Digital Transformation of Regulatory Compliance for Financial Institutions

Regulation spans the width and breadth of the financial services industry – from front-office regulation dealing with Know-Your-Customer (KYC) to those related to capital management. Every working of the industry is rigorously monitored and regulated to ensure security and stability.

Regulatory technology (RegTech) has often come to the rescue of financial institutions in easing and simplifying the burden of compliance. This report aims to understand how RegTech has sparked a digital transformation of regulatory compliance within financial institutions. To aid us in this analysis, we spoke to Susan Schroeder, Vice-Chair of the Securities Department at WilmerHale and former Head of Enforcement at the Financial Industry Regulatory Authority (FINRA), whose valuable insights and experience offer a unique perspective into the role of regulatory technology and the future of compliance.

The challenge of regulatory compliance

Regulatory compliance runs deep through the DNA of financial institutions. No action can be taken within a regulated financial institution (FI) without considering multiple compliance factors. Failing to meet regulatory obligations can lead not only to punitive action but also to catastrophic results for society at large with the potential to affect a country's economic performance.

There are many complexities surrounding compliance for FIs. Regulations differ depending on product, service, or jurisdiction. Firms walk a tightrope between enterprise-wide compliance management or more siloed approaches. The correct path is not always clear; moreover, regulations and rules are updated continuously – successfully monitoring these changes can mean the difference between compliant activity or damaging costs to both budget and reputation.

However, monitoring and applying regulations is a process that can be both time-consuming and costly as firms seek to interpret regulations, create new rules, meet current requirements, and answer regulators. 

This is a process that Susan Schroeder knows all too well. As Vice-Chair of the Securities Department at WilmerHale and having spent over eight years at the US’ Financial Industry Regulation Authority (FINRA), Susan not only understands the challenges of regulatory compliance – she’s lived them through her work. “It’s a huge challenge,” she concedes. “I think it is incredibly important to have a global, holistic view. There is a tension here, though, because I know silos are a ‘bad’ word, but organizations are complex. You must be able to structure your compliance framework in a way that provides necessary differentiation. So, the challenge is to have a global perspective – to have an integrated framework […] and to keep in mind the ways in which you will need to create barriers or partitions between pieces of the program.”

The emergence of RegTech

As Susan alludes, building and structuring a multi-faceted or multi-jurisdictional compliance program is no mean feat. This is especially true given that compliance systems have historically necessitated complex or clunky manual processes. However, the last 10 years have seen a seismic regulatory shift due to the pace of technological advances.

Technology and compliance go hand in hand, and as technology develops, so do the regulations that govern that tech: robo-advisers, for example, present a suite of new rules and guidance. Artificial intelligence, machine learning, and natural language processing are all sophisticated technologies that continue to advance – regulations are adapting at a pace to keep up.

Equally, technology can aid the meeting and implementation of regulations – assisting regulators and compliance teams alike. Such regulatory technology, commonly referred to as RegTech, is changing the face of the compliance universe. However, whether technology has simply risen to meet the challenges presented by increasingly stringent regulatory expectations seems to be a common question. 

Over the length of her career, Susan has witnessed first-hand the effect of technological change on compliance. For her, RegTech is a necessity given the pace of change across society, commenting, “It’s necessary in order to meet that broader set of regulations that are constantly coming about because of technology.”

It could be argued that RegTech has led to increased regulatory scrutiny, more regulations, and greater expectations. As RegTech solutions are developed, financial regulators may ramp-up their expectations of firms to implement them. Susan doesn’t agree. “I don’t blame RegTech for speeding up the pace of compliance,” she says, “I blame technology for speeding up the pace of the world.” She adds, “Technology has enabled more and faster trading and more complex ways of doing business. And those things have sped up the pace of compliance, but only in that they have added much more regulatory need.”

Undoubtedly regulatory change management has transformed the way FIs handle regulatory compliance and intelligence. Every sphere of compliance has changed – from monitoring regulatory changes to scanning documents for interpretation to regulatory reporting and regulatory intelligence. FIs now have a better understanding of the overall functioning of the business, its potential risks, and the progress made in organizational compliance. 

RegTech solutions have been incorporating cutting-edge technologies in their solutions to ensure that financial firms stay on top of their compliance requirements. As Schroeder points out, “Tracking regulations is a huge challenge. Firms are using technologies such as artificial intelligence for regulatory mapping, helping them to monitor the financial universe for all the regulatory changes that are impacting their global operations.” 

Along with AI, data mining algorithms based on machine learning are used to organize and analyze large sets of data. Visualization tools are another innovation in the RegTech field that enables improved understanding and enhanced reporting of diversified data sources, without the need for programming languages. They help to present this data in an organized manner to management functions, thereby enabling efficient decision-making and problem-solving. By offering their services on the cloud and integrating with existing systems in organizations through APIs, RegTech solutions have made it easy for FIs to adopt these new technologies and stay on top of their regulatory requirements.

The case for RegTech

The benefits of RegTech are not limited to merely helping FIs and regulators meet regulatory goals. The implementation of RegTech platforms can be transformational across company models – from cost to risk assessment, enriching data, and everything in between. 

Arguably the greatest advantage of RegTech is efficiency and the ability to take complex, manual processes and effectively streamline them, thereby freeing up resources. “Take customer correspondence and how it gets reviewed,” remarks Susan. “When I first started in private practice, customer comms were physical letters that a human being would physically write and review. Then you advanced to emails and search terms – now it’s AI. If you’re using AI to review customer correspondence, you’re much more efficient in terms of the cost of the operation, the cost of the review, and frankly, you’re more effective.”

Resources are precious and should be used wisely. Why keep a team of 20 people carrying out administrative tasks when their time could be better spent reviewing genuine compliance alerts, or implementing regulatory changes rather than scanning the internet for them?

Artificial intelligence and smart technology have made waves in terms of efficiency – both in process and spending. As well as saving resources, RegTech can also help companies save money and retain their standing in the market. According to data from Boston Consulting Group, banks around the world have paid $321 billion in fines from 2008 to 2017; the breaches range from regulatory failings from money laundering to terrorist financing and market manipulation. Moreover, the bad publicity stemming from widespread compliance failures within a FI can be catastrophic to their reputation. An efficient, technology-based compliance platform ensures that this can be minimized to a large extent. Regulators find it easier to manage and collaborate with organizations that reply to queries quickly and efficiently due to their effective compliance systems.

Technology is not without risk

RegTech has unquestionably been a force for good across the financial services industry. It offers FIs the opportunity to enhance their regulatory compliance through the implementation of new technologies such as AI, Machine Learning – to name just a few. However, RegTech – and technology in general – is not without its faults and has introduced a wealth of new challenges and risks to the industry. 

For instance, the uptick in digital adoption has resulted in more data breaches, an increase in cyberattacks, new & innovative money laundering techniques, and other fraudulent activities. The use of technology comes with risk and increased cybercrime, providing hackers with a new platform for operating.

However, while technology may inevitably facilitate wrongdoing, it also provides systems that can prevent and uncover illicit activity. “Every innovation introduces new risks,” Susan points out, but she also agrees that technology also offers “huge benefits.” RegTech aims to work alongside the compliance departments of financial service companies to generate reports, reduce the frequency of false non-compliance alerts, monitor risks, monitor regulatory changes, and supervise billions of transactions.

Do the benefits of RegTech outweigh the overall risks it introduces? “Absolutely,” says Susan. “I am a huge fan of technology for a number of reasons. Every change introduces new risks, but it’s hard to imagine us functioning without the enormous technological advances we’ve seen in the past 20–25 years.” 

View from the regulators

Putting her enforcement hat on once more, Susan notes that regulators are starting to think about tech more and more. “FINRA puts out a priority letter every year, and this was one of their priorities this year – technology. Regulators are thinking more about this, but they are thinking about technology change in terms of supervision, so they will expect there to be a reasonable process in place to manage technology change.”

Susan adds that regulators are eager to remain educated and think proactively about what’s new in the market – for example, cryptocurrency. Almost every global regulator – from the UK’s FCA to Australia’s ASIC – has highlighted technology and RegTech as a priority for the year to come.

Transformative, innovative tech companies are overhauling manual processes that have become run-of-the-mill within financial services. Various RegTech firms across the globe are rising to the challenge of easing the regulatory burden on FIs and meeting the regulators’ expectations to embrace tech. One such company is CUBE, a RegTech firm that tracks regulatory changes across 2,000 global regulators. It uses an AI-driven digital regulation platform to provide tailored alerts at an enterprise level to manage regulatory change.

CUBE’s Founder and CEO, Ben Richmond, commented, “The financial services industry, especially since 2008, has been one that has tried hard to stick to ‘reasonable’ decision making. Stability is key. There may once have existed a fear that new technology was too disruptive, or posed too many unknowns, to be fully welcomed by the industry. But that time has passed. If FIs aren’t implementing smart technology, it is highly likely that there will be gaps in their compliance systems. 

“We’ve already seen messages from the FCA, FINRA & the SEC in the US, and ASIC in Australia that RegTech is no longer just a nice-to-have, but something that regulators are expecting to be a must-have. Firms need to be looking to stay ahead of the curve and avoid falling behind – both in terms of their peers and regulatory expectation.”