The core drivers behind the digitising of compliance

Enforcement fines and increasing compliance expenditure is driving the need for change.

Never-ending regulation combined with an increasingly complex regulatory overlap has made life tough for banks in recent times. 

Both regulators and chief compliance officers now know that current approaches to regulatory compliance and risk are not sustainable. A digitized approach that embraces new and innovative technologies is now needed. 

Ageing systems and manual process are just not cutting it 

Existing and legacy compliance systems are renowned for being clunky, time consuming and inefficient. They require labour intensive oversight programs, with managers signing off and checking at every stage…hence the idea that checkers are checking the checkers. Not only are they ineffective, they are also expensive to buy, build and run.  

Financial institutions now realise that the pace of change is not abating and that only a holistic approach will do. The days of being able to deploy a series of point solutions that deal with a single regulation are long gone. The sheer volume and complexity of regulation, especially when dealing with regulation across multiple jurisdictions or regulation that transcends borders, is such that to even contemplate tackling it manually moving forward is, at best, risky. 

So, what should compliance officers be looking for? 

The answer is to seek out a more joined-up, technology-enabled approach; one that provides the means to gain enterprise-wide oversight, maps the regulatory universe onto business operations, gives visibility into whether an institution is meeting compliance obligations, whether its policies are distributed appropriately across all jurisdictions and lines of business, and whether compliance processes are being executed effectively. 

Not only does this kind of approach deliver operational efficiency in spades, but it also serves to quieten fears over reputational risk. 

Indeed, reputational risk is now a fundamental concern as it is a threat to revenues – customer acquisition, retention, and share price. A recent poll run in collaboration with Burnmark during our‘RegTech for Information Governance’ webinar found that 60% of financial institutions fear reputational risk, and 30% enforcement fines, when asked what they consider to be the greatest financial impact of non-compliance. We are sure even just a few years ago the results would have been very different. The biggest fears in relation to information assets compliance are limitations of current technology and being unable to evidence compliance to the regulator (both 36%). 

RegTech is the only way to address all these challenges, allowing for scale, depth and reach that has never previously been imagined. Banks know this and are supporting change from the top down. 

Senior management is realising the opportunity to leverage technology for ‘compliance transformation’, a back-office function historically at the bottom of the pile for tech-spend. Compliance officers should be looking for senior-level support, which is both vital and is, happily, beginning to happen. Compliance as a culture is also essential and is also actually happening. Spending on RegTech proves it. 

Within this change is cultural evolution, a key requirement for attracting and retaining the right people. Job titles specifically charged with implementing RegTech and driving regulatory change management initiatives have started to appear on a regular basis. 

Is collaboration  the key to RegTech success? 

Central to compliance digitization is the willingness to work with RegTechs to effect positive progression. Financial institutions are acknowledging the need for external help to solve these issues. They are gaining a real understanding of what Artificial Intelligence (AI), and associated tools including Machine Learning (ML) and Natural Language Processing (NLP), can do to help – but they know this is something they would be hard pushed to do themselves. 

The pace of progress in AI technology is startling, now providing the opportunity to deliver smart insights and automated, cognitive decision-making, at enterprise scale. Robotic process automation (RPA) is also delivering operational efficiency for compliance at a level previously unimaginable, and the ability to generate a defensible audit trail is the icing on the cake. The technology can be applied holistically and mapped over the whole business, and increased use of open API architectures is allowing previously isolated silos to be joined up, so that information is able to flow where it needs to, without delay. 

The same kind of technology also appeals to the regulator and a new use case, Supervisory Technology (SupTech), is coming to the fore. Like the banks, regulators need a joined-up digitized approach too. They need to get a better grip on the intended and unintended consequences of any new regulation, and they need to make it easier for financial institutions to comply. 

The UK’s Financial Conduct Authority (FCA), for one, is now actively looking to technology for answers. The regulator is looking to see how their handbook can become more easily accessible by making it machine readable, and thus giving it a level of automated interpretation. This means banks can understand their obligations and report back more easily and uniformly, with automated support. Along with an open API network it will be easier for the FCA to ingest data from many regulated entities and analyse it to identify market trends or areas that need change. 

A second use for the regulator is being able to model the impact of any proposed changes before they go out to consultation. This involves the technology being able to machine read the proposal, to understand the sentiment and then map that onto different types of organizations and business lines, to simulate the likely impact of what is to be proposed. 

This compliance transformation via a digitized holistic approach means that a bank and regulator alike can have a visible and actionable understanding of regulatory impact over all business lines, products, policies and controls, before or as soon as it happens. 

In short then, what is now needed is the whole picture. Having reach and depth of regulatory intelligence is crucial and allows for granular understanding of regulatory impact on all lines of business and jurisdictions, so chief compliance officers can take the right actions to avoid non-compliance and penalties. If we can see the entire compliance universe and understand how that relates to the financial institution as whole, then everyone has greater control. 

Not just a nice to have – a need to have.