Afamous individual is supposed to have said ‘We live in interesting times.’ For those of us who have worked through the early years of the 21st century, we are probably wondering a time when it was NOT interesting. From the dotcom bubble bursting to 9/11 to the financial crisis in 2008 and the decade long economic fallout to our current pandemic crisis, it has surely felt more like a never-ending cycle of interesting times.
And we are unlikely to see a slow down as change is now a constant
But change or a crisis or ‘interesting times’ also present opportunities, challenges and the chance for innovation to flourish. It is in this bright landscape of opportunity that Regulatory Technology, or RegTech, has found its time and place.
Oversight functions have never been a rich area for innovation or investment. After all, if you haven’t been sanctioned or fined, everything must be ok! Cut your standard Compliance team down the middle and it probably reads ‘Compliance officer’ from top to bottom with varying years of experience and a lot of manual processes. ‘Shared services’, ‘robots’, ‘data scientists’ and ‘technology’ are not words commonly used or heard.
However, that is all changing.
Classically, I would suggest that any growth in your company’s revenue is matched equally by growth in your numbers of compliance and risk staff. This is because we have always been heavily reliant on people. Clever, highly experienced and knowledgeable people, but people nonetheless and as the regulatory burden has increased, in an often, nontechnology driven space, so those people spend more of their time digging and collecting the data they need rather than providing insight.
Two examples of this are in the communication surveillance space and the regulatory change environment.
Have you ever sat with the team that undertakes Communication and Trade surveillance? They are pretty much defined by the Market Abuse Regulation (MAR) and Mifidtype requirements. It seems pretty simple; monitoring trades to prevent things like insider trading and capture all your communications to be able to monitor and investigate if an issue arises. Until that is you look at the number of applications that someone has to open to do this - trade surveillance system, order management, research, Bloomberg chat or other external chat mediums and then there are all the comms channels to pull in; email, IMs, audio, video (Zoom and the like). It is truly like finding the proverbial needle.
Increasingly, help is at hand and across the industry we see take-up of solutions to provide the answers to these problems of rooting around in vast amounts of data.
However, this is all three to five years old and I can hear you all thinking ‘so what?’ you have the RegTech t-shirt and went to all those conferences (remember physical conferences??). Now we have another issue - spreadsheets have been replaced by applications, and a lot of them. There are too many standalone applications, a lack of handoffs between teams and a silo mentality. Then there is the data issue. So what do we do about this?
Let’s take a look at the Regulatory change process.
Generically, the process includes Regulator contact management, Horizon scanning, obligations database, Policy management, controls, lots of MI reporting and a mechanism for surfacing all the data to those who need to know. After all, no one reads policy documents anymore, right?
The key here, I would suggest, is that this is a left to the right user journey and this is where technology helps with the handoffs and also where I believe we will see some cool things happening in the next few years. There are applications available in each of these processes, but the important part is the handoff. For example, Regulatory horizon scanning covers many things from meeting announcements, to enforcement notices to consultation papers. It is the primordial soup of regulatory change, but importantly, it often leads to approved regulatory change. This should be ‘handed’ off to your Obligations database, which will inform the responsible individual of their new regulatory obligation (rather important under SMCR) and in turn, this needs to ‘trigger’ a review of policy, which your Policy management system can handle. From policy comes controls and the handshake there so everyone is ready for their regular control assessment process.
And as I mentioned earlier, no one reads policies or long regulatory documents anymore so we need a clever chatbot sitting over these systems to be able to answer questions - “, please tell me all the obligations that ‘x’ division is responsible to adhere to” or “please list the core requirements under Policy X”.
Like I said, all these systems exist, they need tying together with a good API framework. Most vendors provide these API ‘hooks’ already. The difficult part is twofold; orchestration of all these applications and ensuring data consistency and secondly a mindset change. We are very hierarchically driven in our industry and we need to accept that the vertical needs turning 90 degrees to follow the user journey better.
This is just the start. Once we are orchestrating the necessary handoffs between applications that cover the whole end to end process, it will become a lot easier to apply Artificial Intelligence or Machine Learning across this. Machinereadable code issued by regulators on everything that can be ‘read’ or consumed by your applications. Machines will ‘learn’ who to pass things to and what needs flagging up to those highly experienced compliance officers I mentioned at the beginning. The same people who are now free from the drudgery of collecting data and spending greater time on proactive, forward-thinking, technology-driven insight with their business leaders
Interesting times, indeed!