Lynn Strongin Dodds looks at the latest research to discover how technology is not only mitigating but also introducing systemic risks into the markets
There are risks lurking everywhere in the financial services industry, but technology is often seen as one of the saviours. However, a recent report from the World Economic Forum and Deloitte reveals market participants should be aware of the dangers lurking behind some of the new innovations, especially digitalisation which is supposed to hold the key to solving many of today’s challenges.
The report – “Beneath the surface: Technology-driven systemic risks and the continued need for innovation” – reveals that new technology powered entrants contribute to a disproportionate share of systemic risk because of their expansive and often unregulated digital networks.
Decentralised finance (DeFi) is one of the most obvious. DeFi has filled endless print and virtual column inches as these blockchain-based applications mushroomed over the last couple of years as a way to trade cryptocurrency outside of the mainstream financial system. DeFi networks may hold as much as USD 247 billion in capital today—but the report points out that there is no central accountability, and their open-source protocols are predisposed to hacking and fraud.
Regulation only now joining the party
Despite the coverage and price gyrations of Bitcoin and Etherum, they have only recently come onto the regulatory agenda. For example, The U.S. Treasury has called for crypto regulations to combat global and domestic criminal activities. To this end, the Financial Crimes Enforcement Network (FinCEN) has proposed new rules to be effective in the autumn, to impose data collection requirements on cryptocurrency exchanges and wallets.
Meanwhile, last January, the EU’s Fifth Anti-Money Laundering Directive (5AMLD) brought cryptocurrency-fiat currency exchanges under the broader EU AML legislation. It is expecting exchanges to perform know your customer/customer due diligence (KYC/CDD) and fulfil standard reporting requirements.
The UK, on the other hand, is at the early stages and recently launched a consultation paper, looking at how current legislation can be employed to minimise the risk of stable coins and digital currencies.
However, it is not just new companies that threaten the system. Well established incumbents can also rock the boat with an increasing array of digital ties. Many are increasingly collaborating with technology companies and providing third-party developers with access to financial data via application programming interfaces (APIs). This in turn can leave them and the entire ecosystem more exposed. “It’s hard to know just how vulnerable because the complexity increases with each node that gets added to the network and as interlinkages among network players multiply,” the Deloitte / WEF report said.
Cracks can also appear with outsourcing. Although this is not a new phenomenon, concerns over concentration risk have grown as some participants have narrowed their sights on only a few providers. Also, questions are raised for reverse reasons when the outsourcing company serves many other financial I institutions simultaneously. As the report puts it, “Add third, fourth, and fifth-party provider relationships to the mix, and the risk increases even more. The more complex connections in the digital system become, the greater the number of nodes that could be subject to, or cascade, cyber vulnerabilities and operational disruption.”
Too many links
The Deloitte and WEF report are not alone in highlighting the shortcomings of technology. These are also flagged in other studies and research such as a recent paper by DTCC – Interconnectedness Revisited. It also warns that the industry’s increased reliance on third-party vendors and the rise in the volume and sophistication of cyberattacks exacerbates operational risk challenges.
There is of course no one-size-fits-all approach, to address the varying contexts that drive sources of risk. Solutions depend on the size and nature of the firm. As Michael Leibrock, DTCC managing director and chief systemic risk officer notes, “An interconnected ecosystem is both beneficial and challenging. While interconnections can provide firms operational efficiencies and other benefits, it’s important to recognise that they may also pose certain risks. Given the increasing complexity of the global financial system, it is more crucial than ever that firms continue to evolve their approach to managing risk, ensuring they’re taking a holistic, comprehensive view of all the relevant factors.”
The Deloitte and WEF report also recommends that tackling systemic risk must start with basics like a shared taxonomy and coherent frameworks. Fragmented efforts and siloed information make it difficult for non-risk focused executives to integrate, improve, and apply mitigation techniques. “These root issues must be solved before technology can be deployed to successfully mitigate against systemic risk,” says the report.
“It is not just related to new technologies like distributed ledger technology (DLT) or artificial intelligence (AI) but more generally the trend is seen in all technology. For example, most of the infrastructure is a combination of new and legacy technology or hybrid platforms that themselves are a source of risk because they create new weaknesses.”
Elena Treshcheva, programme manager and researcher at Exactpro
The first step according to Elena Treshcheva, programme manager and researcher at Exactpro is to acknowledge the growing complexity and the impact that increasing volumes of data are having on market participants. “It is not just related to new technologies like distributed ledger technology (DLT) or artificial intelligence (AI) but more generally the trend is seen in all technology. For example, most of the infrastructure is a combination of new and legacy technology or hybrid platforms that themselves are a source of risk because they create new weaknesses.”
She also believes that there needs to be greater accountability. “I think the question of responsibility is an important one,” she says. “I would refer to the FCA Handbook and the principles discussing the people in charge executing their ‘management and control’ duties. These responsibilities rely heavily on access to objective and exhaustive information about their technology obtained from an independent third-party evaluator.”
Last year, the UK watchdog tightened its rules whereby all regulated firms were obliged to review arrangements where there was some form of relationship with a third party to ensure that were able to mitigate any risks. Those in the higher echelons of management are now held to account against the backdrop of theSenior Managers and Certification Regime (SM&CR). They will have to demonstrate they have taken pro-active steps to ensure good outcomes rather than simply reacting to issues as and when they crop up.
Although taking care of the big picture is important, there also needs to be greater scrutiny of the security and safety of different products and tools. Take algos which have become a firm fixture on the sell and buy side landscape. Most algos that leverage AI run immense numbers of calculations on enormous amounts of data but obtaining, collating and cleansing this data remains a persistent hurdle.
As the Deloitte and WEF report point out, if a model is trained with insufficient data, there is a high risk that it won’t work effectively when new data is added. In addition, algos can produce biased decisions or redundant feedback loops from the input data, the technology itself, or the people who operate the technology.
“Many of the data inferences can give surprising results and people need to be able to distinguish between a surprising but correct result and an incorrect one,” says Mark Gibbs, head of quant architecture at technology firm Coremont. “One of the biggest risks is a misunderstanding of the behaviour of complex algos and how they should be applied. It would be helpful if vendors had a conversation with their clients in terms of model validation and how they manage quality assurance. Firms should also apply a high degree of rigour to their internal and external processes when they are quantifying risk.”
In many ways it is a catch 22 situation. George Karapetyan, manager Data Science & Machine Learning at LPA sums it up – “While new technologies can pose a risk to existing financial systems, innovation in this space is offering the solution. While it might seem a paradox, the solution to the risks associated with new technology is more new technology.”