Upload
others
View
12
Download
1
Embed Size (px)
Citation preview
0
RegTech Sprint Technology Roundtable
April 5th Dublin 2018
Model Driven Machine Readable and Executable Regulatory Reporting
A Roadmap for the Future
1
Agenda
09:00 Registration and Networking Coffee
10:00 Opening by the Chair| Professor Tom Butler
Introductory RegTech Sprint Video https://vimeo.com/250619433
10:05 Welcome Address
Colm Kincaid Central Bank of Ireland
10:15 Keynote #1 | A Regulator’s Perspective on Model Driven Machine Readable and
Executable Regulation
Beju Shah, Bank of England
10:30 Roundtable Panel 1: The Problem
Chair James Phillips (Lombard Risk) Panel: John Palmer (BoE), Ray Guthrie (CBI), Jim
Amrein (Fidelity), Dáire Lawlor (State Street)
11:05 Roundtable Panel 2: The Solution
Chair Prof Tom Butler (UCC) Panel: Francois Zimmerman (Hitachi), Leona O’Brien
(UCC), Malcom Arnold (Lombard Risk), Jim Wang (Regnosys), Greg Soulsby (ModelDR)
11:40 Keynote #2 | Transforming Regulatory Reporting using Digital Technology
Francis Gross, European Central Bank
11:55 Roundtable Panel 3: The Future
Chair Nirvana Farhadi (Hitachi) Panel: Alan Blanchard (FCA), Ceri Goodwin
(Santander), PJ Di Giammarino (JWG), Richard Hay (Linklaters), Dirk Wierdemann
(Credit Suisse), Ralph Achkar (State Street)
12:30 Roundtable Close and Networking Lunch
Hosted by
Chaired by Professor Tom Butler
2
RegTech Roundtable Themes and Objective
Firms across the financial industry face identical problems and challenges when it comes to managing
regulatory risk and performing regulatory compliance. The costs to the industry of regulatory
compliance are significant. Bain & Co estimates that Governance Risk and Compliance (GRC) spend
accounts for 15-20% of “run the bank cost”, and 40% of “change the bank costs”.i Research published
by The Trade indicates that banks spent over $100 billion on regulatory compliance in 2016 alone and
this cost is rising.ii One of the key drivers of this rising cost is the volume of regulations. Over 50,000
regulations were published across the G20 between 2009 and 2012. Each week sees an average of 45
new regulatory related documents issued.iii It would be safe to assume this level of change is now the
‘new normal’ and business most therefore adjust how the address regulations in this context.
Monitoring, interpreting and complying with the current volume of regulations is a challenge, even
for the largest organisations. For smaller firms the costs and complexity may become prohibitive.
Hence, financial institutions are looking to leverage the power of digital technologies to help address
the problem of regulatory compliance.
Semantically-enabled, Regulatory Technology (RegTech) offers organisations the capabilities to
identify and understand the impacts of regulations, enable regulatory compliance change
management, manage regulatory and other risks, perform better data governance and regulatory
reporting, and produce better outcomes for consumers and other stakeholders. The benefits of this
approach to the digitalisation of regulatory compliance activities are greater efficiencies, reduced fines
and sanctions, and greatly reduced costs.
Regulators are also seeking to leverage the power of digital technologies to make the production and
consumption of regulations, the processing of financial and compliance reporting data, and the
supervision of financial institutions, more efficient and cost effective. As with the institutions they
supervise, regulators are faced with significant problems in terms of data governance and the costs
and technical difficulties of processing huge volumes of often ambiguous and inconsistent data. The
existence of different reporting taxonomies in and across regulatory agencies exacerbates such
problems. All of this leads to significant technological challenges related to processing burgeoning
data volumes, multiple bespoke statistical and reporting data collections, and the overarching issue of
data quality.
In November 2017, the Bank of England and the Financial Conduct Authority held the Model driven
machine executable regulatory reporting RegTech Sprint. The RegTech Sprint proved that a regulatory
requirement in the FCA Handbook could be transformed into a language that both human and
machines can understand and then used to execute a regulatory requirement, effectively pulling the
required data directly a firm’s data stores. The success of this endeavour led to three BoE-FCA-
sponsored roundtables, focusing on the Legal, Technology, and Governance Domains. The objective
of the RegTech Technology Roundtable is to demonstrate how regulations can be unpacked using
open-standards-based semantic technologies and how straight through processing of compliance
imperatives and regulatory compliance reports can be enabled. The implications of this break-
through in regulatory compliance reporting for the industry, and particularly Ireland, will be discussed.
Professor, Principal Investigator GRCTC
University College Cork
3
Technology Roundtable
Dialectic
Bracketed and informed by the two keynote
presentations, the roundtable consists of three
related panels: The first will discuss the
problems the industry faces, with perspectives
from regulators and industry practitioners; the
second will present and discuss the challenges
and solutions of straight through processing of
regulations from participants in the RegTech
Sprint; the third will discuss the implications of
the RegTech Sprint for the industry and
identify practical steps that will make model
driven machine readable and executable
regulatory reporting a reality. This discussion
will be framed by the FCA’s Call for Input: Using
technology to achieve smarter regulatory
reporting
(https://www.fca.org.uk/publication/call-for-
input/call-for-input-smarter-regulatory-
reporting.pdf)
Panel 1: The Problem
The following figure captures graphically the
current approach to regulatory compliance
and reporting. Note the information overload
problem, multiple communication paths,
information siloes, all of which results in
information loss and a lack of empirical fidelity
with regulatory intent and reporting needs.
Note also the continued existence of chiefly
manual curation of data for regulatory
reporting. However, the costs of all this are
significant, as was indicated in the Themes and
Objective section above.
Panellists will discuss these issues, which are
further illustrated in Figure 2. This figure
captures the reality of data governance,
management and processing in many financial
institutions. The figure recounts the problems
from a data perspective and makes it clear that
the industry has more problems than the
complexity of regulations to contend with, as
the complexity of business models, legal entity
structures, siloed firm structures and activities,
products, and market coverage, is reflected in
Figure 1 Information Overload, Complexity, Silos and Loss
4
the data infrastructures, which are often
chaotic and ungovernable.
Sample Discussion Questions
There are several general questions that arise
for discussion:
Are the scale of the problems and the
related costs of compliance
exaggerated?
How can we fix the Tower of Babel
problems of…Imprecise definition;
Language; Semantic ambiguity; Lack of
business context; Lack of stakeholder
perspective; Regulatory and business
concept complexity?
What can regulators do to ease the
burden on the industry?
Is the BoE/FCA approach exemplary at
a global level?
Does the financial industry need to
agree a standardised interpretation or
approach to specific regulatory/legal
terms or concepts?
How difficult is it to currently
understand the impacts of regulations
on functional activities, policies and
procedures?
How are firms managing the
regulatory compliance value chain,
from internal interpretation by legal
compliance, to understating the
changes to policies, operational
standards and controls?
How problematic is to identify changes
required to business processes,
activities, roles and responsibilities?
How are the attendant risks associated
with people, processes, products and
related risk models being addressed?
How difficult is the IT change to
regulatory requirements and related
data governance and analytics?
Where are the FinTech players in this
picture? How are they maintaining
Figure 2 How can Effective and Efficient Regulatory Reporting Become a Reality Here?
5
compliance and meeting their
reporting obligations?
What industry bodies will need to be
involved in solving these problems?
Will a digitised regulatory future
hinder or help compliance with
statutory objectives?
Will any of these initiatives create new
legal risks/liabilities for C-Suite, NEDs,
Compliance and Risk Officers, Firms,
Regulators or Supervisors?
How difficult is it for regulators to take
enforcement action given these
problems?
The Solution
In navigating what was a Labyrinthine problem
space, participants in the Bank of England/FCA
RegTech Sprint decided to adopt a Golden
Thread approach, which saw a critical path and
key actors being identified to achieve the
primary objective. Simply put, the objective
was to prove the conjecture that standards-
based, straight-through processing of
regulations was technically feasible and
practically possible. Please refer to Figure 1
below, which indicates the role RegTech can
play in automating regulatory compliance
reporting.
The FCA currently publishes its Handbook of
regulations in the W3C’s HTML/XML. Key
concepts are linked using Hypertext. However,
RegTech vendor RegDelta developed
taxonomies of regulatory topics using the
W3C’s Simple Knowledge Organisation System
(SKOS) and AI to semantically tag regulatory
provisions to indicate their scope and
application. SKOS is based on the W3C’s RDF,
or the Resource Description Framework, is one
of the three foundational Semantic Web
technologies, the other two being SPARQL and
the Web Ontology Language (OWL). RDF is the
data-modelling language for Semantic
Technologies. It captures the relationships
between concepts in triples, (e.g. investments
firm manufactures financial products). There
are several serializations of RDF, such as Turtle
(Terse RDF Triple Language, which is less
verbose and easier to use than RDF) and TriG.
This is an example of the straightforward
application of AI and semantic technologies to
help manage the volume and complexity of
regulations.
Just as Ariadne provided the thread for
Figure 3 Model Driven Machine Readable and Executable Regulation
6
Theseus to navigate the Minoan Labyrinth and
slay the Minotaur, so the SmaRT application,
with the help of Bank of England and FCA
Subject Matter Experts(SME), provided the
thread, in the form of vocabularies and rules to
software engineers from Hitachi Vantara,
Regnosys, and Lombard Risk so that they could
complete automate regulatory reporting tasks.
The SmaRT application was developed at
University College Cork, Ireland. SmaRT is a
standards-based RegTech application that
helps lawyers and legal subject matter experts
(SMEs) to unpack regulations into both human-
readable and machine-computable formats.
The core semantic technologies in SmaRT are
based on W3C and industry standard semantic
technologies. SmaRT applies the Semantics of
Business Vocabulary and Business Rules (SBVR)
standard proposed by Object Management
Group. SBVR enables business subject matter
experts to capture and express their
vocabularies and rules in a systematic way
according to the precepts of first-order
deontic-alethic logic. The output of SmaRT is
persisted in an RDF Knowledge Base.
The Golden Thread of the Sprint involved the
unpacking of the relevant provisions of the
FCA’s Handbook Sup 16.12 (Sup is short for
Supervision Reporting Requirements) along
with supplementary definitions supplied by
participants from the Bank of England, into
SmaRT’s vocabulary and rules in a human
readable format and persisting it in a machine
readable format in the SmaRT Regulatory
Knowledge Base in RDF. This knowledge was
then used by software engineers from Hitachi,
Regnosys, and Lombard Risk to map firm-
specific data concepts in the anonymised
customer account data supplied by Santander
to equivalent concepts in the Regulatory
Knowledge Base. The rules were also
expressed in an RDF graph, while SPARQL1
queries were created to extract compliant data
1 SPARQL, or the SPARQL Protocol and RDF Query
Language, is, as its name indicates, the query language for the Semantic Web and siloed and distributed networked systems. For example, SPARQL can be used to enable
on Retail Customer Accounts. A software
application was created to automate this
process. This was then used to extract the
required data, transform and load it and then
perform the required calculations and
populate relevant cells in the FSA 001 Balance
Sheet form for submission to the Bank of
England.
The major achievement in executing the Proof
of Concept (PoC) came when the rule
governing Customer Account reporting was
changed. Once the rule change was captured
in SmaRT and expressed in RDF, the software
application executed over the changed rule
and populated the appropriate fields in FSA
001 form with the required data. No change in
the software algorithm was required.
Referring back to Figure 1, ModelDrivers
(ModelDR) played a key role in Labyrinth
navigation through the Wiki, but of greater
significance was the creation by ModelDrivers
of ontological models that will help scale up
the findings and make Model Driven Machine
Readable and Executable Regulation a reality
in the Enterprise. During the Sprint ModelDR
was integrated with SmaRT in order to
demonstrate how SMEs could capture domain
knowledge (here on regulatory provisions) and
use this as an input to semantic models
expressed in OWL. Such models are currently
being built at great cost by major banks. The
ability to have business professionals
participate in this process is argued to make
this process more efficient and help address
the aforementioned translation problem.
Sample Discussion Questions
What were the role and importance of
industry standards in the success of
this initiative?
How can SKOS and NLP/Machine
Learning be used to tackle the volume
querying and integration of siloed financial and risk data for regulatory reporting and risk management. Using the SPARQL Inference Notation (SPIN) framework, rules can be graphed and executed.
7
and variety of regulations?
Was the Translation Problem evident
in the early stages of the Sprint?
How important was the OMG’s
Semantics of Business Vocabulary and
Business Rules (SBVR)?
What role did SmaRT play in the Sprint
to provide human and machine
readable vocabularies and rules?
Describe the steps taken to automate
the back-end automation process?
Were the underlying semantic
technologies (RDF/Turtle/SPARQL)
easy to learn and apply?
How steep was the learning curve
overall?
What are the key technical issues that
will need to be addressed to scale up
the process to an enterprise-wide
solution beyond a mere PoC?
How important will the role of
ontologies be in providing semantic
meta-data models going forward?
How can we use existing technologies
to help capture legal/compliance and
business SMEs to participate in the
complex process of building semantic
models such as ontologies?
The Future
The Bank of England the FCA intend to build on
the success of this initiative in the coming year
in order to scale up the findings of this RegTech
Sprint. However, the FCA is already taking
active steps to make its Handbook more
machine readable not only through semantic
tagging, but also by semantic disambiguation
using SmaRT-SBVR vocabularies and rules and
the expression of these in XML/RDF. The use of
LegalDocML is also being considered. Figure 3
below provides the backdrop for this panel. It
is a model of the art of the possible; it is
technically feasible and practically possible.
Furthermore, as the RegTech Sprint and the
RegTech Council have both demonstrated, the
will among key players in the financial
ecosystem is there to make it a reality, though
a collaborative effort.
The key component in the above architecture
are populated knowledge bases—Regulatory,
Legal and Business. Laws and Regulations
expressed as vocabularies and rules and
persisted in knowledge bases that can be
linked seamlessly to other knowledge bases
are the sine qua non for all this to work. It
would be ideal for legislators, regulators and
Figure 4 Model Driven Human Readable and Machine Executable Regulatory Reporting
8
lawyers to work together towards this
objective, but if that’s not possible, then legal
firms could put their own knowledge
management houses in order, make the
transition to the digital age, and create new
business opportunities though knowledge
bases that are both human and machine
readable. Failing that, the solution could be
mutualised across the major GSIBs.
Nevertheless, what you see here in
comparison with Figure 1 is the seamless
sharing of information and all working from the
same page in the regulatory compliance hymn
sheet. This is made possible through the
mapping of regulatory rules and vocabularies
into business rules and vocabularies in, for
examples, business polices, operational
standards, and controls. Of course, these are
also mappable to business activities, products
and services. From information systems
perspective, semantic meta-data can be easily
captured in machine readable ontologies that
have range of exciting uses, from the target
problem space of regulatory reporting, but also
to underpin AI and related Machine Learning
technologies, predictive data analytics, and, of
course, most fundamentally of all, data
governance and also data virtualisation across
heterogeneous data silos.
Sample Discussion Questions
How does this innovation make the
business of complying with reporting
requirements simpler?
Will this drive efficiencies by closing
the gap between the intention of
regulatory requirements and the
subsequent interpretation and
implementation within firms?
Are Semantic technologies, Artificial
Intelligence and Machine Learning the
key to this?
Explain how this approach simplifies
and assists firms in: Governing,
managing and exploiting their data;
Supporting better decision-making;
and Suspicious activity detection?
What will be its impact on data
analytics technology, real-time
compliance monitoring and trade
surveillance systems?
Will this approach permits regulation
and compliance processes to be
delivered differently and more
efficiently? How?
What roles will Distributed Ledger
Technologies (Block Chain) and Robo-
style automated compliance systems
play?
Will legislators need to produce truly
“digital” versions (e.g. LegalDocML) of
future financial regulation and law?
Will the digitisation of financial
regulation “push” into other areas of
law and/or regulated sectors?
What impact, if any, will this have for
firms/industries globally?
Will this change the nature and role of
regulatory/supervisory bodies? What
will their future look like?
9
Appendix
The Semantics of Business Vocabulary and
Business Rules (SBVR) was proposed by the
Object Management Group as a specification
to enable business people capture
vocabularies and rules. It is related to and can
be enriched by the core technologies in the
W3C Semantic Stack. At the bottom of the
stack is the Uniform Resource
Identifier/International Resource Identifier
(URI, IRI in Unicode), which is a string of
characters used to identify data resources as
diverse as interest rates, regulatory provisions,
and so on, in a network and to dynamically link
to them. Up from this is XML — the Extensible
Markup Language — which defines a set of
rules for structuring data and documents in a
human-readable and machine-readable
format — this is used for regulatory reporting
using XBRL taxonomies. The upper layers of the
stack are built on top of XML. For example,
RDF, or the Resource Description Framework,
is one of the three foundational Semantic Web
technologies, the other two being SPARQL and
the Web Ontology Language (OWL). RDF is the
data-modelling language for Semantic
Technologies. It captures the relationships
between concepts in triples, (e.g. investments
firm manufactures financial products). There
are several serializations of RDF, such as Turtle
(Terse RDF Triple Language, which is less
verbose and easier to use than RDF) and TriG.
Many organisations employ JavaScript Object
Notation (JSON) as for data-interchange. The
W3C’s JSON-LD is builds on the RDF syntax and
a JSON-LD document is both an RDF and a JSON
document. It therefore represents an instance
of an RDF data model. This is important as it
demonstrates the power and flexibility of such
standards. RDF Schema (RDF-S) can be used to
define classes, properties and relationships
between these concepts. OWL, or the Web
Ontology Language, is one step up in
expressivity. It is essentially a knowledge
representation language that adds semantics
to RDF, e.g. defines what an investment firm is,
what product manufacturing involves etc., so
that a machine can read and reason over such
statements. Significantly, RDFS and OWL
enable axiomatic definitions of data structures.
SWRL is the Semantic Web Rule Language that
is used to express rules and logic statements,
e.g. regulations governing product
manufacture. SPARQL, or the SPARQL Protocol
and RDF Query Language, is, as its name
indicates, the query language for the Semantic
Web and siloed and distributed networked
systems. For example, SPARQL can be used to
enable querying and integration of siloed
financial and risk data for regulatory reporting
and risk management. Using the SPARQL
Inference Notation (SPIN) framework, rules
can be graphed and executed. SKOS or the
Simple Knowledge Organization System
applies RDF to describe business taxonomies as
concept hierarchies and vocabularies.
i Memminger, M., Baxter, M. and Lin, E. (2016) ‘Banking Regtechs to the Rescue? http://www.bain.com/publications/articles/banking-
regtechs-to-the-rescue.aspx, (accessed 25th Oct, 2017). ii McDowell, H. (2017) ‘Banks spent close to $100 billion on compliance last year,’ https://www.thetradenews.com/Sell-side/Banks-spent-
close-to-$100-billion-on-compliance-last-year/, (accessed 25th Oct, 2017). iii JWG (2017) RegDelta: Part of our MiFID II solution, https://jwg-it.eu/insight/mifid-programme-planner/ (accessed 25th Oct, 2017).