0

RegTech Sprint Technology Roundtable

April 5th Dublin 2018

Model Driven Machine Readable and Executable Regulatory Reporting

A Roadmap for the Future

1

Agenda

09:00 Registration and Networking Coffee

10:00 Opening by the Chair| Professor Tom Butler

Introductory RegTech Sprint Video https://vimeo.com/250619433

10:05 Welcome Address

Colm Kincaid Central Bank of Ireland

10:15 Keynote #1 | A Regulator’s Perspective on Model Driven Machine Readable and

Executable Regulation

Beju Shah, Bank of England

10:30 Roundtable Panel 1: The Problem

Chair James Phillips (Lombard Risk) Panel: John Palmer (BoE), Ray Guthrie (CBI), Jim

Amrein (Fidelity), Dáire Lawlor (State Street)

11:05 Roundtable Panel 2: The Solution

Chair Prof Tom Butler (UCC) Panel: Francois Zimmerman (Hitachi), Leona O’Brien

(UCC), Malcom Arnold (Lombard Risk), Jim Wang (Regnosys), Greg Soulsby (ModelDR)

11:40 Keynote #2 | Transforming Regulatory Reporting using Digital Technology

Francis Gross, European Central Bank

11:55 Roundtable Panel 3: The Future

Chair Nirvana Farhadi (Hitachi) Panel: Alan Blanchard (FCA), Ceri Goodwin

(Santander), PJ Di Giammarino (JWG), Richard Hay (Linklaters), Dirk Wierdemann

(Credit Suisse), Ralph Achkar (State Street)

12:30 Roundtable Close and Networking Lunch

Hosted by

Chaired by Professor Tom Butler

2

RegTech Roundtable Themes and Objective

Firms across the financial industry face identical problems and challenges when it comes to managing

regulatory risk and performing regulatory compliance. The costs to the industry of regulatory

compliance are significant. Bain & Co estimates that Governance Risk and Compliance (GRC) spend

accounts for 15-20% of “run the bank cost”, and 40% of “change the bank costs”.i Research published

by The Trade indicates that banks spent over $100 billion on regulatory compliance in 2016 alone and

this cost is rising.ii One of the key drivers of this rising cost is the volume of regulations. Over 50,000

regulations were published across the G20 between 2009 and 2012. Each week sees an average of 45

new regulatory related documents issued.iii It would be safe to assume this level of change is now the

‘new normal’ and business most therefore adjust how the address regulations in this context.

Monitoring, interpreting and complying with the current volume of regulations is a challenge, even

for the largest organisations. For smaller firms the costs and complexity may become prohibitive.

Hence, financial institutions are looking to leverage the power of digital technologies to help address

the problem of regulatory compliance.

Semantically-enabled, Regulatory Technology (RegTech) offers organisations the capabilities to

identify and understand the impacts of regulations, enable regulatory compliance change

management, manage regulatory and other risks, perform better data governance and regulatory

reporting, and produce better outcomes for consumers and other stakeholders. The benefits of this

approach to the digitalisation of regulatory compliance activities are greater efficiencies, reduced fines

and sanctions, and greatly reduced costs.

Regulators are also seeking to leverage the power of digital technologies to make the production and

consumption of regulations, the processing of financial and compliance reporting data, and the

supervision of financial institutions, more efficient and cost effective. As with the institutions they

supervise, regulators are faced with significant problems in terms of data governance and the costs

and technical difficulties of processing huge volumes of often ambiguous and inconsistent data. The

existence of different reporting taxonomies in and across regulatory agencies exacerbates such

problems. All of this leads to significant technological challenges related to processing burgeoning

data volumes, multiple bespoke statistical and reporting data collections, and the overarching issue of

data quality.

In November 2017, the Bank of England and the Financial Conduct Authority held the Model driven

machine executable regulatory reporting RegTech Sprint. The RegTech Sprint proved that a regulatory

requirement in the FCA Handbook could be transformed into a language that both human and

machines can understand and then used to execute a regulatory requirement, effectively pulling the

required data directly a firm’s data stores. The success of this endeavour led to three BoE-FCA-

sponsored roundtables, focusing on the Legal, Technology, and Governance Domains. The objective

of the RegTech Technology Roundtable is to demonstrate how regulations can be unpacked using

open-standards-based semantic technologies and how straight through processing of compliance

imperatives and regulatory compliance reports can be enabled. The implications of this break-

through in regulatory compliance reporting for the industry, and particularly Ireland, will be discussed.

Professor, Principal Investigator GRCTC

University College Cork

3

Technology Roundtable

Dialectic

Bracketed and informed by the two keynote

presentations, the roundtable consists of three

related panels: The first will discuss the

problems the industry faces, with perspectives

from regulators and industry practitioners; the

second will present and discuss the challenges

and solutions of straight through processing of

regulations from participants in the RegTech

Sprint; the third will discuss the implications of

the RegTech Sprint for the industry and

identify practical steps that will make model

driven machine readable and executable

regulatory reporting a reality. This discussion

will be framed by the FCA’s Call for Input: Using

technology to achieve smarter regulatory

reporting

(https://www.fca.org.uk/publication/call-for-

input/call-for-input-smarter-regulatory-

reporting.pdf)

Panel 1: The Problem

The following figure captures graphically the

current approach to regulatory compliance

and reporting. Note the information overload

problem, multiple communication paths,

information siloes, all of which results in

information loss and a lack of empirical fidelity

with regulatory intent and reporting needs.

Note also the continued existence of chiefly

manual curation of data for regulatory

reporting. However, the costs of all this are

significant, as was indicated in the Themes and

Objective section above.

Panellists will discuss these issues, which are

further illustrated in Figure 2. This figure

captures the reality of data governance,

management and processing in many financial

institutions. The figure recounts the problems

from a data perspective and makes it clear that

the industry has more problems than the

complexity of regulations to contend with, as

the complexity of business models, legal entity

structures, siloed firm structures and activities,

products, and market coverage, is reflected in

Figure 1 Information Overload, Complexity, Silos and Loss

4

the data infrastructures, which are often

chaotic and ungovernable.

Sample Discussion Questions

There are several general questions that arise

for discussion:

Are the scale of the problems and the

related costs of compliance

exaggerated?

How can we fix the Tower of Babel

problems of…Imprecise definition;

Language; Semantic ambiguity; Lack of

business context; Lack of stakeholder

perspective; Regulatory and business

concept complexity?

What can regulators do to ease the

burden on the industry?

Is the BoE/FCA approach exemplary at

a global level?

Does the financial industry need to

agree a standardised interpretation or

approach to specific regulatory/legal

terms or concepts?

How difficult is it to currently

understand the impacts of regulations

on functional activities, policies and

procedures?

How are firms managing the

regulatory compliance value chain,

from internal interpretation by legal

compliance, to understating the

changes to policies, operational

standards and controls?

How problematic is to identify changes

required to business processes,

activities, roles and responsibilities?

How are the attendant risks associated

with people, processes, products and

related risk models being addressed?

How difficult is the IT change to

regulatory requirements and related

data governance and analytics?

Where are the FinTech players in this

picture? How are they maintaining

Figure 2 How can Effective and Efficient Regulatory Reporting Become a Reality Here?

5

compliance and meeting their

reporting obligations?

What industry bodies will need to be

involved in solving these problems?

Will a digitised regulatory future

hinder or help compliance with

statutory objectives?

Will any of these initiatives create new

legal risks/liabilities for C-Suite, NEDs,

Compliance and Risk Officers, Firms,

Regulators or Supervisors?

How difficult is it for regulators to take

enforcement action given these

problems?

The Solution

In navigating what was a Labyrinthine problem

space, participants in the Bank of England/FCA

RegTech Sprint decided to adopt a Golden

Thread approach, which saw a critical path and

key actors being identified to achieve the

primary objective. Simply put, the objective

was to prove the conjecture that standards-

based, straight-through processing of

regulations was technically feasible and

practically possible. Please refer to Figure 1

below, which indicates the role RegTech can

play in automating regulatory compliance

reporting.

The FCA currently publishes its Handbook of

regulations in the W3C’s HTML/XML. Key

concepts are linked using Hypertext. However,

RegTech vendor RegDelta developed

taxonomies of regulatory topics using the

W3C’s Simple Knowledge Organisation System

(SKOS) and AI to semantically tag regulatory

provisions to indicate their scope and

application. SKOS is based on the W3C’s RDF,

or the Resource Description Framework, is one

of the three foundational Semantic Web

technologies, the other two being SPARQL and

the Web Ontology Language (OWL). RDF is the

data-modelling language for Semantic

Technologies. It captures the relationships

between concepts in triples, (e.g. investments

firm manufactures financial products). There

are several serializations of RDF, such as Turtle

(Terse RDF Triple Language, which is less

verbose and easier to use than RDF) and TriG.

This is an example of the straightforward

application of AI and semantic technologies to

help manage the volume and complexity of

regulations.

Just as Ariadne provided the thread for

Figure 3 Model Driven Machine Readable and Executable Regulation

6

Theseus to navigate the Minoan Labyrinth and

slay the Minotaur, so the SmaRT application,

with the help of Bank of England and FCA

Subject Matter Experts(SME), provided the

thread, in the form of vocabularies and rules to

software engineers from Hitachi Vantara,

Regnosys, and Lombard Risk so that they could

complete automate regulatory reporting tasks.

The SmaRT application was developed at

University College Cork, Ireland. SmaRT is a

standards-based RegTech application that

helps lawyers and legal subject matter experts

(SMEs) to unpack regulations into both human-

readable and machine-computable formats.

The core semantic technologies in SmaRT are

based on W3C and industry standard semantic

technologies. SmaRT applies the Semantics of

Business Vocabulary and Business Rules (SBVR)

standard proposed by Object Management

Group. SBVR enables business subject matter

experts to capture and express their

vocabularies and rules in a systematic way

according to the precepts of first-order

deontic-alethic logic. The output of SmaRT is

persisted in an RDF Knowledge Base.

The Golden Thread of the Sprint involved the

unpacking of the relevant provisions of the

FCA’s Handbook Sup 16.12 (Sup is short for

Supervision Reporting Requirements) along

with supplementary definitions supplied by

participants from the Bank of England, into

SmaRT’s vocabulary and rules in a human

readable format and persisting it in a machine

readable format in the SmaRT Regulatory

Knowledge Base in RDF. This knowledge was

then used by software engineers from Hitachi,

Regnosys, and Lombard Risk to map firm-

specific data concepts in the anonymised

customer account data supplied by Santander

to equivalent concepts in the Regulatory

Knowledge Base. The rules were also

expressed in an RDF graph, while SPARQL1

queries were created to extract compliant data

1 SPARQL, or the SPARQL Protocol and RDF Query

Language, is, as its name indicates, the query language for the Semantic Web and siloed and distributed networked systems. For example, SPARQL can be used to enable

on Retail Customer Accounts. A software

application was created to automate this

process. This was then used to extract the

required data, transform and load it and then

perform the required calculations and

populate relevant cells in the FSA 001 Balance

Sheet form for submission to the Bank of

England.

The major achievement in executing the Proof

of Concept (PoC) came when the rule

governing Customer Account reporting was

changed. Once the rule change was captured

in SmaRT and expressed in RDF, the software

application executed over the changed rule

and populated the appropriate fields in FSA

001 form with the required data. No change in

the software algorithm was required.

Referring back to Figure 1, ModelDrivers

(ModelDR) played a key role in Labyrinth

navigation through the Wiki, but of greater

significance was the creation by ModelDrivers

of ontological models that will help scale up

the findings and make Model Driven Machine

Readable and Executable Regulation a reality

in the Enterprise. During the Sprint ModelDR

was integrated with SmaRT in order to

demonstrate how SMEs could capture domain

knowledge (here on regulatory provisions) and

use this as an input to semantic models

expressed in OWL. Such models are currently

being built at great cost by major banks. The

ability to have business professionals

participate in this process is argued to make

this process more efficient and help address

the aforementioned translation problem.

Sample Discussion Questions

What were the role and importance of

industry standards in the success of

this initiative?

How can SKOS and NLP/Machine

Learning be used to tackle the volume

querying and integration of siloed financial and risk data for regulatory reporting and risk management. Using the SPARQL Inference Notation (SPIN) framework, rules can be graphed and executed.

7

and variety of regulations?

Was the Translation Problem evident

in the early stages of the Sprint?

How important was the OMG’s

Semantics of Business Vocabulary and

Business Rules (SBVR)?

What role did SmaRT play in the Sprint

to provide human and machine

readable vocabularies and rules?

Describe the steps taken to automate

the back-end automation process?

Were the underlying semantic

technologies (RDF/Turtle/SPARQL)

easy to learn and apply?

How steep was the learning curve

overall?

What are the key technical issues that

will need to be addressed to scale up

the process to an enterprise-wide

solution beyond a mere PoC?

How important will the role of

ontologies be in providing semantic

meta-data models going forward?

How can we use existing technologies

to help capture legal/compliance and

business SMEs to participate in the

complex process of building semantic

models such as ontologies?

The Future

The Bank of England the FCA intend to build on

the success of this initiative in the coming year

in order to scale up the findings of this RegTech

Sprint. However, the FCA is already taking

active steps to make its Handbook more

machine readable not only through semantic

tagging, but also by semantic disambiguation

using SmaRT-SBVR vocabularies and rules and

the expression of these in XML/RDF. The use of

LegalDocML is also being considered. Figure 3

below provides the backdrop for this panel. It

is a model of the art of the possible; it is

technically feasible and practically possible.

Furthermore, as the RegTech Sprint and the

RegTech Council have both demonstrated, the

will among key players in the financial

ecosystem is there to make it a reality, though

a collaborative effort.

The key component in the above architecture

are populated knowledge bases—Regulatory,

Legal and Business. Laws and Regulations

expressed as vocabularies and rules and

persisted in knowledge bases that can be

linked seamlessly to other knowledge bases

are the sine qua non for all this to work. It

would be ideal for legislators, regulators and

Figure 4 Model Driven Human Readable and Machine Executable Regulatory Reporting

8

lawyers to work together towards this

objective, but if that’s not possible, then legal

firms could put their own knowledge

management houses in order, make the

transition to the digital age, and create new

business opportunities though knowledge

bases that are both human and machine

readable. Failing that, the solution could be

mutualised across the major GSIBs.

Nevertheless, what you see here in

comparison with Figure 1 is the seamless

sharing of information and all working from the

same page in the regulatory compliance hymn

sheet. This is made possible through the

mapping of regulatory rules and vocabularies

into business rules and vocabularies in, for

examples, business polices, operational

standards, and controls. Of course, these are

also mappable to business activities, products

and services. From information systems

perspective, semantic meta-data can be easily

captured in machine readable ontologies that

have range of exciting uses, from the target

problem space of regulatory reporting, but also

to underpin AI and related Machine Learning

technologies, predictive data analytics, and, of

course, most fundamentally of all, data

governance and also data virtualisation across

heterogeneous data silos.

Sample Discussion Questions

How does this innovation make the

business of complying with reporting

requirements simpler?

Will this drive efficiencies by closing

the gap between the intention of

regulatory requirements and the

subsequent interpretation and

implementation within firms?

Are Semantic technologies, Artificial

Intelligence and Machine Learning the

key to this?

Explain how this approach simplifies

and assists firms in: Governing,

managing and exploiting their data;

Supporting better decision-making;

and Suspicious activity detection?

What will be its impact on data

analytics technology, real-time

compliance monitoring and trade

surveillance systems?

Will this approach permits regulation

and compliance processes to be

delivered differently and more

efficiently? How?

What roles will Distributed Ledger

Technologies (Block Chain) and Robo-

style automated compliance systems

play?

Will legislators need to produce truly

“digital” versions (e.g. LegalDocML) of

future financial regulation and law?

Will the digitisation of financial

regulation “push” into other areas of

law and/or regulated sectors?

What impact, if any, will this have for

firms/industries globally?

Will this change the nature and role of

regulatory/supervisory bodies? What

will their future look like?

9

Appendix

The Semantics of Business Vocabulary and

Business Rules (SBVR) was proposed by the

Object Management Group as a specification

to enable business people capture

vocabularies and rules. It is related to and can

be enriched by the core technologies in the

W3C Semantic Stack. At the bottom of the

stack is the Uniform Resource

Identifier/International Resource Identifier

(URI, IRI in Unicode), which is a string of

characters used to identify data resources as

diverse as interest rates, regulatory provisions,

and so on, in a network and to dynamically link

to them. Up from this is XML — the Extensible

Markup Language — which defines a set of

rules for structuring data and documents in a

human-readable and machine-readable

format — this is used for regulatory reporting

using XBRL taxonomies. The upper layers of the

stack are built on top of XML. For example,

RDF, or the Resource Description Framework,

is one of the three foundational Semantic Web

technologies, the other two being SPARQL and

the Web Ontology Language (OWL). RDF is the

data-modelling language for Semantic

Technologies. It captures the relationships

between concepts in triples, (e.g. investments

firm manufactures financial products). There

are several serializations of RDF, such as Turtle

(Terse RDF Triple Language, which is less

verbose and easier to use than RDF) and TriG.

Many organisations employ JavaScript Object

Notation (JSON) as for data-interchange. The

W3C’s JSON-LD is builds on the RDF syntax and

a JSON-LD document is both an RDF and a JSON

document. It therefore represents an instance

of an RDF data model. This is important as it

demonstrates the power and flexibility of such

standards. RDF Schema (RDF-S) can be used to

define classes, properties and relationships

between these concepts. OWL, or the Web

Ontology Language, is one step up in

expressivity. It is essentially a knowledge

representation language that adds semantics

to RDF, e.g. defines what an investment firm is,

what product manufacturing involves etc., so

that a machine can read and reason over such

statements. Significantly, RDFS and OWL

enable axiomatic definitions of data structures.

SWRL is the Semantic Web Rule Language that

is used to express rules and logic statements,

e.g. regulations governing product

manufacture. SPARQL, or the SPARQL Protocol

and RDF Query Language, is, as its name

indicates, the query language for the Semantic

Web and siloed and distributed networked

systems. For example, SPARQL can be used to

enable querying and integration of siloed

financial and risk data for regulatory reporting

and risk management. Using the SPARQL

Inference Notation (SPIN) framework, rules

can be graphed and executed. SKOS or the

Simple Knowledge Organization System

applies RDF to describe business taxonomies as

concept hierarchies and vocabularies.

i Memminger, M., Baxter, M. and Lin, E. (2016) ‘Banking Regtechs to the Rescue? http://www.bain.com/publications/articles/banking-

regtechs-to-the-rescue.aspx, (accessed 25th Oct, 2017). ii McDowell, H. (2017) ‘Banks spent close to $100 billion on compliance last year,’ https://www.thetradenews.com/Sell-side/Banks-spent-

close-to-$100-billion-on-compliance-last-year/, (accessed 25th Oct, 2017). iii JWG (2017) RegDelta: Part of our MiFID II solution, https://jwg-it.eu/insight/mifid-programme-planner/ (accessed 25th Oct, 2017).