Challenges and Innovations of SupTech on Traditional Financial Regulatory Laws ()
1. Introduction
In the context of an increasingly complex and interconnected global financial system, the rapid development of financial technology (FinTech) is profoundly changing the way financial services are provided and their risk characteristics. Traditional financial regulatory models face unprecedented challenges in effectively responding to emerging financial innovations and potential risks (Arner et al., 2017). The traditional regulatory models exhibit several notable drawbacks that limit their effectiveness in today’s dynamic financial environment. First, these models often operate on a reactive rather than proactive basis, responding to risks only after they materialize. Second, they rely heavily on manual processes and periodic reporting, which can result in delays in risk identification and response. Third, traditional models often struggle with data fragmentation and lack of standardization, making it difficult to achieve a comprehensive view of systemic risks. Fourth, they typically employ a one-size-fits-all approach that may not adequately address the diverse risk profiles of different financial institutions. Additionally, traditional regulatory frameworks often face challenges in cross-border coordination and information sharing, which becomes increasingly critical in an interconnected global financial system.
Against this backdrop, regulatory technology (SupTech) as an emerging technology-driven regulatory approach is gradually becoming a focus of attention for regulatory bodies. SupTech aims to improve regulatory efficiency, reduce compliance costs, and enhance risk identification and early warning capabilities by leveraging advanced technologies such as big data, artificial intelligence, and blockchain (Broeders & Prenio, 2018). However, the application of SupTech also brings a series of new challenges, including issues of data security, privacy protection, and algorithmic transparency, all of which need to be thoroughly explored and adjusted within the existing regulatory framework (Zetzsche et al., 2020). In recent years, international financial regulatory bodies and academia have increased their research on SupTech, but systematic studies on how it affects and reshapes the traditional financial regulatory legal system remain insufficient. This study aims to fill this research gap by analyzing the technological characteristics of SupTech, its application scenarios, and its challenges to traditional regulatory models, exploring how to construct a more flexible, efficient, and adaptive financial regulatory framework. The research not only focuses on the potential of SupTech in improving regulatory effectiveness but also delves into the legal, ethical, and operational issues it may face in implementation (Buckley et al., 2019). Furthermore, this study emphasizes the analysis of SupTech’s role in cross-border financial regulatory cooperation and how to establish unified regulatory technology standards through international coordination. Through these multidimensional discussions, this research aims to provide valuable theoretical insights and practical guidance for regulatory bodies, financial institutions, and policymakers to address regulatory challenges in the FinTech era and promote the balanced development of financial innovation and financial stability.
2. Technological Characteristics and Application Scenarios of SupTech
2.1. Core Technological Components of SupTech
SupTech, as an emerging regulatory technology paradigm, primarily comprises advanced technologies such as big data analytics, artificial intelligence, blockchain, and cloud computing. Big data analytics technology enables regulatory bodies to process and analyze massive amounts of financial transaction data, discovering potential risk patterns and anomalous behaviors. For instance, through real-time analysis of high-frequency trading data, regulatory bodies can more quickly identify market manipulation behaviors (Óskarsdóttir et al., 2019). Artificial intelligence, especially machine learning algorithms, plays a crucial role in SupTech. These technologies can automate many regulatory tasks that traditionally required human intervention, such as compliance report reviews, risk assessments, and fraud detection (Chang & Hu, 2020; Frediani, 2024). AI systems can constantly improve their ability to identify complex financial risks. The application of blockchain technology in SupTech is mainly reflected in improving the transparency and traceability of financial transactions. Through distributed ledger technology, regulatory bodies can monitor financial transactions in real-time, reducing information asymmetry and improving the timeliness and accuracy of regulation. Cloud computing technology provides SupTech with powerful computing capabilities and storage resources, enabling regulatory bodies to process and analyze large-scale datasets more efficiently. Cloud technology also facilitates data sharing and collaboration between regulatory bodies, contributing to the synergy of cross-border financial regulation. The integrated application of these technologies not only greatly improves the efficiency and precision of regulation but also enables regulatory bodies to shift from passive response to proactive prevention, thereby better maintaining the stability of the financial system.
2.2. Main Application Scenarios of SupTech in Financial
Regulation
The application scenarios of SupTech in financial regulation are extensive, covering various aspects of regulation. In market monitoring, SupTech systems can analyze transaction data in real-time, identifying abnormal fluctuations and potential market manipulation behaviors. For example, the Financial Industry Regulatory Authority (FINRA) in the United States uses machine learning algorithms to monitor abnormal trading patterns in the stock market, greatly improving the efficiency of market regulation (Chew et al., 2019). In the field of risk assessment, SupTech constructs more comprehensive and dynamic risk assessment models by integrating multi-source data. The CRAFT data analytics platform developed by the Monetary Authority of Singapore (MAS) is a typical example, which can automatically process and analyze regulatory reports submitted by financial institutions, thereby more quickly identifying potential risks (Broeders & Prenio, 2018). In anti-money laundering (AML) and counter-terrorist financing (CFT), SupTech systems can more effectively identify suspicious transactions by analyzing complex transaction networks and behavioral patterns. The “Regulatory Sandbox” program launched by the Hong Kong Monetary Authority encourages financial institutions to use AI and big data technologies to enhance AML/CFT capabilities. In compliance reporting and auditing, SupTech greatly reduces manual errors and compliance costs by automating data collection and validation processes. For instance, the AuRep system developed by the Austrian National Bank has achieved automated generation and submission of bank reports, significantly improving the accuracy and efficiency of reporting. These application scenarios demonstrate the enormous potential of SupTech in enhancing regulatory effectiveness, reducing regulatory costs, and strengthening risk identification capabilities.
2.3. Innovations and Challenges of SupTech to Traditional
Regulatory Models
The introduction of SupTech has had a profound impact on traditional financial regulatory models, creating both innovative opportunities and new challenges. In terms of innovation, SupTech enables regulatory bodies to shift from passive response to proactive prevention. Through real-time data analysis and predictive models, regulatory bodies can identify potential risks earlier and take preventive measures. This shift not only improves regulatory efficiency but also helps maintain the overall stability of the financial system. SupTech also promotes the personalization and dynamization of regulation. The traditional “one-size-fits-all” regulatory approach is gradually being replaced by more flexible and targeted regulatory strategies. For example, the Financial Conduct Authority (FCA) in the UK is exploring the use of machine learning technology to dynamically adjust the regulatory intensity for different financial institutions based on their risk status and compliance history (Arner et al., 2017). However, the application of SupTech also brings a series of challenges. Data security and privacy protection issues have become primary considerations. Large-scale data collection and analysis increase the risk of data breaches, and how to strike a balance between improving regulatory effectiveness and protecting personal privacy has become a key issue. The challenges of algorithmic transparency and explainability cannot be ignored. As regulatory decisions increasingly rely on complex AI algorithms, how to ensure the fairness and accountability of these decisions becomes an important topic. The application of SupTech may also exacerbate the technological gap between regulatory bodies and regulated entities, potentially creating unfair regulatory pressure on small financial institutions lacking resources. Therefore, how to construct an inclusive SupTech ecosystem and ensure the inclusiveness of regulatory technology is another challenge facing regulatory bodies.
As shown in Figure 1, the main application scenarios of SupTech in financial regulation include market monitoring, risk assessment, anti-money laundering/ counter-terrorist financing, and compliance reporting and auditing. These application areas demonstrate how SupTech comprehensively enhances the effectiveness and precision of financial regulation.
Figure 1. Main application scenarios of SupTech in financial regulation.
3. The Impact of SupTech on Traditional Financial
Regulatory Laws
3.1. Challenges of SupTech to the Regulatory Legal Framework
The emergence and application of SupTech pose numerous challenges to the traditional financial regulatory legal framework. The data-driven regulatory model requires redefining the boundaries of regulatory authorities’ powers. Traditional regulatory laws are typically based on clearly defined regulatory objects and behaviors, while the application of SupTech makes the scope of regulation more ambiguous and dynamic. For example, real-time monitoring and predictive analysis may involve the collection and analysis of data from non-regulated entities, which goes beyond the scope of traditional regulatory laws (Buchanan, 2021). The application of algorithmic decision-making in regulation raises issues of legal liability attribution. When regulatory decisions increasingly rely on complex AI algorithms, determining the responsible entity for decision errors becomes a thorny legal issue. The cross-border application of SupTech challenges existing regulatory jurisdictional boundaries. The cross-border flow and sharing of data require reconsidering the balance between national sovereignty and regulatory cooperation. The application of SupTech may also exacerbate regulatory arbitrage behaviors, as financial institutions may use technological advantages to evade regulation, which requires regulatory laws to have stronger adaptability and foresight (Arner et al., 2017). Finally, the application of SupTech may lead to an increase in information asymmetry between regulatory bodies and regulated entities, which could affect the fairness and effectiveness of regulation. Therefore, how to ensure regulatory transparency and fairness within the legal framework becomes an important issue.
3.2. Directions for SupTech-Driven Regulatory Legal Innovation
Facing the challenges brought by SupTech, traditional financial regulatory laws need to innovate and adjust. An important direction is to establish a “technology-neutral” legal framework to adapt to the rapidly changing technological environment. This means that legal provisions should focus on regulatory objectives and principles rather than specific technical implementation methods, thus leaving room for technological innovation (Zetzsche et al., 2020). Another innovative direction is to introduce the legal mechanism of “regulatory sandboxes,” allowing innovative SupTech to be tested and validated in a controlled environment to assess its impact on existing legal frameworks. For example, the regulatory sandbox program of the UK Financial Conduct Authority (FCA) provides legal support for SupTech innovation (Bromberg et al., 2017). Regulatory laws also need to strengthen requirements for algorithmic transparency and explainability. This may include requiring regulatory bodies to disclose key parameters and decision logic of their AI models to enhance the credibility and accountability of regulation. In terms of data protection, regulatory laws need to balance the efficiency of data use and personal privacy protection. For instance, the European Union’s General Data Protection Regulation (GDPR) provides important legal guidance for data use in SupTech. Finally, regulatory laws also need to provide a more flexible framework for cross-border regulatory cooperation, including formulating standards and protocols for data sharing to promote global financial regulatory synergy.
3.3. The Impact of SupTech on Regulatory Enforcement
Mechanisms
The application of SupTech not only changes the content of regulation but also profoundly affects the enforcement mechanisms of regulation. Real-time monitoring and automated enforcement become possible, requiring the redesign of enforcement processes and procedures. For example, automated enforcement mechanisms implemented through smart contracts may require new legal frameworks to regulate their conditions of use and define responsibilities (Buckley et al., 2019). SupTech also improves the precision of regulation, making differentiated and personalized enforcement possible. This may require providing regulatory bodies with greater discretionary power at the legal level while ensuring the fairness and consistency of enforcement. On the other hand, the application of SupTech may change traditional standards and procedures of evidence. How analysis results based on big data and AI are accepted and used in legal procedures requires new legal norms. SupTech also provides new channels for interaction between regulatory bodies and regulated entities, such as real-time data exchange implemented through APIs. This new type of interaction model may require redefining regulatory relationships and communication mechanisms at the legal level.
As shown in Figure 2, the impact of SupTech on the regulatory legal framework is mainly reflected in two aspects: on one hand, it brings challenges such as redefining regulatory power boundaries, attributing responsibility for algorithmic decisions, and coordinating cross-border regulation; on the other hand, it promotes innovative directions such as technology-neutral legal frameworks, regulatory sandbox mechanisms, and requirements for algorithmic transparency.
Figure 2. The impact of SupTech on the regulatory legal framework.
4. Risks and Regulatory Countermeasures in SupTech
Implementation
4.1. Main Risks Faced in SupTech Implementation
Although SupTech brings many potential benefits to financial regulation, its implementation still faces various risks. The primary risk is data security and privacy protection. SupTech systems process large amounts of sensitive financial data, and once data breaches or misuse occur, it will seriously affect financial institutions and individuals (Yang & Li, 2018). Secondly, there is the risk of technological dependence. Over-reliance on SupTech systems may lead regulatory bodies to neglect the importance of human judgment, especially when dealing with complex or non-standard situations. SupTech systems themselves may have technical flaws or vulnerabilities, which could be exploited by malicious actors, thus undermining the effectiveness of regulation. Another important risk is algorithmic bias. If the algorithmic design of SupTech systems is improper or the training data is biased, it may lead to unfair or discriminatory regulatory decisions (Kshetri, 2021). The risk of technological gaps also needs attention. The difference in capabilities between financial institutions of different sizes and resources in adopting SupTech may lead to regulatory inequality, with smaller institutions potentially facing greater compliance pressure. Finally, the risks of cross-border data flow and regulatory coordination cannot be ignored. Differences in data protection laws and regulatory standards across countries and regions may hinder the global collaborative application of SupTech.
4.2. Regulatory Countermeasures for SupTech Risks
To address the risks in the implementation process of SupTech, regulatory bodies need to adopt a series of targeted measures. In terms of data security and privacy protection, it is necessary to establish a strict data governance framework, including data encryption, access control, and audit mechanisms (Broeders & Prenio, 2018). At the same time, clear data usage policies should be formulated to ensure that data is only used for specific regulatory purposes. To mitigate the risk of technological dependence, regulatory bodies should maintain human oversight and intervention mechanisms to ensure that human judgment is still involved in key decisions. Regular assessment and update mechanisms for SupTech systems should be established to timely identify and fix potential technical flaws. To address the risk of algorithmic bias, regulatory bodies need to strengthen the algorithmic review and testing of SupTech systems to ensure their fairness and non-discrimination. This may include introducing third-party independent assessment mechanisms to enhance the credibility of algorithms. To solve the problem of technological gaps, regulatory bodies can consider providing technical support and training to help small financial institutions adapt to the SupTech environment. In terms of cross-border coordination, efforts should be made to promote the establishment of international SupTech standards and data sharing protocols to promote the consistency and synergy of global regulation (Arner et al., 2017).
4.3. Building a SupTech Risk Management System
Effective management of SupTech risks requires the construction of a comprehensive risk management system. This system should include processes such as risk identification, assessment, mitigation, and monitoring (Buckley et al., 2019). Regulatory bodies need to establish a SupTech risk assessment framework to regularly evaluate the potential risks and impacts of SupTech systems. Clear risk mitigation strategies should be formulated, including technical solutions and management measures. For example, multi-layer security architecture can be adopted to enhance data protection, or strict change management processes can be implemented to control system update risks. Establishing continuous monitoring mechanisms is also crucial, including real-time monitoring of the operational status of SupTech systems, as well as regular security audits and stress tests (Zetzsche et al., 2020). Regulatory bodies also need to develop emergency response plans to address potential SupTech system failures or security incidents. Finally, cultivating a talent pool with dual expertise in technology and regulation is key to ensuring the effective operation of the SupTech risk management system (Yang & Li, 2018). By establishing such a comprehensive risk management system, regulatory bodies can effectively control related risks while enjoying the efficiency improvements brought by SupTech, ensuring the stability and reliability of financial regulation.
As shown in Figure 3, the SupTech risk management system includes four main processes: risk identification, risk assessment, risk mitigation, and risk monitoring, forming a continuous cycle. This closed-loop system ensures that SupTech-related risks are comprehensively and continuously managed, helping regulatory bodies to timely identify and respond to potential threats, thereby ensuring the safe and effective application of SupTech.
Figure 3. SupTech risk management system.
5. Conclusion
With the rapid development of financial technology, SupTech, as an emerging regulatory technology paradigm, is profoundly changing the theory and practice of traditional financial regulation. This study systematically analyzed the challenges and innovative opportunities that SupTech brings to traditional financial regulatory laws, discussed its potential in improving regulatory efficiency, reducing compliance costs, and enhancing risk identification capabilities, while also pointing out the risks and challenges faced in its implementation. The research found that the application of SupTech not only requires redefining the boundaries of regulatory power but also involves a series of complex legal issues such as the attribution of responsibility for algorithmic decisions and cross-border regulatory coordination. To address these challenges, regulatory laws need to develop in a “technology-neutral” direction, introduce regulatory sandbox mechanisms, strengthen requirements for algorithmic transparency, and provide a more flexible legal framework for cross-border regulatory cooperation. At the same time, this study emphasized the importance of building a comprehensive SupTech risk management system, including risk identification, assessment, mitigation, and monitoring processes, to ensure the safe and effective application of SupTech. Although SupTech brings many opportunities for financial regulation, its successful implementation still faces challenges from technological, legal, and ethical aspects. In the future, regulatory bodies need to seek a balance between promoting innovation and maintaining financial stability, strengthen international cooperation, and establish unified regulatory technology standards. Cultivating a talent pool with dual expertise in technology and regulation will also be a key factor in promoting the healthy development of SupTech. The integration of SupTech and traditional regulation will be an inevitable trend in future financial regulation, but this process requires innovation in regulatory theory and joint efforts from multiple stakeholders. This study provides a theoretical basis and policy insights for understanding and addressing technological changes in financial regulation, offering valuable references for regulatory bodies, financial institutions, and policymakers in regulatory practices in the SupTech era.