Ladies and Gentlemen,

Good evening. 

1.    I am delighted to be here to share MAS’ perspectives on a topic that is likely top of mind for risk leaders from the financial and tech sectors – who are in our midst today. 

Risk and Reward

2.    Today’s discussions centre on whether FinTech and digital innovations could provide an ultimate solution for risk management. 

• This is a theme that inspires an optimistic, yet cautionary examination of our approach to technology innovation.  
• We continue to uncover the immense potential technology has to offer, including solutions for risk management.
• It is fair to suggest that shying away from technology is an unlikely option for industry practitioners looking to thrive in today’s digital economy. 
• Nevertheless, it would be insufficient to look at the benefits of technology in a vacuum. 
• It is important that the industry understands and manages risks associated with using technology. Only then can the benefits of technology be effectively harnessed. 
• Risk and reward are often two sides of the same coin. 
  
  

Reflections on safe innovation

3.    While technology promises benefits, it can also bring about new or heightened risks when misused. 

4.    As a regulator, we strive to deepen our understanding of emerging technologies, including the risks they present. 

• For this reason, MAS is one of the first regulators to adopt a regulatory sandbox regime. The regulatory sandbox allows experimentation to facilitate FinTech innovation within pre-defined boundaries, while limiting its risks to consumers and the financial system. 
• We view the sandbox as a means to enhance collective understanding of new technologies that impact the future of this industry. 

5.    If your organisation is looking to innovate with technology, I encourage you – as leaders of your organisation’s risk function – to consider, define and communicate your company’s risk appetite and agenda for innovation. 

• Take stock of risks, understand and manage them. 
• Where appropriate, calibrate the risk appetites. It is sometimes useful to acknowledge that some risk limits, while implemented successfully before, are past their prime in this digital age. 

Key Risks

6.    At this juncture, I will briefly elaborate on three key risks – cybersecurity, data privacy and protection, and unfair discrimination.

• Let me first touch on cyber risk.
• As financial services increasingly become digital, managing technology-related risks such as cyber risk, is paramount. Cyber risk remains a key risk that MAS and financial institutions in Singapore are keeping close tabs on. 
• Given the highly interconnected financial system, borderless nature and increasing complexity of cyber-attacks, it takes a concerted effort and close collaboration among stakeholders in the ecosystem to manage the risks and maintain cyber resilience.
• Apart from the planned issuance of a new MAS Notice on cyber hygiene requirements, MAS has recently consulted on proposed revisions to our Technology Risk Management Guidelines and Business Continuity Management Guidelines, which will serve to help financial institutions better manage cyber risk.
• Besides these regulatory efforts, MAS has also been taking a collaborative approach by partnering the industry to conduct cyber exercises, share cyber threat intelligence, and establish industry standards and guidance to promote cyber resilience. 

7.    Next, data privacy and protection. Risks from digital innovations can lead to an erosion of trust between financial institutions and consumers. 

• There is a degree of privacy that all consumers expect. 
• One can argue that the advent of big data is antithesis to the notion of absolute privacy. 
• Consumers are often limited to just generating the data, while firms are often in a better position to harness its potential and to exploit this advantage. 
• This could accentuate concerns that institutions may exploit data for unreasonable conduct. 
• As the quantity, quality and availability of data increase with continued digitalisation, data use and data protection will also have to be addressed. 

8.    Finally, unfair discrimination. Increasing use of artificial intelligence (AI) has given rise to the risk of “black boxes” in decision-making.

• Financial institutions are struggling to validate AI-based models which use continuous learning and adaptation as distinct from fixed parameters and historical back-testing. 
• The application of AI in financial services also brings risks of financial exclusion. 
• Regulators have started to detect cases where AI-based decision-making has led to systematic exclusion of certain demographics. 
• When an AI tool finds an empirical basis for discriminating by a combination of variables such as gender, ethnicity, religion, and nationality, say for a loan or insurance decision, how much of that empiricism is grounded in reality and how much of it is due to unobserved biases in society that the AI is learning from? 
• And even if such discrimination is backed by empirical unbiased data, is that a socially acceptable outcome? 
  
  

9.    Encouraging safe, fair and trustworthy innovation also means that ethical and responsible use of technology by every ecosystem player is key. 

• In the area of AI and data analytics, MAS has partnered with the industry to develop a set of principles to encourage responsible use of these technologies. These are known as the FEAT (Fairness, Ethics, Accountability and Transparency) principles. 
• As financial institutions increasingly adopt technology to support business strategies and in risk management, the FEAT principles are intended to provide guidance on internal governance around data management and use of these technologies.  
  
  

10.    Earlier this year, the InfoComm Media Development Authority (IMDA) also released Singapore’s Model Artificial Intelligence Governance Framework. 

• This Model Framework is the first in Asia to provide detailed and readily implementable guidance to private sector organisations to address key ethical and governance issues when deploying AI solutions. This is another set of best practices you can look at.

Can digital innovations provide an ultimate solution for risk management? 

11.    And finally, the central theme – can digital innovation provide an ultimate solution for risk management? 

• In the area of AI and data analytics, the use of these technologies can assist in risk monitoring and management in various areas, such as anti-money laundering, fraud detection, internal compliance and business/market risks.  
• MAS has employed greater use of data analytics for risk detection and targeting, using suspicious transaction reports and other data sets. This has enabled us to identify suspicious fund flow networks more effectively and focus our supervisory attention on networks of higher risk accounts, entities or activities. 
• MAS has also developed Project Apollo, an Augmented Intelligence tool that automates the computation of key metrics for trade analysis, and predicts the likelihood that an expert will opine that market manipulation has occurred. The use of this technology helps improve detection of market abuse. 
• These are just a few examples of technology that the industry can also adopt to unlock insights – whether to sharpen the surveillance of risks, or to transform the way work is done.

12.    As we continue to explore technology such as AI for risk management and other purposes, it is important to remember that the use of AI and data analytics, whether for risk management or otherwise, should augment our work, as individuals are likely to take on new or expanded tasks that have a greater element of judgement and creativity. 

• While digital innovations could provide a solution for risk management, humans will continue to play a critical role. 
• Recently, MAS announced a studyThe study is titled “The Impact of Wider Integration of Data Analytics and Automation on Manpower in the Singapore Financial Services Sector”., commissioned by the Institute of Banking and Finance (IBF) and MAS, which sets out how data analytics and automation are likely to augment or transform 121 job roles in Singapore’s financial sector in the next 3 to 5 years. 

Conclusion

13.    As the nature of financial services continues to evolve, so will the risks associated with increasing use of technology. 

• Let us work together to understand these risks, especially when we do not have all the answers in advance. 
• Together, let us innovate safely to reap the benefits of technology while ensuring risks are properly managed. That means taking a proportionate approach to risk, so that we can achieve resilience with efficiency, stability with growth, safety with innovation. 
• Starting with your organisation’s own technology journey, take proactive steps to understand and manage these risks. Put simply, take calculated risks for purposeful innovation.

On this note, I wish you a very fruitful and successful meeting.