SupTech (short for “supervisory technology”) is a subset of RegTech. Whereas RegTech enables companies to be more effective at meeting their regulatory and compliance obligations, SupTech is technology for the regulators to use themselves, to support their supervisory activities, lower costs and increase their regulatory efficiency and effectiveness. The idea is that it’s not just regulated entities that can benefit from RegTech, but also the regulators themselves.
Since the 2008 financial crisis, financial regulations have increased, and other regulations have followed suit (e.g. in manufacturing, data privacy). The result is that companies, especially enterprises, have a myriad of compliance obligations that are very time consuming and for which they are at risk of being penalized. RegTech addresses this problem, helping those companies to automate their internal data collection, analysis, reporting, attestation, etc. SupTech helps regulators (aka supervisors) such as central banks and other regulators of financial institutions, insurance, manufacturing, transport, healthcare and other industries be more efficient, automated, and reduce errors and costs.
The most often cited motivations for developing SupTech applications are:
1. Enhanced effectiveness of the regulator e.g. by automating some or all of the data collection and data analysis steps, detecting compliance issues automatically
For regulators, a major consideration is how well they are preventing non-compliance or catching it if it does occur. How many cases can they look at? How deep can they dive into the data? How quickly can they spot problems? (see article)
2. Reduced costs e.g. through improved data collection and validation before it reaches the officer. One vendor, Vizor, mentions that it is common to see poor data provided by regulated entities, which in turn can lead to errors by staff, all of which is time consuming too resolve. The "Rule of Ten" is that it costs 10x more to complete regulatory work when the data is flawed. "In some cases, regulators have been known to spend up to 16 weeks chasing, checking and validating data".
3. New capabilities that aren’t possible by humans alone, such as scanning huge volumes of market data to detect suspicious activity like insider trading and market manipulation. An example might be performing real-time scanning of media to detect suspicious behavior of regulated entities online.
SupTech Areas of Innovation
SupTech initiatives today fall into 2 major areas of the supervisory process: Data Collection and Data Analytics. Data Collection, especially "Data Management”, is the low-hanging fruit that can be addressed with relatively mature technology today. Automated Reporting, Virtual Assistants, and various forms of analytics are still in the exploration phase.
Still Early Days…
The 2018 paper Innovative technology in financial supervision (suptech) – the experience of early users shows the early state of the market. Some central banks are experimenting with advanced tech like cloud computing, AI/ML, NLP, etc. in these areas.
Independent SupTech Vendors
These solutions focus on data collection, data validation, workflow engine and reporting. They all list central bank clients who use their software to support regulatory/supervisory activity. The two most cited are Vizor and BearingPoint.
Vizor (acquired in 2021 by BearingPoint)
BearingPoint (Abacus Regulator)
Donnelly Financial Solutions (DFIN)
CRM and BPM Technology
It is also possible to implement SupTech by customizing a CRM solution such as Microsoft Dynamics, Salesforce.com, ZenDesk, Zoho, PipeDrive, or a traditional iBPMS solution such as Pegasystems, Oracle, Appian, AgilePoint. These systems have extensively customizable workflow and business rules engines which drive all the SupTech rules and can be the basis for automating much of the day-to-day supervisory work.
Here is an illustrated example of Oracle’s BPM solution, part of Oracle’s middleware, being used to design a workflow for a central bank (“In this demo I will be simulating a Banking Supervision process where a specific department of a Central Bank is responsible for over-sighting it's financial institutions and based on certain decision points various documents are required to be generated.”)
Gartner’s 2019 Magic Quadrant for iBPMS lists trade-off’s of 20 major vendors in the space. For example, AgilePoint is easy-to-use and has a strong integration with Microsoft Dynamics , but its analytics and decision support capabilities are limited, a trade-off to consider. ServiceNow has workflow engine capabilities, but is not considered a full-featured BPM solution.
Reporting aka Data Visualization
In a supervisory regime, reporting and data visualization requirements must be carefully considered.
IBM for example makes the case for its advanced visualization package that most BPMs don’t have out of the box: “Many supervisory agencies apply technology for data visualization. Data after all do not equal information. Powerful visualization tools are required, given the quantity, density and complexity of data, to present information to supervisors in a readily comprehensible way. IBM i2 and associated iBase information schemes are applications for data and network visualization analytics used by ASIC to represent temporal, associative and causal relationships from structured data sources.”
Abacus Regulator visualizes reported data in reporting templates or tables “depending on the definitions by EBA, EIOPA or ECB.” I believe these are European central bank reporting standards. Will we have any specific reporting format or standard to meet for external authorities?
XBRL data standard
As SupTech shifts the industry from documents to machine-readable structured data there is growing interest in the XBRL standard, an offshoot of XML, that is already used by a handful of financial institutions internationally. In 2018 SEC made the decision to mandate the use of XBRL. The U.S. Federal Energy Regulatory Commission (FERC) announced a plan to transition from document-based reporting to standardized XBRL data reporting and analysis. The long-term goal of using structured data, in particular using an industry standard format, is to make filing easier, more consistent and accurate for filers, and for regulators make information that was difficult to use more searchable and user-friendly.
Today XBRL is still just an emerging standard and one of the drawbacks is a lack of semantic context of XBRL tags (basically, every regulators and regulated entities can create their own custom XBRL tags and there’s no established standard on how to interpret custom tags). FIBO is an initiative to make XBRL more semantically meaningful, still allowing for custom tags but that must derive from a standard set of base tags.
Pitfalls of IT Solutions Today
Some pitfalls noted across the literature in using IT solutions for supervisory work: