Ravi Menon: Financial regulation - the forward agenda

Keynote address by Mr Ravi Menon, Managing Director of the Monetary Authority of Singapore, at the Australian Securities and Investments Commission (ASIC) Annual Forum 2017, Singapore, 20 March 2017.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
28 March 2017
by Ravi Menon
PDF version
(56kb)
  |  7 pages

Mr Greg Medcraft, Chairman of the Australian Securities & Investments Commission,
Distinguished guests, ladies and gentlemen, good morning.

I am happy to join you for this ASIC Annual Forum on "Future Focus", and congratulate ASIC for the choice of a timely topic.

  • The global financial system experienced nine years ago a most devastating crisis.
  • In response, we saw the implementation of perhaps the most wide-ranging set of regulatory reforms ever.

We are now at an inflection point. I see three key areas of focus in the regulatory agenda going forward:

  • First, take stock of the reforms to-date, with a focus on evaluating their effectiveness and effects.
  • Second, go beyond rule-setting to foster a culture of trust and risk governance in our financial institutions and markets.
  • Third, position regulation for the technological changes sweeping the financial industry, to harness the opportunities they present while managing their risks.

Evaluating the effects of regulatory reforms

Let me start with a stocktake of the regulatory reforms. Basically, the reforms set out to address the fault-lines that caused or exacerbated the global financial crisis of 2008. There are four key thrusts:

  • Build resilient financial institutions. This is being done chiefly through the Basel III reforms, strengthening capital and liquidity buffers in banks.
  • End too-big-to-fail. Frameworks are being established to identify and address the risks posed by global systemically important financial institutions.
  • Make derivatives markets safer. Requirements are being put in place to foster central clearing, margin requirements, and mandatory reporting of OTC derivative trades.
  • Transform shadow banking into resilient market-based finance. Oversight of shadow banking entities is being strengthened.

The Financial Stability Board has been working to ensure that these internationally agreed regulatory reforms are implemented in a timely and consistent manner across the major jurisdictions.

  • While gaps remain in some areas, implementation is generally proceeding well.
  • It is time now to begin the important task of evaluating the impact of the reforms.
  • In fact, the FSB is developing a conceptual framework for doing this.

The framework aims to answer two questions:

  • have the regulatory reforms been effective - are they achieving their intended outcomes?
  • what are the cumulative effects of the reforms - how have the various reforms interacted with one another, are they coherent, what are their larger social benefits and costs?

This work is especially important in the current context:

  • As memories of the crisis fade and the burden of regulatory reforms comes into sharper focus, the pressure to unwind the reforms will grow. It is important for the credibility of the reforms that their impact be objectively evaluated.
  • It is also incumbent on us as regulators to be accountable for the substantial changes that we have put in place over the last eight years.

Fostering a culture of trust in the financial industry

A second growing focus in the supervisory agenda is to help foster a culture that motivates the right ethical behaviour and responsible risk-taking in our financial institutions and markets. But it will require different and novel approaches because there are limits to what externally imposed rules can do to promote the right values in financial firms.

The financial industry continues to be plagued by egregious misconduct, nine years on from the global financial crisis.

  • In the US and UK, major retail banks are still settling charges against them for mis-selling investment and insurance products in the run-up to the financial crisis.
  • Across financial centres, traders at several banks were found to be involved in flagrant manipulation of key financial benchmarks.
  • Internationally, regulators have been cracking down on illicit fund flows, with several financial institutions being penalised for lapses in money laundering controls.
    • In Singapore, we have taken decisive actions against financial institutions that fell short of our anti-money laundering standards.
    • MAS shut down two banks and fined several others, and culpable individuals have been charged in court and sentenced.

Reform of the financial industry will not be complete until this issue of trust and ethics is addressed. We need to "get the culture right". This will require collective effort by regulators, the industry, and financial institutions.

The FSB and IOSCO have been driving international efforts to reduce misconduct risk, focusing on governance and incentive structures, conduct standards in wholesale markets, and the reform of financial benchmarks.

  • National regulators have been stepping up engagement with financial institutions on issues pertaining to culture and conduct.

The industry must itself take collective responsibility to promote good practices and develop codes of conduct, and hold institutions accountable to their peers.

  • Here in Australia, you have set a good example.
  • The Australian Bankers' Association has commissioned an independent review of sales commissions and product-based payments in retail banking that is now in its final stages.
  • Banks have also agreed to share information among themselves on financial advisers with a history of poor conduct.

But ultimately it is the financial institution itself that must bear responsibility for getting the culture right. There are a couple of things they can focus on.

  • First, set a clear tone from the top that is supported by concrete policies and leaders that walk the talk. Management decisions must consistently reflect the firm's espoused values.
  • Second, align human resource (HR) policies with the desired culture. From recruitment and training to rewards and penalties, compensation to career development, HR policies send the clearest signal to staff on the values that the firm regards as important.

This is difficult but important work. We must move the financial industry to look beyond the question "is this legal" to the larger question "is this right".

Positioning regulation for technological innovation

Let me now move to the third key thrust of financial regulation going forward - how to position for technological innovation.

Financial technology or FinTech is transforming financial services.

  • Digital payments are becoming more widespread, propelled by advances in near-field communications, identity authentication, digital IDs, and biometrics.
  • Blockchains or distributed ledger systems are being tested for a wide variety of financial operations - to settle interbank payments, reconcile trade finance invoices, execute performance contracts.
  • Big data is being used in many areas of finance - to gain richer insights into customer behaviour and needs, to detect fraud or anomalies in financial transactions, to sharpen surveillance of market trends.

How should regulation respond?

  • First, we need to develop a deep understanding of these emerging technologies and the risks as well as opportunities they present.
  • Second, we need to develop novel approaches in regulation and supervision that will promote the safe and responsible application of these technologies without stifling innovation.

In some ways, FinTech helps to reduce existing risks; in other ways, they may accentuate these risks or even create new ones. Let me illustrate using robo-advisors.

  • Robo-advisors, as you know, are software algorithms that recommend a portfolio based on a set of investor preferences and rebalance the portfolio automatically.

The financial risks presented by robo-advisers are similar to traditional fund management, depending on the underlying instruments used.

  • A common question is whether robo-advisers present prudential risks and should therefore be subject to capital requirements.

The operational risks posed by robo-advisers are more interesting.

  • AML/CFT risks may well be reduced through transaction monitoring enhanced by big data and pattern recognition algorithms. 
  • But technology risks may be higher, such as runaway algorithms or cyber criminals stealing customer information.
     

Then there is the question of systemic or macro-financial risks. Here we simply do not know enough. But here are a couple of points to ponder:

  • The failure of a robo-advisor could potentially lead to contagion among other algorithm-driven service providers. This could present systemic risk if investors seek to withdraw their investments in securities through fire sales. 
  • The pro-cyclicality arising from algorithms is another unknown, as the interaction between algorithms could exacerbate market trends.

Often, with these risk assessments of FinTech, there is a certain"fear of the unknown" or tendency to "imagine the worst". A degree of conservatism and caution are indeed laudable virtues for regulators, but we should guard against taking too pre-emptive an approach when dealing with the uncertainties of FinTech.

Regulators need to keep pace with innovation but regulation itself must not front-run innovation.

  • Introducing regulation prematurely may stifle innovation and potentially derail the adoption of useful technology.
  • MAS' approach is to apply a materiality or proportionality test.
  • This means regulation kicks in only when the risk posed by the new technology becomes material or crosses a certain threshold.
  • And the weight of regulation must be proportionate to the risk posed.

In 2015, MAS laid out a vision for a Smart Financial Centre, where innovation is pervasive and technology is used widely. And a Smart Financial Centre needs smart regulation - that promotes innovation while safeguarding public confidence and financial stability.

We are still learning and our approaches still evolving, but let me share with you three aspects of our regulatory response to FinTech.

  • First, using a regulatory sandbox to test new ideas in a confined environment.
  • Second, harnessing supervisory technology, or SupTech as we call it, to carry out supervision in a more efficient and effective manner.
  • Third, strengthening cyber security across the financial industry to make it safer to use new technologies and instil confidence in consumers.
Regulatory sandbox

MAS launched a regulatory sandbox in June last year, to enable financial institutions and FinTech start-ups to conduct live experiments with innovative financial products or services.

  • These firms do not need to fully meet the relevant regulatory requirements at the onset.
  • To ensure that the consequences of any failure are contained, the experiments are conducted within agreed boundaries, such as the number of clients, scope of the activity, etc.
  • The experiment is time-bound.
    • If successful, the entity must exit the sandbox and fully comply with all relevant regulations if it wants to roll out the innovative product to the broader market.
    • If the experiment fails, well we all learn something.

Regulatory sandboxes not only encourage FinTech innovation by providing a safe space for experimentation. They also give regulators an opportunity to learn the risks associated with new technologies and right-size regulation accordingly.

Several regulators have introduced variants of the regulatory sandbox over the past year. In fact, I would say the sandbox is itself an experiment for regulators. There is much we can learn by sharing experiences and lessons from our different approaches. And ASIC is one regulator that we admire and watch closely on this front.

Take registration requirements. Most sandboxes require applicants to register prior to experimentation.

  • The UK FCA has two fixed cohorts of applicants a year, while the MAS sandbox is always open for application.
  • ASIC has an interesting approach. 
    • It has a class-exemption for firms testing a specific set of services for 12 months and up to 100 clients.
    • Interested firms are required to notify ASIC before commencing business, provided they also meet certain consumer protection conditions.
  • MAS opted for an application-based approach because we wanted to closely engage each applicant, understand the innovation, business model, and risks so as to customise the sandbox conditions.
    • But each application is turning out to be quite time-consuming and we are mindful that our process does not get in the way of speed-to-market.
    • So, we are keen to study ASIC's experience with the class-exemption approach and see how our own approach can be improved.

There are also interesting differences in the qualifying entities.

  • HKMA's sandbox is restricted to authorised institutions, while ASIC's sandbox is restricted to FinTech start-ups. 
  • The MAS and UK FCA are open to both regulated entities and FinTech start-ups.
Supervisory technology or SupTech

The second aspect of our approach that I want to highlight is SupTech.

  • Many of you are familiar with RegTech - the use of technology to enhance risk management and regulatory compliance in financial institutions. 
  • Well, why should regulated entities have a monopoly over the use of technology? Regulators too can harness technology to enhance the efficiency and effectiveness of supervision and surveillance.

There is clearly greater scope for the use of analytics for financial surveillance and supervision: big data, machine learning, and perhaps even natural language processing. I believe securities regulators will increasingly harness big data to detect, enforce and prosecute misconduct.

  • In a recent case, US SEC obtained a settlement against a broker-dealer for its failure to adequately train its representatives, when they were selling certain complex debt instruments.
  • Custom analytics tools, instead of traditional investigative techniques, were used to sift through millions of trading records, which identified over 8,000 retail customers for whom the investment in the debt instruments was inappropriate.

In MAS, we have started using techniques such as clustering and network analysis in our supervision of the financial markets and monitoring of AML/CFT risks.

  • We are developing algorithms to scan suspicious transaction reports (STRs) and identify those that warrant further attention, allowing supervisors to focus their resources on higher-risk transactions.
  • We are working to develop algorithms that can detect and identify trading accounts suspected of syndicated activities.
  • We will soon be setting up a dedicated unit on SupTech, to synergise and strengthen these efforts and help sharpen our supervisory practices.
Cyber security

And last but not least, cyber security. Cyber-attacks are a growing threat to the financial ecosystem, and FinTech could potentially accentuate this risk.

  • As more financial services are delivered over the internet, there will be growing security and privacy concerns from cyber threats.
  • And maybe even systemic concerns. It is not inconceivable that the next financial crisis is triggered by a cyber-attack.
  • We need to develop the regulatory and supervisory capabilities to address these emerging threats.

Cyber risk management will be the new frontier for global regulatory efforts and supervisory co-operation.

  • The BIS has set up a taskforce to develop international guidelines on cyber-security responsibilities for banks and fund-transfer providers, with the aim of making global payments safer.
  • More such initiatives are likely in the years ahead.

Another area that will be a growing focus is information sharing. Unlike other traditional risks facing financial institutions, cyber risks are less visible and yet often afflict multiple firms at the same time given the interconnectedness of the financial sector.

  • The sharing of timely and actionable cyber information among financial institutions is therefore key to building resilient cyber defences within the financial ecosystem.

MAS has collaborated with the Financial Services Information Sharing and Analysis Centre (FS-ISAC) to establish an Asia Pacific (APAC) Regional Intelligence and Analysis Centre.

  • The Centre will encourage regional sharing and analysis of cybersecurity information within the financial services sector.
  • It is expected to begin operations soon.

Conclusion

Let me conclude. Financial regulation remains work-in-progress.

We must press on with the reform agenda and see it through to full, timely, and consistent implementation. At the same time, we must evaluate the effects of the reforms put in place and make adjustments where appropriate, to maximise their effectiveness and minimise their costs.

We must strengthen the foundations for sound risk management and good conduct by working with the industry to embed deeply a culture of responsible risk-taking and ethical conduct.

We must prepare our regulatory and supervisory frameworks for the technological changes sweeping the industry - addressing new risks while promoting innovation, harnessing the benefits of technology, and promoting growth and opportunity in our societies.

Thank you.