20 years a Regulator – 5 Insights from 20 years of Financial Services Regulation

Feb 04, 2022
5 Insights from 20 years of Financial Services Regulation

Prologue – Super-VISION

"Dynamic" - the word I would use to describe my career path as a financial services regulator. During my 20-year career, I’ve been fortunate to have diverse experiences and tremendous opportunities! My career began with investment business regulation. I then transitioned to supervise Trust and Corporate Services Providers as well as banking and insurance sectors at a senior level - supervision was both prudential and AML/CFT for a significant part of that time. 

In these various roles, I’ve also been able to actively engage with international standard setters - from being a FATF Assessor (trained in Third and Fourth Rounds) as well as contributing to a few FATF Reports, to being a Core Member of the GIFCS Working Group that produced the standard for TCSPs. I’ve also worked behind the scenes in an IAIS Member Application for a jurisdiction a few years ago. 

Altogether, my experiences have provided me with some ability to see where seismic shifts in the regulatory landscape are likely to occur. After 20 years, I wouldn’t profess to have 20/20 vision. However, insights gained from this time can be instructive of where financial services supervision will go. Some areas will be subjected to laser-like focus in supervision, perhaps to the detriment of other areas. Perhaps my insights will help to shift your vantage point on a space that itself is coming under increased scrutiny.

 

1. Redesigned Regulatory Frameworks – from principles-based to risk-based

Around the late 1990s to early 2000s, regulatory frameworks were subject to a bit of branding, predominantly in the UK, to focus on the approach that was being embraced – principles-based regulation. The UK financial services regulator of the day – the Financial Services Authority – publicly positioned their strategic agenda around principles-based regulation. Evolved from a rules-based approach, where crafty financial services professionals complied with rules but shirked the ‘principles’ against which they were being regulated, the switch to principles-based supervision sought to address the gap. Checking the box approach to compliance did not go far enough for true compliance. It is also worth noting that other influencers in the regulatory space emerged during this time. The FATF emerged at this time as a prolific international standard setter that helped to shape regulatory agendas.

Mind the gap…

Principles-based regulation in the UK and its Territories started to evolve again to incorporate the assessment of risk. The then FSA developed ARROW[1] and offered training to international regulators – training that I was fortunate to be exposed to in the early 2000s. The progression of regulation slowly transitioned from what it was for over three decades at that point.

To my mind, ARROW was a significant step forward that heralded the shift towards risk-based regulation. Regulators had already moved away from check-the-box rules. The gaps that principles-based regulation exposed were many. Many argue both approaches gave some measure of objectivity in whether something met the regulatory muster. Binary outcomes are attractive in comparison to risk-based approaches that introduced subjectivity. In a YES/NO scenario in determining compliance, it was often argued that the answer was definitive. The determination of whether there is or is not compliance with a specific issue did emerge as a grey area in those days – comply with the law but still offend core supervisory principles. People were and still are clever. From my engagement with financial services professionals over the years, this transition to a more risk-based approach to supervision presented the greatest uncertainty to compliance, then and now.

 

2. Regulatory Clarity – A Need, Not a Want

Businesses hate uncertainty. And in the past 20 years, it seems to me that businesses face a disproportionate amount of uncertainty in the face of developing regulation that impacts financial services business. Industry participants are becoming more vocal in their responses to regulatory agendas.

The term ‘regulatory clarity’ was coined primarily by innovators seeking to comply while integrating novel technologies in existing financial services spaces. To the logical-minded innovators, the apparent lack of clear and straightforward regulatory positions is likely frustrating. The lack of clarity also adds to costs. It is generally known that financial services compliance is one of the fastest-growing sub-sectors with an increasing percentage of budgets annually[2]. The complexity adds to the costs. 

In the past 20 years, the demand for compliance professionals has skyrocketed - a trend that is projected to continue. Regulators and the regulated are both looking to technology to help in this space; perhaps there will be an App for that in the near future. 

Chasing Compliance?

There are many firms and compliance professionals that do want to comply. They absorb all of the relevant industry reports, sectoral specific international standards, regulatory guidance issued within the jurisdiction and FATF RBA and Typology Reports. These firms and professionals still seek clarity. However, clarity is becoming increasingly difficult with the additional layers of regulatory requirements. Differences in approaches to risk-based supervision across different jurisdictions also complicate compliance for firms with multi-jurisdictional reach - all important issues to be sure! 

How should a compliance professional navigate these issues? In 20 years of regulation, it is shocking to me that I may be the first to create a membership site – CHASING COMPLIANCE – specifically designed to help traverse these very issues. Shameless plug, I know, but let’s cut to the chase… these are the times we live in.

 

3. Risks in context

Risk-based supervision is as fluid as integrating a risk-based approach to operating a financial services business. What I have seen as a concerning trend is the risk of regulation becoming too heavily focused on AML/CFT and not enough on Corporate Governance. Jurisdictions are focused on passing a test (similar to licensees focused on ‘passing’ an inspection). 

In a few jurisdictions, this lopsided focus is beginning to shift.  The massive shadow of FATF has loomed over jurisdictions firmly for the past 20 years. With the Third Round of AML/CFT Mutual Evaluations, resultant reports, Public Statements about countries with poor AML/CFT compliance provisions and the subsequent derisking that atrophied financial flows have all resonated to a constant ringing that has led many regulators to become hyper-focused on achieving better AML/CFT results. In and of itself, that is not a bad thing.

However, when passing the AML/CFT tests leave other arguably important areas of supervision stymied, it only results in average supervision at best in many cases. To put this in context, I have been trained in the Third and Fourth Rounds, sat at a FATF Intersessional that poured over Interpretative Notes and the Methodology, attended several FATF Plenaries and was fully entrenched in the need for good AML/CFT supervision.  Perhaps unlike some of my peers within the region, I’ve seen behind a few of the ‘curtains’. The perspective of a Caribbean-based regulator is often starkly different from those of a counterpart in say a G20 country. The issues are different in many jurisdictions when compared to the G20, and the not so young refrain of “risks in context” doesn’t cut it! 

I have also witnessed the impact of mistaken preconceptions about ‘certain’ jurisdictions and how difficult it is to unpack those preconceptions when sitting across from your counterpart. In a Plenary or another regulatory forum, the opportunities that these issues present themselves or time to address them with facts had been few and far between. The many discussions and experiences have led me to change some of my positions over the years, and reinforce others. 

Engage Differently!

A position that was reinforced is that financial services supervision can be done differently to be more effective. Regulators and standard setters can benefit from seeking out comments from others within the regulatory community, and not just the ‘usual suspects’. Every one of us in the regulatory community needs to engage actively (and productively)! That means the dialogue should extend beyond G20 members. There are deep wells of learnings within smaller jurisdictions!

The FATF could benefit tremendously from having one or two countries from each region (and not through the respective FSRB) hold a seat as a full member, perhaps on rotation. In my ideal world, Bermuda and Barbados would be the first two countries to do so from the region. This may seem like blue-sky thinking, but at the heart of my thinking are the continued challenges being faced by regulators not just in the Caribbean region, but around the world. 

 

4. Supervision: Market and Conduct / Corporate Governance

I have often stated publicly that there is no such thing as a good or bad company – only good or bad people. In the region, there is more that could be done concerning Market Conduct. The atrophy that this area, which is covered by international standards, experiences may be driven by cultural reluctance to take a firmer stance on the approval, removal and enforcement action in relation to the people behind financial services businesses. 

Corporate Governance is one of the areas that, I am of the firm belief, needs as much vigour as AML/CFT supervision, if not more. We have seen the same story replay in the regulated space. That is, Firm behaves badly, Regulator issues a penalty. Firm pays penalty. Firm continues to behave badly. In this story, it is only the shareholders that pay. I have seen that when penalties were levied on the directors and senior management, behaviours changed QUICKLY!

Looking ahead, I foresee regulators adding disgorgement provisions to their enforcement action. Once regulators are prepared to remove ALL the profits gained by a firm – that includes its shareholders and senior officers – for bad behaviour, especially sanctions-busting, regulation will become very live for all stakeholders. Disgorgement can also target predatory behaviours that negatively impact customers of an institution, for example, a fee that harms customers. As a side note, this approach to enforcement for the most egregious bad behaviour would likely be seen favourably in a FATF-style review as a dissuasive measure.

 

5. Regulation – Upgrades in Progress

FinTech and Digital Assets present a major hurdle for regulators, with a few exceptions. Perhaps the most difficult thing for many regulators is the design thinking that is being applied to regulation from non-regulators (i.e. innovators).

Industry engagement tends to be structured. It can be adversarial at times and collaborative at other times. Innovators are disrupting many areas of financial services, and financial services regulators seem to have been generally surprised when they too faced the same disruption. This is not to say that regulators did not embrace technological solutions. However, they seem ill-prepared in many cases to face justified criticisms that are often aired on social media. Regulators have ventured onto social media – mainly as an avenue to alert the public of frauds and other threats or to share developments in the regulatory framework or other outreach. 

The caustic response some regulators face in response to what may be viewed as a tone-deaf stance on issues raised by the public are themselves not publicly addressed. Regulators are used to some level of contempt. Regulators also espouse transparency. However, they are not well adjusted to being the subject of public demands for that same transparency to be applied to them. Some chalk it up to the public not being in a position to ‘speak regulator’, but that is not the issue at hand. If a regulator’s mandate includes protecting the public, to do so, they must be able to effectively communicate with the public. 

In some areas, regulators continue to vilify digital assets – to their peril. Understanding the not so nuanced differences between concepts such as Proof of Work versus Proof of Stake, the varied facets of tokenisation and the use cases of NFTs, at the time of writing, still challenges some regulators (who shall remain nameless).

Albert Einstein said if you cannot explain it, you do not understand it. I extend that concept to regulators and their regulation – if you cannot understand it, you cannot (properly) regulate it. There is harm that can be caused to the public we seek to protect when we get regulation wrong. Regulation has become largely centralised, with areas that operate essentially in silos. This has led to a less flexible regulatory response in dynamic situations. From my observations, these phenomena are in the process of reversal due to various trigger events. And, FinTech is one of the largest drivers.   

More than syntax errors

The danger then lies in missing the mark in not developing what I like to term ‘right-touch’ regulation. Crypto is not bad, digital assets are not the devil, and DeFi presents a glorious future for financial services. Regulators need to stop trying to use fear tactics to justify the lack of action in embracing FinTech embedded in traditional financial services (or novel financial services and products). The public is woke! The narrative is already changing – just look to the BIS, Monetary Authority of Singapore and other global regulatory leaders. Regulators within the region and in some places further afield must recognise this. That is where I stand and I have done my best to learn as much as I can. 

 

Epilogue – Intuitive Regulation

At the end of 2021, it seems as though regulators are now waking up globally to their new assignment… and many are bravely feeling out their way. Any regulator that says the future of financial services regulation “is clear” may need their vision checked! It has never been more clouded in financial services regulation. Both for the regulator and regulated. International standard setters are also finding their bearings. Leveraging the best that innovation brings for the betterment of risk, regulation and financial services will help progressive regulators to write their own legacies and see their way in time. 

In the past 20 years, there has been increased specialisation in regulation. Unfortunately, this has led to limited cross-learning and capacity development globally. Talented regulators do exist – leadership in the Monetary Authority of Singapore is a shining example in my eyes.

In the Caribbean region, it is still possible to have a broader span of knowledge, though that is changing. In the early 2000s, a Caribbean regulator was more exposed, being exposed to more than one sector for cross-training; this deepened the knowledge base for those of us that had the opportunity to do so. As the years progressed, I felt like an increasingly rare breed of regulator. I hope that is not the case though.

The agile regulators are emerging. Regulation is evolving beyond just the FinTech influences; movement towards regulation being aligned with socially conscious issues through ESG is also occurring. Truly dynamic regulators have already taken tentative steps into the ‘Brave New World’. Will they be flawless? No. But that goes for many things in the changing world we all live in. I am comfortable in knowing, even now, that in future history lessons we will all come to know who ‘understood the assignment’… where ‘right-touch’ regulation will be as intuitive as the controls on the latest smartphone. 

 

[1] Advanced Risk-Responsive Operating Framework.

[2] The annual report published by Thompson Reuters, ‘Cost of Compliance’ provides valuable insights.  The most recent publication at the time of writing, Cost of Compliance 2021: Shaping the Future, can be found at https://www.reuters.com/article/bc-finreg-cost-of-compliance-survey-resu-idUSKCN2DD4AD.