HKMA published the seventh and final issue of the Regtech Watch series, which outlines the three-year roadmap of HKMA to integrate supervisory technology, or suptech, into its processes. Through greater use of suptech, HKMA aims to enhance the effectiveness and forward-looking capability of its supervisory processes. HKMA also launched a new regtech adoption practice guide series to provide banks with detailed practical guidance on the implementation of regtech solutions. The series forms part of the two-year regtech promotion roadmap announced by HKMA in November 2020. This issue provides guidance on the cloud-based regtech solutions.
Guide on cloud-based regtech solutions
The published regtech adoption practice guide provides an overview of the technology behind cloud-based regtech solutions, outlines the common challenges in cloud-based regtech adoption, and shares information on how others have addressed these challenges to successfully adopt regtech solutions in their organizations. As noted in the first issue of the guide, cloud computing is a key underpinning technology behind regtech solutions. The use of cloud technology for regtech solutions offers several benefits, including timely offsite support, fast implementation, and highly scalable solutions. The guide explains how cloud-based regtech solutions can be used to support risk management and compliance. It illustrates the benefits of leveraging cloud-based regtech solutions and describes key barriers and risks when adopting cloud-based regtech solutions. The document also provides practical implementation guidance to banks on the adoption of cloud-based regtech solutions. It outlines the following key components of cloud-based regtech implementation, particularly in response to the key barriers and risks of adoption for banks:
- Banks should establish four elements to be ready for cloud adoption— cloud strategy, governance committee, cloud responsibility, and cloud assessment framework.
- To select the most suitable regtech solution, banks should evaluate their business requirements and security needs, perform business value analysis, and review service-level agreements.
- When implementing cloud-based regtech, banks could consider adopting Application Programming Interface (API) methodology for seamless transformation and introduce flexibility in architecture design for future-proofing.
- Continuous monitoring of cloud activities and data protection through data governance framework are essential to ensure cloud security and avoid non-compliance issues.
The guide also shares use cases on the adoption of cloud-based regtech solutions, describing the challenges faced by a bank and the way a regtech solution helped to resolve these challenges. The guide outlines the key lessons learned from successful regtech implementation, from the perspectives of both the bank and the regtech provider. One of the use cases involves submission of a regulatory report, wherein bank needed to meet the specified data structure and prepared the report accordingly. The use case demonstrates how cloud-based regtech solutions can be leveraged to automate the reporting process. By virtue of the cloud-based regtech solution, the bank was able to respond to regulatory updates with agility, enhanced mobility, and improved user experience. Another use case pertains to the cloud-based, artificial intelligence-enabled client information management platform, which allowed a bank to automate the assessment and classification of unstructured documents for each customer; along with a built-in workflow, the bank was able to significantly increase efficiency, moving from a manual process averaging 11 hours per case to five hours per case. The bank adopted the cloud-based regtech platform solution as it wanted to build a scalable solution that could meet business demands and enhance customer experience.
Three-year suptech roadmap
HKMA is now in the initial stages of implementing its suptech roadmap. As with other major structural changes, HKMA will take a measured and incremental approach to embrace suptech. Efforts will first be made to lay down a solid “backbone” or the “foundational” initiatives of the suptech roadmap, which in turn will support the subsequent deployment of more advanced and sophisticated technologies to enhance the supervisory processes. With this in mind, the first step in the suptech journey involves a series of proof-of-concepts to test the feasibility of suptech solutions. The initial focus is placed on developing a centralized platform (so that supervisors can view and access information about authorized institutions in a single location) and building a knowledge management system for storing structured supervisory information (for example banking returns) and unstructured information (such as board minutes and internal audit reports). Once the foundational initiatives are in place, HKMA will turn its attention to the adoption of advanced analytics techniques. These techniques focus on enhancing the ability to detect early risk signals, which in turn will improve the HKMA’s forward-looking capabilities. Accordingly, a later step in the suptech journey will be to explore automated intelligence gathering and machine learning techniques that will allow the capture and processing of large amounts of structured and unstructured information, from both proprietary sources such as banking statistics and publicly available sources such as social media posts. Since HKMA is still at an early stage of its suptech journey, significant uncertainty remains regarding the final solutions and tools that will be deployed amid evolving technological developments.
Keywords: Asia Pacific, Hong Kong, Banking, Regtech, API, Data Governance, Suptech, Cyber Risk, Cloud Computing, Reporting, Basel, Internal Controls, Suptech Strategy, HKMA
Previous ArticleEIOPA Revises Impact Assessment of 2020 Solvency II Review
The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.
The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).
The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.
The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.
The European Banking Authority (EBA) published the final report on draft regulatory technical standards for the calculation of risk-weighted exposure amounts of collective investment undertakings or CIUs, in line with the Capital Requirements Regulation (CRR).
The Board of Governors of the Federal Reserve System (FED) published a report that summarizes banking conditions in the United States, along with the supervisory and regulatory activities of FED.
The Australian Prudential Regulation Authority (APRA) recently completed two pilot initiatives in its 2020-2024 Cyber Security Strategy, which was published in November 2020.
The Basel Committee on Banking Supervision (BCBS) published further information related to its 2021 assessment of global systemically important banks (G-SIBs), with additional details to help understand the scoring methodology.
The Financial Accounting Standards Board (FASB) is consulting on an Accounting Standards Update and the associated taxonomy improvements for requirements on troubled debt restructurings and vintage disclosures under the credit losses standard (for financial instruments) topic 326.
US Agencies issued a statement that summarizes the work undertaken during the interagency policy sprints focused on crypto-assets and provides a roadmap of future work related to crypto-assets.