2021 has been a banner year for regtech. The Banking-as-a-Service (BaaS) model has come into its own, allowing banks to offload some of their compliance procedures to third parties. This new model creates a market where some players can specialize in regulatory services, as requirements around the world change at an increasing pace. Furthermore, this specialization has lowered costs so that even non-financial businesses can embed payments within their own platforms.
This year has also seen the proliferation of a less positive business model. Ransomware-as-a-Service (RaaS) allows those with less experience in the technical aspects of hacking to conveniently select their own targets and pricing. Like BaaS, this model also helps new knowledge diffuse quickly across borders, and it’s helping ‘financialize’ previously existing activities. High-profile ransomware attacks have affected Acer in Taiwan, as well as numerous other companies around the world, and are widely suspected to be substantially underreported.
The race between the costs and benefits of new technologies for financial regulation will be a key point to watch in the coming years. This was an important theme at the APEC Financial Regulators Training Initiative (APEC-FRTI) webinar on evolving fintech development and financial services supervision, hosted by TABF in cooperation with the Asian Development Bank (ADB) on November 18. Some of the reasons for a renewed supervisory focus on technology reflect its new benefits, while others simply reflect a need to keep abreast of continuing developments in the marketplace.
Fundamentally vulnerable
At the event, Christophe Barel, Managing Director APAC of the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium for cyber-risk, outlined the latest threat trends – including ransomware, which he said has risen 93% this year. The financial industry needs to be more collaborative than its adversaries, he said, particularly regarding cross-border knowledge sharing. “Financial institutions need to share information on threats directly to APAC regulators – where the regulatory environment is less mature and harmonized,” he said.
Financial threats typically emerge near the edges of networks, he said, making it important for fintechs to manage data sharing and understand their partners. Start-ups need to invest in these capabilities quite early in their development. Mr. Barel also pointed to human resources issues as a constraint on these efforts.
“It’s fair to say that cybersecurity is the foundation of financial technology,” said Kai-Jiun Chang, Deputy Director of TABF’s Financial Research Institute, during the panel discussion. Mr. Chang also introduced TABF’s new fintech talent certification mechanism. Banking, insurance, and securities each have their own specific domain knowledge requirements, but there is also a set of basic skills which are universally needed, such as business analytics, digital product design, data analysis, and UI/UX.
Financial institutions tend to encounter several obstacles when hiring fintech talent, he said. Salaries in the industry are lower than in the tech sector, reducing the status of such positions. There are also deep cultural differences between the “move fast and break things” mentality of software development and the conservative, suited-up disposition of the financial sector. Finally, financial institutions often don’t understand how to evaluate and make use of technical talent – hence the need for a certification mechanism.
Clean data from the source
The webinar also featured a presentation by Brenda Hu, Executive Secretary of the Fintech Center of the Financial Supervisory Commission, describing the FSC’s Fintech Development Roadmap. Out of many aspects of the plan, Taiwan is becoming a world leader in automated reporting, which is the future of financial supervision. Virtual banks are one of the key initiatives for this upgrade, and are being used to test out not only the new systems used by the institutions themselves, but also (perhaps even more importantly) new reporting mechanisms.
This still leaves the question of what happens once the financial authority has stored the data. A Deloitte report illustrated this problem by defining “fintech” as technologies within an institution, and “regtech” as the interaction between the institution and its regulator. Within the authority itself are what it calls “regtech2” and “suptech.”
In the granular data reporting model, institutions automatically report transaction-level data, to be stored in a giant warehouse. Those tasked with business-level decisions however do not interact directly with the warehouse, but rather with summaries created for specific high-level purposes, called “marts.” Because the data is stored in higher-dimensional “cubes,” which are typically difficult to visualize, it may be parsed in multiple ways.
At the event, Howard Wang, Vice President of the Taiwan Depository Clearing Corporation (TDCC), spoke about the “spaghetti reporting flows” of the current system. The TDCC is in a good position to understand operational details of stocks, futures, and bills, each of which have their own clearing systems and reporting mechanisms. Some of these reporting pathways are duplicated: due to different legal requirements, for instance, about 60 banks must make duplicate reports to both the single reporting system of the Financial Examination Bureau (FEB) and the web reporting system of the Banking Bureau (BB).
Mr. Wang called suptech the “arc reactor” of fintech – the miniature electromagnet that powered Tony Stark’s body armor in Iron Man. It forms the aspirational element of the FSC’s Fintech Development Roadmap, after data sharing, legal adjustment, capacity building, and digital infrastructure are achieved.
The presenters discussed the foregoing issues in an illuminating panel discussion, which was moderated by Tomo Yamadera, Principal Financial Sector Specialist of the Economic Research and Regional Cooperation Dept. (ERCD) of the ADB. In addition to the above speakers, Steve Sun, Chief Information Officer of Taishin Financial Holdings, also discussed how to strengthen cooperation on cybersecurity between industry and the government. Furthermore, the entire session was introduced by Hank Huang, President of TABF.
Anticipating new threats
Putting together the insights from each of the presentations, in the future, financial supervision will change from a passive to a more active mode. Simply computing ratios, which used to sometimes be a problem at scale due to data formatting issues, will no longer be so. At the same time, the scope of problems to be solved may grow somewhat more complex. As of yet, cryptocurrency has not been used for crime to the extent that was once feared, but this situation may change with the emergence and proliferation of new criminal business models.
In this environment, it is more important than ever that regulators in the Asia-Pacific share their knowledge and experiences. Taiwan is a good example of a country attempting to modernize its financial sector, and can serve as a model for other states doing the same.