Mitigating tech risks a focus for 2019

Many believe that technologies such as artificial intelligence, robotic process automation and blockchain have a role to play in combating financial crime in the future, but new technologies also bring with them new ways of committing offences that regulators in the Asia-Pacific (APAC) region will need to mitigate, according to a new Deloitte report.

On the one hand, advances in technology are allowing financial services firms to fine-tune their fraud mitigation strategies and identify new approaches to preventing financial crime. AI, for example, is being used by organisations such as Mastercard and BAE for more granular fraud scoring and real-time intervention.

On the other hand, new types of crime are also emerging with new technologies, such as cyber-enabled identity fraud, illegal money transmission, and data ransom.

As Deloitte’s report, Asia-Pacific Financial Services Regulatory Outlook 2019: Trust, Technology, and Transformation, states, technology is “both a boon and a burden” to APAC regulators.

The accountancy firm believes a key area of focus for regulators in 2019 will be assessing, identifying, and mitigating the inherent risks associated with the introduction of nascent technologies.

“Embedding good governance and conduct outcomes must equally apply to legacy and innovative products, services and business models,” Deloitte’s report states.

“Asia-Pacific is a region that is embracing technological change and regulators in the region are keen to create an environment that promotes economic development based on new technologies.”

While the approaches that regulators take will differ from country to country, some commonalities include: the goal of creating a regulatory environment that provides a level playing field for all financial sector participants; the ambition to digitise financial services to make them more accessible to underserved segments of communities, such as those based in regional, remote, and rural areas; and the expectation that systemic risks will be managed and good customer outcomes will be achieved.

The issue of financial inclusion has been on the radar of Australia regulators, with the new mandatory comprehensive credit reporting (CCR) regime expected to play a positive role in this area. Under the regime, lenders are required to report positive credit information, such as when minimum payments on a credit card, mortgage or personal loan are being made on time.

It is believed that CCR will allow all participating lenders, including non-banks and fintechs, to better assess the risk status of a loan applicant, and that Australians with blemishes on their credit report would not necessarily have to be disadvantaged due to past financial hardships.

For Malaysian regulators, financial inclusion is a “specific, desired outcome” of introducing digital financial services.

As Bank Negara Malaysia (BNM) deputy governor, Puan Jessica Chew Cheng Lian, has said: “With a little ingenuity, digital finance can unlock new growth opportunities that were previously deemed to be not commercially viable.

“Through the vastly expanded network of access points at a fraction of the cost involved to set up a branch, over 30,000 individuals who did not have bank accounts before now have access to banking services through agent banks.”

The BNM also employed a “co-opetition” approach, according to the Deloitte report, allowing banks and non-banks to compete at service levels while sharing the underlying payments infrastructure.

Meanwhile, South Korea’s Financial Services Commission has also formulated a roadmap to promote innovation in the country, for example, via the creation of a “regulatory sandbox” in which innovators can test new solutions and business models currently constrained by certain regulations. 

Japan’s Financial Services Agency similarly has a strategy in place, the Financial Digitisation Strategy, that involves the accumulation and application of data, establishment of consumer protections, provision of financial literacy, and digitisation of financial infrastructure, among others.

While APAC regulators have a role to play in ensuring new financial products are safe for customers, they acknowledge that financial institutions are ultimately in the “frontline”, according to Deloitte.

The accountancy firm cited Craman Chu, executive director of enforcement and AML at the Hong Kong Monetary Authority, who said: “Banks and financial institutions are not law enforcement, but they are nevertheless playing a frontline role in anti-money laundering regime since their data, technology and know-how has the opportunity like never before to detect and disrupt criminal activity.”

To ensure organisations are equipped to combat technology-enabled crime, the Australian Prudential Regulation Authority in November published the final version of its cross-industry prudential standard, CPS 234, focused on the management of information security at regulated entities, the creation of which was prompted by the “accelerating threat of cyber attacks”.

[Related: Regulators to focus on misconduct in 2019]