Risk-based and Data-led: Can the UK’s Financial Conduct Authority Meet its Ambition?

In July this year, as part of a commitment made in the UK government’s Economic Crime Plan (2019–2022) and in the context of its new post-Brexit autonomy, HM Treasury launched its consultation to review potential amendments to the Money Laundering Regulations (MLRs) 2017 and the UK’s financial crime regulatory and supervisory regimes. In the rapidly evolving financial crime landscape, regulation needs to keep pace with the rise of new technologies that are constantly changing the face of finance and financial crime, by developing more sophisticated supervisory systems and processes that are targeted and dynamic.

Action 34 of the Economic Crime Plan requires the FCA to have greater ‘impact across the range of firms it supervises through greater use of intelligence and data’. Similarly, the consultation on the MLRs focuses on improving data gathering and sharing, and suggests giving supervisors access to Suspicious Activity Reports (SARs) filed by their respective regulated entities. With the possibility that the FCA will in the future be required to analyse even more data, assessing the supervisor’s progress against Action 34 and its commitment to become a data-led supervisor is apt.

Towards More Data… Quality?

Led by CEO Nikhil Rathi’s belief that data is the ‘lifeblood of the regulator’, the FCA aims to deliver data-led supervision. This is outlined in its 2021 Business Plan webinar as well as its 2020 response to the independent reviews of the FCA’s regulation of London Capital & Finance and Connaught. Both reports identify serious supervisory failures, which have led the FCA to commit to ‘becoming a more data-enabled regulator through the recruitment of a Chief Data, Information and Intelligence Officer and the establishment of a separate programme of change that transforms the way we handle and prioritise information and intelligence’. This is not surprising, as according to Mr Rathi, the ‘FCA has seen a 200% rise in the volume of data’ it processes, and the 20,000 entities the FCA currently supervises are continuously increasing their own use of data for compliance purposes.

It is therefore imperative for the FCA to match this advance, become more innovative and enhance its capacity to collect, store, clean, analyse and interpret increasing volumes of data. For example, the FCA now supervises a new regulated population, Virtual Asset Service Providers – institutions that service the cryptocurrency industry. Furthermore, the FCA announced earlier this year that it is extending its annual financial crime reporting obligation from 2,500 to an additional 4,500 firms. This will become effective in March 2022.

The scope and scale of the FCA’s responsibilities are therefore rapidly expanding – as is the data to which it will have access. From March 2022, the FCA will, for example, have access to more data on the number of politically exposed persons, high-risk customers, internally escalated suspicious cases, and investigative orders received from law enforcement agencies, on which it can base its supervisory activity. While this increase in data may bring advantages, it also presents challenges in terms of quality and integrity. For example, data is often maintained by banks in multiple systems, which are legacies of previous institutions that have been merged or acquired. Data sources are therefore often fragmented and incomplete, requiring the FCA to challenge institutions when discrepancies are identified.

Thus, although the Risk-based Approach to supervision promoted by the FCA is informed by data, the quality of the data varies, presenting a clear obstacle to the FCA’s ability to better target high-risk firms and enhance its financial crime supervisory role. Put simply, more data does not necessarily mean more quality, or more effective supervision. This is where technology can help.

Innovative Technology and Supervision

Innovative technology applied to financial supervision (so-called SupTech) includes tools such as artificial intelligence and machine learning, employed to automate, streamline and digitise data collection and analytics. As the private sector is adopting RegTech to meet its regulatory requirements, the FCA is exploring SupTech (for example, in 2019 the FCA held a Techsprint on data sharing) to enhance its supervision and facilitate the testing of regulated firms’ systems and controls on a more dynamic and real-time basis to replace the current programmatic approach.

The UK’s current timeline towards SupTech adoption to tackle financial crime is unclear. HM Treasury and the FCA should take advantage of the current consultation process to explore best practices around the globe. This would help identify approaches, challenges and lessons from other supervisors, potentially facilitating SupTech adoption at home and enabling the FCA to progress towards a position where it can make more effective use of intelligence and data.

How Do Others Compare?

The case of Singapore demonstrates that commitment and material investment from the government and the supervisor – in this case the Monetary Authority of Singapore (MAS) – can deliver best-practice SupTech adoption for financial crime supervision. The MAS has equipped itself to match and respond to the increasing expectations placed on the private sector to combat financial crime.

As noted earlier, governments need to be willing to investigate, develop and implement appropriate processes and systems to enable relevant agencies to perform effective analysis. In the case of Singapore, prior to its adoption of SupTech, the MAS first liaised with other supervisors and financial intelligence units that were ahead in their analytics journey to learn from their experiences. In addition, the MAS secured the buy-in – and thus involvement – of financial institutions, as developing a solution collectively was essential. Furthermore, key processes were redesigned to make sure innovative technological models that were adopted for analysis could operate appropriately.

Computers are Useless. They Can Only Give You Answers (Pablo Picasso)

A final consideration for the FCA on its journey towards becoming a data-led supervisor is the need to be cognisant of regulatory issues that inevitably emerge as a consequence of adopting SupTech. The Financial Action Task Force (FATF) recognises in its report on data pooling, collaborative analytics and data protection the many challenges of implementing financial crime data analytics. These include personal information protection, governance, explainability and interpretability. The ethical implications of adopting SupTech tools need to be identified, agreed upon and documented, to enable accountability. Any institution needs to trust the tool it is using and the ‘answers’ it provides, and to be comfortable with an inevitable pre-defined error rate. As the FATF notes, ‘This is especially the case when a decision is based on a high level of automation and has a direct impact on customers’. The ability to explain what happens ‘in the box’, from input to output, ensures transparency of decision-making, which in turn preserves the institution’s credibility – an imperative for any organisation and even more so for a supervisor.

With Great Data Comes Greater Accountability

Bringing more data, such as SARs, into the core of the FCA’s supervisory dataset does not necessarily mean ‘greater use’ of data and greater impact on firms. However, it implies greater expectations. The UK government and the FCA will have to display the strategic thinking and level of commitment observed elsewhere. This is fundamental to preserving the supervisor’s reputation and credibility. Meaningful political leadership, commitment to structural changes, and adequate resourcing are essential. The UK’s Spending Review and the results of the consultation on the economic crime levy (a tax on the regulated sector expected to raise £100 million per year), along with the rumoured renewal of the Economic Crime Plan in 2022, will no doubt signal the government’s ambition with regards to its commitment to fighting economic crime. If the FCA is to meet its ambition to become a truly data-led supervisor, it will need to ensure it can keep pace with private sector innovation and funding.

The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.

Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.