Compliance departments must evolve beyond KYC and KYP to include “know your data.”
That comment came from Gouro Sall Diagne, director of supervision of deposit-taking institutions at the Autorité des marchés financiers (AMF), as she spoke on a panel at IIAC’s Fintech Summit in Toronto last Friday. She and two other regulators discussed how their organizations are using technology for oversight and supervision.
Knowing your data requires that firms put governance in place for data sharing and use, said Sall Diagne.
Dealers who rely on fintechs or other third parties to handle firm processes should ensure those processes comply with regulators’ guidelines, she said. That means dealers must be aware of what technology-driven processes do, including their purposes and potential built-in biases.
On cybersecurity, Victoria Pinnington, IIROC’s senior vice-president of market regulation, told the audience that dealers could expect a second preparedness self-assessment. (The first assessment is described in IIROC’s 2016-2017 annual report.) Also, she said IIROC would start to alert dealers to emerging cybersecurity threats.
Regulators harness the power of big data
Regulators shared how new technology allows improved oversight of registrants and markets. “We can identify problems as they arise,” said Sall Diagne, and develop supervision that’s proportional to the risk faced by a market participant.
Specifically, the AMF uses machine-learning for oversight efficiency, she said. Big data–enabled strategies allow the regulator to “spend less time and effort on detection and more time on investigation and prosecution,” she said.
“We live in a big data world,” said Alexandru Badea, case lead for the OSC’s market abuse team, speaking on the same panel. Marketplaces and alternate trading systems are mass producers of data, he said—data that regulators must consume and analyze to protect investors. The OSC recently hired data scientists and put together an analytics team for data-driven oversight and investigations.
“It’s been a success to date,” said Badea, referring to the resulting enforcement, which is quicker for certain types of investigations and cases, like spoofing.
An increased emphasis on effective collection, management and use of data is part of the OSC’s 2018-2019 statement of priorities.
Pinnington said IIROC developed its analytics team in-house, motivated by the SRO’s “enormous” equity data set, as well as debt data, acquired more recently.
The IIROC team’s focus was initially external, she said, to assess data and gain insight about marketplace trends and data-driven policy decisions. Recently, the focus has expanded to be internal, to bring “added value to how we carry out our mandate,” she said.
The SRO is also moving forward with a big data approach, said Pinnington, and referred to IIROC’s paper on how supervised machine-learning can be used to identify groups of traders by behaviour. “We are continuing to build on that to get much more of a micro-level view of what behaviours are happening—both good and suspicious.”
IIROC has also built a visualization tool “that sits on an aggregate level of data, which allows us to do some fairly intensive analytics.” The tool may be made publicly available under strict conditions, she added.
Sall Diagne said that the AMF’s fintech lab is testing new technology like AI to enhance its intervention tool, and is working on gathering both structured data, from disclosure, and non-structured data, from social media, for example.
While regulators know what certain market behaviours look like, Pinnington said she’s concerned about potential behaviours that aren’t yet known. That’s where AI in particular will help regulators assess market activity and whether it’s suspicious or not, and whether rules need to be adjusted, she said.
Sall Diagne added that multi-jurisdictional fintechs are entering the market, so greater co-operation and co-ordination are needed among regulators.