Devie Mohan, CEO and Co-Founder of Burnmark recently interviewed CEO and Founder of CUBE, Ben Richmond about the complexities faced by multi-jurisdictional financial institutions in complying with today’s legislation related to information assets.
The interview below, along with two other interviews with the Global Head of Records Management from Deutsche Bank and the Chief Data Officer from Scotiabank, can be found in the RegTech for Information Governance research report.
What are the catalysts that have turned the industry’s focus towards new technologies for information governance?
Digital transformation has brought countless benefits to financial services firms, however the result has been a significant increase in information and data being generated and ingested, all of which is governed by a regulatory universe that is growing exponentially. Faced with billions of individual rules, regulations, handbooks and citations to analyse and apply, Records Managers are finding that the labour-intensive manual processes they have relied on in the past to ensure compliance are neither reliable nor cost-effective at scale.
Heightened focus on data protection and privacy has triggered a complex intersection of records, data, privacy and security. Rather than simply managing where information assets are produced and maintained, defining retention rules and ensuring effective enforcement, records must now be managed at a far more granular level, with understanding of who owns each piece of data, how it must be protected, and what systems must be put in place to govern this. Regulatory technology (RegTech) is the only way forward, to ensure that the data within each record is protected in transit as well as at rest, and that retention policies are adhered to, given that disposal is now as important to the regulator as retention.
Which technologies are having the biggest impact on information governance?
Huge advances in Artificial Intelligence (AI) are enabling financial institutions to reduce compliance costs and minimise exposure to compliance risk.
Underpinned by AI, we are seeing many large financial institutions deploying holistic technology platforms that encompass regulatory intelligence, the governance of information assets, and automation of complex compliance processes. AI tools including Machine Learning (ML) and Natural Language Processing (NLP) can be used to track global regulatory change, across jurisdictions and in many different languages, and then identify which rules apply to specific information assets. As a result, financial institutions can automatically pinpoint, in real time, any compliance gaps in their policies and procedures, and then take effective remedial action.
Robotic process automation can also be used to extract machine-executable rules from regulatory data. Rules relating to information assets can be applied in a fully automated, end-to-end process. If, for example, you are required to retain trading information for six years, then destroy the information at the end of this period, the entire process can be automated.
What value, do you think, are financial institutions gaining from RegTechs today?
AI drives incredible business value for financial institutions, allowing far less time to be spent searching for regulatory intelligence and monitoring for change. Manually capturing data such as the format that each record must be stored in, how long it must be retained for, how it should be protected and made available, and for how long, would be extremely time-consuming and labour-intensive. AI frees time to spend on the analysis and application of regulatory intelligence, which safeguards compliance.
Another key benefit is reputational risk mitigation. When financial institutions practice pro-active information and data governance, with a more joined-up information base, Chief Data Officers (CDOs) can demonstrate greater control over data and improve standards across the enterprise. In doing so, they are diminishing compliance risk and reducing the likelihood of costly fines, which avoids publicity surrounding enforcement breaches. In turn, this bolsters customer confidence and fosters more trusting relationships, which is always good for business.
Finally, AI allows risk assessments to be conducted more effectively. If you are looking to launch a product in a new jurisdiction, using AI you can quickly discover which records and data are relevant, what data needs to be created and maintained to meet regulatory requirements in the new jurisdiction, and the type of governance framework required.
It is no longer feasible for financial services firms to manage their information assets without the use of technology, especially when operating cross-border. As the regulatory environment continues to grow more complex, we will undoubtedly see RegTech become mission-critical in information governance.
Paragraphs from regulatory statements can be broken down into sentences, and then analysed by Machine Learning (ML) models that identify themes and recognise all information assets to which they relate.
What are some of the top use cases for artificial intelligence in information governance?
- Once regulations are classified and aligned to information assets, these assets can be linked to regulatory fines and events, enabling customers to pinpoint risk exposure and define controls that must be put in place to mitigate risk.
- Business function owners (records management or data privacy, for example) must ensure that all policies and controls are mapped to relevant regulations. When applied to each policy, ML can suggest regulations that refer to the same topic and must be enforced. ML can be trained to look for a combination of terms, not only data privacy, for example, but all content that refers to both data privacy and an enforcement fine.
- When ML models look for a specific regulatory term such as ‘KYC’, they can be trained to apply a weighting to related terms like ‘client/customer’ or ‘identification’; the weighting determines the ranking of results from a search.
- For horizon scanning, ML can be applied to identify upcoming regulations (not only formal published regulations) and filter out from the global mass only those that are relevant to a financial institution’s specific jurisdictions and lines of business.
- The Financial Conduct Authority (FCA) handbook is vast. For a financial institution wanting to identify all elements and obligations that are relevant to information or data governance, Natural Language Processing can be used to locate relevant sentences, narrow the search and determine which sections of the Handbook the team should act on.