HKCSView: The answer to the upcoming regulatory data storm

HKCS View: The answer to the upcoming regulatory data storm A few months back I commented on the EU’s General Data Protection Regulation (GDPR) which will come into force in May 2018. This is not the only piece of regulatory compliance coming down the line that will affect companies in Hong Kong, in particular the financial sector.

I mentioned in the headline a ‘data storm’ so I had better outline what I mean. More data has been created in the past two years than in the entire previous history of the human race. Every day 2.5 quintillion bytes of data are created. By the year 2020, about 1.7 megabytes of new information will be created every second for every human being on the planet.

According to Gartner, over 1.4 billion smart phones were sold in 2016- all packed with cameras and sensors capable of collecting all kinds of data; think QR codes; NFC, etc. A vast amount of this data will flow across corporate networks and will be subject to a myriad of regulations for privacy, security and reporting. This is the data storm—the perfect storm.

Regulators in Hong Kong

As an example to focus on a key industry in Hong Kong; the financial services sector, which has always been well regulated by the HKMA and SFC and since June this year, the independent Insurance Authority. A key role of these bodies is regulatory compliance. 

It is no exaggeration to say that there have been significant – and costly – failures in banking compliance since 2008. Banks globally have paid US$321 billion in fines for an abundance of regulatory failings from money laundering to market manipulation, sanctions busting and terrorist financing, according to data from the Boston Consulting Group (BCG). BCG also cites an average of 200 regulatory revisions per day need to be monitored by a global financial institution.

New ones that are coming into force include:

In addition to the above, according to a recent survey by Vanson Bourne, 76% of banking IT and risk professionals believe they face serious challenges to become compliant with the GDPR this year. The rise of fintech is also generating a new set of regulations.

Regtech as the answers

The answer all the questions about dealing with the regulatory data storm is regtech—the developing and adopting regulation technology. I recently spoke on what regtech means at the Asian Development Bank’s ABAC APFF financial technology workshop in Manila.

Regtech solutions can help address a number of compliance and regulatory issues, including: risk data aggregation; modeling, scenario analysis and forecasting; monitoring payment transactions; identifying clients and legal persons; monitoring internal culture and behavior within regulated institutions; and, trading in financial markets.

Among these solutions they take advantage of technologies like machine learning (ML), robotics, artificial intelligence (AI), cryptography, biometrics, distributed ledger technology (blockchain), APIs, shared utility functions and cloud applications. Predictive analytics using AI and ML to sort through unstructured data will be the holy grail of regtech.

Regtech enables regulators to look not only the past, but also at the present to model predictions for the future. Data was traditionally protected by PKI signatures, before the new set of storm-like regulatory requirements. To scale and speed up to the levels required, some regtech solutions are bringing authentication using the Keyless Signature Infrastructure (KSI)  to ensure no tampering of data at source or in transit.

Regtech changing IT jobs

Jobs will always change with technology development. We no longer have telephone switchboard operators, inflight engineers on passenger aeroplanes or people in elevators to push buttons.  Last year, an 18-wheel truck delivered its cargo over a 125 mile highway trip in the US. All normal, everyday stuff - except there was no driver.

To embrace regtech, new jobs will also be created in IT, mostly at the expense of human compliance jobs in the FSI sector.

In conclusion, Hong Kong’s financial services companies need to embrace change in order to deal with increased reporting and oversight. This means a greater emphasis on compliance technology, rather than people. Those in mid-to-low level compliance jobs had better improve their IT skills if they want to survive and thrive in the brave new world of regtech enabled regulation. 

Michael Mudd is a member of the FinTech, Policy and Cloud computing SIG’s of the Hong Kong Computer Society. He is also managing partner of Asia Policy Partners LLC, an independent consultancy specializing in technology policy for security, privacy and trade related business. He may be reached at