A new kind of British invasion: Regtech hackathons
It's no Beatles invasion, but an important phenomenon has crossed the pond to the United States — regulatory hackathons, or "tech sprints" in Brit-speak.
In these get-togethers, data scientists, developers and other experts at banks, tech companies and regulatory agencies brainstorm on ideas for compliance technology. They write actual code together.
Bankers are embracing the effort.
“We need to try and be more collaborative and active with regulators who correctly are asking for this input,” said Scott Essex, chief compliance officer at Citizens Financial in Providence, R.I., who participated in a tech sprint last summer.
“I think the best use of a sandbox is a tech sprint, where you bring a bunch of people together with diverse skills and ideas and do some development on a real use case that's important to the regulator and then you start to get feedback,” he said.
The concept and term “tech sprint” were invented by the United Kingdom's Financial Conduct Authority, which held the first such event in 2018.
“They don’t like to use the word hacker,” explained Jo Ann Barefoot, founder of the nonprofit Alliance for Innovative Regulation.
Last year, the FCA tried to organize a hackathon with U.S. regulators but the agencies couldn't get the needed approvals in time to put it together. The FCA asked Barefoot’s group to do it. AIR brought bankers, techies and government officials together. Ernst & Young hosted the event in its D.C. office, and Amazon and Microsoft provided free use of Amazon Web Services and Azure. More tech sprints are planned for 2020.
Five teams worked for three days on answers to this question: Can the financial industry and government use new technology, including privacy-enhancing encryption tools, to enable truly safe sharing of information and detection of big-data patterns that are red flags for crime — and could they do so across corporate and governmental boundaries?
The United Nations estimates that $2 trillion is laundered every year. Less than 1% of this activity is caught, even though banks spend billions of dollars on anti-money-laundering tech.
“The methods we're using are not effective,” Barefoot said.
Representatives of the Federal Deposit Insurance Corp., the Federal Trade Commission and the Consumer Financial Protection Bureau participated in the hacker teams, alongside officials from Cross River Bank, JPMorgan Chase, Wells Fargo, Square, Microsoft and regtech firms.
"This was a unique opportunity to bridge the gap between agencies and industry participants and foster a partnership that can ensure a more sound regulatory structure as fintech evolves," said Uriel Ashe, senior vice president of engineering and infrastructure at Cross River Bank, of Teaneck, N.J., who participated in the event.
FDIC chair Jelena McWilliams was a keynote speaker at the event and acted as a judge.
More than 65 regulatory officials from 17 agencies observed the process.
The slogan for the tech sprint was, “It takes a network to defeat a network.”
While criminals share information freely among each other in networks, the financial industry and law enforcement usually only see part of the picture because they have to protect people’s privacy, Barefoot said.
One thing that would help would be a shared dataset everyone could use to experiment with, Essex suggested.
“This would be an anonymized or even synthetic set of data that was curated and provided in these regulatory sandboxes,” he said. Then all developers could work with that common dataset.
“It could be really helpful,” Essex said.
Essex brought data-science experts in anti-money-laundering efforts from Citizens to the hackathon. There were four teams in total that came up with solutions.
The groups came up with ways for the Financial Crimes Enforcement Network, a unit of the Treasury Department, to share data trends from suspicious activity reports without sharing any SAR data that is statutorily illegal to share.
“There are a lot of new technologies that either encrypt information or share partial information that can't be reverse-engineered to identify who people are,” Barefoot noted.
The winning team was given the opportunity to present its idea to the innovation group at the FDIC, and all sprint participants got to visit Fincen's offices.
“The thing that's kind of exciting about this is that at the end of it, they don't just have a white paper,” Barefoot said. “They have actually written code that they can download and they can say, here is the start of a solution to a problem.”
Citizens is slated to participate in more regulatory hackathons, Essex said.
“I particularly like the ones focused AML and consumer protection,” he said.
Do hackathons lead to real change?
Regulators in Washington often talk about wanting to encourage banks to innovate. Examiners who actually assess banks do not always share this ideal. Could hackathons help?
Barefoot acknowledged there is a technology-knowledge gap between regulators in Washington and field examiners.
“But that is closing,” Barefoot said. Regulators are participating in and observing hackathons. They are starting to encourage piloting and experimentation of technology, she said.
Ashe said efforts like this foster understanding between fintech companies and the agencies regulating them.
"By working together, we can educate each other and develop new tools that can enhance regulatory compliance while keeping pace with the evolving fintech ecosystem," he said. "Events like this encourage dialogue and discussion, and Cross River is always eager to participate."
Essex said that it is still early days, especially in the tricky area of AML.
“We need more feedback so that we can focus in the areas that law enforcement are interested in,” he said. “It's complicated because the banking regulators are really focused on keeping illegal activity out of the banking system. Law enforcement is focused on identifying it and stopping it. So they're a little bit at odds.”
“The window is open for this to happen now in a positive way, even if it's a little bit chaotic,” Essex said. “We don't have unlimited time to try and make progress before the innovation goes so far in front of us that we're solving a problem that was important two years ago.”
Several regulatory tech sprints are scheduled for the coming year. AIR has received a grant to hold one on how to deter the use of cryptocurrency by child pornographers.
A number of vendors, including Chainalysis, CipherTrace and Elliptic, already have software that detects this kind of crime. They may be included in the hackathon.