Print this article

Transactions And Data: Coming Of Age, Under Fire In Pandemic – Comment

Rupert Brown

15 April 2020

Countering recent commentary and growing belief that blockchain, big data and AI can solve all regtech's compliance issues, this contributor warns that there is a dearth of guidance on the way these technologies are used, not least in regulating the way in which financial services systems are actually designed. To explain this territory more, we hear from Rupert Brown, CTO of Evidology Systems, a specialist firm focusing on what it calls principles-based regulation. The former UBS CTO and ex Merrill Lynch technical lead argues that the rules placed on other safety-critical industries, such as aviation and nuclear, are just as applicable to building resilient financial systems. And because data and technology have been so dominant in the various early responses to the COVID-19 pandemic, Brown uses the crisis to show where tech is accelerating on the transaction chain and where, in his view, it is being thoroughly exposed. It's a thoughtful piece about social and systems re-engineering in a perhaps short window for re-imagining how a rules-based world should work. The article was written mid week-two into the COVID lockdown. The editors are pleased to share these views and invite responses. To reply, email and

In the 1970s the BBC produced a drama series called “Survivors” that ran for several seasons, which was based on the notion of a global pandemic that killed the majority of the population and followed the attempts of those left to group together and reform some sort of familiar society. In the 1980s we saw the start of the Mad Max film franchise that took this notion to a more extreme, feral view of isolated groups of survivors fighting over petroleum resources as the only means of survival.

The COVID-19 pandemic has presented a completely different set of economic and social problems by halting three of the largest transaction chains that most of the globe participates in, ie:
a) Property transactions – the highest value transaction most of us make in our lifetimes;
b) Transportation – while the most visible impact has been long- and short-haul aviation, we must not forget both the capital purchase of vehicles and daily use of public transport;
c) Leisure – both long-distance journeys and regular, local activities.

Apart from that, everything in the world appears to be normal – outside my home in London the buses still run on a Saturday schedule, the streets are cleaned and, after an initial hiccup, food stores are generally well-stocked.

So what has actually changed? History will almost certainly record this as the point when the internet became fully ubiquitous in daily usage. It is now being used both for business and social continuity, with various ingenious forms of social and religious gatherings being created, as well as more formal business meetings. Moreover, national TV and radio programmes are being presented from staff members’ homes instead of high-tech, specialised studios.

Although there are occasional glitches and latency problems, there have been no significant backbone/carrier failings to disrupt activity or create distrust. The other significant change that is, perhaps, less visible, is the almost total abandonment of cash in favour of contactless payments to reduce infection. Given these behavioural changes and the almost total dispersal of society other than in critical occupations, what will be the impact on the regulatory agenda, in financial services - which is still playing catchup from 2008 - and other sectors.

Because we can now be confident that physical technology is “good enough” to support a fully-dispersed workforce, going forward it is highly likely that the previous notion of “offshoring” will now become more ubiquitous and large corporate HQ/service centre buildings will become a thing of the past: the term “unshoring” has been postulated to describe this.

It will therefore be critical that regulatory and supporting compliance requirements can be globally embedded and distributed across public and corporate information fabrics.

Discussions are already beginning about how governments will review their responses to the pandemic, in particular the scale and accuracy of the data that was available to them and their ability to both reorganise assets and supply chains, as well as provide broader economic support and stimulus.

It is certain that we will see a raft of regulation come out of this crisis that will require much greater resilience planning and scenario testing, as well as capital investments in both connectivity and assets to mitigate short-term supply chain disruptions.

Most of this regulation will have to be “principles-based”, i.e. asking organisations to document their thinking and decision-making processes and subsequent review activities, rather than the myriad forms of transaction reporting that have been at the core of activity since the credit crisis of 2008.

“Principles-based” regulations, however, pose three significant problems that have yet to be understood and addressed by both regulators and regulatees:


1) Standardised reporting formats: current regulatory responses are usually a portfolio of largely bullet-point documents and summary presentations, loosely linked with pseudo-structured spreadsheets, which are intended to pass the “weight of effort” test, rather than any rigorous semantic scrutiny.

2) Composition/aggregation and distribution: “principles-based” compliance approaches need to be constructed from a range of legal opinions/interpretations and operational controls that are currently provided from a disparate array of companies and government agencies.

3) Analysis and comparison: because there is neither a standard for composition nor output of compliance submissions, the analysis and comparison phases then become a much more subjective process and often require some sort of bespoke normalisation/precis by each regulatory body. If we are going to increase the workload on these bodies then standardisation and automation must be implemented.

Perhaps the best two examples of the symptoms of failure to improve “principles-based” regulatory processes are the BIS BCBS 239 annual reports and the EBA SREP analyses, which both highlight significant content shortcomings by all participants.

As with COVID-19 there is a natural human tendency to look for some sort of technical “vaccine” to both mitigate against the symptoms and also to fight the root-cause of the problem. The current fashionable candidates that are regularly cited are AI, Big Data and distributed ledger/blockchain.

Blockchain was created to provide a private point-to-point form of distributed ledger for transactions, without the need for middlemen such as exchanges or clearing/settlement agencies. However, in a regulatory world we need these “certified” platforms to stand behind the content that they produce and curate. We have already seen US and European governments take Facebook and Google to task because they try to avoid liability for the content they distribute.

Legal opinions/judgments and controls are, in truth, largely shared content in a regulatory world, rather than unique transactional entities; regulators are looking for consistent authorised consumption and utilisation, so an anonymous point-to-point solution is inappropriate.

Are regulatory and compliance “Big” data entities? Compared with the volumes of transactional data we generate every day across the world they are tiny. We really need to regard them as “complex”, ”threaded” data entities, especially when the connection chain from the base regulatory text through to the end-point compliance evidence has been constructed. Much of the content along this chain of linked entities is verbose and not stored in traditional relational databases such as Oracle, but rather stored in text repositories, ranging from workgroup Sharepoint sites, all the way up to complex legal content management platforms such as Lexis Nexis.

Finally we come to the postulated “nirvana” that is artificial intelligence, which points us back to the three significant core problems – without an understanding of formats, composition and aggregation mechanisms, and comparison requirements, no analytic toolset has any reliable foundations on which to base meaningful judgments.

There is still a long and largely uncharted journey before the pandemic emergency is over – however, it is clear that there will be a significant long-term social and economic impact and the technology bindings within both spheres will strengthen.

However, effective application of technology requires comprehension of the true nature of the candidate problem – at the moment all business sectors have largely ignored principles-based regulations, relying on the allure of slick presentation and packaging to disguise a lack of meaningful substance and consistent methodology.