Banks as Delegated Regulators of Technology


  • Anastasia Konina


Canada’s largest banks rely on private developers of regulatory technology (RegTech) to comply with the requirements of the Office of the Superintendent of Financial Institutions (OSFI). RegTech’s algorithms allow banks to organize unstructured data, identify, assess and mitigate risk, and generate and submit reports. While the use of RegTech significantly facilitates financial reporting and compliance, it also presents risks. The unsupervised process of translating the language of regulations into computer code may lead to the misinterpretations of regulatory requirements. Also, due to the opacity of private algorithms, mistakes of RegTech instruments may go unnoticed, resulting in systemic failures.


In light of these risks, this article examines the potential of Canada’s federally regulated banks to act as delegated regulators of RegTech. Drawing on OSFI’s previous initiatives, this article suggests that the regulator create RegTech quality standards and delegate the enforcement of these standards to banks through outsourcing contracts. These contracts should contain publicly mandated RegTech specifications and clauses that reserve the banks’ rights to monitor, audit, and punish non-compliant RegTech companies and share information with OSFI.


This article also discusses the benefits and policy implications of delegated regulation of RegTech. First, by imposing a public duty on the banks, delegated regulation causes changes in corporate governance. Second, it allows the under-resourced regulator to use banks as regulatory resources. Third, it extends the application of public norms to those RegTech companies that otherwise would have avoided public oversight. Fourth, it reshapes the market for RegTech services by forcing banks to develop in-house technology that, in the long term, may be a cheaper and less risky alternative to outsourcing.


In conclusion, this article addresses the arguments that may be levelled against the delegated regulation of RegTech and discusses opportunities for more direct involvement of the regulator in technology-driven reporting and compliance.