July 13, 2022 | Ali Abbas
Estimated reading time: 6 minutes
FSB calls for crypto supervision: 4 steps for keeping up with regulatory change
The Bank of England has recently dubbed the state of the current crypto market as the “crypto winter”, with Bitcoin losing 70% of its value since November 2021 and with increasingly turbulent markets showing little sign of recovery.
It is against this backdrop, as well as warnings from the European Central Bank about the instability of crypto, that the Financial Stability Board (FSB) has published a statement on the international regulation for the supervision of crypto-assets.
The FSB, which is responsible for promoting global financial stability, has warned that cryptocurrency and the volatility of such markets may start to have “spill-over effects on important parts of traditional finance”.
Stablecoins have been identified as the element of crypto that pose the most risk, with the FSB noting that, as they enter the mainstream of the financial system and are used as a means of payment they “could pose significant risks to financial stability in the absence of adequate regulation”. It is likely, therefore, that the FSB will make stablecoins their initial focus – as predicted in our latest Industry Data Report.
With that in mind, the FSB is working to “ensure that crypto assets are subject to robust regulation and supervision” and will look to publish crypto-related regulation in October 2022.
How can organizations manage the pace of change?
The FSB’s announcement is the latest in an unabating stream of regulatory developments and issuance for cryptocurrency. While the ultimate goal is to offer clarity and protection in the crypto markets, the volume of non-standardized regulatory obligations being published will likely mean more complexity for the compliance team. So how can they effectively keep on top of regulatory change?
Many will remember initial processes for regulatory change management, which were often rooted in manual efforts and layers of teamwork to prevent gaps from appearing. Traditionally, regulatory change teams were appointed to capture change, read it, understand it, and establish whether it was relevant to their business. Over time, these processes have been found by regulators to be inadequate or operationally ineffective.
Regulatory technology (RegTech) is now seen as the only effective means to ensure watertight regulatory change management that meets the increasing demands and expectations of global regulators.
The key components of regulatory change management
At a minimum, firms will need to do three things in order to keep up with the pace of regulatory change (as well as the increasing demands of global regulators):
- Know your regulations
- Implement processes, procedures and controls that address regulatory concerns and meet regulatory obligations
- Invest in technology that can keep up
A good regulatory change management strategy, when broken down, is made up of four key components:
1. Anticipating, capturing and tracking regulatory change at source
Changes to regulation in finance are announced by national and global bodies pre-emptively; meaning they give you a set time frame to implement the necessary changes. At a very rudimentary level, firms can find out about regulatory updates by trawling the websites of the regulators that govern their business.
While this process seems simple in the abstract, in practice it is time consuming. CUBE found that in 6 months alone, the UK saw 5,460 regulatory insights published – in America it was 32,737 – and in China it was 13,516. In the cryptocurrency space, CUBE has found over 3,000 global regulations with which firms must adhere. It’s hard to imagine a scenario in which manual processes alone could manage this volume of regulatory change. Especially if you then consider that many financial institutions are obliged to meet cross-border regulatory expectations.
2. Determining the impact of any change on your existing company obligations
When considering regulatory obligations, you should have a number of supporting frameworks in place already. For example, the Know Your Customer (KYC) schema or Personally Identifiable Information (PII) both ensure that you are compliant in verifying the identities of your customers. AML regulations also commonly apply across the gamut of cryptocurrency. Of course, each separate area of regulation must have its own systems and as crypto becomes a more developed regulatory topic, associated frameworks will apply. For cryptocurrency firms, the KYC obligations are emerging and – given recent legal judgments in the UK – it is likely that such obligations will become more stringent in time.
3. Updating any relevant controls and policies across your company to meet the change
Updating existing frameworks to fit new regulations requires critical thinking – this is where compliance and legal teams add real value. For the purpose of audits, you’ll need a robust paper trail to document how regulatory change has been implemented across the business, with clear information about:
- What changes are being suggested
- Who is responsible for implementing them
- Why you’ve chosen one route over the other
Regulators can be critical of manual record keeping and will want to see that firms have clear, auditable trails that can easily be pulled into reports – often at short notice.
4. Implementing the business changes in order to comply
Finally, it’s time to implement a company-wide change in procedure. Taking ownership is important during this stage as it can be complicated and avoiding mistakes is key. Many financial regulators have issued regulations to hold individuals to account for their specific roles and responsibilities. While you’re obligated to take note of external prudential regulation, monitoring internal adherence is also important.
Managing regulatory change with RegTech and Automated Regulatory Intelligence
While steps 3 and 4 above require a level of critical thinking and manual process, steps 1 and 2 are difficult (if not impossible) to manage without technology.
As RegTech evolves, we now see an uptick in the use of Automated Regulatory Intelligence (ARI) in change management programs. ARI is a cloud-based, SaaS product that takes the end-to-end regulatory change management journey and intelligently automates it.
‘Intelligent automation’ is essentially automation layered with artificial intelligence – including machine learning, natural language processing, robotic processing automation – to provide regulatory intelligence. So, as well as automated processes, businesses receive deep insights about regulatory change down to a granular level. Through a two-way API, RegTechs such as CUBE can deliver ARI in a way that seamlessly integrates with existing systems and processes.
ARI not only tracks, captures, and monitors regulatory change, but the technology behind it is also able to intelligently make sense of that regulatory change to suit individual business profiles and preferences. More than that, it can make inferences and intelligently link regulatory changes across different books and regulators – to spot trends and make predictions rooted in data. It can then map regulatory change to a business’s policies and controls.
The benefits of Automated Regulatory Intelligence
Automated Regulatory Intelligence carries myriad benefits for financial institutions. It is a leveling up of traditional RegTech, which empowers financial organizations to make intelligent decisions about regulatory change. The 5 key benefits of ARI for regulatory change are:
- Speed: deliver regulatory change in seconds, not days or weeks.
- Efficiency: free up highly qualified individuals from manual tasks, empowering them to manage critical thinking led operations and analysis.
- Consolidate tools and processes: RegTech and ARI allows firms to manage the end-to-end regulatory change journey in one place; from automatically capturing the change and red lining where that change happened, to tools to manage the implementation process with inbuilt workflows, dashboards, and real-time alerts.
- Mitigate risk: ARI removes human error and gives firms peace of mind that they have captured every relevant regulation and can present watertight audit trails to document their regulatory change implementation.
- Reduced compliance costs: ARI removes the need to outsource compliance to costly third parties, as well as reducing the risk of receiving regulatory fines, which can hurt your wallet as well as your reputation.
If you’re struggling to keep up with the pace of regulatory change for cryptocurrency and would like to know more about Automated Regulatory Intelligence, speak to CUBE.