“Two roads diverged in a wood, and I took the one less travelled by,
And that has made all the difference“ Robert Frost
As we prepare for our annual conference and conduct cores of conversations with senior regulatory change managers at 50+ top financial institutions we are finding that firms face two very different RegTech paths in 2019 and there are some big choices to be made.
At some point this year, if you work in a firm you will be faced with a choice. Whatever regulatory obligation it is, or when it is due to be implemented, you will be asked to decide which RegTech path you want to be on. As Robert Frost’s poem describes, no path is certain to be the right one from the start. However, big gains can be had from those brave enough to head down the one less travelled.
One well-worn path will be BAU. It will be ad hoc and expensive and a continuation of fragmented stops and starts that your predecessors have decided to pursue. You will call in the consultants, build more spreadsheets, throw more bodies in a faraway land at the problem and it will be ‘solved’. Your solution will just be another dead end until the next crisis, but that won’t matter because that is the way the organisation has always done it.
The other way is to deploy new technology to regulation-related activities in order to shift them from analog-era to digital and computational models.
If you own AML controls you might imagine RegTech freeing you from a torrent of updates about how you are obliged to know your client, linking these obligations to the myriad of systems that hold that information and empowering the business to draw conclusions quickly about who might not be well known enough.
If you manage regulatory reporting of some form you might dream of a system that scans for any new reporting requirements and bounces them off your current interpretation of what data is put in each report for a given business scenario, customer, geography and product.
Even those working on Lexit/IBOR or Brexit can dream about how RegTech can help them eliminate the endless interviews with service providers about what their business model is and how it will need to change.
Regardless, your business case will be more effective, the cost much less and the risk of getting fines in the future far lower. Your senior managers will be able to put their hand on their hearts and declare to the regulators that it all works.
Will you continue to trudge the fire-fighting path, or will you march towards Regulatory STP?
BAU path: firefighting, patching, mending
Banks are good at fighting fires, and they are quite open with us about how this is a common approach to managing regulation. Typically, they will be grappling with the regulatory regime in a new or peripheral market, perhaps in the aftermath of a costly compliance failure, or they might have a small intake team that is stretched too thin. Whichever it is, they will be coming to us for horizon scanning in the first instance and consider further functionality as soon as they are comfortable.
They will typically be relying on a simple alert service and subscriptions to industry newsletters to capture incoming regulations, entering the most relevant ones into a database or a spreadsheet, with new columns added over time as this simple ledger is forced to accommodate basic workflow or to become a proto-obligations register. Important data will never sit on the Master Spreadsheet at all – subject matter experts will be squirrelling regulatory intelligence away into obligations, policy and controls registers scattered throughout the banks, virtually inaccessible to much of the business. It is their sense of urgency and priority that keeps things moving.
Firefighting capabilities fail quickly faced with the sheer volume of regulation – the kinds of volume noted in the article above. Headquarters staff may be able to triage effectively, but lose this ability outside their home market, or with newly-restructured parts of their organisation. Eventually, things get missed, or institutional memory is eroded.
If the firm is fortunate, senior management will order a review into regulatory intake before a regulator does. And indeed, we have never had a client conversation at this level without the firm eventually revealing that they have a looming deadline, maybe 3-4 months away, to take a solution through procurement.
Fire fighters may have purchased or developed piecemeal solutions in disparate contracts over time – it might even be possible to assemble a viable solution out of what is already in-house. Typically, such firms will be building outwards from a commercial workflow management or automation tool, plugged into obligation registers, and will come to us looking for a rich content feed that can integrate with such a tool – often replacing an alert service or an advisory offering in the process.
The architecture has usually grown out of the firms’ experience of implementing one-off big beasts such as MiFID II and has the fingerprints of a Big Four or mid-tier advisory firm all over it. It manages reporting and assurance tasks downstream of a known set of obligations well but cannot stretch to handle diverse regulations from different jurisdictions, or to route new regulations through changing structures in the business, at least not without significant human intervention.
This type of implementation tends to run into trouble because the level of manual intervention required to calibrate it has only ever been justifiable at the height of a crisis. Increasingly, the machine has to be kept running by people whose job is primarily something else, and senior management are starting to come to its keepers with questions or data requests that it was not set up for. The bank quickly comes to a decision point: throw enough money and warm bodies at the machine to future-proof it or salvage the more flexible bits and rebuild the rest from scratch.
At this point they are stuck in another dead end… and probably wishing that they had travelled the other path.
The path less travelled: Regulatory straight through processing (RegSTP)
Some senior management has recognised that new technology and a data-driven approach can be applied to regulation-related activities in order to find a better way. They are on a better path, as we have seen in our engagements with the industry and parts of this future are already in place in our network.
This path speeds your journey through the millions of pages of regulatory texts by allowing the entire firm to follow five basic steps:
- Scan, unpack and disambiguate the obligations that you face to be compliant
- Assess the impact of changes to these obligations and define how to manage them
- Execute the changes and verify that what is done matches the obligation
- Establish that the controls work, and exceptions are managed appropriately
- Prove to senior stakeholders that everyone is held appropriately accountable.
As described above, whether you face KYC, Reporting, Brexit or Lexit challenges this year a RegSTP operating model can reap enormous benefits.
They key is a fundamental change in mindset at the top for the accountability and management of regulatory change as an ‘end to end’ process. In other words, rather than relegate compliance to an organisational function (or noun with a capital C), make it part of everyone’s job – i.e., compliance as a verb. This means that targets and objectives are set across the entire front, middle and back office to ensure that the firm is operating according to the latest rules.
To accomplish this, the C-suite needs a mechanism to filter the regulatory noise and turn it into actionable insight. This mechanism, like anything in banking will be part people, part process, and a part new technology. Just like STP trade processing for equities in the 90s, RegSTP will drive big benefits through automation and AI.
As put elegantly by CFTC Commissioner Giancarlo:
“If data is King, then automating processes which previously required mindless and error-prone human effort is the critical work of the King’s Court.… automation frequently relies on the consumption and processing of standardized data, which can then result in a response less prone to human-error and less costly to implement. …and potentially boosting worker morale”
7 November 2018, Commissioner Giancarlo address, Georgetown University Law School
The key to winning favour in the King’s court is to envision the day where both regulatory rulebooks and firm policy manuals are digitized. As implied by the steps on the RegSTP path, some of the King’s subjects will need to deal with the problem of translating the language by which they describe the impact on their business.
The second problem of language is more precisely, the discipline in the use of language. Diversity in human languages is natural and data is nothing else than condensed language.
As Francis Gross, Senior Advisor at the European Central Bank has observed, “Much use of human language is neither disciplined nor rigorous, as our brains are good at managing a lack of precision. We reflect that diversity, indiscipline and lack of rigour in the data we produce and then we realise that data is messy.”
The RegTech path reorients the thinking of the organisation about what regulations are and how they want to internalise them. It starts with a recognition that just like trading systems, CRM systems or risk systems, we need a system to manage regulatory change. The foundation of that system is the rules themselves – as written, and unadulterated by a glossy .ppt or summary .pdf. Those on the RegSTP path are effectively building a model of the rules framework that describes how they need to behave in their markets.
By treating the rules as one data set and the operating model as another, it is possible to create digital linkages between the two worlds. Computers can be used to do what they do best, apply models to complex data sets. By designing an operating model that gets consensus on these models and defines how triggers for their review should be managed, humans can make much more informed decisions and remain in control of vast policy libraries, procedure manuals and systems estates.
We enjoy helping firms establish their RegSTP paths. The prize is significant and the faster the collective transition to this new paradigm, the greater the savings and the better the outcomes.
A survey of experts conducted by the RTC indicated that, at a very minimum, a 5% increase in efficiency and a concomitant reduction in costs is expected from the adoption of the proposed digital paradigm. Taking the U.S. with 273,910 compliance officers and assuming an average salary $100,000, the direct costs of compliance is $27.4 bn. A 5% efficiency would deliver a saving of $1.39 bn.
Who knows, with regulators on both sides of the Atlantic pushing for digital reporting and robo rulebooks, one day updating your regulatory compliance systems COULD BE as easy as updating your smart phone or laptop.
Whichever path you travel now will make all the difference in by 2020. 2019 is the year in which the serious management teams recognise that the old path is only going to get them deeper into a very dark and dangerous wood. This is the year to realise that it is worth doing RegTech right.
Figuring out your path? – join us!
On 7 June at our annual conference in London we will have discussions about how firms and regulators are working on defining new paths for:
- AML/ Financial crime
- Trade surveillance
- Trading technology and data
- Regulatory reporting
We will cover the new approach to regulatory oversight implied by the shift from analogue to digital methods and what lessons can be learnt from exploring these changes thus far. We look forward to hearing what the experts have to say and framing an excellent debate about RegTech priorities for 20201.