Course on Suptech and Regtech

Day 1

The first day began with an introduction on the Suptech and Regtech landscape. After an overview on the FNA tools it was reviewed the concepts of Fintech, Techfin, Regtech and Suptech. The last two regards to the set of technologies that support the central banks for compliance and regulatory requirements for regulated entities as well as their monitoring. It was underlined that currently all global financial authorities have explicit Suptech strategies in place or under development. This takes places within a landscape where central banks have access to a vast amount of data which is needed to be analyzed in order to make sense out of it for effective macro-prudential and micro-prudential activities. In this session, it was also presented the goals of Suptech, including the reduction of the burden on regulated entities, the improvement of monitoring and risk management, and the implementation of a more effective and better allocation of resources. It was also mentioned the components of a successful Suptech strategy, including access and creation to quality data across organization(s) and the availability of skilled personnel (data science and technologies). The session ended with a broad list of examples of Regtech and Suptech applications.

The next session was devoted to introduce central clearing and payment systems. First it was given an overview on the Financial Market Infrastructures (FMIs) starting with the Central Counterparties (CCPs) which are entities in charge of clearing and settlement of financial assets transactions. CCPs relies on the netting and collateral to conduct risk management. Then it was mentioned the particular case of a derivatives CCP and the risks that such a system could pose. On the payment systems’ side, it was mentioned that they provide clearing and settlement for many goods and services markets rather than financial markets. The focus on payments were made to real-time gross settlement systems and deferred net settlement systems. Next, it was reviewed the bilateral and multilateral netting and the financial stability challenges that a CCP have to address. The session concluded with a presentation of two different methodologies for risk management of a CCP. The first methodology quantifies the amount of residual risk exposures by the participants setting a coverage level. The second proposes a new collateral system CoMargin that enhances the stability and resiliency of CCPs by accounting for the interdependence of market participants.

The last session of the day was devoted to give an introduction on financial networks applications for central banks. First, it was reviewed the basic concepts of network analysis, including the different types of networks (directed, non-directed, weighted, etc.), clustering coefficient, reciprocity, affinity, completeness; also the most important centrality measures as degree, betweenness, closeness, eigenvector centrality, PageRank and DebtRank, were also mentioned. Then, it was presented the main channels of financial contagion to illustrate the relevance of financial networks, going from default cascades to funding liquidity contagion and fire sales externality. It was explained that default cascades shock is transmitted through the asset side, and it could be amplified by bankruptcy cost, fire sales externality and by incorporating default risk in asset values. Concerning funding liquidity contagion shock, it was stressed out that it is transmitted through the liability side, it could be amplified by sales of illiquid assets and by liquidity hoarding. Finally, in the fire sales externality there is a shock in the asset price, causing the asset sale and a consecutive devaluation generating fire sales. A set of different application to measure financial contagion through the implementation of networks-based methodologies was then presented. The first case, motivated by the fact that financial institutions interacts in different markets, develops a multi-layer network methodology that quantifies systemic risk by studying financial exposures on derivatives, securities, foreign exchanges and deposits and loans; it was shown that the combined (multi-layer) systemic impact is always larger than the combination of the layers separately. In the second case was quantified the expected loss due to systemic risk overlapping portfolios (indirect exposures) and it was compared to direct exposures. The second case presented a network study on the dynamics of currencies relationship during normal and crisis periods; through the use of filtering techniques, it was shown that during the global financial crisis of 2008 currency-related transactions were more correlated. The last case analyzes the relation between climate risk and financial stability; it was shown that in a disorderly transition context, financial institutions have incentives to engage earlier, under the same market conditions.

Day 2

The second day began with a presentation about the Bank of Lithuania experience on its implementation on Suptech and data strategies. First it was mentioned the strategy main focus areas which are the business model, policies, processes, human resources capital and technologies. It was also mentioned that implementation has been enabled by blockchain, cryptography, smart contracts, biometrics, cloud computing, AI and ML, APIs, big data analytics and IoT and telematics. The Bank of Lithuania roadmap were made of:

• i. The creation of suitable IT tools to support workflows, and the digitalization of information and its availability for reporting visualization and monitoring
• ii. Automatization of repetitive tasks
• iii. Creation of algorithms to support decision making
• iv. Continuous learning based on past information

The session continued with the exposition of the principal Suptech strategy drivers, where the enhancing of efficiency and effectiveness were the most relevant. Then it was mentioned the current strategy advances, and finally it was presented the benefits that would be obtained for financial institutions, the industry and the central bank.

The second session was devoted to present applications of network analytics and agent-based modeling for micro and macro-prudential analysis, systemic stress testing and, FMIs design and oversight. First it was introduced the main concepts of the methodologies used which are intended to understand complex systems (large systems with many interactions and non-linearities, such as payment systems), and it was mentioned the pros and cons of its implementation. Next, it was reviewed the data requirements needed for the implementation of such models, which are historical transaction data requiring as minimum information of the date-time, sender, receiver and value, and representative data that has to be based on aggregates/sampling from real data. Once the above was mentioned, it was reviewed a number of use cases. The initial set of use cases was intended to address issues related to micro and macro-prudential analysis. In the first case potential contagion paths in centrally cleared markets were mapped and it was quantified potential liquidity demands. For the second, it was provided intuitive visualization tools based on network analysis and stress testing techniques in order to set scenarios related to market risk. In the third case, it was built knowledge graphs for financial stability surveillance and banking supervision. The fourth case regarded to the development of a simulation model on how a CCP network would rewire itself in case of operational incapacity of any of its members. This was followed by a use case on systemic stress-testing model motivated by the COVID-19 market crash. And, finally, a methodology to simulate various Liquidity Saving Mechanisms to evaluate how much liquidity needs could be reduced without adding undue operational risks.

The second day ended with hands-on exercises on credit risk analytics using loan data, liquidity and solvency monitoring with payments, and FMIs design and oversight.

Day 3

The Course’s third day was devoted to digital money issues.

The first session was intended to provide an overview about fiat-based stablecoins. The presentation began with a summary on the recent CBDCs and stablecoins news which included the exploration of 90 central banks of CBDC issuance projects, the launching of China digital yuan pilot. It was also discussed the case related to Tether, the most actively digital asset worldly traded, for which a bank run experienced by Iron Finance (DeFi) raised important supervisory concerns, among other developments. It was also mentioned that the foreign exchange market is the largest in the world, while the digital asset market is experiencing a rise in its daily trading volume. The session continued with the stablecoins timeline and guidance where authorities as FSB has made an advance on regulation, supervision and oversight arrangements. It was concluded that some stablecoins have been successful, but not at the level of being taken as legal tender, and that CBDCs could represent an alternative of digital legal tender.

The second session of the day had the objective to present a view on CBDCs in the Canadian case. It began with a definition of CDBC which is a digital currency designed to provide the same benefits as cash (safety, universal access, resilience, privacy and competition), but in an electronic format that could be used for online transactions or at a point of sale, using a mobile phone or a special card or device. Then it was reviewed some of the aspects to take into account in the issuance of a CBDC in Canada including the revision of opportunities and risks of new technologies in the payment system, ensuring that all components continue functioning together to provide Canadians with the efficient, providing safe and secure payments, the building of a modern ecosystem capable to adapt to the fast-moving world of payments, and the creation of a contingency plan for a CBDC. The session continued with a discussion on possible costs-risks and benefit that the issuance of a CBDC could pose. For the former it was illustrated situations like the risk of a run toward a CBDC during a crisis, cyber risks, money laundering and illegal activities, that may stifle payment innovations. For the latter it was mentioned the keeping of central bank money competition with private alternatives, enhancement of payment system resilience, maintenance of payments privacy, general public access to risk-free assets, among others. The session concluded with the proofs of concept implemented by the central bank, which included a smartphone app, store value card with offline transfer a self-contained device and digital cash.

The day ended with a hands-on exercise on FNA’s CBDC simulator.

Day 4

The fourth day of the Course was devoted to the use of private and open data to create useful tools for central banks.

In the first session, it was explored the use of Fintech and data science to create new opportunities in economics and statistics analysis within the European Central Bank. It was initially mentioned that the pandemic triggered an increase in the use of digital platforms, thus boosting the generation of digital economy data. Then, it was pointed out that the European data strategy involves the use of cloud services, generation of data services, artificial intelligence, machine readable digital formats, and public, academia and private data exploration knowledge. Then it was discussed how the use of financial technologies for central banking could meet some policy purposes like the creation of near real-time snapshots, early warning indicators, detection of trend and turning points, extraction of information on the impact of policy actions, and the creation of new theories from combining different science fields to finally generate insights. For this, it was pointed out that the development of better predictors, means for simulating debate, adjustment of model-based theories, creation of timely and frequent information would be necessary to better exploit micro data for banking supervision. The session concluded with an application of six seasonal autoregressive models to nowcast car sales utilizing both Google open data and private data to finally compare the results yielded from the two sources.

In the second session, it was presented the platform AIR, which is a security and privacy-first-peer-to-peer infrastructure dedicated to build federal analytics. More precisely, it is a data availability operating system designed to support an ecosystem of third-party and proprietary solutions and tools. The platform work by sitting in the middle of the ecosystem providing trusted mechanisms to safeguard security, privacy, legal and regulatory requirements, all with full auditability. Finally, it was presented three different use cases. The first was developed for Singapore’s Ministry of Law to generate a knowledge management infrastructure in order to support growth, jobs, public services and research useful for society. The second use case was developed for Bank of England with a jointly participation of the Financial Conduct Authority (FCA), the six biggest UK banks and academia, the case had the purpose to generate a digital regulatory reporting framework to boost the improvement of supervision. The last case was developed also within the UK for the FCA, University College London and Clyde & Co to automate guidance to firms.

The day ended with three hands-on exercises on the operationalization of COVID-19 statistics, the creation of a mapping for CCPs interconnectedness and the development of tools to monitor supply chain networks.

Day 5

The Course’s last day was dedicated to show new frameworks and technologies for AML, anti-fraud and cyber analytics.

The first session had the purpose to show the Bank of England strategy to build an effective cyber resilience framework. The presentation started by showing the costs generated by cyber-attacks in a global scale. Then, it was pointed out the main attack vectors, which are phishing, supply chain compromise and ransomware. In the case of phishing it has been observed an increase on these attacks due to the global remote force, 95% of them are caused by human error. For supply chain compromise it was mentioned the concrete case of SolarWinds, which has been the largest and most sophisticated attack created up to date. Also, ransomware damage costs have been predicted to exceed 20 billion by the end of 2021. From the central bank perspective, they are targeted for a number of reasons, including nation state espionage, theft of intellectual and proprietary information, due to its role as country’s critical infrastructure and for reputational damage and disruption purposes. This continued with a presentation the CREST framework to deliver intelligence-led cybersecurity testing, which mimics cyber-attacks in order to evaluate and better understand weaknesses and vulnerabilities and take action. It was shown that this framework is a highly effective regulatory assessment tool. Finally it was presented the process to mimic an attack and how the different teams works in order to counteract it.

The second session of the day was devoted to dive into the anomaly detection topic and some possible applications. The presentation began with an overview of cyber-crime and fraud activities focused on central banks. Then, it was reviewed key aspects of the CPMI-IOSCO guidance on cyber resilience for FMIs, underlining that after the publication of the Guidance (within a time window of 12 months), central banks started to develop concrete plans to improve their capabilities in order to meet the two-hour recovery time objective, and that testing is an integral component of any cyber-resilience framework. The session continued with the use cases implemented by FNA to detect anomalies. In the first use case, it was presented a methodology based on network analysis and machine learning (neural networks) to detect anomalies in Large Value Payment Systems. It was shown that this issue was tackled as a classification problem where the model is intended to predict if a payment is anomalous or not, the data comprised payments information and network features, having that the network distance between the payee and the payer was the most useful at the moment of the development of the model. In the second case, it was developed a methodology to further investigate anomalies among related parties linked to a particular institution-entity of interest; in the results presented it was studied firms (but it can be applied to a different type of dataset that contains the same type of information), and it was shown that the algorithm has the capacity to build network around the company of interest automatically showing the network most relevant information.

The last day concluded with hand-on exercises that tackled issues of anomaly detection and simulation of impacts and implications of cyber-attacks.