HKMA published the seventh and final issue of the Regtech Watch series, which outlines the three-year roadmap of HKMA to integrate supervisory technology, or suptech, into its processes. Through greater use of suptech, HKMA aims to enhance the effectiveness and forward-looking capability of its supervisory processes. HKMA also launched a new regtech adoption practice guide series to provide banks with detailed practical guidance on the implementation of regtech solutions. The series forms part of the two-year regtech promotion roadmap announced by HKMA in November 2020. This issue provides guidance on the cloud-based regtech solutions.
Guide on cloud-based regtech solutions
The published regtech adoption practice guide provides an overview of the technology behind cloud-based regtech solutions, outlines the common challenges in cloud-based regtech adoption, and shares information on how others have addressed these challenges to successfully adopt regtech solutions in their organizations. As noted in the first issue of the guide, cloud computing is a key underpinning technology behind regtech solutions. The use of cloud technology for regtech solutions offers several benefits, including timely offsite support, fast implementation, and highly scalable solutions. The guide explains how cloud-based regtech solutions can be used to support risk management and compliance. It illustrates the benefits of leveraging cloud-based regtech solutions and describes key barriers and risks when adopting cloud-based regtech solutions. The document also provides practical implementation guidance to banks on the adoption of cloud-based regtech solutions. It outlines the following key components of cloud-based regtech implementation, particularly in response to the key barriers and risks of adoption for banks:
- Banks should establish four elements to be ready for cloud adoption— cloud strategy, governance committee, cloud responsibility, and cloud assessment framework.
- To select the most suitable regtech solution, banks should evaluate their business requirements and security needs, perform business value analysis, and review service-level agreements.
- When implementing cloud-based regtech, banks could consider adopting Application Programming Interface (API) methodology for seamless transformation and introduce flexibility in architecture design for future-proofing.
- Continuous monitoring of cloud activities and data protection through data governance framework are essential to ensure cloud security and avoid non-compliance issues.
The guide also shares use cases on the adoption of cloud-based regtech solutions, describing the challenges faced by a bank and the way a regtech solution helped to resolve these challenges. The guide outlines the key lessons learned from successful regtech implementation, from the perspectives of both the bank and the regtech provider. One of the use cases involves submission of a regulatory report, wherein bank needed to meet the specified data structure and prepared the report accordingly. The use case demonstrates how cloud-based regtech solutions can be leveraged to automate the reporting process. By virtue of the cloud-based regtech solution, the bank was able to respond to regulatory updates with agility, enhanced mobility, and improved user experience. Another use case pertains to the cloud-based, artificial intelligence-enabled client information management platform, which allowed a bank to automate the assessment and classification of unstructured documents for each customer; along with a built-in workflow, the bank was able to significantly increase efficiency, moving from a manual process averaging 11 hours per case to five hours per case. The bank adopted the cloud-based regtech platform solution as it wanted to build a scalable solution that could meet business demands and enhance customer experience.
Three-year suptech roadmap
HKMA is now in the initial stages of implementing its suptech roadmap. As with other major structural changes, HKMA will take a measured and incremental approach to embrace suptech. Efforts will first be made to lay down a solid “backbone” or the “foundational” initiatives of the suptech roadmap, which in turn will support the subsequent deployment of more advanced and sophisticated technologies to enhance the supervisory processes. With this in mind, the first step in the suptech journey involves a series of proof-of-concepts to test the feasibility of suptech solutions. The initial focus is placed on developing a centralized platform (so that supervisors can view and access information about authorized institutions in a single location) and building a knowledge management system for storing structured supervisory information (for example banking returns) and unstructured information (such as board minutes and internal audit reports). Once the foundational initiatives are in place, HKMA will turn its attention to the adoption of advanced analytics techniques. These techniques focus on enhancing the ability to detect early risk signals, which in turn will improve the HKMA’s forward-looking capabilities. Accordingly, a later step in the suptech journey will be to explore automated intelligence gathering and machine learning techniques that will allow the capture and processing of large amounts of structured and unstructured information, from both proprietary sources such as banking statistics and publicly available sources such as social media posts. Since HKMA is still at an early stage of its suptech journey, significant uncertainty remains regarding the final solutions and tools that will be deployed amid evolving technological developments.
Keywords: Asia Pacific, Hong Kong, Banking, Regtech, API, Data Governance, Suptech, Cyber Risk, Cloud Computing, Reporting, Basel, Internal Controls, Suptech Strategy, HKMA
Previous ArticleEIOPA Revises Impact Assessment of 2020 Solvency II Review
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.
The European Securities and Markets Authority (ESMA) published a paper that examines the systemic risk posed by increasing use of cloud services, along with the potential policy options to mitigate this risk.
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.
The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.
The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),
The Swiss National Bank (SNB) published Version 1.2 of the reporting forms (NSFR_G and NSFR_P) on the net stable funding ratio (NSFR) of banks, along with the associated documentation.
The Farm Credit Administration published, in the Federal Register, the final rule on implementation of the Current Expected Credit Losses (CECL) methodology for allowances