to be increasingly important that regulators share their own learnings with one another more widely and more freely and more frequently. We all know that regulators have finite capital, both money and people and time. And surely it's therefore most efficient and desirable for regulators not all to be learning the same thing, but instead to be learning from one another's mistakes, one another's successes. And where appropriate collaborating to build and shape common solutions for regulators around the world.

Arvind Baghel:

That's great. Thank you. So there's a quick question here from the audience, Jo Ann or Nick, you could address this question. What is the name of a AIR's white paper published in July 2020? 

Jo Ann Barefoot:

It's called the RegTech Manifesto.

Arvind Baghel:

Yeah, thank you. And it's on the website, right?

Jo Ann Barefoot:

Yes.

Arvind Baghel:

AIR's website.

Jo Ann Barefoot:

And we also have a series of papers that I researched when I was at Harvard University that is an even longer treatment of the same issue. So those two together. Our website is: www.regulationinnovation.org

Arvind Baghel:

Great. And Nick, here's a question from Jasmine, what do you mean by gender neutrality is desirable as opposed to technological neutrality?

Nick Cook:

That was a poor pronunciation on my part, I said vendor as in the provider company, company neutrality. So regulators shouldn't be saying, "We like this technology provided by this company." But what they should be increasingly saying is, this technology... So I don't know... A complete perfect map system in an AML solution is not appropriate anymore. We want you to use [inaudible 00:22:17] maps, or we want you to use phonetic maps, but we're not going to tell you whether that comes from IBM or Microsoft or a reg spec. But vendor neutrality, not gender.

Arvind Baghel:

Okay, good. Thank you for that clarification. So I guess Jo Ann, you have talked about the role of big tech in some of your podcasts. The invisible hand of big tech is becoming omnipresent. Increasingly, financial services are moving to the cloud platform. Machine learning and AI services offered by cloud providers are being used by more traditional and FinTech companies. How should financial supervisors engage with big tech to promote the financial stability mandates?

Jo Ann Barefoot:

Well, first, financial services regulators are going to be engaging with big tech in a whole wide range of ways. And they're all going to increase as these companies are offering financial services as we grapple with data and privacy issues and many other ways. But in terms of the cloud issue, I'll pick up on what Nick was saying about the problem with a tech neutrality position on the parts of regulators, and perhaps this will be controversial with the audience. But we think that everyone has to move into the cloud. Cloud computing is a stronger, better way to handle technology than traditional on-premises computing is for most situations.

 

And why is that? Even though it intuitively may seem insecure to be in the cloud, the reality is these systems, if they're properly done, are more secure than traditional systems and be beyond that. They're massively more flexible. With a cloud system, you can just pay for what you're using on a given day rather than having standing gigantic capital investment in static systems that then when you need to upgrade them and modernize them, you have to go through a whole other capital project. So the industry and the regulators will be moving into the cloud, that's going to raise lots of problems and challenges and risks, and these need to be figured out and managed.

 

The FinTechs are already in the cloud and it's giving them an advantage over the incumbents that are not in the cloud because they can be more nimble, they can be more efficient, they can change with the times much more easily. In terms of the regulators, some are in the cloud and some are on their way and some haven't gone there yet. But Nick's point on tech neutrality applies here because we think that the regulators in general have, this is a gross over generalization, but have sort of signaled skepticism of cloud computing environments that has been changing and they probably need to begin to signal nudging into this better era of digital technology. And the companies that go there are going to be able to do compliance better. They're going to be able to adapt to changing times better, they're going to be more efficient in terms of their ability to turn a profit in a dynamic environment. And so it's a journey that we're all going to need to take together.

Arvind Baghel:

Great. So I guess one of the reluctance is to get into the cloud is confidentiality and privacy type issues. Do you see any solution to that or is there some thought about private clouds for regular?

Jo Ann Barefoot:

Yeah, sure, and Nick, feel free to join in on this, but yes, I think we'll see lots of private cloud environments and as well as public cloud environments. You mentioned our podcast show Barefoot Innovation, we've just done two episodes recently with innovation leads at U.S. agencies, one at the Federal Reserve Board and the other at our municipal securities regulator. And the latter has gone fully into the cloud and then rearchitected their entire tech system and they're using a public cloud environment. But I think we'll see many regulators using private clouds, but you need to have that ability not to be using static analog era IT.

Nick Cook:

I think it has been an easier transition mostly for let's say western markets and/or large economies where there have been massive cloud providers building local infrastructure. It's much easier for us in the United Kingdom to decide to go into a cloud environment when the actual physical premises and the contractual arrangements they're all U.K. based. But there is a challenge for emerging markets who don't have local cloud solutions. And then on top of that, it's complicated further by bandwidth. 

 

So if you're relying on remote cloud provision, you need to have good connectivity. And again, in some markets that has been harder to secure than in others. So we're seeing good solutions for satellite broadband rolling out across larger regions so maybe that starts to solve the bandwidth. But there are still some questions around developing the right legal and governance frameworks to be able to use cloud instances that are perhaps not within a single jurisdiction but they're outside of a jurisdiction. And that's a complex issue to regulate something through.

Arvind Baghel:

That's great, yeah. So obviously there are some challenges that regulators face as you've mentioned. What are some of the preconditions for being able to transform financial supervision? And I'm going to direct a question to Jo Ann and then to Nick. Jo Ann, can you discuss some of the preconditions and what needs to change in the traditional mindset of financial service regulators? What are some of the cherished beliefs of regulators that need to change?

Jo Ann Barefoot:

So I'll start by saying we never criticize regulators. We love regulators, that they have the hardest job in all of this. They're not like a private company that can move fast and break things, right? Regulators need to get things right. So when we talk about changing mindsets, it's not intended as a criticism, but at the same time we think a lot of change is needed. And remember the technology exists to do what needs to be done. It may not be in the hands of regulators yet in the form of supervisory tech, but once we commit to making the changes that are needed to get more data and to analyze it better, the tech solutions are not the problem. The problems are the cultural and experience issues of the regulators.

I think a few of the mindset issues, one is sort of the bias that what we are used to seeing is the safest choice. 

 

Nick is quite an expert on logical fallacies and puts these in more scientific categories than I do. But that confirmation bias, I guess, it is that what I'm familiar with is safe is simply not the case in a lot of this work. And in fact, the important thing that's happened here is the world is moving from the analog age in which we do things that have evolved from the days when we were putting everything on paper, to now the digital age where information is starting as a zero or a one, a digitized information item.

 

And as you do that, the new generation tools are better. It's like new generation telephones are better than old telephones. New generation digital cameras can do things that you couldn't do with your analog camera. And regulators are comfortable seeing what they've seen before, for good reason. A lot of the new things are not yet tested, embedded, and they will need to be. But being forward thinking and ready to embrace digital solutions, I think might be the biggest issue. And then going with that, I think there's tremendous need for education. We actually have an education offering for regulators, our elevate program to just sort of teach tech 101, which most regulators need.

 

And then maybe the last thing I'll mention, and I know this one regulators hate, is as we make this shift, regulators are going to have to be willing to allow some safe harbors because these new tools are going to find problems that the old ones didn't. They're going to find money laundering that the bank never found with its old tools. They're going to find credit discrimination that you couldn't find with your old tools. And the industry will be reluctant to adopt and embrace better tools if they think the regulator may punish them for their past sins. And I think we need to think hard about this. We didn't punish doctors for not using penicillin before it wasn't. And we're going to have to have that kind of thinking about the change. So those are a few mindset issues that I think are challenging.

Arvind Baghel:

That's great. Thank you. So before I go to Nick for this question, there is the question in the chat from Calvin. Do you see financial regulators and supervisors embracing more virtual ways of doing regulation and supervision as a result of all the adjustments forced by COVID? And do you want to answer that, Jo Ann?

Jo Ann Barefoot:

Absolutely. COVID speeds up technology in so many ways, and every regulator that I know will tell you that they made lots of changes in COVID, and one of them is going to more remote and virtual reporting and supervision and oversight.

Arvind Baghel:

That's great. Thank you. So Nick, going to you on the issue of preconditions, relevant skills are possibly an issue. What key skills gaps for regulators and supervisors do you see, or key skills required to be a successful financial regulator in today's world of tech enabled services?

Nick Cook:

So I mean there's some well discussed and well known technical skills around greater comfort with programming and coding, software engineering, data science and machine learning. But we must also remember that those individuals and capabilities need other skills and investments and things like data engineering, data management, data architecture. It's not just about investing in those that analyze and deliver meaning from data. It's also about making sure the backend infrastructure and architecture is appropriate. But also importantly I think is developing the skills to then leverage that data and that insight. It's one thing to create really high quality analysis of an issue by leveraging more complex, more varied, more timely data sets. It's quite another thing to then act on that. So regulators also need to invest in the kind of skill of interpretation and build up skills and confidence to rely on data driven insight to take action. So that's a completely different kind of internal cultural piece that needs to be worked on.

 

Also, as Jo Ann articulated, there aren't necessarily solutions out of the box, already for regulators to use for all of their needs. So there is a period of kind of innovation prototyping iteration that needs for occur, and that requires some different skills as well. So skills around kind of facilitation, skills around agile methodologies, and then also this mindset of being willing to embrace learning through experimentation and failure. And again, that's a kind of different kind of cultural mindset within an organization. There are then some software skills and maybe perspectives or positions that regulators would need to develop a bit more. So one is that is comfort with being vulnerable, with being willing to admit that there's a challenge or an issue that you don't yet have a solution to. Regulators don't always like talking openly about the things they are not doing very well, but for various reasons, various very understandable reasons.

 

But in my experience, that kind of ability to be honest and humble can be a really powerful fourth multiplier in bringing intellectual capital and human capital into a regulator. There's something about kind of comfort with the discomfort as a skill in itself. And then there're all sorts of other bits around kind of design thinking and human centric design. So our existing regulatory systems, existing financial systems haven't met the needs of all systems in our society. And in part that's because the product, the processes and the policies have not all been designed with the end users in mind. 

 

So kind of human centric design skills are another kind of component of I think a regulator in this decade. And then I think the final thing I would add is we've seen a real growth of interest in of broader psychology and behavioral science skills. So understanding how people behave, how people make decisions, that's a really important component of designing appropriate and effective regulatory regimes. And we interact differently with technology than we do with humans. 

 

So this kind of whole field of behavioral science, behavioral psychology I think is another kind of skill area that alongside the well covered data science and agile methodology, kind of technical skills will need to be developed. I think finally the thing I would mention is diversity. So I've highlighted specific skills, but I think a really important thing for regulators to focus on is the diversity of their workforce, both in terms of the kind of social demographic. Definitions of diversity, be it gender, be it age, be it ethnicity, but also in terms of kind of cognitive diversity. Many of the challenges we face are what are sometimes called wicked problems. 

 

There is no single obvious solution for these problems. And evidence shows that teams with access to different ways of thinking and individuals with different ways of being are far more successful in both conceiving of solutions and then delivering them efficiently. So I think there's something about hard and soft skills, but there's also this piece around it's generally what is the organizational diversity of the regulator.

Jo Ann Barefoot:

Arvind, could I just jump in on that?

Arvind Baghel:

Yes.

Jo Ann Barefoot:

One of the things that Nick did... So AIR was thrilled when Nick joined us a year ago. It's just been transformative for us, and as many of you do, he not only led innovation at the FCA, but he led a lot of the important tools that the FCA created and one of them was the regulatory tech sprint. And AIR now puts on regulatory tech sprints. We just did one with the Reserve Bank of India, one with the U.S. State Department on corruption and they have lots of different topics. 

 

The genius of the tech sprint is that it does what Nick just said, it brings a diversity of skills to solving a difficult problem so that you're putting together regulatory experts and software engineers at same time working on the same problem side by side. And you get results that neither group alone could have come up with. And we just think this is one of the keys. The more we see high collaboration across agencies with the tech sector, with industry and government appropriately working together, this is what's going to accelerate progress.

Arvind Baghel:

This is great and I really like how both of you have put together the technical, the behavioral and the diversity issue. It all hangs together and it's so critical that we as regulators recognize that there is that need for diverse thinking and different ideas and to actually deal with the challenges that we face. So that's excellent. And of course, financial service models are evolving and changing. We are hearing about open banking and adoption of cryptocurrencies are set to transform bank business models. The blockchain and smart contracts are transforming insurance business. So my question to each of you is, what in your view are the top three transformative techno developments for financial services, and what are the implications for financial service regulators? So I'll start with Jo Ann first.

Jo Ann Barefoot:

Top three?

Arvind Baghel:

Yep.

Jo Ann Barefoot:

The big sweep of it is that the change has been exploding because on the one hand we are digitizing data, so that would be the underlying fuel for this. And then that then in turn has made it practical to use new technologies like artificial intelligence and machine learning and natural language processing. Those two, either one of those without the other doesn't get you anywhere. But now that we have both together, what we worry about for regulators in part is that they can't see into the system because it's changing so fast using the techniques that we've used before. So those two would be huge.

 

And maybe the third one I would put in the same category is the crypto and blockchain and move toward decentralized finance or DFi. These are mold breaking technologies. We sometimes look at the issues that are on the plates of our legislatures and regulators in finance and just think that we're talking about the wrong things. Those may be important, but what's coming is this gigantic set of change that we don't know how we're going to deal with it. Ask yourself, how do you regulate a DAO, a Decentralized Autonomous Organization? It isn't an entity. It doesn't have a banking license. It's a decentral collection of people in an open source arrangement working through smart contracts to do financial activities. How are we going to regulate that? There might be some answers to that, but as we think about the shift that we're going into in Web3, which I think maybe we're going to talk about in a few minutes, the challenge to regulators is enormous. So I could pick a lot of others, but I would pick those three.

Arvind Baghel:

Wow. Yeah. So Jo Ann, just as an example of decentralized autonomous organization, would you put the crypto exchanges in there or are they something more esoteric than that.

Jo Ann Barefoot:

Yeah, most of the crypto exchanges would not be in there. They are, they're normal entities and therefore we can do our, your customer requirements on them and regulate them in traditional ways. But people are starting to ask if you have DAOs, are you going to have to have the regulator be a participant in the DAO somehow? Maybe give it a veto power. So I don't know, but we need to definitely think outside the box with some of these changes that are coming.

Arvind Baghel:

Great, thank you. So Nick, the same question to you. What in your view are the three, that make your list of the top three transformative technologies?

Nick Cook:

So I won't disagree with any of Jo Ann's, but we didn't agree in advance what we were going to talk about. So I wrote three very different ones down. So I've given mention to privacy enhancing technologies or PETs, there's a broad suite of these. There're things like, and good luck to the translators for this bit, there are things such as homomorphic encryption. Things such as differential privacy, zero knowledge proofs, might be something some people have heard about. Crypto nets. There're all sorts of different privacy enhancing technologies. But what they ultimately are is new technologies that enable a secure sharing or analysis of data, including across organizational and international boundaries without removing privacy protection around that data.

 

And so, these technologies, I think can and will be transformative in things like the fight against financial crime and money laundering. They will be highly instrumental in managing some of the big cyber risks in our financial system. And they'll also be very important at an individual level in protecting citizens’ reasonable expectations around the privacy of their data, and enabling systems to exert more control over what data they share with whom and how. So, this whole field of privacy enhancing tech would be one of one that I would mention.

 

The second I would mention would be agent-based models and simulation technologies. Some of these are based on deeper reinforcement learning, not all of them. But to give a sense of how these might be useful, they will allow us as to develop or create very advanced virtual versions of our financial systems and our wider economies and societies, which I think will take things like risk modeling and emerging risk identification and stress testing and things like that to a completely new level. But they'll also offer opportunities for regulators to simulate and test policy and other interventions in a sort digital twin of the real world before they then implement it in the real system. So this hopefully will give an opportunity for regulators to be more experimental with their policy and their other interventions. And will reduce the emergence of unexpected or unintended consequences of regulatory actions. So agent based models and simulations I think will be really important.

 

And then you have smart contracts. I think smart contracts have in some cases been unlucky due to their association with cryptocurrencies. Smart contracts are of game changer. In their simplest form, they are a program stored on a blockchain that executes them, runs when certain pre-determined conditions are met and will have enormous transformative potential in their use cases. Everything from changing the way trade finance works in financial markets through to things like regulated reporting and how regulators can capture and collect information from institutions. They will change insurance markets and enable things like automated insurance pay out. They may even change the way in which financial institutions are sanctioned by regulators. You could be automatically sanctioned when certain events and triggers occur.

 

And then of course they have massive utility in settlement and trading systems as well. But ultimately what they will enable is the removal of various expensive labor-intensive intermediations in financial markets. And by reducing that cost, again, there'll be a really strong accelerant of financial inclusion, but also a fairer, cleaner and more robust financial markets as well. So I think smart contracts are going to be huge. They just need to kind of disentangle themselves from some of, I guess the bad noise, the negative energy around certain cryptocurrencies and scams.

Arvind Baghel:

So that's great. Nick, I can only already see you moving into these new ideas and developments. I know you have had a pioneering role in developing the FCAs Sandbox and text prints, but I guess Sandbox is something that regulators in many jurisdictions are clearly using. Can you share with the audience, I know Jo Ann touched on the text sprints, can you share a little more about how financial service regulators are leveraging tech sprints or any of the other technologies that you've talked about. Certainly the privacy enhancing ideas that you touched on, differential privacy certainly comes to mind. And if you could talk about some of that.

Nick Cook:

Yeah, sure. So I mean, Jo Ann mentioned this briefly, but a tech sprint as an event that brings together participants from basically across financial services, but also individuals outside of financial services to try and develop technology based ideas, proof of concept prototypes to address specific challenges. Now some of those address market challenges, so specific needs of regulated institutions around KYC or financial crime monitoring or enabling access through things like digital identity. So some of them are focused more in the kind of FinTech side of the market, looking at how solve industry issues. Some of them have been focused more on reg tech or supervisory tech needs. And so they have been used for a range of different focus areas and use cases. Again, at their core they leverage diverse and broad public, private, intellectual capital. And so they're fabulously useful for regulators to draw on sources of knowhow expertise and skills that they may not have within the institution.

 

But they can also be really powerful in establishing relationships and connections within an innovation ecosystem, so relationships between maybe large incumbents and smaller tech startup. Maybe it's relationships between academia and regulators. So it can be very effective in developing those relationships. Some, as I say, have focused on SupTech, but some are focused on reg reporting or crypto post surveillance. And so the sprint is basically a chance to accelerate learning, experimentation, ideation and texting of different technologies and ideas. Some sprints then lead into formal programs of acceleration, investment, incubation. Some of those might go in-house into the regulators. Some of them continue to be outside as kind of consortium of industry in endeavors. Some are funded, some are not. So there's very, very different models.

 

I guess the simplest thing to say is we've seen them use effectively in multiple markets for a range of different use cases. There are various different designs and formats that colleagues on the call can consider. The FCA and AIR have also published pretty deep manuals and guides for how to design and execute sprints and I know Jo Ann and I would be happy to follow up with anyone on the call that is interested to hear more about them.

Arvind Baghel:

Thank you. So there's a question from the audience. With the world becoming more digital at an exponential rate and data becoming the new gold, how do we hold true to our morals and not start seeing people as numbers to monetize, but people whose right is privacy and transparency on how their data is being used? Basically how do we ensure privacy by design without the regulator needing to be overbearing in enforcement? How can jurisdictions build privacy cultures? Maybe you might have a thought on that, Nick.

Nick Cook:

It's a big question.

Arvind Baghel:

Yeah.

Nick Cook:

I mean be being entirely blunt. Some instances do require some enforcement activity to reshape behavior. Others can be built around the societal establishment of morals and ethics that people sign up to and engage with. Some market practice can be influenced frankly by consumers actions. So their choice to transact or not to transact with certain market participants can influence those that win and those that lose in the medium and long run. I think the other piece here though is there is a place and there is a need for consumer education around these risks. Now some regulators have a mandate to do that directly with consumers, others don't. But in those markets where they don't, they do need to be thinking about from whom consumers are learning, from whom consumers are gaining information about how to protect themselves.

 

But I think there is an establishing recognition of the need to kind of shift the dynamic between who holds and contains and controls data. Which at the moment, bluntly in our sort of web-two world is largely controlled by governments and commercial institutions. One of the promises, and maybe this is spin, but more one of the promises of Web3 is that you can decentralize ownership of data in a more profound way and you can start to allow consumers to actually protect and manage their data and their privacy more carefully and more thoughtfully. So I think it's a combination things in response to the world. I think maybe there is a space tech, enforcement, education. Setting standards for the industry to abide by, enforcement. And then I think some of the technology innovations that we're seeing, privacy enhancing tech for instance, will play an important role in enabling consumers to protect themselves and manage their own privacy.

Jo Ann Barefoot:

Could I just add very quickly-

Arvind Baghel:

Yes. 

Jo Ann Barefoot:

... that on this, the claim from the Web3 world is that they can solve the privacy problem by decentralizing control and using blockchain technology to enable us to protect our information. And also to create a new economic model so that we won't have the Web2 problem in which our data is being monetized and that's paying for the whole thing. And I think it's worth pondering in a group of regulators like this that if Web3 is as big as people suggest it may be, it's going to be the financial regulators from the forefront shaping what this environment will be like. That was not the case with Web2. It was happening and then the financial world adopted the things that came out of the worldwide web. But in this case, all the early use cases are focused on, or many, many of them are focused on financial services, and so the people on this call are going to be really involved in what should be allowed and not allowed what needs to be known and not known about regulating these new systems.

 

Arvind Baghel:

Jo Ann, I'm always amazed by our insight of the tech world and in awe of your knowledge of some of the things that are happening out there. Could you explain the metaverse to real world financial regulators? And should regulators, of course you've said should be considering at least learning about Web3, but should regulators be considering having a presence in the meta world or metaverse or Web3?

Jo Ann Barefoot:

Well you're nice too, the fact that you appreciate my knowledge. I don't pretend to be an expert deeply in any of these technologies, but we do think all the time about what they may mean. And the metaverse basically is emerging with an alternative world, place, whatever word we want to use, that is leveraging virtual reality, VR augmented reality, and mixed reality. And people will increasingly spend time there doing things that we normally do in the real world. The leading use case by far has been gaming scenarios. And it is so real that commerce is now underway in some of these gaming environments. And real world companies are providing real world services with real money inside these gaming environments. And that means yes, I think they will increasingly need to be regulated.

 

And some of the big banks already have bank branches. So if you go play a game where you're running around in the metaverse doing whatever it is that you want to do on your game and you need some money to buy something to do your game, you might go into the bank branch and take money out of your account. And so there's a blurring between the real and the unreal here. This is going to have huge societal implications. That's beyond our scope maybe to talk about today.

 

But it's not just gaming, it's also going to be bringing these same techniques to transforming how many activities are done, including conferencing and communication and the way people meet. And that in turn is going to change where people live and how they travel and so on. Massive, massive changes coming. And again, I think increasingly a blurring of the line between what we think of as finance and financial regulation versus the rest of the world. Another piece of this is embedded finance too, is going to make it harder for financial regulators to reach into other activities and regulate the piece of them that are financial. So big challenges.

Arvind Baghel:

Great, thank you. I'm not sure I understand all of the implications here, but certainly a lot happening in this metaverse, which should pique the interest of regulators. My ex-colleague Calvin is always insightful on these ideas. And his question is, what impact do you think the development of quantum computing may have on financial regulation and supervision? I'm sure both of you have had some thoughts and ideas on that.

Nick Cook:

So I'm going to go first in that I think you're fine to stretch the non technologies views on these matters. But what I would say is I guess the two main issues that get flagged a lot around quantum are its potential to compromise or override existing encryption and security protocols? The quantum is very good at undertaking tasks that basically require brute force and there are many security systems that can be breached by brute force. Millions, billions of attempts at finding a password, for instance. 

 

So there is a threat to the underlying security infrastructure of financial markets that quantum poses.

There are also kind of potential for quantum to have a massive impact on things like high frequency trading and the way in which trading strategies and trading businesses operate. But then also quantum potentially offers some opportunities around solving really complex things like optimization problems. So regulators are often optimizing between prudential risk management, conduct risk management, climate risk management, et cetera, et cetera. And things about optimization problems are also well suited to quantum computing techniques. So there may be ways in which regulators can better hone and develop their regulatory infrastructure systems, policies, processes leveraging quantum. Beyond that, I'm going to hand it back to Jo Ann, who can give you a more informed view of quantum computing.

Jo Ann Barefoot:

Not a bit beyond what Nick has said.

Arvind Baghel:

That was great. Yeah. Thank you. No, certainly the power of quantum computing is going to be the key factor here as you've pointed out, Nick. So that's great.

Nick Cook:

I see a question about Web2, Web3. Would you like me to take that one?

Arvind Baghel:

Yeah, please go ahead.

Nick Cook:

So Web1 was the initial worldwide web, which was broadly a consumption-based web experience. So you could go to a read only website and you could consume content, a bit like going to a library and opening a book. Web2 was the development of the kind of commercial and social web where we as users didn't just consume read only information, but we also were able to promote and publish content. Create our pages, create social network profiles, set up businesses. And so it led to the growth of the eCommerce and the social media revolutions that we're now very familiar with. But what they also did in Web2 was centralized content and data in the hands of large, big tech institutions.

 

So, I create content for Instagram for instance. I gain nothing from doing that. Instagram gains from that by monetizing my content with advertising. I'm effectively producing data and material for a lot of commercial institution and our consumer free web service, our free product for doing that. Web3 refers to what's sometimes called the decentralized internet, one owned and controlled more by its users and its builders and its content creators, than it is controlled by governments and corporations. 

 

So the dream is that actually if I was a music producer, I was taking photos of my family or whatever it may be, but as I'm adding content on, I retain more ownership and right over those. And the infrastructure that implements the web free experience is a much more decentralized one, leveraging the processing of smartphone, your pc, rather than leveraging massive centralized servers. Say WhatsApp, Instagram, Facebook, Google. It's a very different type of web. Web2 was sometimes referred to as the social web. Web3 is sometimes referred to as the decentralized web.

Arvind Baghel:

That's great.

Jo Ann Barefoot:

Can I add something really quickly to that?

Arvind Baghel:

Please.

Jo Ann Barefoot:

When we think about the potential of Web3 and the decentralized finance DeFi, I would urge people to, if you missed it, look at the Economist article on DeFi from about a year ago. It had an example that I find is really helpful in thinking about it, which is let's us imagine the situation of a fashion model who today will have her picture taken and the photographer owns the picture and should she become a supermodel later or whatever the pictures were valuable, it's not hers. Potentially we're going to a system in which content creators and people who are originating valuable content might be able to own an NFT, a non fungible token or some kind of a token that would give them an ownership stake in what they create as it moves on. And because of the incredible computing power and low cost and versatility of these systems, you could have a system in which we actually change the economic models through which we are rewarded and gather income and wealth. And again, very thought provoking I think.

Arvind Baghel:

Excellent. I guess I will ask one more question and then try and cover a lot of the risk related questions that we have had on our chat. So, the decline in cryptocurrencies recently has been in the news and so have been the discussions of the role of financial regulators. How should these be regulated and who should be regulating these and can regulators use blockchain tech to modernizing financial supervision? That's questions for you, Jo Ann. Maybe you have some thoughts and ideas in these.

Jo Ann Barefoot:

So this is definitely an area that's going to be evolving and becoming more clear over the next coming years. And the short answer is it depends what the cryptocurrency or crypto asset is doing. There's a tremendous amount of controversy about what crypto activities should be classified as securities and come under the securities regulatory regime. How much is commodities, how much of it is being used as currency for payments and so on, that will impact which regulators should be at the table. One of the things that we like to urge people to think about is that whichever regulator is overseeing these new assets and methods should be using a digital first approach. We think that the growth of these areas creates an opportunity to begin to move to digital regulatory reporting, DRR, which Nick's work at the FCA led a lot of research and thinking in this.

 

Because, think about it, these firms are all tech firms. They're not financial firms with legacy technology. They are young tech firms. Everything they have is digital and it makes them able to move into this more nimble digital regulatory environment. So we think the method is important. We at AIR did a tech sprint with the state of New York on digital regulatory reporting for crypto firms and just looked at the ability to get real time information, full information, not periodic reports, not sampling of information, not summary metrics, but actual real data that would empower the regulators.

The other thing I'll say is that, as you said, the volatility in this market has been shocking and clearly there's going to be a lot of work on rethinking the investor protection model. How many people are being drawn into these incredibly, at best, they're incredibly risky and at worse some of them have been scams, and how best should we be protecting people? But at the same time, there is a big movement of financial inclusion advocates saying, don't equate solving that problem with keeping average people out of these markets where there is a potential for good investments and wealth building. If we're going to have a whole new worldwide web innovation round driven by crypto and blockchain technologies, people are going to be able to invest in it and get wealth. And we shouldn't limit it to people who are already wealthy to be at that table. There was a conference last week in Washington D.C. By the Black Blockchain Summit, and among other things they sold t-shirts saying Satoshi is black. And there's a lot of interest in democratizing access whilst not allowing people to be victimized. So very complicated again.

Arvind Baghel:

Thank you. That's a whole topic for discussion for our whole new webinar, I would think. But that's very useful. And clearly as you know, regulators try to get into digital regulatory reporting, they would need to have AI and ML kind of expertise to be able to deal with the real time kind of.

Jo Ann Barefoot:

Exactly.

Arvind Baghel:

Great. So no discussion with regulators can be concluded without talking about risk and risk mitigation. So while this webinar has been about financial service, been about innovation, we would be amiss if we didn't talk about risk and risk mitigation. Can each of you address the two or three top risks associated with supervisory tech solutions and can regulators mitigate those risks? So I'll start with Nick, what do you think are the two or three top risks that regulators need to be wary of?

Nick Cook:

So I think one that pretty well covered when it comes to any say finance or analytics program is around buyer and around the potential for the analytics output to be influence by subjective input really. So one needs to understand how representative is the data that's feeding the model. And what I add is what one should though consider is that humans can be incredibly biased too. And so I think there needs to be an informed and grown up discussion about is the algorithm delivering outcomes that are discriminatory, and is pointing it towards the issues because of certain characteristic? Are there certain parameters in the models that are having a disproportionate impact on the model's output? So there needs to be that consideration of how basic quality, integrity, variety impacts the bias of the model. But we also need to make sure we compare that buyer to an appropriate base. And the appropriate base is not to assume that a technology, the existing process is free from bias. It absolutely won't be, It will have bias as well. So we need to make those adjustments appropriately.

 

I think there's also, there are some really human risks around tech. I spoke about one of them earlier. Frankly, the risk of it not being used. The risk about it does not get adopted, it does not replace existing processes in an organization. It sits alongside and doesn't actually drive an efficiency gain within the institution. It doesn't deliver greater effectiveness. And maybe that's because of a lack of trust in the system, lack of understanding, a lack of awareness for how to utilize it. But it can also come from other fears, other issues. Labor displacement, the fear of the machine taking over my job for instance can create environments that are highly resistant and suspect being deployed. So I think there's a need to build understanding around how these tools and solutions can help colleagues deliver on the mission that they care about within a regulatory or central bank agency. And helping people understand that this isn't about this replacing high value human thought. This is about reducing low value repeat task and driving greater consistency and quality in what we're trying to perform. So I think there's a human risk that's non-implementation or resistance.

 

And then I guess the other big one that kind of links into bias would be around kind of privacy and appropriate utilization of data. So just because we can access data and we can use it, doesn't necessarily mean we should. And increasingly regulators will look towards data sources that are less familiar to them. Maybe it's public data from social media platforms, maybe as a government institution, they have access to highly sensitive data assets as well. And sort of being able to consider the privacy and confidentiality considerations of these data assets.

 

Just because you can find these won't impact, doesn't mean that it's appropriate legal or morally just to leverage the data in that way. We came across that challenge when we did things like web scraping at the FCA. Starting to scrape massive content from the public web, and so we had to get legal advice on whether that was an appropriate thing for a regulatory agency to do it. And broadly it was because it was much about mystery shopping or some other agency that we could undertake. But I think thinking through those kind of legal and privacy risks is an important part of development.

Arvind Baghel:

Great. Thank you. So Jo Ann, a quick list from you and summary. So I'll turn over to you.

Jo Ann Barefoot:

I agree with Nick's list, so I'll add one refinement maybe, which is a specific risk is model risk management, MRM. We're actually working on a paper on this and you could get the model right, try to get it right the first time, but continuing to keep it right, that the data is accurate, that the people who are using it correctly is an incredibly challenging thing that feeds into all these same risks on cyber and privacy and bias. And I guess the one that I'll add is risky as all of these are, and they're full of risk and full of problems, there's no doubt about it, we think that maybe the biggest risk of all is not changing.

Arvind Baghel:

Yeah, the risk of inertia.

Jo Ann Barefoot:

Inertia. Nick became famous in our world long before we brought him on board with AIR for being at a meeting with regulators, Nick, and I remember you saying that at the FCA, you all had realized that if you held still and took time to figure out, if you took two years to figure out what you should do or waited for what to do would become clear, you would be accelerating backwards. And that if you took two years, you'd end up 10 years behind and then still wouldn't be clear what to do. Back to what he said a little bit ago, that you have to get comfortable with uncertainty and move forward. Because in that delta between the exponential pace of tech change and the linear pace of our regulatory change, it's filling up with risk every day that we're either going to miss risks or we're going to make them worse. We have to move forward.

Arvind Baghel:

Thank you. That's really very useful to know and understand in conclusion. So I'm going to give both Nick and you another minute each because we are coming to the end of our session. Do you have any final words of wisdom that you have to share with us? So I'll start off with Nick. Nick, final minute before we close?

 

Nick Cook:

Sure. Yeah. Well firstly, thanks everyone for joining this session. I guess my final comment would be that as much as the technological changes that we see present the kind of scary scenarios and create uncertainty and concern for many of us, and there are new risks, there are absolutely new risks that we have to get comfortable with. There is also just enormous opportunity for us to develop both financial systems that are fairer, more inclusive. But also that we can develop regulatory strategies, regulatory processes that are far more effective, that allow us as people that care about delivering value through our society, people that care about protecting the consumers that we exist to serve. I think we have a massive opportunity in the years ahead to leverage technology in this kind of fight for good. And yes, we have to get some comfort with the discomfort of learning and trying new things and engaging with new folks and experience the new things.

 

But I think that the future is very, very bright if we lean towards it and if we head towards it. As Jo Ann said, "If we stand still, this just gets worse." So we have to find ways and seeing a couple hundred people on this call is really uplifting because I think one of the ways we move forward is we move forward together. We learn from each other, we collaborate, we share our deepest fears, we share our big successes. And through doing that, we will progress to a point where we can do the things that we really care about and deliver value in our society.

Arvind Baghel:

Thank you, Nick. Jo Ann, final word to you before I close out. Thank you.

Jo Ann Barefoot:

We regulate finance for stability, consumer protection, financial inclusion, preventing crime and terrorism and increasingly also for climate change. Finance is the life's blood of healthy societies. We have to get it right. And so I think our advice is to regulators, as hard as it is to find ways to speed up, there's so many reasons why it's hard to move faster, and yet we don't really have the luxury of not figuring out how to move faster. And I'll just say AIR exists to help financial regulators, so if we can be helpful to anyone on the call, just reach out to us, we would love to talk with you.

Arvind Baghel:

Thank you very much, Jo Ann. Thank you both, Jo Ann and Nick on behalf of the Toronto Centre and the attendees at this webinar, thank you for sharing your thoughts and ideas and expertise. And to our attendees, we hope you found this webinar gave you insight into the changes facing supervisors and regulators and some ideas on what supervisors can do to successfully navigate the changes that lie ahead.

 

In closing, I once again ask you to join me in thanking our speakers, Jo Ann Barefoot, Nick Cook. I would also like to take this opportunity to thank Casey and Judy for facilitating the webinar and our translators who have no doubt had some challenges in dealing with some of the technology-terms. But thank you very much. 

 

Last but not least, thank you all for attending. And a note of thanks to our funders, Global Affairs Canada, the Swedish Sida, the IMF, Jersey Oversees Aid, UNCDF and for the generous support of the Toronto Centre's mission. Thank you all. The webinar has now ended. Thank you.

1

 

Subscribe to receive information about
our programs, events, and Supervisory Guidance