Today, I’m recording the 100th show.
If someone had asked me that spring morning -- four years and ninety-nine conversations ago -- to predict the financial regulatory world of today, I’m not sure what I would have said, but I know for sure that it would have been wrong. In my wildest dreams, I could not have envisioned how technology is transforming finance, and financial regulation, in 2019.
We’ve chosen this moment to do the 100th show because last week, something happened in Washington that I think we will view in hindsight as a turning point. My new nonprofit, the Alliance for Innovative Regulation, or AIR (about which you’ll soon hear much more), collaborated with the UK’s Financial Conduct Authority to run the first-ever US regulatory “Tech Sprint.” A tech sprint is a hackathon. It puts subject matter experts together with software developers, lets them form themselves into teams, and has them work side by side -- sometimes day and night -- trying to solve concrete regulatory challenges. By the end of the sprint, typically a few days later, you don’t merely have a report or a memo or a working group. You have computer code. A start on a practical, working solution.
If the solution has potential, it may migrate into an incubator environment where it can be built out for real world deployment.
We held the US sprint as a satellite to a larger one that the FCA ran simultaneously last week in London. All the teams were tasked with developing better technology to combat money laundering. In the regulatory world, we tend to think of anti-money laundering -- AML -- as a compliance issue. We envision white collar, victimless crime. In reality, though, these crimes are among the most evil on earth. Laundered funds are the fuel that pays for terrorism and makes it lucrative to traffick in illegal weapons, drugs, looted antiquities, endangered wildlife, and human beings. Consider these numbers, and the human lives behind them.
How can this happen? Two reasons. First, these crimes are extremely profitable, as long as you can launder the money they generate through the financial system. And second, they are extremely low risk. The UN estimates that global financial crime today has reached over $1.6 trillion a year -- and that we catch less than 1%.
And why is that? Why aren’t we doing better?
It’s not for lack of commitment. And it’s sure not for lack of resources. The financial industry spends tens of billions of dollars every year on AML compliance, and yet produces this 99% failure rate. How can that be?
The answer is that industry and government are mostly using old, ineffective technology, while the criminals have great technology. Obviously the current system is not scalable -- it can’t possibly be expanded enough to make a dent in the problem. The whole thing needs a redesign using new technology, to make it efficient and effective.
It also needs technology to solve a very specific problem in AML, which is that criminals and terrorists can and do easily share information -- they buy and sell it on the dark web, among other things -- while the forces of good cannot easily share. That’s because the good side has to protect people’s privacy. Today, major money laundering crimes are driven by big global networks that can only be detected if companies and law enforcement can find the patterns of money flows across huge networks. This is, today, difficult and often impossible, because privacy constraints make data-sharing so difficult.
The slogan for last week’s tech sprint was, “It takes a network to defeat a network.”
So, in the sprint, we set teams of people to work to solve this problem: can the financial industry and government use new technology, including privacy-enhancing encryption tools, to enable truly safe sharing of information and detection of big data patterns that are red flags for crime, across the boundaries of companies, governments, and countries?
In the Washington sprint, we had five teams work for three days on this challenge. We had three federal agencies actually place people on the “hacker” teams -- the FDIC, the FTC, and the CFPB. Over the course of the week we had about 170 people participate in or observe the process, including over 65 regulatory officials from 17 agencies.
Did it work?
I’m going to devote later shows to really telling you the story of the sprint. When it was over, I realized that it had turned out to be the most meaningful and, I suspect, most impactful thing I’ve ever done in my career. Watch for future episodes and other postings about it.
And also watch for upcoming shows about our new nonprofit, AIR. I launched it along with my friend, Petal cofounder David Ehrich, with backing from visionary donors led by the Omidyar Network’s Flourish Ventures. We are aiming to help catalyze and shape conversion of the financial regulatory system to a new design that leverages the best technology of the Digital Age, so that regulators can keep pace with exponentially-changing technology as they carry out their crucial mission of keeping the financial system sound, accessible and fair.
For today, though, I’m going to look back over the journey we’ve traveled over the span of the 100 podcasts, and think about how we came to this point. I’m going to tell this story as I’ve experienced it, knowing of course that my vantage point has seen just one tiny facet of the huge global shifts that are now in motion.
Regtech and regulating fintech
When we recorded our first episode in 2015, “regtech” wasn’t even a thing. That was especially so in the United States, which for various reasons lags other parts of the world in regtech development and adoption.
Shortly after we launched Barefoot Innovation, I was invited to go to Harvard for a year as a Senior Fellow in the John F. Kennedy School Center for Business and Government. That one year stretched into two as I worked on a book, and also a series of papers, on financial innovation and how to regulate it.
One morning soon after I arrived on campus, I had breakfast with one of my fellow senior fellows, who introduced me to the concept of “wicked problems.”
Wicked problems are problems that have very complex causes, and therefore very complex solutions -- so much so that, usually, they can’t be solved. People can’t even agree on what drives them, much less on how to fix them. Think of poverty, or war, or crime. In financial regulation, we’ve had at least two wicked problems, pretty much forever. One is that finance often hurts consumers, either by not allowing them into the system or by harming those who do receive services, such as burdening them with too much debt. The second problem is that, generally speaking, financial regulation can’t be made both highly effective and efficient at the same time. There’s always been a tradeoff between spending more to get better outcomes, or cutting costs but compromising results. And, even more deeply, some aspects of financial regulation are actually both expensive and ineffective, and arguably getting worse. (This is part of what my Harvard papers are about.)
My friend’s insight led me to an epiphany (this kind of thing happens if you go to Harvard and have two years to concentrate on learning and thinking!). I realized that when wicked problems do get solved, it’s often because new technology emerged, something that was not in the original mix of cause and effect. As an example, I myself had polio as a child. A few years later, the US began vaccinating every child, and then nearly all countries did the same, inoculating nearly every child in the world. Today, there is still some polio in the world, but it’s a “normal” type of problem, not an unsolvable one, as epidemic diseases had been before vaccines, for all of human history.
Thinking about this in the context of my research, I realized that today, innovators are attacking both of these wicked problems in finance and financial regulation. People are using new technologies to try to remedy every cause of consumer financial troubles (other than lack of money itself), to make financial services vastly more accessible, affordable, transparent and fair. I realized, in fact, that some technologies had the potential to help consumers with problems that regulations have been aiming, and failing, to fix for a half-century. (I won’t develop that whole argument for you in today’s podcast -- read the Harvard papers and listen to some of the 99 podcast guests.)
I also realized that the same tech trends driving these changes -- like big data, artificial intelligence, blockchains, cloud computing, voice interface and mobile -- have also potentially opened up a whole new way to do regulation, so that it really could be better and cheaper, at the same time.
But this insight was quickly followed by another. I realized that most of the benefits, for both wicked problems, will probably never materialize. The reason? We will probably get the regulation wrong.
Regular listeners know I’m a former bank regulator. I was Deputy Comptroller of the Currency (actually the first woman in that role). How many times, over our hundred episodes, have I talked to a guest and said some version of, “The regulators have the hardest job in financial innovation, because they have to enable good changes while blocking bad ones that come embedded in them”? How many times have I said that regulatory failures are no one’s fault -- they just reflect the limitations of the tools we had before the Digital Age? All true. We have dedicated and talented regulators, and also Congressional policymakers, still, they face an uphill battle to modernize. The systems we have today were not built to address the mold-breaking, fast-paced change that is now transforming finance. I realized that, somehow, they will have to... speed up.
So we started doing shows on fintech innovation. We framed the whole program as a “search” for innovation that could help consumers. Often, our conversation went far outside the boundaries of discussing information and expanded into real-time brainstorming. We always included a discussion of the guest’s advice for regulators. And we had many regulators as guests, including numerous agency heads. We’ve also had startup founders. And banks, both large and small. And people with roles ranging from CEO’s to compliance officers to heads of innovation labs. And lawyers and academics and consumer advocates.
Of the innovators on the show, it’s important to note that quite a few didn’t make it. I won’t call them out individually -- you may know who they are. Some startups just ran out of runway -- their VC funding didn’t last long enough for them to find traction, especially if they were waiting for banks to get the permissions needed to work with them. Some large companies shared innovation initiatives on the show, but later gave up on them.
This is the very nature of innovation. It always, everywhere, produces some failure. To innovate, you have no alternative but to try things. When you try new things, some won’t work. This means you have to take some risk. This process -- try something, see how it goes, measure results, learn from it, adjust, move forward -- is the pattern of all innovation. It’s a key lesson for the regulatory process. Somehow, we’re going to have to create a safe space for trying things, to bake the routine ability to iterate and test and fail, into the worlds of regulation and compliance.
The failures in fintech innovation, though, are vastly outnumbered by the successes.
More fundamentally, very few of these failures actually discredited the ideas and technologies involved. To the contrary, out of virtually every failed situation, the people involved moved forward to new and better things, and the ideas they incubated and shared have continued to spread outward, infusing the financial and technology ecosystem, changing how everyone thinks.
Along the way, the regulators saw this need for allowing and nurturing innovation and began to respond by setting up their own innovation programs. The first one that I know of was the CFPB’s Project Catalyst. That inspired the FCA to create its Innovate initiative -- a bigger and, I think it’s fair to say, bolder program than Catalyst, but building on the latter’s ideas. Famously, Innovate included creating a Regulatory Sandbox, which in turn went on to inspire dozens of imitators throughout the world. The OCC came next -- we at Harvard were honored that the Comptroller of the Currency, Tom Curry, launched the OCC innovation initiative at an event we held at the Kennedy School.
Other agencies, too, began moving ahead. Some had high-profile efforts while others were low-key, but they were all dedicating people to focusing on innovation. The then-Chairman of the CFTC, Christopher Giancarlo, said on Barefoot Innovation that the top priority of “every regulatory agency” is to convert their rule books “from analog to digital” design. He recruited someone from the fintech world, Daniel Gorfine, to run the Commission’s already-extant LabCFTC.
Eventually, all the federal agencies developed initiatives or task forces or working groups. So did some of their regional offices. The Federal Reserve Bank of San Francisco, for one, held what I think was the first US regulator-sponsored innovation conference by any US agency, and now has one of the country’s most vibrant programs. Several states also took initiatives, with Arizona creating the nation’s first state sandbox. Agencies were creating both groups working on regulatory issues in fintech innovation, and also projects to develop supervisory technology, sometimes called SupTech or SuperTech (although I advise call it all regtech because supervision and compliance are two sides of the same coin and will need common, integrated technology in the end).
In the United States, though, through most of this period, the focus was on how to regulate fintech. Again, that is different from the challenge of how to do regulation better. For the first few years after Barefoot Innovation launched, we still didn’t have the word “regtech.” As it emerged, I began to ask US speech audiences -- including the many speeches I made to regulator groups -- how many people knew the term, regtech. Five or ten percent would raise their hands.
In Europe, meanwhile, and Asia, regtech was on fire.
Some of this was coming from the private sector, including from many of our podcast guests. But globally, the key driver was, again, the FCA. Its sandbox initiative had captured everyone’s attention and was growing fast. The FCA was sending people around the world evangelizing on it. But when I would meet with them in London, I started to see a few people at the table who were working on regtech. I mean, a few. It was, basically, two people, and eventually, three.
Quietly, gradually, that little team began to invent a new way of innovating for regulators themselves. And their genius invention, their breakthrough, was that the FCA should hold hackathons. The FCA will tell you that they’re regulators, so they don’t like the word “hack,” so they created a special new name for these events -- the regtech “tech sprint.”
The first one they held tackled issues of consumer access to financial services. They invited just a handful of people and kept it very low-profile -- they were trying something new and had no idea if it would work. But, it did work. So they did another, and another, growing the size, widening the range of issues, and hammering out, through trial and error, a whole methodology. The one they held in London last week was their seventh. Two have been on AML. Others have explored issues like pensions and financial services and mental health. Two have been on regulatory reporting.
Along the way, the regtech group came to be led by an FCA official named Nick Cook. Today Nick heads the FCA’s whole innovation division (more on that later), but in the early couple of years, his little regtech team began building a network. I remember making speeches in those days when I would say, the FCA’s regtech team has only seven people, but hundreds of others are helping them. By doing these sprints and sharing what they were learning, they were enlisting some of the world’s top experts in both regulation and technology -- experts from big banks, tech firms, academics and more. Everyone was coming to the table. People began to see the possibility of doing things better, and they wanted to help.
On June 1, 2017, I convened a regtech conference at Harvard. To our surprise and delight, people came from all over the world! We brought together about 60 regulatory and technology experts around one huge open-square table.
I remember asking for a show of hands on how many of them had ever helped to write financial laws or regulations. Many hands went up. Then I asked how many could write computer code. Again, large numbers of hands were raised.
And then I asked, how many could do both. One person raised his hand.
We had a lot of very high-powered people in that room. I remember suggesting to them that the regulatory people at the table knew they had a problem with making regulation both effective and efficient, and assumed that, for the most part, it can’t be solved. The tech people in the room, meanwhile, actually had the solution, but they didn’t know about the problem -- or thought that it was a boring problem (which it decidedly is not!). And so...we put them together, to figure out how to combine the best of both.
Around that time, I started using a slide showing former Congressman Barney Frank, who co-sponsored the Dodd-Frank financial reform law, in the same frame with Steve Jobs. We started asking, what if we could give regulatory problems to people with that mix of expertise, to solve together?
At the Harvard roundtable, we posed this provocative question: might it be possible to issue some regulations not in words, but in the form of computer code, so that compliance could be self-implementing? In June 2017, this seemed to me like a science fiction vision, something that might begin to be possible in, maybe 10 or 20 years.
Nick Cook was at that conference. Five months later, the FCA and the Bank of England, incredibly, tested this very concept in real life.
That November, they ran a tech sprint that is now affectionately known to many of us as the Regulatory Moonshot. It ran for two full weeks. The participants came from the big UK banks, fintech and regtech firms, and distinguished universities in the UK and US. The FCA selected one line of regulatory guidance on reporting requirements for retail loans to work on. They set up a “tech” group and a “text” group of legal people, and then had a group of “translators” bridge the gap between them. They all worked to convert the syntax of the legal requirements into the syntax of code, to run against a set of test data.
The effort failed several times. People worried that it had been a waste of time.
On the final day, a late Friday afternoon on December they ran the test.
It worked. Machine-to-machine, the algorithm produced a correct report, in 10 seconds.
Then they altered the reporting requirement and ran it again. The algorithm produced an adjusted report, correctly, again.
The people in the room that day stood up and cheered -- bankers and regulators together.
The FCA realized that this “model-driven machine-executable” reporting could possibly be applied to areas where reporting processes are expensive and suboptimal, for both industry and government. They began calculating the potential for huge savings, in both the public and private sectors. They also promoted a thought process we had also discussed at Harvard, and that I’ve emphasized in my Harvard papers -- the idea that innovations like this could potentially be opened up to the industry as a voluntary option. Companies could choose to adopt them, or not, depending on what would be most safe and inexpensive for them. This would avoid forcing big tech changes on the whole system, top down, with all the resistance that normally creates.
In February 2018, the FCA issued a report on this sprint, explaining what they did, how they did it, and what further input they wanted from the public, and also laying out core concepts such as a commitment to creating regulatory technology that is open source.
I think the regulators who ran that sprint are heroes.
As I said earlier, I’m telling this story as I’ve experienced it over the course of our hundred podcasts, but I was doing very little. The big work was being done by others, especially in Europe and Asia.
A regtech infrastructure started to emerge, particularly in those regions. Under the leadership of Ravi Menon, the Monetary Authority of Singapore, MAS, began to put resources into both fintech innovation and regtech. Their innovation head, Sopnendu Mohanty (a two-time guest on our show) was all over the world, telling their story. MAS also began running a “Fintech Festival” that must be, now, the largest financial conference on earth. It attracts 40,000 people a year from all over the world. Think about that -- for a fintech festival sponsored by a central bank.
Abu Dhabi recruited regtech leaders from both the FCA (Barry West) and MAS (Wai-Lum Kwok) and began building a regtech innovation hub in the Middle East. Other countries were innovating too -- I don’t want to start listing them for fear of leaving out important initiatives, but ideas and experiments were spreading.
Two European-based regtech associations were stood up. In London, PJ Di Giammarino founded the Regtech Council, or RTC. Around the same time, the International Regtech Association, or IRTA, started up based in the UK and Switzerland, under the leadership of Subas Roy and Ben Richmond. The IRTA included visionary players like Diana Paredes and Richard Maton, and Richard also founded FIIN, the Financial Institution Innovation Network. (I’m involved with all of these.) Organizations like the International Institute of Finance were also doing research and holding events.
In 2017, I co-founded an AML regtech firm myself, Hummingbird, with four millennial co-founders, three of whom are software developers (many listeners may know that I’m a baby boomer). Suddenly, my learning curve skyrocketed. For the first time in my life, I was being exposed to how technology is created, the techniques that let tech companies innovate so fast, how they work together. My colleagues, most of them in San Francisco, lived in this world where innovation is in the very air. My daily discussions suddenly involve design thinking and human-centered design, agile workflows, standups, cloud computing, what it takes to get a SOC 2 security certification, how to do pen testing or run bug bounties, the power of open source code, the use of feature flags and reversible code to try things in a safe, small-scale way, the need for tech standards for regulatory information, the idea of a regulatory Github, the need to measure everything, the methods of collaborating and “failing fast” and learning from mistakes. I saw first hand how new, digitally-native technology could transform AML. I’ve learned more from this experience than from all my other efforts, combined.
Regtech had hit the agendas of the international bodies and NGOs dedicated to expanding global financial inclusion. The mobile phone was rapidly extending starter financial services to literally billions of people in the developing world who had never before had access -- people for whom no one was ever going to build and staff a bank branch. The World Bank set the ambitious goal that every adult in the world should have a “bank account” in his or her phone by 2020. People realized that if that was going to happen -- and it will, in the 2020’s -- the world needed a much stronger, nimbler, and more efficient regulatory infrastructure, to safeguard the system and to protect people from harm. This was especially true for protecting consumers who had never had formal financial products before, or even knew anyone who had, and so were vulnerable to exploitation and scams. To do this, regulators were going to need tools that didn’t require building out high headcount. It wasn’t practical to try to mimic the systems and structures of the large economies. Instead, the Global South would leapfrog, through new, digitally-native technology.
Projects were launched by the UN, the International Telecommunications Union, and the World Bank. Philanthropic organizations, especially the Omidyar Network (Pierre Omidyar was the founder of Ebay) and the Gates Foundation, funded regulatory innovation initiatives. One was the Alliance for Financial Inclusion, or AFI, made up of the central banks and financial regulators of the global South -- more than 100 agencies from about 90 countries. Another was R2A, the Regtech for Regulators Accelerator, which under the leadership of Bankable Frontiers’ Simone Di Castri, began working with regulatory bodies in countries like Mexico and the Philippines to solve regulatory challenges through technology. One technique was to put a chatbot on mobile phones so that consumers could report scams directly to the regulators. The bot could collect the complaint information and analyze it for trends to help target scarce human expertise.
In the US, the Omidyar Network funded other work in fintech and regtech. One was the Financial Diaries research and book, along with other support of the Center for Financial Services Innovation (now the Financial Health Network -- I served on and chaired its board). A second was creation of FinRegLab, led by my friend Melissa Koide. FRL has just put out its first research report, exploring the use of alternative data in credit underwriting (I’m proud to say I chair its board too). A regtech accelerator, RegTechLab, started up around the same time. Regtech conferences were cropping up all over the world and regtech tracks were being added to existing events.
And the Omidyar team, which last year spun off its financial unit as Flourish Ventures, began working with me -- again, driven by the insight that we will have to modernize both financial services and financial regulation if we’re going to achieve global financial inclusion.
With support from Omidyar and others, I had begun traveling the world, seeing and touching the cutting edge of change. London, Paris, Singapore, Manila, Fiji, Jakarta, Geneva, Amsterdam, Nassau. I spoke to the Dutch central bank. I spoke each year at the huge MAS Fintech Festival. I met with the Netherlands Queen Maxima, the UN Special Advocate for Global Financial Inclusion. I spoke to a UN conference. I spoke to a Cambridge University conference of hundreds of African regulators. I briefed the Basel technology subcommittee and the senior bank supervisors of the major economies. I spoke to AFI and the World Bank. In Jakarta, I sat at dinner next to Sanjay Jain and gradually realized he was an architect of India’s Aadhaar project, which has collected biometric identification information on 1.2 billion people, to enable them -- including the women -- to prove who they are so that they can enter the financial system, even if they lack traditional identity papers. I did a podcast with Sanjay the next day. In Manila I met Michael Wiegand, who heads the Gates Foundation’s Financial Services for the Poor. We were both traveling onward to Singapore, and did a podcast there as well. I participated in the Vaduz Roundtable hosted by Prince Michael of Liechtenstein, and recorded a podcast with him in the Alps. In Fiji I recorded three or four shows, including one with AFI CEO Alfred Hannig.
In the US, I spoke to most of the regulatory agencies and many of their regional offices. I spoke to the FFIEC’s regional IT examiners. For three years I’ve chaired the regulatory track at Money 2020. I interviewed Ripple chairman Chris Larsen on the main stage at LendIt and also did a podcast with him earlier. I spoke at LendIt in the US and Europe, and at Finovate, and at the wonderful regtech conferences that have mushroomed up. I joined the fintech advisory committees of FINRA, and of the Milken Institute, and the blockchain advisory group for the state of California. Regtech was spreading.
The Tech Sprint and AIR
Last October, Nick Cook visited with a group of about 20 US regulators on his return trip to London after speaking at Money 2020. At the time, the FCA planned to hold the 2019 AML tech sprint with international partners in Abu Dhabi, and so Nick invited the US regulators to come. The officials in the room noted that their budgets generally wouldn’t support travel to Abu Dhabi. And then one of them -- I can’t recall who it was -- asked if perhaps there could be a satellite site for the sprint, in the US.
Instantly, people were interested. Several agencies followed up with the FCA to explore trying to host such an event, but ultimately couldn’t make it come together.
Meanwhile I had co-founded AIR -- again, that’s the nonprofit Alliance for Innovative Regulation, with Petal card co-founder David Ehrich. This spring, the FCA asked if AIR would host such a satellite event. And we, of course, said yes.
We really had to sprint, to organize this sprint! Our little team -- David, Lexi Frazier and Amrita Vir -- worked day and night, as did the team at the FCA in London, to put it together.
We lined up participants with the right mix of skills and, about two weeks before the sprint, we held a telephone “boot camp” for them to explain the process. We gave everyone access to each other, and to a tool for getting organized, and to a set of synthetic data created by a UK company called Harbr, in which very realistic financial crime patterns were hidden We also set up access to cloud computing environments donated by Amazon Web Services and Microsoft Azure. People began thinking about problems to solve and finding teammates.
And then, on Tuesday of last week, we kicked off the sprint live at the Washington office of EY, which provided the facilities. We connected to London for a welcome, managing the five hour time difference. We heard a presentation from US law enforcement, by Mike Loughnane, sharing the perspective of the actual people who use AML information to catch criminals.
Most of the people on these teams had never met until that Tuesday morning. Some were software developers who knew little about AML. Some were AML compliance officers or regulators who knew little about technology. They came from big and small banks, fintech firms, and consultancies. Again, some came from three US regulatory agencies. They formed themselves into their working groups, with each team recruiting a combination of subject matter experts, front-end and back-end developers, and preferably a designer. They picked the AML problems they wanted to solve. We provided them with floating “doctors” to guide and problem solve.
And then they got to work, for two and a half days.
On the final day, the Friday, we gathered for a big event, much of which was joint with the FCA. In Washington, we had a keynote speech by FDIC Chairman Jelena McWilliams, simulcast to London, which included her compelling vision for transforming FDIC bank supervision through technology. From London, meanwhile, we had a simulcast address from US Assistant Treasury Secretary Marshall Billingslea. We also had the benefit of the FCA sending their head of Innovate, Samantha Emery, who had come to the US as a sort of ambassador to our event and spoke eloquently about how regulators must and can change.
Then the “hacker” teams demonstrated their solutions, for which Chairman McWilliams graciously agreed to serve as a judge along with other distinguished leaders.
Again, I’ll be posting much more information on what happened in the coming weeks. We’ll put information in the show notes for this episode, and you can also start to find material at our partially-built landing page, www.RegulationInnovation.org. When the FCA asked us to host the sprint, AIR was so new that we didn’t -- and still don’t -- even have a logo. We just have a picture of a robot! So keep watching as we post more information, including the exciting follow ups as our sprint teams are invited to demo their innovative tools to US regulatory agencies in the coming weeks.
Again, this event feels to me like the most meaningful thing I’ve been involved with in my career. The response has been overwhelming. The energy is off the chart. Much, much more to come!