The practice of market participants collecting and utilising increasing amounts of data, in particular the data of their clients, has become an area of growing concern. The privacy of clients is of paramount importance. In addition to ensuring that only authorised parties are allowed access to appropriate levels of client data, clients’ data privacy and usage rights, as enshrined in the Personal Data Protection Act 2010 (PDPA) and all other relevant regulations, should also be respected and upheld. This is particularly important as market participants, in addition to utilising these data internally, begin to also collect and share data from and with third parties as they aim to enrich their own offerings. Furthermore, data which is no longer relevant should be appropriately retired, disposed of or archived to prevent unnecessary mishap.
Closely related to the topic of data privacy and confidentiality is the movement for data portability and self-sovereignty as consumers are demanding increasing control over their own data. For the capital market, this could include data such as transaction history and investment records. The implementation of the GDPR created a wave of technology enhancements in Europe to ensure compliance. In anticipation of emerging regulations and standards in this area, market participants should begin internal analysis and preparations in order to be able to comply with such regulations and standards as they arise. This would include being able to extract client data in a timely manner upon request and providing it in a portable and machine-readable format.
The increasing usage of technology and analytical insights among market participants could also give rise to interesting ethical considerations and quandaries which may not have existed previously. For example, while gamification cues and features could be useful in encouraging regular savings behaviour in users, the same excessive use of such cues and features could also drive users towards reckless investment behaviour, resulting in unintended consequences. If not supported by the right risk assessment framework and parameters, the same digital distribution platforms which can help market participants easily reach and onboard a wider client base as well as enable greater financial inclusion, might result in a deluge of overleveraged issuers.
On the other hand, as more data is used to assess credit risk profiles, biases in data and analytical models could result in certain issuer segments being unfairly excluded. This is potentially exacerbated by the use of AI or machine learning methods, which remain largely ‘black box’ solutions. In this respect, the SC may consider issuing relevant guidance with a view towards setting principles and regulatory expectations on the increased utilisation of data analytics and AI in the market. This may include more structured governance over the usage of data analytics and AI, ethical considerations, handling of biases, protection of investor rights over their data as well as requirements for ongoing risk management and monitoring.
While the SC is supportive of the use and further adoption of advanced technologies by market participants, it must be stressed that this needs to be accompanied by appropriate risk assessment and monitoring frameworks to test and refine the outcomes of such uses of technologies. In recent years, the SC has collaborated with market participants to enable the execution of certain pilots and proof of concepts of innovative ideas and products, and will continue to do so in the future. Industry standards may also be defined, should the need arise, to serve as a reference and minimum baseline for certain practices. The SC will also continue to encourage dialogue and information sharing between regulators and market participants in order to stay abreast of emerging risks.
 CAPITAL MARKET MASTERPLAN 3
 107