Never-ending regulation combined with an increasingly complex regulatory overlap have made life tough for banks in recent times.
The statistics are brutal – close to $400 billion in enforcement fines since 2008, up to 10% of revenues consumed by compliance, amounting to upwards of one billion dollars spent annually on compliance by some of the world's biggest financial institutions. These numbers alone are driving change.
Both regulators and chief compliance officers now know that current approaches to regulatory compliance and risk are not sustainable and that a digitized approach that embraces new and innovative technologies is now needed.
Aging systems and manual process are just not cutting it
An EY report, 'How digitization is strengthening compliance and anti-fraud programs,' summarizes this well: "Traditional compliance and fraud prevention programs are built on four-eyes principles, management oversight, and sign-offs. Add that to occasional, often inconsistent audits and the resulting systems fall short of meeting these new challenges. They are simply too slow, too ineffective, and too expensive," it says.
Financial institutions now realize that the pace of change is not abating and that only a holistic approach will do. The days of being able to deploy a series of point solutions that deal with a single regulation are long gone. The sheer volume and complexity of regulation, especially when dealing with regulation across multiple jurisdictions or regulation that transcends borders, is such that to even contemplate tackling it manually moving forward is, at best, risky.
So, what should compliance officers look for?
The answer is to seek out a more joined-up, technology-enabled approach; one that provides the means to gain enterprise-wide oversight, maps the regulatory universe onto business operations, gives visibility into whether an institution is meeting compliance obligations, whether its policies are distributed appropriately across all jurisdictions and lines of business, and whether compliance processes are being executed effectively.
Not only does this kind of approach deliver operational efficiency in spades, but it also serves to quieten fears over reputational risk.
Indeed, reputational risk is now a fundamental concern as it is a threat to revenues – customer acquisition, retention, and share price. A recent Burnmark/CUBE poll run during our 'RegTech for Information Governance' webinar found that 60% of financial institutions fear reputational risk, and 30% enforcement fines, when asked what they consider to be the greatest financial impact of non-compliance. I am sure even just a few years ago the results would have been very different! The biggest fears in relation to information assets compliance are limitations of current technology and being unable to evidence compliance to the regulator (both 36%).
RegTech is the only way to address all these challenges, allowing for scale, depth and reach that has never previously been imagined. Banks know this and are supporting change from the top down.
Senior management is realizing the opportunity to leverage technology for 'compliance transformation', a back-office function historically at the bottom of the pile for tech-spend. Compliance officers should be looking for senior-level support, which is both vital and is, happily, beginning to happen. Compliance as a culture is also essential and is also actually happening. Spending on RegTech proves it!
A report by Accenture, '2018 Compliance risk study: financial services,' says that backing technology transformation is the top spending priority for respondents, both over the next 12 months (57%) and within the next three years (51%). This is the result of compliance moving towards deploying technology, to support and improve the effectiveness of their people to fulfil its mandate.
Within this change is cultural evolution, a key requirement for attracting and retaining the right people. Job titles specifically charged with implementing RegTech and driving regulatory change management initiatives have started to appear on a regular basis.
Collaboration is the key to RegTech success
Central to compliance digitization is the willingness to work with RegTechs to effect positive progression. Financial institutions are acknowledging the need for external help to solve these issues. They are gaining a real understanding of what Artificial Intelligence (AI), and associated tools including Machine Learning (ML) and Natural Language Processing (NLP), can do to help – but they know this is something they would be hard pushed to do themselves.
The pace of progress in AI technology is startling, now providing the opportunity to deliver smart insights and automated, cognitive decision-making, at enterprise scale. Robotic process automation is also delivering operational efficiency for compliance at a level previously unimaginable, and the ability to generate a defensible audit trail is the icing on the cake. The technology can be applied holistically and mapped over the whole business, and increased use of open API architectures is allowing previously isolated silos to be joined up, so that information is able to flow where it needs to, without delay.
The same kind of technology also appeals to the regulator and a new case use, Supervisory Technology (SupTech), is coming to the fore. Like the banks, regulators need a joined-up digitized approach too. They need to get a better grip on the intended and unintended consequences of any new regulation, and they need to make it easier for financial institutions to comply.
The UK's Financial Conduct Authority (FCA), for one, is now actively looking to technology for answers. The regulator is looking to see how their handbook can become more easily accessible by making it machine readable, and thus giving it a level of automated interpretation. This means banks can understand their obligations and report back more easily and uniformly, with automated support. Along with an open API network it will be easier for the FCA to ingest data from many regulated entities and analyze it to identify market trends or areas that need change.
A second use for the regulator is being able to model the impact of any proposed changes before they go out to consultation. This involves the technology being able to machine read the proposal, to understand the sentiment and then map that onto different types of organizations and business lines, to simulate the likely impact of what is to be proposed.
This compliance transformation via a digitized holistic approach means that a bank and regulator alike can have a visible and actionable understanding of regulatory impact over all business lines, products, policies and controls, before or as soon as it happens.
In short then, what is now needed is the whole picture. Having reach and depth of regulatory intelligence is crucial and allows for granular understanding of regulatory impact on all lines of business and jurisdictions, so chief compliance officers can take the right actions to avoid non-compliance and penalties. If we can see the entire compliance universe and understand how that relates to the financial institution as whole, then everyone has greater control.
Not just a nice to have – a need to have.
Elliot Burgess, Product Manager, CUBE