What is SupTech? (A Market Overview of Supervisory Technology)

SupTech (short for “supervisory technology”) is a subset of RegTech. Whereas RegTech enables companies to be more effective at meeting their regulatory and compliance obligations, SupTech is technology for the regulators to use themselves, to support their supervisory activities, lower costs and increase their regulatory efficiency and effectiveness. The idea is that it’s not just regulated entities that can benefit from RegTech, but also the regulators themselves.

Since the 2008 financial crisis, financial regulations have increased, and other regulations have followed suit (e.g. in manufacturing, data privacy). The result is that companies, especially enterprises, have a myriad of compliance obligations that are very time consuming and for which they are at risk of being penalized. RegTech addresses this problem, helping those companies to automate their internal data collection, analysis, reporting, attestation, etc. SupTech helps regulators (aka supervisors) such as central banks and other regulators of financial institutions, insurance, manufacturing, transport, healthcare and other industries be more efficient, automated, and reduce errors and costs.

Why SupTech?
The most often cited motivations for developing SupTech applications are:

1. Enhanced effectiveness of the regulator e.g. by automating some or all of the data collection and data analysis steps, detecting compliance issues automatically
For regulators, a major consideration is how well they are preventing non-compliance or catching it if it does occur. How many cases can they look at? How deep can they dive into the data? How quickly can they spot problems? (see article)

2. Reduced costs e.g. through improved data collection and validation before it reaches the officer. One vendor, Vizor, mentions that it is common to see poor data provided by regulated entities, which in turn can lead to errors by staff, all of which is time consuming too resolve. The "Rule of Ten" is that it costs 10x more to complete regulatory work when the data is flawed. "In some cases, regulators have been known to spend up to 16 weeks chasing, checking and validating data".

3. New capabilities that aren’t possible by humans alone, such as scanning huge volumes of market data to detect suspicious activity like insider trading and market manipulation. An example might be performing real-time scanning of media to detect suspicious behavior of regulated entities online.
 
SupTech Areas of Innovation

SupTech initiatives today fall into 2 major areas of the supervisory process: Data Collection and Data Analytics. Data Collection, especially "Data Management”, is the low-hanging fruit that can be addressed with relatively mature technology today.  Automated Reporting, Virtual Assistants, and various forms of analytics are still in the exploration phase. 

Data Collection

• Automated reporting
  • Data push vs. data pull - regulated entities regularly push data (via M2M API) or Regulators can pull data directly from entities programmatically
  • Real-time monitoring, e.g. ingest real-time feeds of market activity
• Data Management
  • Data Validation
  • Data Consolidation, connecting multiple sources of structured (e.g. annual submission) and unstructured data (e.g. press reviews) for analysis
  • Reports (aka Visualization)
• Virtual assistance via AI Chatbots
  • Chatbots for consumer complaints
  • Chatbots to help regulated entities

Data Analytics

• Market Surveillance
  • Suptech applications allow huge amounts of data to be analysed for market surveillance and the detection of suspicious trading, e.g. insider trading, market manipulation
• Misconduct Analysis
  • Many suptech applications concentrate on the detection of possible AML and CFT infringements.
  • ML algorithms can help to identify possible fraud and predict mis-selling
• Macro and micro-prudential supervision
  • ML can be used for credit risk evaluation, Neural networks can be used to detect liquidity risks
  • Suptech applications may also be useful in identifying signals of emerging risks in the financial system, financial stability analysis, policy evaluation
  • Public sentiment analysis

Still Early Days…
The 2018 paper Innovative technology in financial supervision (suptech) – the experience of early users shows the early state of the market. Some central banks are experimenting with advanced tech like cloud computing, AI/ML, NLP, etc. in these areas.

Independent SupTech Vendors
These solutions focus on data collection, data validation, workflow engine and reporting. They all list central bank clients who use their software to support regulatory/supervisory activity. The two most cited are Vizor and BearingPoint.

Vizor (acquired in 2021 by BearingPoint)

• 120-person company, HQ in Ireland
• Case studies: Bank of England central bank, Saudi Arabia (SAMA), central bank of Brunei Darussalam, various others
• Recognized “best RegTech vendor” 2019 and 2018 by CentralBanking.com. “Vizor, another key regtech player, takes the award for Global Regtech Provider of the Year. The firm already counts a long list of central banks among the clients of its regulatory reporting software, and it added the Monetary Authority of Singapore in 2019. Vizor is building a “Data Gateway” for the MAS, which will launch in 2020.”

BearingPoint (Abacus Regulator)

• Amsterdam-based, 10,000 employee management consulting
• Own the reg.tech domain
• “Abacus360 Regulator” product is used by European Central Bank (ECB) and several other central banks in European countries such as Austria.
• Also recognized with awards from CentralBanking.com such as 2018 best data management solution for central banking

SQLPower

• 20-person company, HQ in Toronto
• IT System for CIMA (Cayman Islands Monetary Authority), Trinidad and Tobago Securities and Exchange Commission (TTSEC), and may have implemented the IT System for DICO (Deposit Insurance Corporation of Ontario) 
• Feature demo videos of their software online and a 30-day free trial

eProseed

• 160 employees, HQ in Luxembourg
• Oracle Platinum partner specializing in fintech, featuring a platform for central banks supervisory role made up of different Oracle components such as Oracle Fusion Middleware which includes Oracle BPM as the workflow engine

Donnelly Financial Solutions (DFIN)

• 1,600 employees, public company spun out of RR Donnelly, HQ in Chicago
• Own Edgar Online, the platform that is used by the SEC. Not clear that they have an end-to-end SupTech solution beyond this, but they may have key components that could be used in an overall solution by a central bank. 

CRM and BPM Technology
It is also possible to implement SupTech by customizing a CRM solution such as Microsoft Dynamics, Salesforce.com, ZenDesk, Zoho, PipeDrive, or a traditional iBPMS solution such as Pegasystems, Oracle, Appian, AgilePoint. These systems have extensively customizable workflow and business rules engines which drive all the SupTech rules and can be the basis for automating much of the day-to-day supervisory work.

Here is an illustrated example of Oracle’s BPM solution, part of Oracle’s middleware, being used to design a workflow for a central bank (“In this demo I will be simulating a Banking Supervision process where a specific department of a Central Bank is responsible for over-sighting it's financial institutions and based on certain decision points various documents are required to be generated.”)

Gartner’s 2019 Magic Quadrant for iBPMS lists trade-off’s of 20 major vendors in the space. For example, AgilePoint is easy-to-use and has a strong integration with Microsoft Dynamics , but its analytics and decision support capabilities are limited, a trade-off to consider. ServiceNow has workflow engine capabilities, but is not considered a full-featured BPM solution.

Reporting aka Data Visualization
In a supervisory regime, reporting and data visualization requirements must be carefully considered.

IBM for example makes the case for its advanced visualization package that most BPMs don’t have out of the box: “Many supervisory agencies apply technology for data visualization. Data after all do not equal information. Powerful visualization tools are required, given the quantity, density and complexity of data, to present information to supervisors in a readily comprehensible way. IBM i2 and associated iBase information schemes are applications for data and network visualization analytics used by ASIC to represent temporal, associative and causal relationships from structured data sources.”

Abacus Regulator visualizes reported data in reporting templates or tables “depending on the definitions by EBA, EIOPA or ECB.” I believe these are European central bank reporting standards. Will we have any specific reporting format or standard to meet for external authorities?

XBRL data standard
As SupTech shifts the industry from documents to machine-readable structured data there is growing interest in the XBRL standard, an offshoot of XML, that is already used by a handful of financial institutions internationally. In 2018 SEC made the decision to mandate the use of XBRL. The U.S. Federal Energy Regulatory Commission (FERC) announced a plan to transition from document-based reporting to standardized XBRL data reporting and analysis. The long-term goal of using structured data, in particular using an industry standard format, is to make filing easier, more consistent and accurate for filers, and for regulators make information that was difficult to use more searchable and user-friendly.

Today XBRL is still just an emerging standard and one of the drawbacks is a lack of semantic context of XBRL tags (basically, every regulators and regulated entities can create their own custom XBRL tags and there’s no established standard on how to interpret custom tags). FIBO is an initiative to make XBRL more semantically meaningful, still allowing for custom tags but that must derive from a standard set of base tags.

Pitfalls of IT Solutions Today

Some pitfalls noted across the literature in using IT solutions for supervisory work:

• Working with structured data
  • Implementing a system primarily around structured data can result in inflexible IT systems, especially for data collection and analysis
  • Supervisors have an increasing need for ad-hoc requests, and it’s hard to control and store the data collected ad-hoc within a structured system
  • No agreed data model standards exist yet, with XBRL still emerging
  • Taxonomy design – in the aforementioned FERC project, DFIN not only provided technology but also services for “data point modelling, taxonomy design, XBRL database, storage and analysis” (presumably vendors may suggest to help us with the same, to ensure we are not locked in to the wrong data model)

• Workflow configurability
  • Some systems are limited in their workflow configurability. For example vendor SQLPower says “The regulator was forced to rely on the vendor to constantly make technical changes to rules for data collection, straining monetary resources. The decision was made to displace the incumbent software vendor with a comprehensive solution offering business user self-sufficiency to minimize reliance on outside consultants.”
  • On the other hand, some enterprise BPM systems may be too heavy / overkill for our RPO solution

• For any automated decision support, false positive and false negatives could be a distraction to the officer

• Data publishing, exchange with other authorities, reporting and dissemination all take time and can involve a lot of manual data preparation

• Non-functional challenges - data privacy, security and integrity

​

• Some vendors’ IP may have been conceived for an initial customer (e.g. SQLPower.ca for CIMA) and may be difficult to customize to the regulator's unique requirements​