Tech sprints, privacy fines, digital ID: Takeaways from RegTech confab

October 17, 2018 11:35 AM

Regtech, the intersection of regulatory compliance, fintech startups, incumbent tech companies and financial institutions, is still emerging gradually in the U.S., with the nascent Arizona fintech sandbox having recently accepted its first fintech and the Office of the Comptroller of the Currency starting to accept applications for fintech charters, despite being challenged by several state regulators.

At American Banker's RegTech conference in New York this week, regulators explained their thinking about regulatory innovation and fintechs entering the banking system while bankers searched for more answers on how technology can solve compliance issues. Following are several points made during the event.

The U.K.'s Financial Conduct Authority leads the way in regtech

The fintech-friendly Financial Conduct Authority held two “tech sprints” in London this year — hackathons of sorts in which developers and regulatory experts hammer out new answers to regtech, said Jo Ann Barefoot, CEO of Barefoot Innovation Group.

In one, the teams translated the written word into computer code. They picked one line of regulatory guidance around reporting requirements for retail lending. They had a pool of dummy data. They executed their piece of code and got a report back in 10 seconds.

"It was a significant event of re-envisioning how we might be able to do regulation going forward," Barefoot said.

The FCA’s second tech sprint focused on how anti-money-laundering compliance could be done better with technology. It specifically tried to answer the question, how can “good guys” share AML data and still protect the privacy of the people being investigated?

Six U.S. regulators attended that tech sprint, demonstrating the intense interest on this side of the Atlantic in finding a better way to integrate tech and AML compliance.

Banks that don't innovate in regtech risk going out of business

Graham Bailey, executive vice president and deputy Bank Secrecy Act officer at Wells Fargo, said his bank also runs regtech sprints. It's the type of thing it has to do to survive, he said.

"The reason we have to do this is so that we don't become the next Sears,” he said, referring to the hallowed retailer, which just declared bankruptcy. “There will be job losses, in the same way there were job losses for people who looked after horses, but now there are people who look after cars."

Homomorphic encryption is now a thing in regtech

CrazyCloud - stock.adobe.com

Homomorphic encryption is a method of running calculations on data without decrypting it first. The FCA and Wells Fargo used homomorphic encryption in their tech sprints.

"It’s a really cool technology because it lets us look at running queries against databases that are encrypted across multiple geographies or multiple industries, which I think will be a key thing for collaboration for us within financial crime, because we can do things across borders," Bailey said.

GDPR and new California data privacy law impose hefty fines for violations

Most people probably know by now that fines for violating the General Data Protection Regulation can reach 4% of annual worldwide revenue. But it may not be common knowledge that violations of California's Consumer Data Privacy Act of 2018 can incur fees of $7,500 per infraction. So if the Facebook/Cambridge Analytica scandal was found to be unintentional, that would have led to a $61.1 billion fine under the rule. If it was intentional, it would have been $184.7 billion.

Banks had better take note and respond appropriately, observers said.

"You definitely want to ask if this applies to you," said Jill Reber, CEO of Primitive Logic.

You can tell a lot about a person from their cryptocurrency wallet address

Sarah Di Stefano, director and head of AML advisory for Barclays Bank, said a lot can be learned by analyzing cryptocurrency transactions on blockchains — even if that person is buying things “anonymously” on the dark web.

“People think you have no idea what they're doing because they think bitcoin is anonymous,” she said. “They don't get that it's pseudonymous and at the end of every transaction there’s a wallet address and if you're on an exchange there's going to be a bank account or a credit card or a debit card attached to that account. So there is the ability to ID who's on either end of those transactions.”

And if a customer or potential customer refuses to share their cryptocurrency wallet address, “that also tells me something,” Di Stefano said.

Regtech advances may finally lead to ubiquitous digital identities

As regtech moves forward, “digital identity will become a much more important theme for all citizens and all humans,” said Jeremy Balkin, head of innovation at HSBC. “When we all have a true digital identity, what do we need pieces of paper, Social Security numbers or passports for?"

"You have a trusted digital identity that consumers buy into and then corporations, regulators and other aspects of commerce can become comfortable with. I think that will solve a lot of public policy challenges and personal challenges we all face, especially in this era where speed is important and technology in all aspects of our lives has become pervasive, financial services has tended to lag other industries. But I think it's going to become very interesting. With digital identity come questions about decentralization and the 'b' word, blockchain.”