Technology will be a major focus of global regulators in 2017, predicts Deloitte – with KYC compliance, automated regulatory reporting and communications monitoring to take centre stage.
Deloitte's Financial Services Regulatory Outlook 2017 said that regulators and firms alike must become more 'cyber resilient' as the financial services industry becomes more and more data-driven.
The impact of innovative technologies is being viewed as both an enabler and a potential threat, said Deloitte – and so-called 'RegTech' solutions will continue to be investigated in 2017.
"Just like everything else in the digital age, RegTech is evolving rapidly. We see various new solutions emerging during 2017 for use by both regulators and regulated," said the report.
"Areas that are progressing quickly are in 'know your customer' (KYC) compliance processes, automated regulatory reporting and communications monitoring."
The concept of 'cyber resilience' will be an important one for regulators as fintech begins to transfer risk to the unregulated side of the market, said the report.
"Regulators in Japan, Hong Kong, Singapore and Australia have been turning their attention to building cyber resilience," said the report.
This will go beyond protecting core areas of a company's operations and merely reacting to fintech trends, said Deloitte.
"Rather, firms are being expected to implement enterprise-wide cybersecurity frameworks (extending beyond the IT department), predict potential threat scenarios, regularly test security measures against threat scenarios and, if weaknesses are identified, update their defences," said the report
Both the Japanese and Singaporean regulators have mandated periodic simulation exercises and "penetration testing", said Deloitte.
"China and India are also stepping up regulatory efforts, although to date the focus has primarily been on securing perimeters within an organisation and protection of personal and sensitive information," the report said.
"Firms who adopt a cyber resilience mentality and framework will be well positioned to meet regulatory expectations throughout the region and provide defence preparedness that will minimise financial and reputational impacts of an attack."