Banking needs a regtech sandbox

One of the best-known inventions in banking oversight in recent years is the “regulatory sandbox.” Pioneered by the U.K.’s Financial Conduct Authority, these are running now in about two dozen countries and several U.S.states, allowing fintech innovators to conduct live, small-scale testing under the regulator’s supervision.

The goals are twofold. First, the experiments help policymakers pinpoint areas where technology innovation may be outstripping current rules, signaling a need for clarifications or updates. Second, the tests give officials a way to learn quickly, hands-on, about the technology trends that are revolutionizing finance, so that regulatory wisdom can keep pace.

Among U.S. federal bank regulators, however, only the Consumer Financial Protection Bureau is developing a sandbox. Other agencies have worried that fintech experiments could harm the consumers involved. Most also lack clear authority to design sandboxes that could waive or suspend existing rules during the tests, features that help attract innovators to participate. In addition, federal bank regulators are limited by jurisdictional mandates that may impede direct lab experiments with nonbank fintechs, which are the trailblazers in innovation.

But there’s an alternative initial step that solves all of those problems and still advances the goals: Set up sandboxes to study not fintech, but regtech — technology that streamlines the government’s regulatory work and bank compliance. By focusing first on their own processes, agencies can gain the hands-on experience they need with the new technology that is transforming the financial sector, from big data and machine learning to cloud computing and blockchains, without having to worry about potentially exceeding their powers or exposing any consumers to risk. Once they have built their regtech labs, it will be much easier to widen the scope to test fintech innovation as well.

Any or all of the federal financial agencies could create regtech sandboxes to try out new technology, without touching a single consumer or suspending a single requirement. One promising area would be to test “machine-readable” regulations that attach electronic tags to rules, in order to make regulations easier to track and implement. The FCA has even experimented successfully with this form of regulation — issuing a regulatory reporting requirement in the form of computer code rather than words to permit, in effect, self-implementing compliance, and to make it instant, and cheap.

Securities regulators have begun using artificial intelligence to search big-data patterns for signs of market misconduct. Several non-U.S. governments are trying to digitize aspects of regulatory reporting by connecting regulators and financial institutions directly through application programming interfaces, so that both parties can monitor risk trends using complete data, in real time, while sharply cutting reporting errors and expense.

And many people are working on digital identity authentication that can modernize compliance with anti-money laundering “know your customer” rules to strengthen the financial system’s security while also expanding consumer access. United Nations’ data indicate that we currently catch less than 1% of the $2 trillion in annual financial crime that fuels terrorism and trafficking in humans, weapons, endangered animals and drugs. Regulators are testing new technologies for data encryption and “differential privacy” that can enable banks and law enforcement to share anonymized data. AI can then detect suspicious patterns without knowing the identities of the people involved, unless there is justification to unveil them through a formal permissioning process that protects privacy. Such a reform would, for the first time, enable banks and authorities to share data as freely as criminals do, without infringing on civil liberties.

A good first step for regulators would be to run experiments on a model developed by the FCA called “tech sprints.” These are essentially “hackathons” that convene experts in finance, regulation and technology, team them up, and translate regulatory improvements into code, live. Such sprints typically identify a pain point shared by agencies and industry and enlist help with solving it in a safe test environment using dummy data.
Another good U.S. model is a Commodity Futures Trading Commission initiative that’s using the Science Prize Competition Act to gather innovative ideas for improving its own processes. Rep. Austin Scott has introduced legislation to facilitate those efforts.

Just like private-sector tech “accelerators,” regtech sandboxes help regulators get up to speed. They can shorten the learning cycle and they can also move us toward digitally native systems that will be able to do more with less.