The European Securities and Markets Authority (ESMA) has published its detailed 2019 report on trends, risks and vulnerabilities (TRV) in financial systems.

The second half of 2018 was characterised by increasing market nervousness and sensitivity amid global trade tensions, says the report. This weakened growth prospects and reduced global monetary policy stimulus, while political uncertainty was ramped up in the EU related to Brexit.

As a result, market risk remains “very high” overall, says the organisation. “Our outlook for liquidity, contagion, and credit risk remains unchanged. Operational risk remains elevated with a negative outlook, as cyber threats and Brexit-related risks to business operations continue to be a major concern.”

The 29 March 2019 Brexit deadline is a “critical date for financial markets in the EU and beyond”, acknowledges the report. “Concerns over a potential no-deal withdrawal increasingly weigh on economic and market expectations, and market participants have been called on to prepare diligently for any contingencies.

“Overall, weakening growth prospects and political and geopolitical tensions are likely to be the main drivers of volatility looking forward.”

So what of RegTech and FinTech systems in this heightened context? FinTech continues to drive innovation in financial services, says the organisation, and this has “potentially far-reaching consequences for both end-users and service providers”.

Crypto assets and initial coin offerings (ICOs) have been a focus of attention recently because of the cash inflows that they have attracted – despite the depressed state of many cryptocurrencies. New developments are also taking place in distributed ledger technology [DLT, or blockchain, see our separate report] and Regulatory Technology (RegTech).

Regulatory and supervisory technologies are developing in response to complex demand and supply drivers, says ESMA. On the demand side, regulatory pressure and budget limitations are pushing the market towards an increased use of automated systems to replace human decision-making activities.

“This trend is reinforced by supply drivers, such as increasing computing capacity and improved data architecture,” explains the report. “Market participants are increasingly using new automated tools in areas such as fraud detection, regulatory reporting, and risk management, while potential applications of new tools for regulators include greater surveillance capacity and improved data collection and management.”

This much we know, but with these new tools come new challenges and risks, says ESMA – most notably, operational risk.

“As both regulators and market participants move towards a digitalised architecture, risks related to cyber resiliency must become a core part of their supervisory and compliance strategies respectively,” says the report. “Indeed, as market participants and regulators become increasingly interconnected through regulatory reporting, security risks increase.

“In addition, reliance on APIs, cloud computing, and other new technologies that create increased interconnectivity could potentially make the system more vulnerable to cyber threats and expose large volumes of sensitive data to potential breaches.”

A related operational risk arises from a move towards greater use of data and risk management tools via third-party providers. This concentrates risk in key areas, says ESMA.

As a result, regulators and market participants will need to devise and implement appropriate strategies to manage it. “To this end, it is important that market participants and regulators cooperate to promote effective management and control of cyber risks and to enhance cyber resilience.”

Another risk comes from the strategy of adopting FinTech, RegTech, and SupTech systems in the first place, suggests the organisation. “One risk that authorities should bear in mind when developing automated detection tools is the possibility that malicious agents may learn to frustrate the tools by adapting their behaviour,” cautions the report.

“For instance, market participants could, in theory, learn what types of behaviours are likely to create a flag in a SupTech monitoring system. Using such information, firms might be able to structure their regulatory returns in such a way as to remain undetected. Separately, as firms develop their expertise in RegTech, their systems may become able to identify potential regulatory loopholes.”

In short, automated tools could lead to automated fraud, or help drive complex fraud deeper underground. But with appropriate safeguards in place, RegTech and SupTech applications may help to improve financial institutions’ ability to meet regulatory demands in a cost-efficient manner, and help regulators to analyse increasingly large and complex datasets, says ESMA.

Be part of a discussion and connect with like-minded leaders in your sector at our exclusive event series on banking and RegTech.