What role can third-party solutions such as ‘RegTech’ and industry utilities play in helping banks tackle regulatory compliance reporting challenges?
This article originally appeared in Sibos Issues magazine. Make plans today to join senior compliance, operations and business professionals at this year’s Sibos in Geneva. Visit the Sibos website to register or learn more.
"We are drowning in information, while starving for wisdom,” observed the esteemed American entomologist and biologist Edward Osborne Wilson. He predicted a future in which the world would be run by ‘synthesisers’, defined as “people able to put together the right information at the right time, think critically about it, and make important choices wisely”.
Today’s ‘RegTech’ innovators have staked a claim to be considered ‘synthesisers’ as they develop tools that aggregate and standardise often unstructured data sets to help financial institutions meet their increasingly complex regulatory compliance and reporting obligations. Moreover, their claims are being taken increasingly seriously by a wide range of governments.
In his 2015 budget, UK chancellor George Osborne called on the Financial Conduct Authority (FCA) to work with the Prudential Regulation Authority (PRA) to “identify ways to support the adoption of new technologies to facilitate the delivery of regulatory requirements”. The Monetary Authority of Singapore (MAS) has appointed a chief FinTech officer to head its Fin- Tech & Innovation Group, while Ireland has placed “research, innovation and entrepreneurship in the international financial services sector” at the heart of the government’s ‘Strategy and vision for international financial services 2020’. Minister of state for finance Simon Harris has placed particular emphasis on governance, risk management and compliance applications of financial technology.
In November 2015, the UK’s FCA published a ‘Call for input: Supporting the development and adoption of RegTech’, in tacit recognition of the need for new technologies to meet financial institutions’ regulatory reporting and compliance requirements. “The RegTech CFI seeks to understand technology innovation across the FinTech sector which may aid firms with their regulatory and compliance requirements,” the FCA told Sibos Issues. “By launching the CFI, we question whether there is anything we can do to support the development of this sector, which stands to benefit regulated firms.”
Terms of reference
From a regulatory standpoint, the terms of reference have changed, according to Brian Fahey, CEO of MyComplianceOffice (MCO), a provider of governance, risk and compliance IT solutions, with regulators focused less on assessing how a financial firm is gearing up to respond to regulation and more on the capabilities of individual firms. “The expectation is one of ‘don’t show me policies and procedures, but show me your reports’,” says Fahey.
The use of technology to address regulatory requirements is not new. Long before RegTech came on the scene, major banks were deploying proprietary solutions, with more commoditised kit being offered to mid-tier firms by third-party technology vendors. The uptick in new regulation impacting the finance sector has caused a step change over the past decade, with firms gradually realising that ‘flying solo’ was costly, time-intensive and unsustainable. The result was a surge of collaboration and an increase in utility solutions to tackle specific non-competitive challenges. In some respects, these utilities have a claim to be Wilson’s synthesisers too, in terms of their use of common data management processes to put together “the right information at the right time” to ensure regulatory compliance.
According to Luc Meurant, head of the financial crime compliance services division at SWIFT, utilities need four characteristics to ensure industry adoption. First, they must offer superior technologies and processes to unlock savings and increase efficiency; second, they must develop and encourage convergence in market practice and standards; third, they must deliver excellent operational management of the processes for which they take operational responsibility; fourth, they must offer a ‘smart path’ that enables step-by-step migration to use of the new utility, providing benefits to users at different stages.
“In the long term, common market practices must be adopted by users for utilities to work effectively, but banks can work gradually toward that goal. In the first instance, they achieve great benefits from a deeper understanding of how their peers handle the same regulatory requirements. But they don’t need to move processes or transactions to a utility in a ‘big bang’; perhaps identifying instead a subset of their overall business for a pilot migration, such as correspondent transactions,” says Meurant.
Nor do utilities need to be all things to all people. In the financial crime compliance space where SWIFT offers The KYC Registry – a shared platform for managing and exchanging know your customer (KYC) data – Meurant predicts the emergence of separate utilities for sanctions, KYC and monitoring processes.
Common market practices must be adopted by users for utilities to work effectively, but banks can work gradually toward that goal.
‘Intelligent’ data mining
Although RegTech lacks a precise definition at present, a number of common themes and characteristics suggest a long-term role on the regulatory landscape too. For the FCA, potential applications include: accelerator initiatives that focus on delivering regulatory compliance reporting; real-time risk evaluation in areas such as trade surveillance, financial crime risk monitoring, KYC and anti-money laundering (AML) requirements; data streamlining and online visualisation tools; software integration tools that interact with regulatory reporting system; and leveraging cloud-based technologies for speed and efficiency.
By seeking to unravel cluttered and intertwined data sets for the purpose of regulatory compliance reporting, RegTech aims to bring agility, speed and ease of integration to a once time-consuming and manual-intensive process. Smart analytics are then overlaid on this to ‘intelligently’ mine data to unlock its value and meet specific reporting requirements. Deloitte’s 2015 report, ‘RegTech is the new FinTech: How agile regulatory technology is helping firms better understand and manage their risks’, explains how new analytics tools can use the same data for multiple purposes.
But observers suggest these efforts are still in their infancy. When it comes to mining the right data sets to comply with the raft of regulation facing financial institutions the response to date has been lagging, according to Paul Fawsitt, CEO of Dublin-based MoneyMate, a provider of data and technology solutions to the funds and banking industry. “Regulation is forcing stakeholders to go where no financial firm has gone before.”
A fundamental issue is that compliance and operations professionals are having to contend with a mass of unstructured data sets from which to craft reports. “The problem is a lack of standards,” says Fahey. “The more we can get to a common baseline, the better the industry will be.”
The challenge is to standardise regulatory reporting around structured ontologies, which define and compartmentalise the variables for a specific set of computations, as well as establishing their inter-relationships. Fahey’s MCO is a member of the Financial Services Governance, Risk and Compliance Technology Centre (GRCTC) based in Cork, Ireland, where academic and business-led R&D is being undertaken on regulatory compliance requirements facing the finance industry. Other member firms include Citi, State Street and SAP. Current research is focused on the development of ‘meaning centered’ semantic technologies, which rely upon an encoding process whereby ‘meaning’ is stored separately from data and content. At one level, it is a form of artificial intelligence which allows a computer programme to differentiate between entities. But in future this type of technology could bring order to the unstructured data sets from which financial institutions need to derive standardised and meaningful compliance reports.
Work is centred on developing families of interlinked regulatory and GRC ontologies which capture regulatory concepts, taxonomies, and rules in formal semantics. The aim is to enable efficient access to, and smarter consumption of, financial regulations and to use semantic technologies to enable smarter analysis of both structured and unstructured data. From a broader perspective, the GRCTC hopes to help the industry address a range of requirements, from pinpointing the compliance imperatives within a regulation, to measuring risk or evaluating controls.
Alongside academic research and government-driven initiatives, the past 18 months has seen a rush to market of innovative start-ups, as well as new product roll-outs from established data depository and data distribution businesses. The FCA accepts the contribution of for-profit undertakings, albeit advising caution, in view of the high stakes. “Ultimately, industry must take the lead but we recognise that the FCA has a key part to play in ensuring we encourage appropriate innovation [in RegTech] that also provides proper levels of protection for consumers.”
Silverfinch, a utility solution developed by Dublin-based MoneyMate, was singled out by Deloitte as an example of the type of ‘disruptive’ technology that will shape the future of regulatory compliance reporting. “[Silverfinch] demonstrates the power of technology disruption by turning data flow and reporting responsibility in the asset management and insurance industries on its head.” MoneyMate’s Fawsitt sees it slightly differently: “It’s not disruptive technology, it’s cohesive technology.”
Launched in 2014, Silverfinch, a secure fund data utility that connects asset managers and insurers, was developed in response to the ‘look-through’ provision of Solvency II, which requires insurance companies to mine information on asset holdings for regulatory compliance reporting. Asset managers in turn are obliged to share information on insurers’ asset holdings which, when it comes to collective investment products, can be of a highly sensitive, business-critical nature.
Silverfinch offers a single purpose-built standard utility that allows information to be exchanged in a secure, standardised format under the control of asset managers. It provides anonymity that not only protects the USP of individual asset managers but serves the compliance requirements of Solvency II. “It has the potential to revolutionise the way portfolio data is shared and disseminated among competing asset management firms,” observes Fawsitt, who also sees an opportunity arising from MIFID II’s transparency requirements.
SWIFT’s Meurant says the potential for economies of scale makes a compelling case for utility solutions in the regulatory compliance space, pointing to widely predicted rises in regulatory costs, and the continued constraints on banks’ access to capital. But he acknowledges the practical difficulties faced by banks in such a fluid, fast-changing regulatory environment. “You have to be something of a visionary to adopt new approaches with a multi-year implementation timeframe at the same time as addressing day-today compliance requirements. With such strong, active scrutiny from multiple regulators, it’s hard to step back and see the big picture,” he says. Moreover, with the ultimate liability for compliance remaining with the banks themselves, any form of outsourcing must deliver standards of performance superior to the processes they aim to replace, Meurant adds.
On the RegTech front, can private initiatives alone wrestle regulatory ‘big data’ to the ground and come up with the secure and standardised formats that today’s regulatory compliance reporting demands? For Fawsitt there is no one-size-fitsall answer. “If the industry wants more control it will either leverage what’s there or reinvent it.” Common sense dictates that existing ‘best-of-breed’ solutions will be utilised and collaborative efforts will be encouraged where progress is needed. For the FCA the answer is simple: “To meet our objectives we must coordinate with other bodies, including industry bodies.”