CHAPTER 63
Technology for Regulations and Compliance: Fit4Future!

By Poornima Bushpala¹

¹VP Operational Risk and Control, Wells Fargo

The regulatory and legal process in the financial world has been about semantics, and experts believe that it has been linear primarily because the industry had no other option but to hold still with old technology until new technology transformed the financial sector.

Globally, we have 750+ regulatory bodies generating an average 200+ daily regulatory alerts and approximately 2500 compliance rule books. Regulatory spend by complying organizations is counted in the billions of dollars annually and these investments were predominantly in hiring talent, creating manual workflows and processes to meet regulatory policy requirements.

Significant incidents like 2017’s Equifax data breach and the Securities and Exchange Commission (SEC) violations in the US banking industry, coupled with the lack of available skilled resources, forced financial institutions to strengthen their risk management framework by leveraging technology. This gave birth to the regulatory technology called “RegTech”.

RegTech addresses regulatory challenges and facilitates the delivery of compliance requirements, which include both new and existing rules, regulations, sanctions and industry-specific guidance as prescribed by the respective regulatory body. Examples include (a) self-service software that lets legal professionals generate organizationally compliant contracts and monitor their status, and (b) cloud-based apps that allow clients to onboard schedule deadlines, store files and manage contacts. This article looks at three key areas:

• The evolution of RegTech: Journey from RegTech 1.0 to 3.0.
• Phases of RegTech tools: Different stages of regulatory technology deployment.
• Future of RegTech: Paradigm shift of regulations and compliance from manual to digitized.

Evolution of RegTech

RegTech 1.0 was mostly driven by large financial institutions who integrated technology into their internal processes to combat rising compliance costs and complexity as epitomized in the Basel II capital accord.

When Lehman Brothers went bankrupt in September 2008, it had more than $600 billion in assets, but neither the regulators nor the central banks knew the risk held with their junk bonds (high-yield bonds). The innumerable and catastrophic consequences of this bankruptcy led the Basel Committee on Banking Supervision (BCBS) to act by deploying new measures.

In January 2013, the BCBS published 239, a set of principles encouraging banks to produce more reliable regulatory reports and improve the quality of their data — so RegTech 2.0 was born, driven mainly by new post-GFC (global financial crisis) regulatory requirements and associated costs around, for example, anti-money laundering and know-your-customer (KYC) requirements.

While RegTech 1.0 to 2.0 focused on cost gains and efficiency, 3.0 is shifting focus towards reconceptualizing the financial and regulatory landscape, for example, by shifting the focus from a KYC to a KYD (know your data) mindset. Another example is Basel IV, which is more focused on the banking lobby, and the proposal is towards the standardization of real estate loan models and especially risk generated by interest rates of the loans, which are forcing regulators to demand more reporting and data of the borrowers from financial institutions.

RegTech 3.0: Phases of Development

1. Stage 1: Manual

   To put together the data collection process in place to capture manually the information on cyclical timelines. Today, most organizations use MS Office Excel in obtaining data and providing analysis of the data.

2. Stage 2: Workflow Automation

   The next phase of automation is using workflow tools to store and capture data in the system record and maintain the audit trail for audit purposes. Common standard workflow tools used include MetricStream GRC, and Archer.

3. Stage 3: Continuous Monitoring

   In this phase, the focus is on automation of the back office using tools such as Droit, the first fully digitized MiFID II trade compliance engine for the financial markets, and an extension of AEDPT (the operating system for regulation). It provides and enables verification and auditability of every trading decision, including traceability to the letter of the law, and is used, for example, for pre-trade decision-making and post-trade reporting for OTC derivatives.

4. Stage 4: Predictive Analytics

   In this phase, we have more advanced technology deployed to identify and predict risk by using AI and machine learning. One of the most significant risks that banks and financial institutions are still facing is fraud, and increasingly commonly AI technologies, such as Boston-based Findability, are used to proactively identify risks using data and patterns.

Conclusion

So, how does the future regulatory world look? How can it be focused around a “robo-regulator”, an automated powerhouse that can read and take relevant actions for compliance and non-compliance with humongous data insights? For this future to come about, three key things need to be in place:

• Data Library: Governments collect and store a massive amount of data.
• Global Sandbox: Regulators globally collaborate and share ideas, information and best practices, as indeed is exemplified by the Global Financial Innovation Network (GFIN), a network of 38 organizations committed to supporting financial innovation in the interests of consumers, that formally launched in January 2019.
• Applying and Integrating AI: By using computing power and AI and natural language processing, we could look at the possibility of some regulations eventually being issued in the form of computer code promulgated in a self-executing code that could be plugged into a regulatory compliance system.

It’s a long road ahead and requires total integration and the right kind of academic, technological, financial and institutional backing.