Go Back

Is #SupTech the new black?


In the last couple of years, #RegTech is on the rise. Whereas most #FinTech companies, founded after the financial crisis of 2008, were somehow in competition with the banks, RegTech switched towards a full collaboration with the banking sector. Providing a helping “technology” hand for solving predominately regulatory-related challenges. It takes 2 to tango, but I’m wondering doesn’t it take 3 to execute the perfect dance? What’s the role of the supervisor? And how do I see this evolving over time? What is #SupTech? Let’s discover together!


Since that same crisis, it was the regulator that took responsibility to reform the banking industry. The aim was to improve the resilience of individual banks reduce the risk of financial institutions failing, protect the financial system as a whole eliminate potential impact on the global economy and protect the general public from paying again for another potential banking crisis. Let’s make an overview of some of the actions that were taken by the regulator.

  • In Europe, the European Central Bank (ECB) installed several new institutions such as the European Stability Mechanism (ESM) to provide assistance to euro area countries with severe financial issues and the European System of Financial Supervision including the European Banking Authority (EBA) which provides harmonized prudential rules for financial institutions in the EU, to name a few.
  • In 2014 the ECB became the European banking supervisor with the introduction of the Single Supervisory Mechanism (SSM). The ECB describes its role on its website: As an independent EU institution, the ECB oversees banking supervision from a European perspective by:
    • establishing a common approach to day-to-day supervision
    • taking harmonized supervisory actions and corrective measures
    • ensuring the consistent application of regulations and supervisory policies

The ECB, in cooperation with the national supervisors, is responsible for ensuring European banking supervision is effective and consistent.

  • In the past, we had micro-prudential supervision, which aims to avoid problems at the bank-level and to be the lender of last resort, whereas the local central bank would provide liquidity support to local financial institutions when needed. Now we have added a macro-prudential supervision level by the local central banks responsible for the stability of the financial system and avoiding systemic crises. And we have the bank recovery and resolution directive (BRRD) which was adopted in 2014. The directive requires banks to prepare recovery plans to overcome financial distress. It also grants national authorities powers to ensure an orderly resolution of failing banks with minimal costs for taxpayers on top of the depository guarantee scheme.

The above examples show a clear shift from a single responsibility of banks against their customers towards a more collective responsibility of the financial market. Simply said, it’s no longer about your own garden, but there is a shared responsibility for your complete street to look good without losing responsibility for your own garden. From local to global, resulting in a glocal focus. 2 chapters in the #RegTechBlackBook have been dedicated to the glocal phenomena, comparing Singapore (MAS) with London (FCA) and a more helicopter view on the difference between US and EU regulations over the years.

Will the  3 Lines of Defense Model Survive the Future?

Lately, I have been wondering more and more if we are reaching the limits of the 3 lines of defense (3LOD) principle and potentially need a similar overhaul as described above?

Before I give some examples, just a quick reminder about the good old 3LOD.

  • First Line is the business (management) responsible to own and managing risks. They are also responsible for implementing corrective actions to address process and control deficiencies. The management is personally responsible.
  • The second Line includes risk management and compliance function. Risk implements risk management best practices and assists the first line; Compliance monitors the risk to be noncompliance with applicable laws and regulations. Compliance officers report directly to the first-line and also the regulator.
  • The third Line is internal audit, which provides independent and objective assurance on the robustness of the risk management framework and the functioning of internal controls.

Let me walk you through 3 examples that illustrate my thinking process and provide some food for thought for you too. Before we draw any conclusions.

  • A few months ago, I met a global head of AML of an international tier1 bank. The person proudly spoke about his mission to find the best AI provider to support his team in the complex task of fighting and detecting financial crime. I’d like to zoom into one particular example where an investigation led to a meaningful outcome. A cluster of data suggested strongly that an AML scheme had been detected. When the second line proudly presented this to the first line, they were pleased yet puzzled. The first line wanted to mitigate and/or control the risk, but the outcome was too vague to pinpoint the issue. So, not knowing what to do, the regulator was asked for advice. The answer received was no different than usual: you know the rules of the game and you are responsible to adhere to them with due care.

This situation is not wrong, but it made me think that data could be shared amongst different banks at the level of the regulator? There would be a higher likelihood that suspicious data findings would be more refined. A bigger and richer data set will likely give a better result.

  • There are tons of initiatives around KYC and startups popping up like mushrooms in this domain. In Belgium alone, there are several projects and collaborations between banks to create a common register covering relevant data for companies (e.g. UBO, authorized signatures, legal structure…). Please do not get me wrong, I am a supporter of these initiatives to centralize data and make it available for data consumption. But at the same time, I am following the steps of the Monetary Authorities of Singapore (MAS) closely. They are stepping up and leading a national initiative to centralize the KYC registry for Singapore. I am looking forward to meeting them during the upcoming Singapore FinTech Festival in November.
  • The last example where I see the role of the regulator expanding is cryptocurrencies. In several countries, there are advanced discussions about introducing stable coins. Central banks are exploring the possibility and necessity to launch a nation’s crypto equivalent to the traditional currency.  Stimulated by Libra or not, is not the question here. Again, this is an example where regulation can ignite financial innovation.

Lately, I have been wondering more and more if we are reaching the limits of the 3 lines of defense (3LOD) principle

With the above exampled and the notion that the regulator sits on tons of data, I believe there is huge potential to lead our financial industry into the next wave of innovation. And in my opinion, the regulator can play a major role in this. When the Dutch regulator approved certain cloud providers as legitimate alternatives for traditional, expensive to maintain, legacy, and on-premise core banking platforms, innovation flourishes. The new era of #SupTech is lurking around the corner. A new time, where our regulators will benefit from new technologies to make firm decisions, and recommendations and potentially take onboard new responsibilities. The latter may impact the 3LOD model as currently, responsibility is sole with the financial institution guided by the rules and regulations set by the supervisor.

Conclusion: #Suptech, the New Black?

The Bank of International Settlements (BIS) published a paper in July 2018, providing an early definition of SupTech: “Supervisory technology is the use of innovative technology by supervisory agencies to support supervision. It helps supervisory agencies to digitize reporting and regulatory processes, resulting in more efficient and proactive monitoring of risk and compliance at financial institutions. A number of supervisory agencies are already using innovative ways to effectively implement a risk-based approach to supervision. Now, technological progress, as well as data availability, offers the potential to radically improve existing supervisory tools or develop better ones through SupTech applications.”

I see opportunities in a horizontal and vertical collaboration between financial institutions and regulators. And the journey has just started, with early signs of change in various markets and regions globally. But I also observe often a lack of insight and understanding by supervisors from the new world we are living in. There are still individuals at both incumbents and regulators that are not yet surfing the new-school wave. This is no blame nor a pointing finger, but rather an invitation to meet, greet and learn from #FinTech and #RegTech companies. Get out and learn your tech. Open up for collaboration and enjoy the process, you will be amazed.

#SupTech is the new black, I see a huge potential to make faster progress and bring more clarity to our common mission to make our financial future proof. I am realistic that the reality is far more complex than perhaps the provocative black and white approach I took in this blog. But let’s focus and combine forces between incumbents, regulators, and fintech’s to create a risk-controlled, sustainable and inclusive banking industry.  It is about making the world a better place and in my humble opinion this can only be done in #fullcollaborationmode.

This is what motivates me to keep on going every day working for a startup with an ambition to bring financial inclusion to the asset management industry and sparks my ongoing passion for #RegTech. Let’s collaborate!


Follow Us

Subscribe to Shield’s Newsletter

Capture everything. Deploy anywhere. Store in one place.