RegTech Intelligence 
Generative AI (GenAI) continues to evolve quickly and shows great promise for financial institutions.
But here’s the catch: senior management regimes, like SM&CR and SEAR, hold ‘Senior Executives’ accountable for compliance, not machines.
So, how do SMFs/SEFs tick all the boxes which (in the EU) are written into the new EU AI Act or (in the UK) for the rulebooks and square the circle of compliance with post-Act technology developments?
Join us in London at our exclusive annual conference on the 7th February 2024, to gain invaluable insights, discover cutting-edge solutions, and network with like-minded professionals who are equally passionate about staying ahead of the curve.
Background
As technology continues to evolve quickly regulators are doubling down on accountability rules, and AI rules to maintain trust in the sector.
In the United Kingdom, the Senior Managers and Certification Regime (SMCR) continues to be expanded to new sectors, while in Ireland, the Senior Executive Accountability Regime (SEAR) is set to come into effect.
These regulatory frameworks aim to shift the focus to individual responsibility for their actions. In this era of artificial intelligence and advanced technology, SMCR and SEAR are stepping up to ensure that humans are held accountable over machines.
As JWG’s white paper ‘Unlocking embedded compliance’ reveals, financial institutions have embraced AI and other technologies as part of their digital transformation journey, and using rule repositories and AI-enabled Embedded Compliance controls can overcome fears of non-compliance and increase profits .
The Impact of GenAI Regulation:
The soon-to-be-released EU AI Act will place onerous obligations on the use of AI across all industries “regardless of whether it is provided as a standalone model or embedded in an AI system or a product, or provided under free and open source licences, as a service…”
This means that SEFs will need to pace high hurdles for their GenAI that shall:
- demonstrate that ‘reasonably foreseeable’ risks have been identified, reduced and mitigated through appropriate design, testing and analysis
- process and incorporate only datasets that are subject to appropriate data governance measures for foundation models, in particular measures to examine the suitability of the data sources and possible biases
- achieve throughout its lifecycle appropriate levels of performance, predictability, interpretability, corrigibility, safety and cybersecurity
We won’t have a deep understanding of new technical standards that are to emerge next year but we can soon expect to see stringent transparency requirements, comprehensive risk management obligations and, no doubt, ever more accountability for senior managers.
SEAR & SMCR
As we have written, Ireland will force board members and senior management on the Continent to rethink compliance for SEAR this year. The new regime will ‘gold plate’ current EU law and present international firms with major new hurdles.
The Central Bank of Ireland’s latest guidance on the Individual Accountability Framework (IAF), was released to great fanfare about how it will enhance individual accountability and promote integrity among senior executives.
The Bank of England’s 2023 SMCR review highlighted the need for greater clarity and consistency in the allocation of responsibilities among senior managers. It also emphasised the importance of robust governance structures and the active engagement of senior managers in managing risks effectively.
The role of RegTech
In many ways, RegTech is arriving just in time for accountability and AI. With ever more digital platforms that are exposed to the customers, the complexity of navigating a 50 page .pdf to determine whether a product is appropriate for the client is a real barrier to business growth.
As senior management regimes demand greater accountability for conduct, it is, therefore, no longer sufficient to rely on periodic training exercises that test whether the team has absorbed ‘what good looks like’.
In JWG’s ‘Unlocking embedded compliance’ report, published with the support of Apiax and EY finds, leaders have adopted a rule-based framework that provides systems with the Boolean logic (i.e., ‘if statements’) that correspond to the old world’s thick policy documents.
By moving directly to logic, both the business and compliance can be aligned on the precise rules which guide the organisation’s decision making. Rather than high level policy statements supplemented by checklists, a more process-aligned logical framework can be agreed. This gives Compliance even more control over the policies and the business more certainty to rules which are fully transparent to all lines of defence.
The ‘Regulatory Rules Repository’ takes the Compliance function’s 1990’s policy portal to the next level as it transforms ‘plain text’ policy into executable logic which guide the business process as shown in the Exhibit from the paper below.
Exhibit 3: Target operating model for Embedded Compliance
Source: Unlocking Embedded Compliance, JWG 2023 – download here
In an ideal world, the business process owner simply asks Compliance for the appropriate rules for cross border sales and the rules repository returns the relevant rules, executable logic and the source of regulatory obligations and appropriate guidance.
Conclusion:
SMCR in the UK and SEAR in Ireland are taking proactive steps to ensure that human accountability remains at the forefront just in time for senior managers to grapple with what AI means to them. By Embedding Compliance in the operations of a firm, senior managers can sleep soundly in the GenAI era, unless of course, it is you who is the responsible SEF. Learn more at our annual conference which is FREE for regulators and investment firms.
Related RegCast episodes:
- Today’s AI-enabled Embedded Compliance journey |October 2023
- Unlocking Embedded Compliance |August 2023
- Accountability RegTech in Ireland 2024 | September 2022
Related articles:
- 162 days until Irish senior managers are on the hook: how RegTech can help | May 2023
- ANALYSIS: Edinburgh Reforms leave much for finance firms to engage with in Hunt’s post-Brexit rules overhaul | December 2022
- Are EU ready for accountability RegTech? | October 2022