Your research can change the world
More on impact ›


Front. Artif. Intell., 30 July 2019 |

Risks and Opportunities of RegTech and SupTech Developments

  • 1Commissione Nazionale per le Società e la Borsa, Rome, Italy
  • 2Financial Markets Law, University of Naples Federico II, Naples, Italy

In my short remarks I would like to focus on a few key-points relating to the opportunities and vulnerabilities associated with the implementation of new technologies in the financial sector, with particular regard to the RegTech topic—that implies the deployment and regulation of information technologies used in the context of regulatory compliance, including tasks such as regulatory reporting, securities transaction monitoring, and risk management—and the SupTech topic, related to the technologies used by supervisory authorities1.

As everyone knows, what we intend as “FinTech” is the abbreviation for “Financial Technology,” namely the nowadays ubiquitous application of technology to the delivery of financing, payment, investment, and consulting services, which has become a powerful driver of innovation in the financial services market2.

Among the main trends, we can identify key areas of application, including payments, personal finance, lending, investments, banking, and the new developments in robo-advisory. These new services offer the advantage of being “on-the-go,” efficient, easily accessible and convenient.

Relevant developments are also taking place in relation to applications of distributed ledger technology (DLT), artificial intelligence (AI)3, Machine Learning techniques4, Big Data Analytics5, RegTech6, and SupTech7, precisely.

In particular, it should be borne in mind that after an initial phase in which most regulators have chosen to observe, sometimes closely, the potential of technology start-ups (a sort of RegTech 1.0), it is high time that start-ups work alongside regulators in meeting challenges (that is the emergence of Regtech 2.0).

The transformational potential of RegTech has been confirmed in recent years with investments that more than tripled from $1.2 billion in 2017 to $3.7 billion in 20188.

Having regard to these transformations and huge investments, we can assume that RegTech will not only provide significant efficiency gains for compliance and reporting functions: it will strongly change market structure and supervision9.

We can say that, at the moment, the widespread adoption of RegTech/SupTech solutions certainly seems to reduce certain risks: for example, the use of machine learning tools to monitor potential market abuse practices probably has the potential to improve market integrity; authorities such as the ECB and the U.S. Fed are using Natural Language Processing (a form of AI) to help them identify financial stability risks.

Another potential application of AI and Machine Learning is to detect collusive behavior and price manipulation in the securities market—potential misconducts that can be especially hard to detect using traditional methods10.

Compared with the high false-positive detection rate of traditional surveillance systems, based on human skill and knowledge, “Machine Learning-based” surveillance systems—through mathematical optimization techniques—have been able to reduce “false alarm” rates.

Some regulators are also employing technological tools to reduce the need for humans to manually conduct tricky network-analysis. This approach involves analyzing years of raw “order book data” with modern network-analysis techniques. The benefit of this system is not only the processing of large volumes of data, but also the detection of complicated network relationships across long time periods and often involving huge numbers of participants.

Semi-supervised Machine Learning algorithms can handle certain cases for which human experts' judgement has traditionally been necessary. In particular, Natural Language Processing technology could be used to automatically analyse many years of financial transaction data and extract meaningful information on which Machine Learning algorithms can profitably operate.

However, further improvement and refinement of these Machine Learning-based systems is needed, due to the lack of case-based training.

Other challenges include how Machine Learning can be used to detect previously unknown misconduct and how the results from the Machine Learning algorithms can be interpreted.

In the end, the increasing adoption of AI and Big Data can help investment firms and issuers of financial instruments to be more efficient and therefore may lead to cost reductions for investors, but—as the phenomenon is still evolving—operational risks are present11.

After all, the “self-supporting” market penetration process immanent to Big Data and AI can lead to the emergence of monopoly-like market structures. Dominant providers of Big Data and AI tools can then become of systematic importance for financial markets. As AI increases interconnectedness and as many investment firms use the same tools, there is an increased concentration risk and a higher vulnerability to single points of failure (SPOFs).

Likewise, AI may be used for SupTech tools: it could help us regulators to validate—and even analyse—a lot of (structured and unstructured) data. We could then become even faster in spotting new risks and dealing with them, but effectiveness depends on quality of underlying data, in terms of cleanliness and accessibility12.

And there are another risks that we must keep in mind: just think of the legal risks that could arise when we start to handle ever-larger amounts of sensitive datasets. We also need to monitor closely IT and cyber risks: we must find suitable ways to ensure the very high levels of resilience required. So, when we supervisors start to heavily apply digital tools, we ourselves must be as cautious as we ask investment firms to be.

One last issue recently discussed is that of the limits of the use of algorithms in the public decision-making mechanisms13. In particular, it is good to start thinking about whether decisions taken only on the basis of the elaboration of an algorithm and intended to affect the legal sphere of individuals are compatible with the traditional legal and, where present, constitutional guarantees14.

The risk of circumventing the principles of the law and, possibly, of the Constitution would be much more serious in the case of Deep Learning Algorithms. These Algorithms, being able to rework the rules on the basis of which they were programmed, could take decisions incomprehensible to the same supervisor: no one could ensure that the rules applied by the algorithms comply with the law and the regulator would give up its flexibility and discretion in favor of algorithms that feed themselves and define their own rules using a dangerous “black box approach”15

Rules applied by dynamic AI could ultimately end up being impossible to determine in advance, with a consequent paradoxical violation of the principle of legal certainty which was precisely the aim pursued by the supporters of the use of predictive algorithms…

It therefore seems highly desirable that regulators be able to master the algorithmic process in order to explain to the concerned parties, in detail and in an intelligible form, that the decision was taken in accordance with the law.

With regard to law enforcement, consider, moreover, the problems posed by the evidence collected and generated in a fully automated way: algorithmic evidence introduces an extreme form of knowledge impairment, since the probative result may not be subject to criticism, because the inaccessibility of the source code or other characteristics of the software do not allow the party against whom the evidence is introduced into the proceeding to dispute its accuracy and reliability. This clearly poses a major problem of equality of arms.

Of course, the most immediate answer to the problem of the opacity of the algorithmic and computational processes is—as usual—more transparency. One can say: “Let's allow access to the source code, inputs and outputs of the software.” However, transparency may run the risk of subtly replacing the rule of law: in fact, open access to those data may not be useful, since only computer experts are able to draw meaningful and comprehensible elements from them16. So, transparency is necessary, but it is not enough17.

In addition, the data, collected or processed digitally, risk becoming reliable in themselves, because the verification of the process that generated them is too complex or escapes—at least in part—an ex post check, because of the use of more or less sophisticated forms of AI.

In this context, the authority could have access, for obvious reasons, to the best technologies, the results of which would be transferred to the legal proceeding as evidence. The concerned parties, on the other hand, might not have the possibility of convincingly questioning the reliability of such evidence, since they might not have the necessary elements for falsification.

The Courts, ultimately, in the case of re-examination of the decision, might have no reason to suspect the evidence, in the absence of concrete doubts adduced by the defense, relying dangerously on the belief that the digital data are free of risks of inaccuracy.

So, unfortunately—as I tried to point out—the problems are many and the debate, on these and other difficult and thorny issues, has just begun.

For sure, regulators and supervisors need to build new skills and new attitudes and the European Union must adopt a common and determined regulatory stance in these areas, at least in terms of the basic issues18.

Author's Note

The speech was given by the author during “Fin-Tech HO2020: RegTech workshop BigData Analytics,” organized by Mode Finance on 29 March 2019 at the Milan Fintech District.

Author Contributions

The author confirms being the sole contributor of this work and has approved it for publication.


The opinions expressed in this publication are those of the author. They do not purport to reflect the opinions or views of the CONSOB or its members.

Conflict of Interest Statement

The author declares that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.


1. ^See also Armstrong (2018), Enria (2019), ESMA (2019), and Karakas and Stamegna (2019).

2. ^See Financial Stability Board (FSB) (2017a) and Carmona et al. (2018).

3. ^On this topic see the Communication from the European Commission on Artificial Intelligence for Europe, COM (2018) 237 final (

4. ^On this topic see INTERNET SOCIETY, Artificial Intelligence and Machine Learning: Policy Paper, 2017 (

5. ^On this topic see the European Parliament resolution of 14 March 2017 on Fundamental rights implications of big data: privacy, data protection, non-discrimination, security and law-enforcement (2016/2225(INI)); European Commission Financial Services User Group (FSUG), Assessment of current and future impact of Big Data on Financial Services, June 2016, 10 (

6. ^INSTITUTE OF INTERNATIONAL FINANCE (IIF), RegTech in Financial Services: Technology Solutions for Compliance and Reporting, March 2016, and Regtech: exploring solutions for regulatory challenges, Washington DC, October 2015.

7. ^On this topic see EUROPEAN SUPERVISORY AUTHORITIES (ESAS) JOINT COMMITTEE, Final Report on Big Data (JC/2018/04), 15 March 2018 (; Basel Committee on Banking Supervision (BCBS), Sound Practices: implications of fintech developments for banks and bank supervisors, February 2018 (; Caruana (2016), Arner et al. (2017), and Broeders and Prenio (2018).

8. ^Source: KPMG, The Pulse of Fintech 2018, 2019.

9. ^See Slaughter and May (2017).

10. ^See INSTITUTE OF INTERNATIONAL FINANCE (IIF), Deploying RegTech Against Financial Crime, Report of the IIF RegTech Working Group, March 2017 (; van Liebergen (2017).

11. ^See Financial Stability Board (FSB) (2017b) and BaFin (2018).

12. ^See Kuroda (2017).

13. ^On this topic see Athey (2017), Lepri et al. (2017), and Randell (2018).

14. ^See FRA – EUROPEAN UNION AGENCY FOR FUNDAMENTAL RIGHTS, #BigData: Discrimination in data-supported decision making, May 2018 (; WORLD ECONOMIC FORUM, How to Prevent Discriminatory Outcomes in Machine Learning, 12 March 2018 (; O'Neil (2016)and Žliobaitė (2017).

15. ^See Pasquale (2015), Knight (2017), Goodman and Flaxman (2017), Olhede and Rodrigues (2017), and Wachter et al. (2017).

16. ^See Koh and Liang (2017).

17. ^On this topic see Kroll et al. (2017) and Latonero (2018); Council of Europe, Committee of experts on internet intermediaries (MSI-NET), Algorithms and human rights - Study on the human rights dimensions of automated data processing techniques and possible regulatory implications, March 2018 (; European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics (2015/2103(INL);

18. ^See the OECD Principles on Artificial Intelligence adopted on 22 May 2019 by OECD member countries when they approved the OECD Council Recommendation on Artificial Intelligence (; European Commission's High-Level Expert Group on Artificial Intelligence (AI HLEG), Policy and investment recommendations for trustworthy Artificial Intelligence, June 2019 ( and Ethics Guidelines for Trustworthy Artificial Intelligence, April 2019 (


Armstrong, P. (2018). Developments in RegTech and SupTech. Paris: Paris Dauphine University. Available online at:

Google Scholar

Arner, D. W., Barberis, J., and Buckley, R. P. (2017). FinTech, RegTech and the reconceptualization of financial regulation. Northwestern J. Int. Law Bus. 37:371. Available online at:

Google Scholar

Athey, S. (2017). Beyond prediction: using big data for policy problems. Science 355, 483–485. doi: 10.1126/science.aal4321

PubMed Abstract | CrossRef Full Text | Google Scholar

BaFin (2018). Big Data Meets Artificial Intelligence. Challenges and Implications for the Supervision and Regulation of Financial Services. Available online at:

Google Scholar

Broeders, D., and Prenio, J. (2018). Innovative Technology in Financial Supervision (suptech) – The Experience of Early Users. Financial Stability Institute (FSI) Insights on policy implementation. Available online at:

Google Scholar

Carmona, A. F., Lombardo, A. G. Q., Pastor, R. R., Quirós, C. T., García, J. P. V., Muñoz, D. R., et al. (2018). Competition Issues in the Area of Financial Technology (FinTech). Policy Department for Economic, Scientific and Quality of Life Policies of the European Parliament.

Google Scholar

Caruana, J. (2016). Financial Inclusion and the Fintech Revolution: Implications for Supervision and Oversight. Speech given at the Third GPFI-FSI Conference on Standard-Setting Bodies and Innovative Financial Inclusion - New frontiers in the supervision and oversight of digital financial services, Basel. Available online at:

Google Scholar

Enria, A. (2019). A Binary Future? How Digitalisation Might Change Banking. Amsterdam: De Nederlandsche Bank. Available online at:

Google Scholar

ESMA (2019). Report on Trends, Risks and Vulnerabilities. No. 1. ESMA50-165-737.

Google Scholar

Financial Stability Board (FSB) (2017a). Financial Stability Implications from FinTech Supervisory and Regulatory Issues that Merit Authorities' Attention. Available online at:

Google Scholar

Financial Stability Board (FSB) (2017b). Artificial Intelligence and Machine Learning in Financial Services. Available online at:

Google Scholar

Goodman, B., and Flaxman, S. (2017). European Union regulations on algorithmic decision-making and a “right to explanation.” AI Magazine. Available online at:

Google Scholar

Karakas, C., and Stamegna, C. (2019). Fintech (Financial Technology) and the European Union: State of Play and Outlook. European Parliamentary Research Service (EPRS) Briefing, PE 635.513. Available online at:

Google Scholar

Knight, W. (2017). The Dark Secret at the Heart of AI. MIT Technology Review. Available online at:

Google Scholar

Koh, P. W., and Liang, P. (2017). Understanding black-box predictions via influence functions. arXiv:1703.04730 [stat.ML]

Google Scholar

Kroll, J. A., Huey, J., Barocas, S., Felten, E. W., Reidenberg, J. R., Robinson, D. G., et al. (2017). Accountable Algorithms. 165 U. Pa. L. Rev. 633. Available online at:

Google Scholar

Kuroda, H. (2017). “AI and the Frontiers of Finance,” Speech given by the Governor of the Bank of Japan at the Conference on “AI and Financial Services/Financial Markets” (Tokyo) Available online at:

Google Scholar

Latonero, M. (2018). Governing Artificial Intelligence: Upholding Human Rights & Dignity. Available online at:

Google Scholar

Lepri, B., Staiano, J., Sangokoya, D., Letouzé, E., and Oliver, N. (2017). “The tyranny of data? The bright and dark sides of data-driven decision-making for social good,” in Transparent Data Mining for Big and Small Data, Studies in Big Data, Vol 32, eds T. Cerquitelli, D. Quercia, and F. Pasquale (Cham: Springer), 3.

Google Scholar

Olhede, S., and Rodrigues, R. (2017). Fairness and transparency in the age of the algorithm. Significance 14, 8–9. doi: 10.1111/j.1740-9713.2017.01012.x

CrossRef Full Text | Google Scholar

O'Neil, C. (2016). Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy. New York, NY: Crown Books.

Google Scholar

Pasquale, F. (2015). The Black Box Society: The Secret Algorithms That Control Money and Information. Cambridge, MA: Harvard University. Press.

Google Scholar

Randell, C. (2018). How Can We Ensure That Big Data Does Not Make Us Prisoners of Technology? Speech given at Reuters Newsmaker event (London). Available online at:

Google Scholar

Slaughter May (2017). Superhuman Resources: Responsible Deployment of AI in Business. Joint White Paper. ASI DATA SCIENCE. Available online at:

Google Scholar

van Liebergen, B. (2017). Machine Learning: A Revolution in Risk Management and Compliance? Available online at:

Google Scholar

Wachter, S., Mittelstadt, B., and Floridi, L. (2017). Why a right to explanation of automated decision-making does not exist in the general data protection regulation. Intern. Data Priv. Law 7, 76–99. doi: 10.1093/idpl/ipx005

CrossRef Full Text | Google Scholar

Žliobaitė, I. (2017). Measuring discrimination in algorithmic decision making. Data Min. Knowl. Disc. 31, 1060–1089. doi: 10.1007/s10618-017-0506-1

CrossRef Full Text | Google Scholar

Keywords: RegTech, SupTech, FinTech, artificial intelligence & law, algorithmic process, knowledge impairment, equality of arms, transparency & disclosure

Citation: Gasparri G (2019) Risks and Opportunities of RegTech and SupTech Developments. Front. Artif. Intell. 2:14. doi: 10.3389/frai.2019.00014

Received: 16 April 2019; Accepted: 15 July 2019;
Published: 30 July 2019.

Edited by:

Paolo Giudici, University of Pavia, Italy

Reviewed by:

Veni Arakelian, Panteion University, Greece
Alessandra Tanda, University of Pavia, Italy

Copyright © 2019 Gasparri. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

*Correspondence: Giorgio Gasparri,