Dic 082018

Insurers have made increasing use of cloud computing in recent years. Cloud services were initially applied to business support functions, such as customer management or collaboration applications. Currently, cloud computing is being used in core business functions, such as product development, distribution, underwriting or claims administration.

Cloud computing brings a number of benefits to the insurance industry. It lets insurers share available-on-demand networks, servers, storage, application and services that can be rapidly scaled up or down, and accessed anytime and anywhere. In this way, cloud computing allows insurers to quickly launch new products and services, make business processes more efficient and reduce information technology (IT) costs.

The use of third-party cloud computing services may pose risks that are different from traditional outsourcing arrangements. Besides the operational risks of any outsourcing activity, cloud computing may pose additional risks to the insurance sector, given (i) shared computing resources in some cloud deployment models; (ii) the type of information that is stored and processed; (iii) the different geographical location of computing resources and providers; as well as (iv) the small number of global cloud providers, resulting in market concentration that could have systemic implications. The cross-border nature of cloud services complicates the effective oversight of all these risks.

The Financial Stability Institute (FSI) of the bank for International Settlement (BIS) outlines the emerging regulatory and supervisory approaches in selected jurisdictions to cloud computing activities in the insurance sector. Using publicly available information and interviews with relevant officials, we analyse the regulatory and supervisory approaches of 14 authorities worldwide and present key insights on the emerging prudential treatment of cloud computing in the insurance industry.

Authorities apply their frameworks for general outsourcing and for governance, risk management and information security to cloud computing. Some authorities include cloud-specific sections in these frameworks. Other authorities have issued cloud-specific recommendations or supervisory expectations. Regardless of the approach taken, cloud computing arrangements are subject to regulatory requirements only if they are deemed as material. However, the criteria for deciding whether such arrangements are material vary across jurisdictions.

Regulatory frameworks have a number of common requirements and expectations for cloud computing. Authorities generally focus on (i) the adequacy of information security and data confidentiality; (ii) the strength of IT and cyber-security capabilities at cloud service providers; (iii) the effectiveness of recovery and resumption capabilities; and (iv) the adequacy of audit rights (ie the supervisory authority’s access to documentation and information, and ability to conduct on-site inspections at the provider). Also, authorities are generally using non-binding guidance through principles and recommendations and adopting a proportionate approach (ie tailored to reflect the size, complexity or risk profile of financial institutions or outsourced service).

Cloud computing outsourcing arrangements are generally supervised as part of the oversight of operational risks. Authorities usually assess cloud computing practices as part of insurance companies’ off-site and on-site reviews of operational risk, following a risk-based approach. Before an insurer enters into a cloud servicing agreement, some authorities require notification, while others prescribe a consultation or approval process: the approaches to this communication vary widely. At the very least, most authorities expect informal communication from insurers on their material cloud computing plans.

Authorities are increasingly using thematic reviews and informal contacts with cloud providers to complement their oversight of the cloud computing business. Targeted reviews on the use of cloud services in the financial/insurance industry or on closely related areas such as information security risks are helping authorities to gain an industry-wide perspective on cloud computing. In addition, some authorities have established a dialogue with cloud service providers with the aim of better understanding the cloud services business and, in particular, its evolution over time. This helps supervisors to evaluate how insurers are managing cloud-related risks.

The study yields some useful insights on the emerging regulatory and supervisory approaches for cloud computing in the insurance sector. Some key specific considerations for insurance authorities include:

  • There is value in clarifying regulatory/supervisory expectations on insurers’ use of cloud computing services. The usefulness of this approach is to address the unique risks posed by cloud computing and to provide a reasonable level of regulatory certainty with respect to the use of cloud services by the financial industry.
  • Developing a supervisory framework to assess concentration risk in cloud computing is work in progress. While authorities generally acknowledge that reliance on a relatively small number of providers may result in systemic risk for insurers, very few perform industry reviews of the concentration risks arising from cloud service providers.
  • Enhancing cross-border cooperation, particularly in terms of information-sharing, is essential for the effective supervision of the cloud computing business. Users and providers of cloud services may be located in different jurisdictions. Even if they are physically in the same place, data storage could be elsewhere. Therefore, international cooperation between different national authorities, in particular by sharing relevant information on cloud service providers, is especially important when it comes to ensuring effective oversight of cloud activities.


Regulating and supervising the clouds: emerging prudential approaches for insurance companies (PDF)

Dic 082018
  1. The Financial Stability Board (FSB), in consultation with Basel Committee on Banking Supervision (BCBS) and national authorities, has identified the 2018 list of global systemically important banks (G-SIBs), using end-2017 data and the updated assessment methodology published by the BCBS in July 2013. One bank has been added to and two banks have been removed from the list of G-SIBs that were identified in 2017, and therefore the overall number of G-SIBs decreases from 30 to 29 (see Annex).
  2. The changes in the allocation of the institutions to buckets (see below for details) reflects the effects of changes in underlying activity of banks.
  3. In November 2011 the FSB published an integrated set of policy measures to address the systemic and moral hazard risks associated with systemically important financial institutions (SIFIs). In that publication, the FSB identified as global systemically important financial institutions (G-SIFIs) an initial group of G-SIBs, using a methodology developed by the BCBS. The November 2011 report noted that the group of G-SIBs would be updated annually based on new data and published by the FSB each November.
  4. FSB member authorities apply the following requirements to G-SIBs:

    Higher capital buffer: Since the November 2012 update, the G-SIBs have been allocated to buckets corresponding to higher capital buffers that they are required to hold by national authorities in accordance with international standards. Higher capital buffer requirements began to be phased in from 1 January 2016 for G-SIBs (based on the November 2014 assessment) with full implementation by 1 January 2019. The capital buffer requirements for the G-SIBs identified in the annual update each November will apply to them as from January fourteen months later. The assignment of G-SIBs to the buckets, in the list published today, determines the higher capital buffer requirements that will apply to each G-SIB from 1 January 2020.

    Total Loss-Absorbing Capacity (TLAC): G-SIBs are required to meet the TLAC standard, alongside the regulatory capital requirements set out in the Basel III framework. The TLAC standard will be phased-in from 1 January 2019 for G-SIBs identified in the 2015 list (provided that they continue to be designated as G-SIBs thereafter).

    Resolvability: These include group-wide resolution planning and regular resolvability assessments. The resolvability of each G-SIB is also reviewed in a high-level FSB Resolvability Assessment Process (RAP) by senior regulators within the firms’ Crisis Management Groups.Higher supervisory expectations: These include supervisory expectations for risk management functions, risk data aggregation capabilities, risk governance and internal controls.

  1. In November 2014 the BCBS published a technical summary of the methodology. The BCBS publishes the annually updated denominators used to calculate banks’ scores and the thresholds used to allocate the banks to buckets and provides the links to the public disclosures of the full sample of banks assessed, as determined by the sample criteria set out in the BCBS G-SIB framework. From this year, the BCBS also publishes the twelve high-level indicators of the banks in the main sample used in the G-SIB scoring exercise.
  2. The BCBS published in July 2018 a revised version of its assessment methodology, replacing the July 2013 version.10 The revised assessment methodology will take effect in 2021 (based on end-2020 data), and the resulting higher capital buffer requirement would be applied in January 2023.
  3. A new list of G-SIBs will next be published in November 2019.

Table 1: G-SIBs as of November 201811 allocated to buckets corresponding to required levels of additional capital buffers

Source:  Financial Stability Board FSB G-SIB18

Dic 072018

Benoît Cœuré, Member of the Executive Board of the ECB, informed the audience  of the second meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures on the latest development in cyber finance across European markets.

The cyber threat facing the financial sector continues to be a challenge. From banking trojans affecting individual customers to systemic threats posed by ransomware and targeted attacks from advanced persistent threat (APT) groups, the landscape is evolving on a daily basis.

The Eurosystem cyber strategy for financial market infrastructures rests on three pillars: individual FMI resilience, sector resilience and strategic regulator-industry collaboration. I am pleased that in the last few months, the ECB and the Eurosystem have made significant progress in putting in place the building blocks for enhancing the cyber resilience of the European financial ecosystem and operationalising the strategy.

The ECB developed two key tools to improve FMI resilience: the cyber resilience oversight expectations (CROE and the TIBER-EU Framework.

The CROE serves three key purposes: (i) it provides FMIs with detailed steps on how to operationalise the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures, ensuring they are able to make improvements and enhance their cyber resilience over a sustained period of time; (ii) it provides overseers with clear expectations against which to assess FMIs under their responsibility; and (iii) it provides the basis for a meaningful discussion between the FMIs and their respective overseers.  The central banks of the Eurosystem will work closely with the various financial infrastructures to enhance their cyber resilience, with the CROE serving as a good basis for this work.

Enhancing cyber resilience is of crucial importance. Equally important, however, is to test whether the enhancements that have been introduced by individual entities are effective. To that end, the ECB published the TIBER-EU Framework in May and the TIBER-EU Services Procurement Guidelines in August. The hope is that over time, this sophisticated level of testing will help strengthen our financial infrastructures and raise standards among threat intelligence and red team testing providers.

In terms of sector resilience, exercises are a key component of building market-wide preparedness for a cyber incident. In March, we told you about our forthcoming market-wide exercise, which we held in June. The exercise, UNITAS, took the form of a facilitated discussion among market participants – many of whom are here today – on a cyber scenario. The scenario involved a cyberattack on a number of financial infrastructures, resulting in a loss of data integrity and a knock-on effect on other financial infrastructures.

With regard to strategic regulator-industry collaboration, our third pillar, the Euro Cyber Resilience Board (ECRB) for pan-European Financial Infrastructures was formally established in March 2018, as a forum for strategic discussions between financial infrastructures and authorities. As you know, our objectives are to raise awareness of the topic of cyber resilience; to act as a catalyst for joint initiatives to develop effective solutions for the market; and to provide a place to share best practices and foster trust and collaboration.

Of course, cyber risk is borderless and it is an international issue. So the Eurosystem’s initiatives are part of a growing international effort to combat cyber threats. In October this year, G7 ministers and central bank governors published the “Fundamental Elements for Threat-Led Penetration Testing”, which complements the TIBER-EU Framework, and the “Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector”. In 2019, the G7 Cyber Expert Group will move ahead with conducting the first global cross-border cyber crisis simulation exercise.

In November, the Financial Stability Board (FSB) published a Cyber Lexicon. Having a common set of definitions in non-technical language will support the work of the FSB, standard-setting bodies, authorities and financial institutions to address cyber security and cyber resilience in the financial sector. The ECB continues to participate in these international fora, ensuring that global initiatives are aligned with our work in Europe.

From an operational perspective, the Market Infrastructure Board, which is in charge of the Eurosystem-operated financial infrastructures, continues to scale up its activities to ensure the continued cyber resilience of its systems and platforms.

In March, four key areas for further focus were identified: 1) crisis management and incident response; 2) information sharing; 3) awareness and training; and 4) third-party risk. There was general agreement that these key areas warranted further thought and focus. The UNITAS exercise further confirmed that these areas require attention.

Dic 072018

The Financial Stability Board (FSB) issues its fifth annual report, that provides an update on the key activities of the FSB and its audited annual financial statements for the 12-month period ended 31 March 2018.

The report provides an update on the FSB’s work as it pivoted from a primary focus on new policy development towards evaluating policies that have been implemented and addressing any unintended consequences. It provides an update on the activities, publications and decisions by the FSB during the course of the year, and sets out details on the FSB’s governance.

The FSB’s current priorities are designed to build on that strong foundation to reinforce the G20’s objective of strong, sustainable and balanced growth.

Vigilant monitoring to identify, assess and address new and emerging risks remains at the heart of the FSB’s work. Through structured analysis and candid discussion among its diverse and expert members, the FSB assesses risks arising from a broad range of developments and trends in the financial system – including those relating to technological change which can cut across traditional boundaries.

The FSB’s focus has pivoted from a primary focus on new policy development towards evaluating policies that have been implemented and addressing any unintended consequences. The FSB’s approach to dynamic and effective implementation will help ensure that the new regulatory framework keeps pace with a changing financial system in as efficient a manner as possible, while continuing to meet the objectives that were set by the G20 Leaders.

FSB: 5th Annual Report (PDF)

Nov 302018

The latest Financial Stability Review  of the European Central Bank (ECB) says that the euro area financial stability environment has become more challenging since May. Among the major concerns, the following has been highlighted:

  • Possibility of broader stress in emerging markets, rising debt sustainability concerns and trade tensions pose challenges
  • Bank resilience improved, but structural vulnerabilities continue to restrain profitability
  • Liquidity concerns are growing amid increased risk-taking by investment funds

On the positive side, a growing economy and improved banking sector resilience have continued to support the financial stability environment in the euro area. Furthermore, a series of volatility events have not spread to the broader global financial system. At the same time, downside risks to the global growth outlook have become more pronounced since May relating to a resurgence in protectionism and stress in emerging markets. Vulnerabilities in financial markets continue to build up amid pockets of high valuations and compressed global risk premia. In the euro area, political and policy uncertainty, related to market concerns about public spending plans have increased over the review period. In addition, the possibility of a cliff-edge Brexit could pose a risk to financial stability.

With a maturing global business and financial cycle, a number of market indicators appear to signal downside risks to global asset prices. A snapback of term premia on global benchmark bonds, in particular, could materialise and possibly spill over to the euro area. Meanwhile, the prospect of renewed stress in emerging market economies tested the resilience of the global financial system. Over the summer months Argentina and Turkey witnessed significant increases in bond spreads, falling stock prices and large currency depreciations. Higher US interest rates or rising trade tensions could spark further stress in emerging market economies, the FSR warns.

Within the euro area, market concerns about budgetary plans in Italy have risen since May. Losses observed in Italian financial markets over the past six months have however not meaningfully spilled over to other euro area countries.

The profitability of euro area significant banks remained broadly stable in the first half of 2018. However, the average return on equity (at around 7%) still falls short of banks’ cost of capital. Structural vulnerabilities including overcapacity in certain domestic banking markets and high operating costs continue to dampen bank profitability. At the same time, reductions in non-performing loans (NPLs) continued apace. As a result, banks’ NPL ratios have nearly halved since 2014.

Banks’ solvency positions remain solid. The recent European Banking Authority (EBA) stress test confirmed that the capitalisation of euro area banks is sufficient to weather a severe adverse scenario. Additional sensitivity analyses to account for recent developments not specifically catered for in the test lead to an additional capital depletion of around 30 to 70 basis points on top of the overall Common Equity Tier 1 ratio depletion of 380 basis points in the adverse scenario of the EBA stress test.

The FSR also highlights risks building up outside the banking sector – notably in the investment fund sector. Over the past ten years the total assets of euro area investment funds have more than doubled to €13.8 trillion in June 2018, with the size of the non-bank financial sector approaching half that of the euro area banking sector. Growing exposures to illiquid and risky assets make the funds vulnerable to potential shocks in global financial markets.

The Review also contains three special features. The first special feature examines how banks can reach sustainable levels of profitability. The second examines the implications for financial stability of a resurgence of trade tariffs. The third discusses the rapid growth in exchange-traded funds and their potential for transmitting and amplifying risks within the financial system.

Nov 302018

The FSB today published its fourth annual report on the implementation and effects of the G20 financial regulatory reforms. Ten years after the crisis, the report highlights the progress made in the reform agenda as the FSB pivots towards implementation and rigorous evaluation. Looking ahead, the report highlights some challenges in promoting a financial system that supports the G20’s objective of strong, sustainable and balanced growth, while preserving open and integrated markets and adapting to rapid technological change.

The report documents the substantial progress that has been made in implementing key post-crisis financial reforms; discusses how the reforms have contributed to the core of the financial system becoming more resilient to economic and financial shocks; describes the FSB’s work to evaluate whether reforms are working as intended; lays out why preserving financial stability, and supporting sustainable growth, requires the continued monitoring of developments in the global financial system; and documents the benefits of cooperation between jurisdictions in the aftermath of the crisis.

The report, which will be delivered to the G20 Summit in Buenos Aires, calls for the support of G20 Leaders in implementing the agreed reforms, and reinforcing global regulatory cooperation.

  • Regulatory and supervisory bodies should lead by example in promoting the timely, full and consistent implementation of remaining reforms to Basel III, resolution regimes, OTC derivatives and non-bank financial intermediation. This will support a level playing field and avoid regulatory arbitrage.
  • Frameworks for cross-border cooperation between authorities should be enhanced in order to build trust, allow for the sharing of information, and to preserve an open and integrated global financial system.
  • Authorities should evaluate whether the reforms are achieving their intended outcomes, identify any material unintended consequences, and address these without compromising on the objectives of those reforms.
  • Financial stability authorities should continue to contribute to the FSB’s monitoring of emerging risks and stand ready to act if such risks materialise.

Implementation and Effects of the G20 Financial Regulatory Reforms: Fourth Annual Report (PDF)

Nov 302018

The European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA), together the European Supervisory Authorities (ESA), have today published a report with draft regulatory technical standards (RTS) proposing to amend the Commission Delegated Regulation on the risk mitigation techniques for OTC derivatives not cleared by a CCP (bilateral margin requirements) under the European Market Infrastructure Regulation (EMIR).

The draft RTS propose, in the context of the United Kingdom’s (UK) withdrawal from the European Union (EU), to introduce a limited exemption in order to facilitate the novation of certain OTC derivative contracts to EU counterparties during a specific time-window. The amendments would only apply if the UK leaves the EU without the conclusion of a withdrawal agreement – a no deal scenario. The draft RTS complement the similar proposal published by ESMA on 8 November with respect to the clearing obligation.

In the context of the on-going withdrawal negotiations between the EU and the UK, and to address the situation where a UK counterparty may no longer be able to provide certain services across the EU, counterparties in the EU may want to novate their OTC derivative contracts by replacing the UK counterparty with an EU counterparty. However, by doing this, they may trigger the clearing obligation or the bilateral margin requirements for these contracts, therefore facing costs that were not accounted for when the contract was originally entered into.

Limited exemption from the bilateral margin requirements to facilitate novations

The draft RTS allows UK counterparties to be replaced with EU ones without triggering the new procedures defined in the bilateral margin RTS. This limited exemption would ensure a level playing field between EU counterparties and the preservation of the regulatory and economic conditions under which the contracts where originally entered into. Its scope, time and intent are aligned with the draft RTS regarding the clearing obligation that ESMA published on 8 November.

The window for the novation of OTC derivative contracts which fall under the scope of this amending regulation and the one published by ESMA would be open for twelve months following the withdrawal of the UK from the EU. Counterparties can however start repapering their contracts ahead of the application date, making the novation conditional upon a no-deal Brexit, given the conditional application date of these two amending regulations.

Participants Brexit preperations

The ESAs and other EU authorities and institutions have been clear on the importance for market participants to be prepared for Brexit, including the possibility of a no-deal scenario. These draft RTS provide regulatory solutions to support counterparties’ Brexit preparations and to maintain a level playing field between EU counterparties, while addressing potential risks to orderly markets and financial stability.

As regards non-centrally cleared OTC derivative contracts, these two measures will be the only regulatory measures the ESAs intend to propose to help address the legal uncertainty raised by the withdrawal of the UK from the EU and to ensure a level-playing field between EU counterparties.

Counterparties should start negotiating as soon as possible the novations of their transactions which are in the scope of these amending regulations, given the twelve month timeframe to benefit from it.

Final Report EMIR RTS on the novation of bilateral contracts not subject to bilateral margins (PDF)

Nov 302018

Patrick Armstrong, Senior Expert of the European Market and Securities Authorities (ESMA), described the the latest feedbacks in the field of Regtech and Suptech at  Paris Dauphine University, Paris, 27 November,

A number of supply-based developments and demand-based needs are combining to potentially transform the way financial institutions comply with regulation and supervisory authorities oversee market participants.
The use of technology for compliance and supervisory monitoring predates the financial crisis of 2007. However, a new regulatory landscape in response to the crisis has been a catalyst for greater use of technology. The use of new technology in this context evolves on a continuous basis and may soon lead to radical changes in compliance and supervision work. Foremost among the technological drivers are the widespread use of cloud computing, the increased acceptance of Application Programming Interfaces (APIs) and advances in the fields of Artificial Intelligence and Machine Learning (AI/ML). Cloud computing allows for the use of an online network of hosting processors, increasing the scale and flexibility of computing capacity.

APIs comprise rules and an interface for communication and interaction between different software programmes. AI is the theory and development of computer systems able to perform tasks that traditionally require human intelligence. ML, a form of AI, is a method of designing a sequence of actions to solve a problem that optimise automatically through experience and with limited or no human intervention.


RegTech and SupTech are developing in response to various demand and supply drivers. Demand is linked to regulatory changes and the need of market participants and supervisors to process large amounts of data. Supply factors primarily focus on advances in technology.
The regulatory requirements placed on market participants have increased greatly over the past ten years. While many of these regulations came in response to the known market failures that led to and exacerbated the crisis, others reflect the increasingly complex nature of global financial services. Failure to comply with the regulations has significant consequences, which has in turn led to large spending increases on compliance and risk management programs by firms. Examples include increased reporting and compliance obligations implemented pursuant to the Dodd-Frank Act in the US and within the EU the Markets in Financial Instruments Directive (MiFID II).

Demand drivers

  • There is a continued push for efficiencies and cost savings, particularly for back-end and legacy systems as well as for labour-intensive processes.
  • As the financial services sector becomes increasingly digitalized and data-driven the advantages of technology-driven compliance monitoring compared to less automated alternatives have become more and more evident. The increased volume of information needed to monitor and evaluate regulatory compliance provides challenges for enterprise data governance, but also opportunities to use the information for better risk management. Examples include developments in stress testing and enhanced risk monitoring.
  • Government-driven mandates in some countries have led firms to implement technologies such as APIs and more effective authentication methods. An example is the Payment Services Directive 2 (‘PSD2’) in the EU.
  • ESMA believes the move towards a more data-driven and pro-active approach will enhance monitoring of the financial sector and help ensure better outcomes for market participants and consumers. As we move to this more intense data driven supervisory process, supervisors and regulators need to adapt. Failure to do so risks the undermining of the many years of work involved in implementing the regulation.

Supply drivers

  • Recent years have seen a sharp drop in the costs of computing power and storage. This enormous increase in capacity is acting as an important catalyst for AI/ML tools, which are extremely data-intensive. Many of these tools are at the heart of the RegTech/SupTech renaissance and could not be deployed in a non-digital infrastructure. For example, cloud computing provides remote access to servers on which large amounts of data can be stored.
  • Improved digitalised data architecture that minimizes interoperability, reduced redundancy and allows for improved communication among data centres.
  • Advances in AI and Big Data offer new capabilities. For example, pattern-recognition using machine learning algorithms has wide applications, including in monitoring markets for potential misconduct.


RegTech applications by market participants
Regulatory pressure and budget limitations are pushing the market towards an increased use of automated software to replace human decision-making activities. AI/ML tools are often used to implement such automation, with the calibration of the tools based on the recognition of patterns and relationships in large amounts of structured or unstructured data (Big Data). This section examines the most relevant RegTech technologies used in such contexts.

AI and machine learning
AI/ML techniques can be used to find patterns in large amounts of data from increasingly diverse and innovative sources. AI is a broad field, of which ML is considered a sub-category. Financial firms are exploiting such technologies in the following contexts: (1) customer-focused (or ‘front-office’) uses such as credit scoring, insurance, and client-facing chatbots; (2) operations-focused (or ‘back-office’) uses, including capital optimisation, model risk management and market impact analysis; (3) trading and portfolio management in financial markets.

Big Data

‘Big Data’ is used broadly to describe the storage and analysis of large and/or complicated data sets using a variety of data elaboration techniques. AI/ML tools are generally used in a Big Data environment, allowing the implementation of new data management platforms that can capture, store and analyse enormous volumes of structured and unstructured data. Financial firms can feed the new converged data platforms with a variety of data sources:

  • Internal sources: customer data are a primary form of proprietary internal data, along with data on all internal operations (assets, liquidity, loans, payments, etc.). Whether from internal or external sources, personal data are subject to strong privacy safeguards under EU legislation. Many datasets are unstructured, making them difficult to work with using traditional infrastructure.
  • External sources: a myriad of third-party specialized data providers offer data related to specific contexts, typically via open real-time software interfaces and with standardised query methods.

This large amount and variety of data can be exploited by financial firms with Big Data technologies to improve business, assure regulatory compliance and analyse trends. Some common RegTech applications by banks and financial services firms are:

  • Fraud detection: banks and financial firms use analytics to recognise fraudulent transactions.
  • Reporting: regulations require financial firms to report specific business data to authorities.
  • Risk management: regulatory schemes require firms to manage a variety of risks in a proper way (e.g.: liquidity risk, operational risk).

SupTech applications by regulators
Regulators are increasingly harnessing the benefits of technology. For example, compliance reporting has frequently not been efficient as desired. Financial institutions often need to submit information in response to ad hoc requests from regulators. The non-machine-readable data submitted by financial institutions makes the application of data analytics by regulators difficult and time consuming. In turn, some regulators have been investigating how FinTech can be used to make supervision more effective, improve surveillance and reduce the compliance requirements imposed on financial institutions.

Potential applications of AI/ML

An area of interest for regulators is the application of AI/ML. Authorities such as the ECB and the US Federal Reserves are using Natural Language Processing, a form of AI, to help them identify financial stability risks.
Another potential application of AI/ML is to detect trade syndicates in the securities market. Collusive behaviour and price manipulation can be especially hard to detect using traditional methods. Rule based systems, such as transaction monitoring systems, have very high false positive rates, bringing extra costly work to both exchanges and regulators.

Another challenge which AI/ML tools may help tackle is complicated network analysis, especially when the network is large and changes over time. Finally, a challenge for the application of AI/ML arises when a potential misconduct case is detected. At present, external human experts are required to verify that such cases warrant further investigation.

As experts are costly to employ and very limited in number, regulators would benefit from any potential extension of AI/ML technologies to this context. Recent attempts to use machine learning to detect potential cases of market abuse show some promise. Some regulators, such as the UK FCA, have been exploring how best to analyse large data sets to study suspicious trading behaviour. In this context, AI/ML tools may help identify cases of collusion to manipulate share prices or circular trading to create a false impression of market interest.1 Such tools can be tested with market data to generate better detection results from below three aspects:

  • Compared to the high false positive detection rate from traditional rule-based surveillance systems, machine learning based surveillance systems have, through mathematical optimisation techniques, been able to reduce false positive rates.
  • Some regulators are employing technological tools to reduce the need for humans to manually conduct complicated network analysis. This approach involves analysing years of raw order book data with modern network analysis techniques. The benefit of this system is not only in processing big volumes of data, but also in detecting complicated network relationships across long time periods and often involving substantial numbers of participants.
  • Machine learning approaches, especially semi-supervised machine learning algorithms, can handle certain cases for which human experts’ judgement has traditionally been required. In particular, NLP2 technology could be used to automatically analyse the historical case document and extract meaningful information on which machine learning algorithms can operate.

Preliminary work by authorities using Big Data processing systems has made clear that many years of transaction data and even order book data can be analysed. However, further improvement and refinement of these ML based systems is needed, due to the limited availability of training cases. Other challenges include how to make machine learning detect unknown misconduct and how to interpret the results from the machine learning algorithms.

Regulatory dialectic
To students of financial innovation, the emergence of RegTech seems a predictable response to the post-crisis regulatory agenda. It is a clear example of what the “regulatory dialectic” whereby regulatory action on the part of public authorities is met by a private sector response designed to ameliorate the impact of the regulation, off balance sheet financing such as such as SPVs and CDOs are such examples that contributed to the recent financial crisis. In some cases, this response may aim to side-step regulations, which may prompt the authorities to tighten the regime further. In other cases, market participants respond to manage their regulatory requirements more efficiently. RegTech fits in to the latter scenario, designed to help firms adapt to regulation in an effective, cost efficient manner.

Risks and challenges for regulators and market participants

Improving data collection and management
A critical step in transforming financial supervision is improving data collection. Currently, the prevalent approach to data collection by regulatory authorities is periodically collecting data in the shape of standard reporting templates. Much current focus is on creating reporting templates rather than the primary data constructing the desired reports. Regulatory reporting can be challenging for financial institutions and is often resource-intensive.
Increasingly regulatory authorities are exploring opportunities to automate the regulatory processes and create reporting utilities. These are centralised structures that act not only as a common database of reported granular data but also as a repository of the interpretation of reporting rules in a format that is readable by computers. RegTech is therefore offering an alternative and a move away from templates and manual procedures. In the move to a data driven supervisory or compliance process, cleanliness and accessibility of the underlying data is paramount. The use and accuracy of such tools as AI/ML relies upon the strength of the underlying data. This means that prior to the use of data, regulators and supervisors must have in place the appropriate procedures and systems to ensure that the data they receive is
of good quality. One possible solution to achieve this is to develop machine-readable regulations, in particular in the field of regulatory reporting. Indeed, the use of IT solutions can help regulators to standardise and codify the information they receive from market participants, making it easier to manage and use the data.

Digital transition
In the wake of the financial crisis, much of the global regulation implemented is highly dependent on technology. Failure on the part of market participants to adapt to the newer digitalized infrastructure presents business risk that may separate winners from losers in the coming years. As well, failure to adapt to a more automated regulatory compliance process may leave participants with platforms ill-suited for the current regulatory framework.
For their part, many in the regulatory community are moving increasingly to a data driven supervisory process. To process such data, regulators need to invest in the technological tools and human skills that will allow them to effectively analyse the results.3 In turn, regulators must migrate to a digital based supervisory process; only then can they cope with the volume of data they will soon receive.

Operational risks
As both regulators and market participants move to a digitalized architecture, risks related to cyber resiliency must become a core part of their supervisory and compliance strategies respectively. Indeed, as market participants and regulators become increasingly interconnected through regulatory reporting, security risks increase. In addition, reliance on APIs, cloud computing and other new technologies facilitating increased interconnectivity could potentially make the system more vulnerable to cyber-threats and expose large volumes of sensitive data to potential breaches. A related form of operational risk arising from a move to greater use of data and risk management tools via third-party providers is concentration risk. Regulators and market participants will therefore need to devise and implement appropriate strategies to manage these operational risks. To this end, it is important that market participants and regulators cooperate to promote effective management and control of cyberrisk and to enhance cyber-resilience.

Risks from strategic incentives
One risk which authorities should bear in mind when developing automated detection tools is the possibility that malicious agents may learn to frustrate the tools by adapting their behaviour.
For instance, market participants could in theory learn what types of behaviours that are likely to cause a flag in a SupTech monitoring system. Using such information, firms might be able to structure their regulatory returns in such a way as to remain undetected. Separately, as firms develop their expertise in RegTech, their systems may become able to identify potential regulatory loopholes.

Just as FinTech is introducing changes to the way in which market participants offer their services, so too RegTech and SupTech will alter the way in which financial institutions and regulators respectively comply with the rules and supervise markets. In so doing, these technologies have the potential to reshape the
relationship between regulators and market participants.

For example, technologies such as APIs are facilitating more efficient filing of regulatory data by market participants, while regulators are looking to develop AI/ML tools to enhance their market surveillance and to improve their capacity for fraud detection. Inevitably, new technological abilities bring with them new challenges and new sources of risk, notably including operational risk.

Nonetheless, provided they are implemented correctly and monitored effectively, RegTech tools have the
potential to improve a financial institution’s ability to meet regulatory demands in a cost-efficient manner.

Nov 242018

The Bank for International Settlement (BIS) published a snapshot of the outstanding OTC derivatives transactions statistics at the end of the first semester of this year. The main results are summarized as follows:

  • The notional value of outstanding OTC derivatives increased from $532 trillion at end-2017 to $595 trillion at end-June 2018. This increase in activity was driven largely by US dollar interest rate contracts, especially short-term contracts.
  • The gross market value of OTC derivatives continued to decline, nearing $10 trillion at end-June 2018 from $11 trillion at end-2017 – compared with the peak of $35 trillion observed in 2008. This decline reflected in part ongoing structural changes in OTC derivatives markets.
  • The proportion of outstanding OTC derivatives that dealers cleared through central counterparties (CCPs) held steady, at around 76% for interest rate derivatives and 54% for credit default swaps (CDS).

Gross market values declined despite an increase in notional amounts

Outstanding OTC derivatives, USD trillions

Graph 1: Outstanding OTC derivatives, USD trillions (interactive graph).
Source: BIS OTC derivatives statistics (Table D5.1).

Activity in OTC derivatives markets increased in the first half of 2018, driven mainly by short-term interest rate contracts. The notional amount of outstanding OTC derivatives contracts – which determines contractual payments – increased to $595 trillion at end-June 2018, its highest level since 2015 (Graph 1, red line). Nevertheless, the gross market value of outstanding derivatives contracts – which provides a more meaningful measure of amounts at risk – continued to decline, to $10 trillion, its lowest level since 2007 (blue line). Gross credit exposures, which adjust gross market values for legally enforceable bilateral netting agreements, remained stable at $2.6 trillion at end-June 2018 (yellow line).

US dollar contracts drove the increase in notionals

Outstanding notional amounts of OTC interest rate derivatives, USD trillions

Graph 2: Outstanding notional amounts of OTC interest rate derivatives, USD trillions (interactive graph).
Source: BIS OTC derivatives statistics (Table D7)

The increase in notional amounts outstanding was driven mainly by OTC interest rate derivatives, in particular for US dollar-denominated contracts, which rose from $157 trillion at end-2017 to $193 trillion at end-June 2018 (Graph 2, red line). An increase in US dollar activity was also seen in exchange-traded derivatives markets, where the average daily turnover of futures and options on dollar interest rates climbed to a record high of $9.6 trillion in the month of February. This increased activity may reflect changing expectations about the path of future US dollar interest rates during the period. The notional amounts outstanding of euro-denominated interest rate derivatives also went up over this period, but more modestly, from $122 trillion to $129 trillion (blue line).

The increase in OTC interest rate derivatives activity was concentrated in the short-term segment. The notional amount of outstanding contracts with a remaining maturity up to and including one year rose from $191 trillion to $231 trillion between end-2017 and end-June 2018. The increase for contracts with a remaining maturity between one and five years was less pronounced, from $140 trillion to $155 trillion, and longer-term contracts (with a remaining maturity over five years) held roughly constant, at around $94 trillion.

Turning to OTC foreign exchange (FX) derivatives markets, notional amounts rose to a record high of $96 trillion at end-June 2018, up from $87 trillion at end-December 2017. This was also driven by activity in short-term instruments. In contrast to other OTC derivatives, most FX derivatives require counterparties to repay the notional amount at maturity and thus can be viewed as a form of collateralised borrowing, with the associated foreign currency repayment and liquidity risks.

Market value of interest rate and credit derivatives declined further

Outstanding gross market values, trillions USD

Graph 3: Outstanding gross market values, trillions USD (interactive graph).
Source: BIS OTC derivatives statistics (Table D5.1).

Despite the increase in notional amounts in the first half of 2018, the gross market values of outstanding OTC derivatives continued to decline. Gross market values for all OTC derivatives stood at $10.3 trillion at end-June 2018, down from $11.0 trillion at end-2017 (Graph 3, red line). Over that same period, the gross market value of interest rate derivatives declined by $1 trillion, ending at $6.6 trillion (purple line). Other segments of OTC derivatives markets saw smaller movements, with FX derivatives increasing from $2.3 trillion to $2.6 trillion (yellow line) and credit derivatives decreasing from $0.3 trillion to $0.2 trillion (blue line).

The continuing decline in gross market values reflected in part ongoing structural changes in OTC derivatives markets. These changes include central clearing and greater possibilities for trade compression – that is, the elimination of economically redundant derivatives positions. In addition, in recent periods an increasing number of banks have been recording variation margin on cleared derivatives as settlement payments rather than as transfers of collateral. The practice of so-called settled-to-market (STM) allows counterparties to take ownership of the collateral that they receive. Consequently, daily payments of variation margin are recorded as settlements of the derivatives transactions rather than as transfers of collateral and the market value of the derivatives is reset daily to zero. STM, which is increasingly adopted for cleared swaps in particular, thus results in lower market values for a given derivative.

Clearing in credit default swap markets was steady at 54%

 Outstanding notional amounts of CDS, USD trillions

Graph 4: Outstanding notional amounts of CDS, USD trillions (interactive graph).
Source: BIS OTC derivatives statistics (Table D10.1).

Notional amounts of CDS continued to decline, owing to decreased activity between reporting dealers. From end-June 2016 to end-June 2018, total notional amounts dropped from $12 trillion to $8 trillion, amounts vis-à-vis reporting dealers declined from $5 trillion to $2 trillion, and amounts vis-à-vis CCPs remained steady around $4.5 trillion (Graph 4). In the first half of 2018, the share of notional amounts cleared with CCPs was stable at 54%, in contrast to the upward trend over the past few years.

In OTC interest rate derivatives markets, the proportion of contracts cleared was also steady in the first half of 2018, at around 76% overall. Across currencies, the proportion ranged from 73% for euro interest rate contracts to 77% for US dollar contracts and 89% for Canadian dollar contracts. In OTC FX derivatives markets, clearing accounted for only 3.0% of dealers’ outstanding contracts at end-June 2018. While low, this was up from 2.4% at end-December 2017.


Statistical release: OTC derivatives statistics at end-June 2018 (PDF)

Nov 242018

The European Banking Authority (EBA) published today its final draft Regulatory Technical Standards (RTS) specifying the nature, severity and duration of an economic downturn. These RTS complete the EBA’s regulatory review of the internal ratings-based (IRB) Approach, with the objective of restoring market participants’ trust in internal models by reducing the unjustified variability in resulting risk weighted exposure amounts. The EBA is currently finalising the related Guidelines on the estimation of loss given default (LGD) appropriate for conditions of an economic downturn.

The final draft RTS set out the notion of economic downturn to be taken into account when estimating the LGD and the conversion factors (CF). Given the specificities of the types of exposures covered by a rating system, the economic downturn should be identified separately for each rating system. However, as a rating system may cover exposures from different businesses, sectors and geographical areas, the notion of an economic downturn included in these RTS may comprise several disjunctive downturn periods (e.g. where a rating system covers two sectors which experienced downturn conditions in different periods of time).   

In addition, the final draft RTS specify the nature of an economic downturn via macroeconomic or credit-related factors (‘economic factors’) that are explanatory variables or indicators for the business cycle of the considered type of exposure. The severity of an economic downturn is specified by the set of the most severe observations on the economic factors constituting the nature of an economic downturn, based on historical values of these factors over the last 20 years. The duration of an economic downturn is determined by the duration of the identified downturn periods and is generally specified as the 12-month period where the most severe values are observed. However, some flexibility is embedded in the draft policy to ensure that the severity and duration are appropriately specified.  


Final draft RTS on the specification of the nature, severity and duration of an economic downturn (PDF)