Until the financial crisis of 2008-09, the financial services industry had enjoyed almost two decades of unprecedented growth and profitability. It had embraced globalisation with a succession of glittering mega-deals.
Unfortunately, a series of fines and settlements has since highlighted the extent of corporate and operational wrongdoing within the industry, prompting governments and regulators to respond with extensive programmes of reform and further regulation.
In the USA Dodd-Frank came into being in 2010, generating more than 22,000 pages of regulations and requirements. In the UK the 2012 Financial Services Act was responsible for the formation of the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).
Such exacting regulation has resulted in institutions dedicating significant resources to compliance – and to paying off fines for regulatory breaches. JP Morgan, for instance, reached a compliance headcount of 43,000 in 2015 compared with 23,000 in 2011, but has also paid out over $40bn in fines and settlements since 2008.
Even though the effects of the crisis are fading, there are still expectations of more regulation. A survey of global finance compliance officers found that 69 per cent predicted increased requirements and guidance from regulators.
The arrival of RegTech
Following the launch of its Project Innovate in October 2014, the FCA issued a ‘Call for Input’ on how regulation technology (RegTech) could facilitate the delivery of regulatory requirements and reduce the compliance burden for everyone involved.
In practical terms RegTech seeks to make sense of the large amounts of eclectic data generated within an institution’s systems, configuring and generating timely reports, as well as applying analytics in order to optimise information.
Historically, financial institutions have individual IT systems that are often disconnected and unable to communicate adequately. So, while data from such systems has always been available, the challenge has been to interrogate it effectively. Increasingly, new technologies and approaches are being developed to overcome the legacy challenges – and it is this aspect that the FCA has been keen to embrace.
Given that the regulator is highly receptive to the potential benefits of RegTech, institutions ought to start thinking about how they can gain from these advances, despite their willingness to continue investing in their older systems.
A Deloitte report has suggested that RegTech innovation can help institutions satisfy both regulatory and competition requirements in a cost-effective way by deploying agile solutions on legacy systems. This improves compliance reporting as well as providing more monitoring controls. Further investment in analytics technology will enable managers to proactively identify potential issues and be prompted to take remedial action.
Since data and information are at the heart of regulation, and regulators now demand transparency in all areas of the operation, institutions have to provide evidence of how they are approaching compliance. In particular, they must show that key activities have occurred within a process or transaction. They must demonstrate that specified standards have been reached and that the systems have performed correctly. Monitoring and controlling performance are now critical management functions and are increasingly required as part of the compliance framework.
The advances in RegTech mean it is now possible cost-effectively to supply the timely data managers and regulators require, using an agile approach to leverage the varied data outputs from legacy systems. Achieving this, though, requires the RegTech supplier to understand the industry domain and to work with an institution’s key people to accurately define the regulatory objectives and targets.
A model that works
Regulations tend to focus on how, why or when ‘something’ was done, such as the provision of advice, a payment, or the on-boarding of a new client – all processes that follow a specific set of operational instructions or rules.
From a regulatory perspective, such processes normally have to be undertaken within a specified time period, within specified limits, or upon receipt of specified data inputs and so on. But it is for the institution to demonstrate that compliance has been achieved.
Given the speed and complexity of requirements, this is not always straightforward. Yet it is possible to identify the important steps within a business flow – where and when key activities should take place. These are the Service Level Targets (SLTs). If SLTs are not achieved, then it is probable that the specified business flow will be non-compliant.
RegTech uses SLTs as the basis for compliance-fulfilment. The business flow is mapped with its monitoring points and SLTs highlighted. Parameters are set (monitoring points) that enable ongoing monitoring of the flow so that the SLTs are achieved. Visualisation then provides real-time dashboards, with traffic light status and built-in management alerts.
Auditing what has been done is critical. More advanced RegTech solutions not only generate performance reports, but capture target-performance history in a central repository where they are readily accessible.
RegTech has now developed to the point where it can work flawlessly with the current monitoring systems within an institution’s IT estate, boosting existing capabilities to produce specific and relevant monitoring of regulatory reporting activities. Inevitably, the cost-benefit is significant.
RegTech – go with the flow
It is, for example, an approach that within the financial services industry, works across more than 100 business flows. It covers everything from SEPA and high-value payments in retail banking, to clearing trades and treasury in investment banking, anti-money laundering (AML), as well as Basel Committee on Banking Supervision and MiFID requirements.
It is vital however, to have domain knowledge and experience for any RegTech project to generate real results and insights. The up-front design and definition work needs to be undertaken in an agile development environment to establish the critical business flow and identifying the key SLTs.
Performance against SLTs is measured, analysed and fine-tuned. The analytics enable the institution’s managers to take a much more proactive stance towards compliance, being able to consider or predict probable future impacts based on current or past performance.
This is an important consideration, given the introduction of the Senior Manager Regime from March 2016, making senior staff personally accountable for activities and decisions, even when delegated.
By defining an end-to-end business flow, setting performance targets for key activities, and then monitoring the whole flow in a visualised way, senior managers can produce tangible evidence of process-control as part of any audit activity.
While RegTech should not be viewed as the panacea to all regulatory challenges it certainly provides a significant new range of opportunities for financial institutions and regulators. By harnessing its agile development capability to domain expertise, success in compliance is far easier and more cost-effective.