Regtech: the new lifeblood of compliance
In the aftermath of the global crisis, financial regulators rushed to implement complex rules without having a complete view of their consolidated impact and how the technical infrastructure of the industry would have to respond to their new demands for data, writes PJ Di Giammarino, CEO JWG Group and chair of the Regtech Council.
After a brief lull in fines, regulatory risk radars are once again lit up like Christmas trees following strong messages about insufficient compliance. With a 500% increase in UK Financial Conduct Authority (FCA) fines alone, totalling £392m so far in 2019, it’s time to look at how regtech can help your firm win the race to compliance digitisation in the decade ahead.
Regtech 2.0 the lifeblood of compliance
JWG research this year illuminates the high-change regulatory environment we now live in. 374 live implementation efforts in flight globally produce an awful lot of paper. If we printed just the EU papers, we’ve collected in the past three years, it would be a 15-story building. Clearly, those that work from spreadsheets are going to struggle to keep up.
More than the just the volume of paper, it’s the breadth and depth of the change. In over 30 workshops with both public and private sectors this year we realise that the compliance foundations are being renewed again. As detailed in the following section, data policies are changing again to update how we exchange information with customers, explain products, measure risk, file reports, read rule books – and more. The one constant across all of these policy initiatives is the data that is required to demonstrate compliance.
At the start of a new decade we ask: If data is the lifeblood of banking technology, shouldn’t good regtech be the lifeblood of compliance? Regtech is the use of emerging technologies by both financial institutions and regulators to make the writing, communications, interpretation, implementation and monitoring of regulations more effective and more efficient. It changes the current compliance game for the better.
This lifeblood helps us avoid fines, work with regulators to establish the new foundations and keep up with new policies. As the lifeblood, it connects all the actors in the system that have a role in ensuring the rules are actioned appropriately – in this sense, compliance is a verb, not a noun. This means that the technologies we spend hundreds of billions on to operate financial services can be brought together by good regtech and that safe and efficient re-plumbing is now a board-level agenda.
Revitalising the regtech scorecard
There are three ways the board can quickly come to grips with the importance of regtech.
Firstly, regtech can help firms avoid fines and new censures now possible under the Senior Manager and Certification Regime (SMCR) and other similar ones across the globe. This year, the FCA issued a series of “Dear CEO” letters warning firms about the gaps in their approaches to compliance. They have also issued mammoth fines to UBS and Goldman Sachs for a decade of reporting failures. The Prudential Regulatory Authority (PRA) followed suit last month with an even larger fine to Citi group. This was only days after the US Commodity Futures Trading Commission (CFTC) fined BGC for poor policies and, procedures and a month after the Financial Industry Regulatory Authority (Finra) reported a host of issues it has found this year in assessment of suitability, digital communications, anti-money laundering (AML), cyber, best execution, risk management and more. The stakes are clearly high and better technology can help.
Secondly, it can help both firms and regulators with new policy initiatives. For example the European Commission fitness check, CFTC and the UK Bank of England’s future of finance reports have revealed, bold new plans are underway to fill the gaps in the reporting infrastructure. Similar efforts are underway with financial crime and rule book modernisation. These technology policy programmes have been gaining momentum for a couple of years now and are hitting their stride just as we re-examine fundamental market rules for MiFID II and anti-money laundering. The best and brightest business and technology strategists should be tasked with helping to shape the path ahead.
Thirdly, as JWG has found in scores of workshops with senior regulatory, compliance and technology professionals, the next three years senior management can save time and money while achieving better outcomes by deploying regtech to face major business challenges in five areas:
- Protecting the customer and system: Establishing new shareholders rights, protecting vulnerable customers, spotting bad actors and the revised Anti-Money Laundering Directive (AMLD5) demand for beneficial ownership data ‘feedback loops’
- Surveillance: New regulatory initiatives have redefined what good market, culture & conduct, and AML surveillance tooling looks like through AI/ML/NLP dependent models
- Safety & security: Infrastructure requirements are shifting to meet new operational resilience, cloud and ethical computing ‘standards’
- Market transparency: Further scrutiny on MiFID II client protection, costs and charges, best execution, EMIR Refit, US CAT, SFTR, Dodd Frank and MiFID II+ pre and post trade data
- Accountability: SMCR, corporate social responsibility (CSR) and sustainable finance is forcing senior management to rethink their control frameworks and ensure for all the above!
Across all of these areas, the board can help by identifying strategies for emerging technology to play a role in fast-tracking compliance, but only if the firm looks beyond the regulatory change tactics employed to date and embrace better ways of enabling compliance.
Leading regtech digitisation strategies
The good news is that leading regulators, firms and suppliers have understood that just like fintech has challenged firms to rethink and reimagine their customer experience, high levels of regulatory change are forcing the industry to focus on digitising regulatory compliance.
Regtech sprints and other collaborative efforts have also taught us the importance of using semantic technologies to align the shifts in obligations to the policies and controls that will ultimately be used for evidence as to how the business was done.
These technologies contextualise the obligations, make the definitions precise and clarify the data requirements for each trade, deposit or money transfer. The process which a business relies upon to meet the obligations can be expressed, the controls identified, and the owners pinpointed.
When information is exchanged with the market, regulator or client, there is an opportunity to use distributed technology to eliminate the need for static reports and allow the individual actors to derive the information they need to know.
Whether we are looking at AML typologies, surveillance management information frameworks, or data models, the regtech story remains the same – it is about defining ‘the what’ and ‘the how’. Picking one example,the International Swaps and Derivatives Association’s (ISDA) Common Domain Model (CDM) which has been endorsed by the BoE report, is not tech specific, it is trying to get at the business data flows, and how people work and control risks within the industry.
Across the regulator and regulated there is a new imperative: sharing the common interpretation of what rules mean in practice. This is done through common external standards like BIAN or FIBO which allow the regulators, firms and service providers to align expectations.
We don’t believe that regulators should be taking a view on what workflow technology a firm uses, but why shouldn’t it be asking how its regulatory reports are linked back to the CDM? We are on the verge of creating a digital language for rules and regtech will become a key part.
Kick off the new decade right – join in!
10 years ago, the discussion between regulator and regulated was at an all-time low. Thankfully, in the last five years we have seen the trust pendulum swing back towards true collaborative problem solving and nowhere has this been more prominent than regtech. Not only has technology evolved, Financial Services policy has evolved to be able to have an adult conversation about how we comply in smarter and safer ways. The stakes are high and new strategies are required.
On 7 February at our Regtech 2.0 conference in London, we will have a rich debate between public and private sectors about how to win in the decade ahead.
By PJ Di Giammarino, CEO JWG Group and chair of the Regtech Council