Posted: 07 Mar. 2022 5 min. read

Where regulatory supervision meets big data

As regulators across financial services continue to develop capability in big data, machine learning and predictive analytics to bolster surveillance and enforcement activity, there is a distinct contrast between organisations who have invested in a journey of growth, and those who have not started the journey soon enough.

Regulators are building capability in big data, machine learning and predictive analytics. 

Intelligence is at the heart of every regulatory toolkit. Regulators are on a journey to modernise methods of bringing together sector intelligence that produces sophisticated insights into consumer harm, regulatory failure and meet contemporary expectations of regulatory performance.

Across financial services, we are seeing regulators prioritise the development of internal capabilities in big data, machine learning and predictive analytics, signalling data sets they have or will soon commence collecting on demand.

Financial services organisations have faced regulators’ compulsory information-gathering powers before.  However, this process has historically allowed for (careful and often legal) human extraction and review.   Until now, there has been limited opportunity for regulators to overlay information provided under specific enquiry to a universe of regulatory intelligence.

The Financial Regulatory Assessment Authority (FRAA) will soon be undertaking its first review into the capability and effectiveness of both the Australian Securities and Investments Commission (ASIC) and The Australian Prudential Regulation Authority (APRA). A key focus of the FRAA will be to consider regulatory surveillance capability, including the use of data and technology to effectively and efficiently deliver on regulatory mandate. Whilst it is clear that regulators have committed to enhancing their data and technology capabilities, there are also some indicators of how far along this journey they are.

ASIC has signalled to industry they are currently exploring mandatory recurrent data collection in relation to mortgages and managed funds flow to detect emerging risk. ASIC is also piloting new internal dispute resolution (IDR) reporting documents in response to the upcoming implementation of Government’s mandatory IDR reporting framework. Organisations need to have in place adequate complaints processes that not only comply with regulatory obligations but deliver on the regulatory intent of understanding complaint data and facilitating appropriate customer outcomes.   This can only be achieved by leveraging organisational intelligence to identify and manage risk.

APRA has commenced retrieving select data on demand through their portal for reporting entities which is used for prudential supervision, statistical publications and shared with partner agencies. The data allows APRA to industry benchmark as well as understand an organisation’s financial position, key financial performance metrics, fees and expenses.  The APRA portal continues to be enhanced.

Where is your organisation in its data journey?

Financial Services organisations that have taken structured and measured steps to understand and utilise data are able to better understand and navigate the complexity of customer behaviour, risk insight and regulatory reporting.

These steps may include:

  • Leveraging the learnings and investments made in regulatory response efforts and other historical risk management approaches. Recent regulatory programs have required some organisations to collate and ingest vast amounts of structured and unstructured data (including voice) to identify conduct issues, creating valuable data assets, models and platforms. Whilst disparate in their nature, the ability to centralise and embed these in current day processes is an accelerator.
  • Developing a measured and structured enterprise-wide Data Strategy, which considers:
    • Capability – organising, connecting capability from across the organisation
    • Data – centralised data management, governance and access
    • Priorities - Focussing on what must go right in terms of risk management and regulatory reporting, and what data is essential to these causes.
  • The safe trial, testing and implementation of technology accelerators. For example, advancements in cloud engineering and data science have drastically reduced barriers in interrogating unstructured data 
  • Artificial Intelligence and Machine Learning techniques that support the ingestion, collation and analysis of disparate data sets. Whilst there are risks in the early adoption of these techniques, AI-driven solutions can become highly effective in learning from the past and focusing risk management efforts into areas of current and emerging risk.

We continue to see industry uplift in capability to meet the new Breach Reporting Reforms with better practice including additional steps to draw deep insights from that data and translate into operational efficiencies and better customer outcomes.

Review and simplification of antiquated legacy systems and processes continues across the sector. Simplification projects improve cost and efficiency through the consolidation of multiple data sets and mitigate human error through automation. Simplification of process rewards organisations with the ability to allocate human resources to high value tasks.

Ultimately, data can be a risk management accelerator, critical to detecting and addressing harm that prevents regulatory intervention. Organisations further along this maturity journey have infrastructure in place to overlay multiple data sets and propel the value of that data from being merely a reporting or regulatory compliance capability to a commercial tool that delivers significant risk management outcomes.

Where to from here?

2022 marks the close of a significant number of enforcement actions developed in response to the Hayne Royal Commission, and with it several of the large regulatory and remediation programs will conclude.  For many financial services organisations, 2022 will be the first opportunity to focus regulatory spend on activities that buy-down risk and embark on the development of forward-looking data-led surveillance and monitoring capabilities.

The shift to regulatory access of organisational data on demand is a game changer. Organisations need to have a deep understanding of their data and comfort that processes not only meet regulatory requirements – but that the outcomes of that process deliver on regulatory intent.

The perpetual cycle of regulatory systems and process remediation has proven cost ineffective, distracting and in many instances, resulted in minimal risk buy-down. In this new era of regulation, organisations that have elected to start the journey in a wholistic and forward-looking approach to data monitoring capabilities will be rewarded with not just a single compliance outcome but the ability to avoid the next tranche of regulatory programs and benefit from significant commercial and customer outcomes.

Those yet to commence a journey of monitoring capability build are confronted with the potential for a regulator to have greater insight to risks and harms within their organisation.

Key questions for your executive 

  1. Who is responsible for the development of ongoing monitoring capability in your organisation?  Do organisational stakeholders include leaders in Customer, Risk and Data?
  2. Is your regulatory spend resulting in a deeper understanding of your organisation, its customers and driving commercial outcomes?
  3. Is your organisation starting the journey, or still sitting on the start line?  

Want to know more

Deloitte runs client information sessions regularly on the changing regulatory environment and brings peer groups together to share insights and emerging practice. In April, we will be running sessions across the financial services sector in relation to emerging practices and issues post implementation of the breach reporting reforms which commenced in October 2021.

If you would like to attend one of those sessions, please contact us through our details below.

Meet our authors

Katharine Goulstone

Katharine Goulstone

Partner, Risk Advisory

Katharine is a Partner in Deloitte’s Risk Advisory practice and focuses on supporting the firms Banking and Wealth clients who are responding to or undergoing regulatory inquiry. Katharine has been at the forefront of large scale regulatory change in financial services for 20 years. Katharine’s regulatory expertise is drawn from experience as a regulator and having worked on and led a number of high profile regulatory enforcement engagements, large and complex remediation programmes and regulatory assurance. With additional expertise in regulatory technologies, Katharine has been closely involved in the regulatory and commercial application of artificial intelligence and machine learning. This enables her to provide the critical guidance that helps organisations to bring these technologies to life, while also achieving a balance between data insights and human skill.

Adam Barringer

Adam Barringer

Partner, Risk Advisory

Adam is a Partner in Deloitte’s Risk Analytics practice, where he leads the application of analytics to emerging risk in the Financial Services sector. These areas include conduct, culture and the proactive management of risk through the use of data. Adam has over 20 years’ experience in providing data and technology assurance and advisory services to his clients in the Financial Services sector, both locally and globally. He has also led a wide variety of Audit and Risk-based reviews, through co-sourced or outsourced relationships in the Insurance and Banking sectors.