Building bridges between innovation and regulation
The processes and systems that worked for humanity in the past may not be suitable for the future. This realisation explains why business leaders, regulators and risk managers are continually scanning their operating environments to identify and navigate through impactful change.
Next era of compliance
The next era of compliance and regulation was up for discussion at the Joint Compliance Institute of South Africa (CISA) and International Federation of Compliance Associations (IFCA) Summit held in Cape Town and virtually in April this year. The hybrid event brought together compliance professionals, governance experts, cross-sectoral industry leaders and regulators, represented here by Farzana Badat, Deputy Commissioner at the Financial Sector Conduct Authority (FSCA), who delivered the keynote address.
“We find ourselves at a time of unprecedented political and social transformation,” Badat said. “We are witnessing structural shifts in how markets and economies operate; how critical services are delivered across sectors and industries; and, of course, how we engage with each other as humans.” Artificial intelligence (AI) and other emerging technologies sit at the heart of these shifts alongside the interconnectedness of risk and the ongoing evolution of human’s understanding of risk and resilience.
The presenter framed the shift in the financial services context. “For decades, the financial system has seemed relatively stable,” Badat said. “Banks did ‘banking’; insurers did insurance; and markets operated within very defined structures.” This insular reality informed regulatory frameworks from the top down, through global bodies like the Basel Committee for Banking Supervision; the International Association of Insurance Supervisors; the International Organisation of Securities Commissions; and the Financial Stability Board. There were distinct rules for banking, insurance and securities.
Blurring the lines of regulation
Legacy compliance functions managed regulatory risk by interpreting these rules and monitoring adherence to them; but the dynamic has changed, blurring the lines between disciplines. “Financial services are no longer confined to traditional institutions; they are embedded in platforms and integrated in digital or online customer journeys,” Badat said. New technologies like AI and blockchain have disrupted the advice and product landscape, triggering the rushed implementation and adoption of Fintech platforms and so-called crypto-adjacent ecosystems.
The Deputy Commissioner commented on a type of reconfiguration of the financial system illustrated by technology firms offering financial products and inexperienced financial influencers giving financial advice. “AI is shaping things like who gets credit; how insurance is priced; how fraud is detected; and how customers experience financial services,” she said. One of the major challenges facing regulators is that AI and robotic process automation (RPA) decisions are algorithmic and opaque.
An individual can apply for credit or insurance via a digital platform and be ‘approved or declined’ within seconds, yet the institution cannot always explain the complex model that produced the decision. “This is happening at scale across millions of decisions around the world, raising important questions and challenges for us as regulators and for you as compliance professionals,” Badat said. The question is how to ensure fairness in a world increasingly skewed towards algorithmic decision-making.
An all-out AI assault
Governments and regulators are already positioning for an all-out AI assault. The European Union (EU) has taken a more traditional risk-based approach by regulating high-impact AI systems via the EU AI Act; the Financial Conduct Authority in the United Kingdom is experimenting with a regulatory sandbox approach to test innovation and technology; and the FSCA has adopted a more technology-neutral, outcomes-focused approach.
The FSCA wants financial decisions, irrespective of whether they are made by AI, humans or other mechanisms, to deliver fair outcomes backed by human oversight and governance. “Our approach is not to regulate more, but to regulate better and smarter,” Badat said. “This development reflects a broader shift in our overall philosophy to regulation [which sees us] moving away, as far as possible, from introducing more rules and regulating on an institutional basis, to streamlining and harmonising requirements and supervising outcomes across the system.”
In this context, the compliance function shifts from simply following rules, to advising on outcomes that are produced by complex, interconnected systems. Restated, compliance and risk managers should revel in improvements in customer experience, efficiency and inclusivity without losing sight of the new perils that rapid tech adoption introduces.
Concerns over third-party risks
“The nature of risk and our understanding of what a resilient system looks like is evolving,” Badat said. So, while capital adequacy, liquidity and solvency are still important, firms must also respond to cyber risks and third-party dependencies, notably providers of cloud services and technology. The Deputy Commissioner said there was an alarming trend of major financial institutions being disrupted when critical third-party providers experience difficulties. Her chilling observation: risk is now distributed across the ecosystem.
Risk resilience requires going beyond systemic financial shocks to accommodating operational and technological exposures. “Managing regulatory risk now requires an understanding of things like critical third-party dependencies, an ability to assess the impact of concentration risk and the ability to think beyond your organisation’s boundaries,” Badat said.
The Deputy Commissioner suggested that emerging Asia, Africa and Latin America could play a leading role in shaping how global regulatory frameworks respond. “As advanced and developed economies struggle with the shift between tradition and innovation, in response to this avalanche of technology trends … we know that emerging markets have long had to innovate out of necessity,” Badat said. It could be argued that Africa pioneered digital innovation to tackle high unemployment, low financial literacy and poor financial inclusion.
The twin peaks formation
In response, South Africa undertook a multi-year shift to a twin peaks model of financial sector regulation under the FSCA, for market conduct and integrity, and the Prudential Authority (PA), for prudential matters. Governments and regulators across Africa cannot ignore emerging market challenges and vulnerabilities as they chart enforcement and supervision responses. “We can afford neither the luxury of regulating in isolation from the rest of the world, nor blind alignment with global frameworks that are steeped in legacy and tradition,” Badat said.
The key observation is that global standards must be consistent and robust while remaining implementable and proportionate across diverse markets. All that remained was for this ‘big picture’ commentary to dilute down into something useful for the assembled compliance professionals. Not to disappoint, the Deputy Commissioner called for a rethink of compliance as a strategic rather than a control function. She reframed compliance professionals as forward-looking partners that act as champions of innovation and guardians of fair outcomes.
In the old world, compliance was brought in at the tail end of product innovation, often to address ‘red flags’ raised by audit staff or the regulator. Today, compliance is involved from the very beginning as ‘bridge builders’ between innovation and regulation.
The win-win-win of future-fit compliance
“Compliance helps to shape strategy and governance frameworks; design controls into the system; ensure transparency in decision-making; and keep lines of communication with the regulator open,” Badat concluded. The result is a faster product launch with greater regulatory confidence and customer trust.
Writer’s thoughts:
Today’s article hints suggests that compliance has evolved from control and oversight to business enablement. How can advisers and brokers improve compliance outcomes given the function is often outsourced? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
