On March 13th, 2018, RegTech Associates, in partnership with Capco and BNP Paribas hosted an event entitled “Financial Crime & Conduct: Exploring Regulatory Technology – A New Approach”.
The event explored the business challenges facing financial institutions in meeting their regulatory obligations. Attendees constituted a senior audience, including the largest French banks and the UK’s Financial Conduct Authority (FCA).
Participants expressed a strong appetite to understand how technology can help them address regulatory requirements, and to increase their awareness of existing solutions.
A range of themes emerged, including what Financial Crime and Conduct regulations have in common – both require monitoring a considerable number of data sources. Without adequate context, it is virtually impossible to begin addressing how to analyse effectively the enormous datasets involved.
Discussions outlined current trends and potential approaches, focusing on issues faced by specific financial services industry segments in addition to considering the wider contexts of globalisation and data-centric challenges.
Ever more data is needed to meet regulatory requirements, with data fragmentation presenting significant challenges. Business workflows are increasingly moving to the digital space (e.g. voice brokerage moving to electronic transactions), where ongoing surveillance has become a necessity. This creates pressures for digital workflows to be more effective, with key data needing to be delivered very quickly, precisely, and with greater relevance. Here robotic process automation can help sift through and prepare data for rapid retrieval and analyses.
Banking participants highlighted how data is the key to detecting market abuse and to achieving client transparency. They further emphasised the challenges of digital surveillance across multiple data sources and communications – there is a need for robust monitoring systems that remain consistent and flexible as data sources and rules evolve, and as new transactions are carried out.
Speakers then focused on the application of technology to the prevention of financial crime (e.g. money laundering, bribery and corruption). For example at HSBC, Client Due Diligence processes were completely overhauled following a $1.9 billion fine for failing to prevent Mexican drug cartels from laundering hundreds of millions of dollars in the US, with time-consuming remediation work adding additional costs. New processes put in place facilitated a greater standardisation of KYC processes and a systematic sharing of relevant data with subsidiaries throughout the world, whilst significantly impacting the client experience. Despite extensive new systems and workflows, a significant amount of inefficient paper-based information flow and manual processing persist.
More efficient processes could be achieved through financial institutions collaborating on sharing client information globally, for example through the deployment of a “utility” model. Clients would then also benefit from not having to repeatedly submit very similar types of information for new financial operations. Challenges for financial institutions would include how best to use shared intelligence and data, what form their collaboration would take, and determining what technology would be most appropriate.
It nevertheless remains very difficult to predict and prevent sanctions, bribery or corruption, particularly in certain regions of the world.
A high degree of customisation is needed due to the sophistication of products and individual client demands. Speed and flexibility are increasing important to High Net Worth and private investors, who are also demanding enhanced transparency and increasingly complex tailored products. A strong focus of major regulations is on protecting clients’ interests and preventing financial crime.
BNP Paribas suggested the Wealth Management business can be thought of as “Haute Couture”, given its relatively small volume of highly customised transactions. In addition to addressing the challenges of MiFID II compliance (effective since January 2018), firms need to follow rigorous KYC processes and pay particular attention to market integrity, the risks of market abuse and potential tax compliance issues when dealing with a highly international client base.
Valet sees technology best placed to address specific areas:
- Processing: KYC searches and analyses (e.g. adverse media checks or screening for Politically Exposed Persons), increasing transaction speeds
- Handling ever-increasing data volumes: quickly obtaining the right relevant data
- Robotic automation of specific functions (e.g. via chatbots answering questions on international compliance and procedures, or delivering advice to clients)
- Detecting unusual behaviour
When putting systems in place, an important challenge is how to demonstrate that they are effective and scalable across multiple jurisdictions.
Criminals do not operate neatly within the borders of single countries. It is estimated that at least $1.6 trillion is laundered through the global financial system each year by transnational organised crime. Yet according to the United Nations Office on Drugs and Crime (UNODC), it is estimated that less than 1% of global illicit financial flows are being seized and frozen (UNODC Research Report, “Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes”, October 2011)
The scale of the issue highlights significant challenges to working out how financial institutions can best cooperate to tackle international money laundering. The rarity of actions and fines from regulators for money laundering offenses highlights how challenging it can be to identify such criminal activity.
John Davies, CEO of Kompli-Global, focused on how to ensure criminals cannot abuse customers and how financial institutions can perform better due diligence checks. He outlined how organised criminals understand rules-based systems and how these are fragmented across the globe – they consider situations in isolation and play on the rules of legitimate business. Past “deep” due diligence checks are known to have missed all signs of illegal activity – for example where some fraudsters were operating elaborate scams.
Given the complexities of international businesses, onboarding international clients can be particularly labour-intensive. Many checks that may be considered sufficient for a given purpose locally (e.g. requesting a copy of passports and utility bills) are very unlikely to be sufficient.
According to Davies, an approach to tackling these challenges is to build a global technology-based solution that incorporates input from local human expertise. A key concern to bear in mind is the balance to strike between the rights of consumers versus regulatory obligations. As such a global platform would rely on vast amounts of data, consumer data protection regulation such as the EU’s GDPR would add significant complexities through its requirement to be able to delete completely data on specific individuals. Technologies such as Blockchain could improve data security and operational efficiency, but they are designed to maintain and distribute complete historical data records.
Potential Solutions and Data Challenges
Event participants agreed that data is the backbone of RegTech solutions.
Nowadays, almost all of our activities leave some kind of data footprint. It is therefore critical to take context into account when analysing data that is aggregated from multiple sources, as is needed for thorough due diligence checks and the monitoring of market practices. For example, transaction monitoring cannot be effective if it analyses only a single transaction.
As Vishal Marria, CEO of Quantexa, put it, “no one buys a house by looking through the letterbox”. Combining human intelligence with technology will be essential to ensuring relevant data is combined, analysed and used in appropriate contexts, with local specificities and rules taken into account as needed. Human intelligence will also be needed to interpret operations that don’t conform to typical patterns, in turn informing algorithms that continue to evolve. Furthermore, certain regulations include principles-based rules or guidelines that need to be interpreted by human beings and can be implemented differently by different firms.
When aggregating and using data from a wide range of sources, it becomes important to keep track of data lineage. In fact, a number of current regulatory frameworks include specific requirements to ensure the origins and any manipulations of specific individual data elements are tracked systematically (e.g. Solvency II or BCBS 239), and certain upcoming regulatory requirements will lead to potentially severe financial and operational consequences for firms that do not manage customer data or Risk data extremely rigorously (e.g. GDPR or FRTB). This puts pressure on designers of RegTech solutions to build detailed audit trail capabilities into their systems.
A range of technology-based regulatory compliance solutions are likely to involve the pooling of client data across numerous firms with international operations, effectively relying on an “ecosystem” of firms that use them. Where a solution produces an automated analysis of a client’s profile, there will be instances where firms using that solution will need to ensure they have the legal right to process specific sets of individual data points, which may or may not be the case for every other firm with which they are sharing data. Certain solutions will therefore need the ability to include, exclude or encrypt specific data accordingly. They may also be obliged to ensure they can communicate and explain the outcome of their analyses (e.g. a given risk score or a refusal to offer a specific service), which can place limits on the types of algorithms used (e.g. limiting “black box” algorithms).
Many existing solutions already make use of machine learning or artificial intelligence algorithms that combine, parse and manipulate vast datasets, sometimes in real-time, typically to identify anomalies, inconsistencies, suspicious patterns or missing information. An important test is to see whether algorithms can flag previously unknown patterns without generating too many “false positives”.
Participants highlighted three key issues when automating end-to-end business processes using technology:
- Data is often unstructured
- Data quality is a common challenge
- Systems need the ability to analyse historical data, which can be best achieved by “deep learning” algorithms
Event participants remarked that the evolution of RegTech is as exciting as the creation of new financial instruments in the market. There was a consensus that data is central to all solutions, and a widespread view that the best approaches need to combine technology and human expertise.
At this stage in the maturity of available solutions, it is important to “dare to test, to fail, to learn”.
We will be publishing a whitepaper based on this event in April. Sign up to the RegTech Associates community here to be kept up-to-date with our activities and publications.