Skip to main content
Perspective:
Perspective
07 Mar 2022
5 minute read

Where regulatory supervision meets big data

Katharine Goulstone
Adam Barringer

Meet our authors

Katharine Goulstone

Deloitte - Australia
Katharine is a Partner in Deloitte’s Risk Advisory practice and focuses on supporting the firms Banking and Wealth clients who are responding to or undergoing regulatory inquiry. Katharine has been at the forefront of large scale regulatory change in financial services for 20 years. Katharine’s regulatory expertise is drawn from experience as a regulator and having worked on and led a number of high profile regulatory enforcement engagements, large and complex remediation programmes and regulatory assurance. With additional expertise in regulatory technologies, Katharine has been closely involved in the regulatory and commercial application of artificial intelligence and machine learning. This enables her to provide the critical guidance that helps organisations to bring these technologies to life, while also achieving a balance between data insights and human skill.
View Profile

As regulators across financial services continue to develop capability in big data, machine learning and predictive analytics to bolster surveillance and enforcement activity, there is a distinct contrast between organisations who have invested in a journey of growth, and those who have not started the journey soon enough.

Regulators are building capability in big data, machine learning and predictive analytics. 

Intelligence is at the heart of every regulatory toolkit. Regulators are on a journey to modernise methods of bringing together sector intelligence that produces sophisticated insights into consumer harm, regulatory failure and meet contemporary expectations of regulatory performance.

Across financial services, we are seeing regulators prioritise the development of internal capabilities in big data, machine learning and predictive analytics, signalling data sets they have or will soon commence collecting on demand.

Financial services organisations have faced regulators’ compulsory information-gathering powers before.  However, this process has historically allowed for (careful and often legal) human extraction and review.   Until now, there has been limited opportunity for regulators to overlay information provided under specific enquiry to a universe of regulatory intelligence.

The Financial Regulatory Assessment Authority (FRAA) will soon be undertaking its first review into the capability and effectiveness of both the Australian Securities and Investments Commission (ASIC) and The Australian Prudential Regulation Authority (APRA). A key focus of the FRAA will be to consider regulatory surveillance capability, including the use of data and technology to effectively and efficiently deliver on regulatory mandate. Whilst it is clear that regulators have committed to enhancing their data and technology capabilities, there are also some indicators of how far along this journey they are.

ASIC has signalled to industry they are currently exploring mandatory recurrent data collection in relation to mortgages and managed funds flow to detect emerging risk. ASIC is also piloting new internal dispute resolution (IDR) reporting documents in response to the upcoming implementation of Government’s mandatory IDR reporting framework. Organisations need to have in place adequate complaints processes that not only comply with regulatory obligations but deliver on the regulatory intent of understanding complaint data and facilitating appropriate customer outcomes.   This can only be achieved by leveraging organisational intelligence to identify and manage risk.

APRA has commenced retrieving select data on demand through their portal for reporting entities which is used for prudential supervision, statistical publications and shared with partner agencies. The data allows APRA to industry benchmark as well as understand an organisation’s financial position, key financial performance metrics, fees and expenses.  The APRA portal continues to be enhanced.

Financial Services organisations that have taken structured and measured steps to understand and utilise data are able to better understand and navigate the complexity of customer behaviour, risk insight and regulatory reporting.

These steps may include:

  • Leveraging the learnings and investments made in regulatory response efforts and other historical risk management approaches. Recent regulatory programs have required some organisations to collate and ingest vast amounts of structured and unstructured data (including voice) to identify conduct issues, creating valuable data assets, models and platforms. Whilst disparate in their nature, the ability to centralise and embed these in current day processes is an accelerator.
  • Developing a measured and structured enterprise-wide Data Strategy, which considers:

            Capability – organising, connecting capability from across the             organisation

            Data – centralised data management, governance and access

            Priorities - Focussing on what must go right in terms of risk             management and regulatory reporting, and what data is essential to             these causes.

  • The safe trial, testing and implementation of technology accelerators. For example, advancements in cloud engineering and data science have drastically reduced barriers in interrogating unstructured data 
  • Artificial Intelligence and Machine Learning techniques that support the ingestion, collation and analysis of disparate data sets. Whilst there are risks in the early adoption of these techniques, AI-driven solutions can become highly effective in learning from the past and focusing risk management efforts into areas of current and emerging risk.

We continue to see industry uplift in capability to meet the new Breach Reporting Reforms with better practice including additional steps to draw deep insights from that data and translate into operational efficiencies and better customer outcomes.

Review and simplification of antiquated legacy systems and processes continues across the sector. Simplification projects improve cost and efficiency through the consolidation of multiple data sets and mitigate human error through automation. Simplification of process rewards organisations with the ability to allocate human resources to high value tasks.

Ultimately, data can be a risk management accelerator, critical to detecting and addressing harm that prevents regulatory intervention. Organisations further along this maturity journey have infrastructure in place to overlay multiple data sets and propel the value of that data from being merely a reporting or regulatory compliance capability to a commercial tool that delivers significant risk management outcomes.

2022 marks the close of a significant number of enforcement actions developed in response to the Hayne Royal Commission, and with it several of the large regulatory and remediation programs will conclude.  For many financial services organisations, 2022 will be the first opportunity to focus regulatory spend on activities that buy-down risk and embark on the development of forward-looking data-led surveillance and monitoring capabilities.

The shift to regulatory access of organisational data on demand is a game changer. Organisations need to have a deep understanding of their data and comfort that processes not only meet regulatory requirements – but that the outcomes of that process deliver on regulatory intent.

The perpetual cycle of regulatory systems and process remediation has proven cost ineffective, distracting and in many instances, resulted in minimal risk buy-down. In this new era of regulation, organisations that have elected to start the journey in a wholistic and forward-looking approach to data monitoring capabilities will be rewarded with not just a single compliance outcome but the ability to avoid the next tranche of regulatory programs and benefit from significant commercial and customer outcomes.

Those yet to commence a journey of monitoring capability build are confronted with the potential for a regulator to have greater insight to risks and harms within their organisation.

Key questions for your executive 
  1. Who is responsible for the development of ongoing monitoring capability in your organisation?  Do organisational stakeholders include leaders in Customer, Risk and Data?
  2. Is your regulatory spend resulting in a deeper understanding of your organisation, its customers and driving commercial outcomes?
  3. Is your organisation starting the journey, or still sitting on the start line?  
Want to know more

Deloitte runs client information sessions regularly on the changing regulatory environment and brings peer groups together to share insights and emerging practice. In April, we will be running sessions across the financial services sector in relation to emerging practices and issues post implementation of the breach reporting reforms which commenced in October 2021.

If you would like to attend one of those sessions, please contact us through our details below.

Recommended for you

FAR (is) OUT

After a long wait, FAR is here! To be precise, Treasury has released the Exposure
Draft Legislation (“ED”) (together with the Draft Explanatory Materials,
Information Paper on Joint Administration, and Policy Proposal Paper on
Prescribed Responsibilities and Positions). Key points to note are summarised
below.
Perspective
15 minute read
Blog

Draft RG 38 on anti-hawking has landed

Read more about ASIC’s proposed updates to its guidance on the prohibition on the hawking of financial products (‘RG 38’).
Perspective
5 minute read
Blog

Engaging retirees on the journey to manage retirement risks

One thing is clear, retirement has become a central part of the conversation about the future of superannuation and member needs.  
Perspective
10 minute read
Blog

Design and Distribution Obligations (DDO): Third-Party Distribution

As organisations navigate through the final stages of DDO preparation
before go-live on 5 October 2021, defining the approach to third-party
distribution has proven to be a challenge for issuers of financial products.
Perspective
5 minute read
Blog