Written by Adam Jones, Guest Blogger on Thursday 31 August 2017
The weight of regulation and a new world of risks are making compliance ever more complicated – could technology be the answer to both protect and regulate companies in this complex environment? From internal compliance solutions, to financial crime investigations, the world of RegTech has garnered a lot of attention really. How could it be working for you?
Since the financial crisis of 2007/8, regulators around the world have been producing swathes of documentation and legislation. In response, Financial Services firms have massively increased the number of compliance professionals they employ, dramatically raising their annual operating cost as a result. Currently most international banks spend hundreds of millions on compliance, and potentially billions more on the fines which are levied for compliance failings.
With these challenges getting worse as time goes on, firms are looking to technology to improve the situation. FinTech itself has spawned many sub categories (Robo-advice and InsurTech are two notable examples) but none of the various portmanteau’s available have received quite the level of attention which RegTech (or Regulatory Technology for the uninitiated), has recently.
Depending on who you speak to, you’ll get a different definition of exactly what RegTech covers but broadly speaking it tends to fall into two camps.
1. Technology solutions concerned with the process of compliance in companies
One thing that has become patently clear is that throwing people at the problem won’t solve it. A number of RegTech solutions are positioned to help financial crime professionals work smarter.
One example is the use of natural language processing software to consume, analyse and interpret the mass of regulation which is output around the world and apply this information to risk frameworks, policy documents and key processes. This can help firms fast track the impact assessment of regulatory change and ensure completeness of coverage. By using a system to identify business owners and manage a workflow of change, firms hope that they can drastically cut down the traditionally manual process of reading swathes of regulation and interpreting the impact on a business on a case-by-case basis.
Going one step further than supporting the translation of regulation, in the UK, the Financial Conduct Authority itself is looking at supporting initiatives around the development of machine readable and machine executable regulation. There has been a recognition across the industry that developing testable and concrete approaches to regulation would be of benefit to customers and businesses alike, and would ultimately lead to an increase in innovation and competition.
Another key area of focus has been that of regulatory reporting. Many firms struggle to manage and orchestrate their data in such a way as to provide a feed into the various regulatory regimes to which they are subject. Complex IT landscapes with a mix of data and integration types make it very difficult to consistently provide the right information to regulators. This has typically resulted in a manual process where time consuming and high risk end user computing solutions are used.
A number of technology providers have been developing data management solutions which specifically target the translation of data into standard report types defined by key global regulators. The idea is that the mix of business knowledge around what data needs to go in the report and technical knowhow around data orchestration should mean that these processes can be automated and made far more robust.
2. Technology solutions which are centred around heavily regulated business areas
An example of this which has seen a huge amount of work and investment over the last few years is identity management (covering both initial verification of customers and the on-going authentication).
Over the past twenty years the amount of data which exists in relation to individuals has sky rocketed thanks to the internet, social media, mobile devices and improvements in communications technologies such as email. Financial Services firms have not made use of these new data types for their onboarding checks (AML and KYC), typically relying on basic banking, and credit reference agency data to prove someone’s identity.
A number of firms are providing propriety software which looks to increase the scope of data sources checked at the point of onboarding a customer, with a view to tying together data held by different companies (banks, mobile phone carriers, credit reference agencies, social media providers etc.) into a more reliable picture of who a customer is.
In addition to supporting the initial onboarding of customers, firms are also looking to improve the way ongoing authentication of these customers works. Traditionally, authentication has been binary. We trust you or we don’t trust you, based on one or two indicators (password, token etc.). Now, firms are starting to ascribe a level of trust, based on a wide range of indicators and are using this to gate access to certain parts of customer journeys. By using Mobile and device data (such as browser configuration and type, operating systems, font settings etc.), digital body language indicators and biometric data, companies are able to dramatically reduce friction in customer journeys while upholding higher levels of security.
These new approaches to identity management represent more than just interesting uses of technology. As financial criminals have become more attuned to bank processes and the opportunities, firms are having to get smarter in order to protect themselves and their customers.
As with any collection of solutions, there are some fantastic innovations in the world of RegTech and some pretty tenuous examples of vapourware. Importantly though, for forward looking Financial Services firms to be able to address the problems posed of them in a post financial crisis world, finding a way of harnessing the power of technology is essential. This said, none of the solutions will be replacing humans any time soon. Instead they should be enabling financial crime professionals to work smarter.