- FINRA reviewed five areas where broker-dealers have considered deploying RegTech tools.
- FINRA concludes that while these new tools could transform compliance, they may also raise new challenges and regulatory implications.
A new FINRA white paper outlines regulatory technology (RegTech) developments within the securities industry and potential implications for broker-dealers. The white paper is based on a review that included discussions with more than 40 participants, including broker-dealers, vendors, RegTech associations, and others. FINRA requests comments and feedback on its paper by November 30, 2018.
RegTech encompasses new and innovative technologies designed to facilitate compliance, and the report highlighted five areas where RegTech innovations could be deployed:
- Surveillance and monitoring: This area is primarily in cloud computing, big data analytics, or AI/machine learning capabilities.
- Customer identification and AML compliance: Solutions for customer identification and AML include biometrics, distributed ledger technology, data analytics, and real-time monitoring.
- Regulatory intelligence: RegTech tools for identifying and interpreting regulatory changes typically provide a catalog of regulatory requirements that are updated on a real-time basis.
- Reporting and risk management: Vendors are developing tools to facilitate or automate processes involved in risk-data aggregation, risk metrics, and regulatory reporting.
- Investor risk assessment: Some tools seek to combine technological innovations, such as data aggregation or machine learning, with behavioral sciences to determine an investor’s risk appetite and tolerance.
Key challenges and implications
According to FINRA, broker-dealers could face new challenges and regulatory implications resulting from application of new RegTech tools:
- Supervisory control systems: Compliance and business professionals may not have the technical skills to understand in detail how highly complex and sophisticated AI algorithms function.
- Outsourcing and vendor management: Firms still have the ultimate responsibility for compliance with all applicable securities laws, regulations, and rules.
- Customer data privacy: Firms may need to update their policies and procedures related to customer data privacy.
- Security risks: RegTech could introduce new security vulnerabilities where segmented off-line processes are moved into a more automated computer-based system.
- Other challenges: Firms might also want to consider potential issues in areas such as interoperability, communications, and personnel requirements.