Technologies such as cloud-based systems, artificial intelligence and distributed ledgers are creating new risks for financial institutions, requiring a new approach to regulation, a new study has found.
The report comes days before the introduction of the General Data Protection Regulation (GDPR), which will allow data regulators to impose much more severe penalties in the event of information breaches.
The study from the UK Finance industry lobby group and management consultancy Parker Fitzgerald found that new technologies could allow lenders to significantly reduce their operational costs, but also meant operational, as well as systemic, threats to the sector.
The study said regulatory processes must change in order to account for such changes.
“As firms adapt so too must the regulatory principles under which they operate,” the report said. “This process should consider both how to achieve a consistent treatment internationally and also how capital charges could be evolved to place greater emphasis on the effective management of technology and cyber risks.”
The growth of outsourcing to cloud providers means more efficiencies, but also exposes lenders to cyber-vulnerabilities, said the Sustainable Financial Services in the Digital Age report.
Banks are exploring the use of AI to inform business decisions and distributed ledgers such as the blockchain to make transactions more efficient, including insurers’ use of machine learning to calculate premiums and clearing houses using blockchain to make the settlement of securities and derivatives less costly.
Regulators are currently uncertain how to effectively supervise these new business processes, and are also concerned about putting so much power into the hands of Amazon, Google and Microsoft, the top three cloud infrastructure providers for banks and insurers, the study said.
Collaborative relations with tech companies may also turn more competitive in the future, with tech companies increasingly offering financial services such as business loans or payment services.
Large tech firms’ immense resources mean they can “monetise on insight with speed and scale”, the study said.
The report noted that regulators’ treatment of cloud providers as standard outsourcers, with physical on-site visits to facilities, is outdated, with such facilities being located in increasingly remote areas.
“The industry is working hard to develop technology and watertight risk programmes, but only collaboration with policymakers and regulators, both domestic and cross-border, will facilitate success,” said Dan Crisp, director of technology and digital at UK Finance.
Matthew Hayday, leading partner for global technology services at Parker Fitzgerald, said financial firms need to understand how future regulations will affect their digital transformation strategies, how they can safely adopt key technologies and how they can adapt their risk frameworks.
He said it’s key for financial companies to recognise the real state of their often notoriously inefficient legacy IT estates.
“Key activities include reducing reliance on legacy systems, de-cluttering redundant systems, and using analytics to predict and quantify the impact of non-financial risks,” Hayday said.
How well do you know the cloud? Try our quiz!