Wiring financial organisations for regulatory success
Regulatory compliance is a time and resource-consuming burden for every financial institution – since the global financial crisis, regulatory requirements have increased exponentially.
Regulators are increasingly demanding more detailed information, and firms now have to demonstrate greater levels of responsiveness, accuracy and monitoring of their data, transactions, governance and policies. More complex regulatory requirements mean that regulated financial institutions are facing spiraling compliance costs, and as a result, many are looking for solutions which will not only enable them to comply with legal requirements but which will also give them a competitive edge over their rivals.
An increasing burden
We often see large global firms, especially those which have grown through acquisition, failing to integrate policies, processes and procedures. We also often see poor organisational cultural behaviour where separate business units have their own way of doing things. This makes it very hard for a central compliance team to oversee the different policies and procedures required in different locations, and the process of implementing consistent standards is almost impossible, not to mention extremely costly. It is not unusual for there to be thousands of different documents which need to be kept up-to-date, and it is rarely clear who is responsible for them all.
Policy standards at head office level may be of good quality, but standards quickly degrade when you drill down into the granular procedures present in different divisions, business units and jurisdictions. And while firms may invest in policy and procedural training to support the mandatory local regulatory requirements, we see a marked difference between what employees are trained to do and what they actually do.
Smaller firms too, have a difficult time ensuring they fully comply with regulatory requirements. The compliance function may be made up of just one or two people, who have to juggle roles and responsibilities, and struggle to keep abreast of the increased legal and regulatory compliance requirements. These staff do not have the time to maintain all the policy and procedure documents, and the cost to address this properly is prohibitive meaning that that the undertaking is lower down in the firm’s priorities. With new and amended regulations being issued on an almost daily basis, the task of editing, maintaining and communicating them to the business is never-ending.
Senior manager responsibility
While policies and procedures are often regarded as mundane, regulators take them very seriously and are increasingly taking senior managers to task on this issue. For example, on 6 June, 2018, the UK Financial Conduct Authority (FCA) imposed a financial penalty of £896,100 on Canara Bank for anti-money laundering (AML) systems failings. The FCA stated that “UK firms are required to implement appropriate risk-based AML systems and controls and to comply with the legal obligations of the Money Laundering Regulations 2007. In this regard, the Authority expects firms and its senior management to ensure that adequate AML policies and procedures are in place and are operating effectively.”
Clearly, it is not acceptable for firms to operate without compliance systems and controls in place. Senior managers need to accept the responsibility for effective policies and procedures and should not expect poorly resourced compliance functions to shoulder this burden instead.
One critical issue that we often encounter is large volumes of redundant or out-of-date documentation that accumulates because of legacy issues, mergers and acquisitions, or inefficient processes. It’s a common challenge for larger organisations.
We frequently see a never-ending ping-pong game of e-mails and Microsoft Word document versions, as e-mail continues to be the preferred method of communication within the business world. Indeed, the average number of business emails sent and/or received per user per day is expected to reach 126 in 2019. That equates to 128.8 billion business emails daily in total. Employees working on policy management are likely to see even higher volumes given the many document versions a single policy can go through.
To address this issue and increase efficiency, firms need to be much bolder in their use of technology and move away from the old, ineffective ways of doing things. The situation will only get worse if banks cling on to old methods.
Adapting to the new regulatory landscape
With the issues above in mind, let’s look at the benefits that technology can bring to the compliance function. Consider the things that technology is really good for:
- the organisation, storage and retrieval of a high volume of documents;
- enabling communication and collaborative working, particularly when drafting and editing documents;
- maintaining an audit trail of edits, amendments, corrections and authorisations.
Furthermore, technology can also help firms with:
- Horizon scanning – this means being alert to new and amended regulation before it’s implemented. This is important to assess the impact on the firm, ahead of the regulations adoption. Without this capability, policies and procedures quickly become obsolete and non-compliant.
- The bringing together of all relevant information and intelligence regarding regulatory requirements into a single, secure repository so that any impact assessment can be completed quickly. This can prevent conflicting conclusions when evaluating similar obligations across different jurisdictions.
- Implementing operational changes efficiently – policies and procedures must enable effective processes, systems and controls and robust monitoring. Policy and procedures should be accessible and easy to understand for relevant employees.
So, what would be a “smart” way to use technology to manage policies and procedures and keep organisations compliant with legislation and regulation?
Firstly, technology can be used to greatly reduce document management inefficiency. Technology can now bring individuals together into a common environment where the process of collaboration around the final version of a document is in real-time.
Essentially, version control problems can be eliminated by ensuring that all versions of a document are always associated with a “master” document. At the same time, the use of Excel spreadsheets to track comments, suggestions, and changes becomes obsolete, with all interaction preserved as structured database directly around each paragraph.
It’s now possible to obtain a transparent audit trail which provides complete visibility as to who did what and when. Furthermore, modern technology can proactively track progress and send out notifications or reminders at each stage of the document review or when an approval is due. This certainly increases the likelihood of meeting regulatory deadlines.
Second, technology can help tie regulations to internal processes. Structured data sets mean that it’s possible to connect the dots between policies/procedures and processes, systems, controls and products and services through structured content and ML tagging. A clear link to the broader risk-management framework, governance, and processes is necessary at all levels of the hierarchy, across both large and small companies. No longer is this something presented as a futuristic view at conferences and industry events, but a new reality which regtech is bringing to life.
With the use of technology, a huge amount of data that offers significant insight into risk can be captured for evidencing and provided to regulators in a detailed structured format that is easy to understand. Needless to say, such a technology-driven holistic structured approach to data is fast becoming the only viable way to successfully manage policies and stay compliant in the current regulatory landscape.
Third, automation can help organisations avoid data breaches and gaps between procedures, policies and controls and also reduce the time needed to dedicate towards compliance. For example, a head of risk for a UK challenger bank recently told us that automating the final approval process for bank policies and procedures had significantly reduced the time required from senior management and board members compared to old manual processes. An added benefit was a resilient audit trial of individual approvers’ attestations. This risk professional was actually looking forward to the bank’s next regulatory visit, as he was very confident that their new processes would meet requirements, which is something you don’t hear a lot of senior managers say.
Today’s complex regulatory environment requires new solutions and cutting-edge tools to ease the regulatory burden and help financial institutions remain compliant. The regulatory landscape has evolved significantly over the last decade, and financial institutions need to adapt and ensure that they are wired correctly to cope with the challenges.
At ClauseMatch, we believe many compliance problems arise from issues surrounding data and workflow and we have built a platform that is designed to overcome them.
Modern regtech platforms are a relatively new concept in the financial industry. Yet, with the regulatory environment continuing to evolve at a rapid pace and the demands on financial institutions becoming both more complex and more time consuming, we expect to see an increased use of such platforms in the years ahead, as firms realise the importance of a robust regulatory structure.
By Andrew Jackson, financial crime compliance specialist, and Anastasia Dokuchaeva, head of partnerships, ClauseMatch