Compared to pre-financial crisis spending levels, operating costs spent on compliance have increased by over 60% for retail and corporate banks. With that, the global demand for regulatory, compliance and governance software is expected to reach $118.7 billion by 2020.
Investments and regulatory compliance solutions, however, cannot be seen exclusively as an expense account anymore and proven to be worth the hassle. Estimates suggest that investments in regulatory software can lead to an ROI of 600% or even more with a payback period of fewer than three years. While the estimate is allowed to be off, case studies prove investments in risk, governance, and compliance solutions to be bringing material benefits to clients across industries.
“Large banks have invested substantial time, efforts and money in their existing compliance systems, hence are reluctant to implement new RegTech solutions unless there is a significant return on investment. However, when revenues and margins are under pressure, significant cost savings (upwards of 40-50%) as a result of reduced manpower, lower cost of technology and improved decision making becomes attractive to banks.” - Arun Iyer, EVP, Hexanika
Use cases of RegTech solutions are much broader than commonly known regulatory reporting. Identity validation, risk management (which includes scenario modeling and forecasting), transaction monitoring and auditing systems, web due diligence and security, identity controls – these are just some of the cases where technology startups are actively filling the gaps.
“The major areas in which RegTech is today playing a major role are data governance, records management, and information governance. There is still a lot of ground to cover when it comes to untangling the unstructured content using AI/ML.” - Srini Mannava, Founder, Infobelt
But to understand what RegTech means for a business, one needs to assess its material benefits in real-life deployments. Let’s look at some of those.:
Fenergo, for example, a provider of client life cycle management software solutions for investment, corporate, and private banks, shared a case study demonstrating the opportunities regulatory and compliance software opens for institutions.
For Fenergo’s global investment banking client, the KYC client review process was manual, and highly inefficient, culminating in thousands of hours of interactive (fully engaged) time to complete. In fact, the company reports that it took on average 27 hours to complete the KYC review process for one medium-risk client. And that calculation did not even include additional elapsed time for review, the time it takes for clients to respond to the financial institution’s request for additional or updated data and documentation. With 2,500 to 3,000 clients classified as ‘medium risk,’ it meant that the KYC client review process for medium-risk clients took between 67,000 to 81,000 hours to complete for that client.
The most interesting part comes after the implementation of Fenergo’s rules-based workflow platform, which supported the end-to-end cycle time for KYC remediation case handling. The software implementation resulted in a 37% improvement on case handling time and efficiencies for the medium client risk category alone. This reduced average handling time for each case down from 27 hours each to 16.47 hours, shaving off a cumulative average of 27,380 hours in total for the medium risk client category for the investment banking client.
That is just one of the interesting cases shared by the firm, with other tech companies offering their own demonstrative cases.
Among the large tech companies, IBM is a frontrunner with its extensive suite of solutions covering risk and compliance functions. In January 2018, the Big Blue published a report covering a variety of real-world cases studies with results to demonstrate the material benefits its software brought to various clients across use cases. Across the case studies covering five use cases, two are of a particular interest at the moment, examining the effect of IBM OpenPages® GRC Platform, the company’s governance, risk, and compliance solution.
The first example is IBM’s work with HypoVereinsbank (HVB), a member of UniCredit, a major financial services institution headquartered in Italy. One of the leading players in the German banking market, HypoVereinsbank employs more than 12,000 people across around 300 branches nationwide.
With the goal to reduce the risk of losses, improve processes and controls, and protect its reputation with customers and regulators, HVB set out to streamline its risk and control assessment processes. By using IBM OpenPages software, HVB was able to automate reporting processes and simplify tracking for over 3,000 internal controls. As a result, HVB saw 33% reduction in personnel requirements thanks to better use of existing resources, as well as increased efficiency through automating risk and control self-assessment processes, and gained the ability to gain new insights into risks and controls helping to identify gaps and resolve glitches quickly.
Continental is another interesting case covered by IBM. The company develops intelligent technologies for transporting people and their goods. In 2016, the corporation generated sales of €40.5 billion. Continental employs more than 220,000 people in 56 countries. In other words, it’s a massive organization with risk, governance, and compliance being one of the top operational priorities.
The challenge requiring a solution was for Continental to gain insight into areas of exposure across its subsidiaries worldwide in order to steer clear of business risk and to come up with effective ways to mitigate the threats. So, what was the result of opting for a software solution by IBM?
Continental used IBM’s risk, governance, and compliance platform to perform broad-scale risk assessments across its worldwide operations and saw 75% fewer risks assessed at Corporate Level, as minor threats are addressed lower down. Moreover, Continental was able to consolidate six risk management processes and four systems into a single solution.
While IBM is major league, there are defining moments for the RegTech industry startups that have cases on their accounts as impressive as the tech behemoth. Ayasdi is one of those companies.
At the end of 2017, Ayasdi shared the results of its work with Citi. To refresh the sense of scale of this project: Citi is one of the world’s largest and most complex financial institutions, operating in 98 countries, facilitating more than $4 trillion in flows each day. They hold over $950 billion in deposits and have over $620 billion in loans across their institutional and consumer businesses.
Explaining the background of the case, the company shares:
“The 2008-09 financial collapse led to a Federal Reserve directive that banks with consolidated assets over $50 billion have additional risk assessment frameworks and budgetary oversight in place. To assess a bank’s financial foundation, the Federal Reserve oversees a number of scenarios (company-run stress tests). Referred to as the Comprehensive Capital Analysis and Review (CCAR) process, these tests are meant to measure the sources and use of capital under baseline as well as stressed economic and financial conditions to ensure capital adequacy in all market environments.”
As Ayasdi reports, Citi consistently struggled to pass its annual stress test, failing two of the first three stress tests. The bank was in need of a way to rapidly create accurate, defensible models that would prove to the Federal Reserve that they could adequately forecast revenues and the capital reserve required to absorb losses under stressed economic conditions. The firm could not confidently defend the models that they included in the filings they presented to the Federal Reserve.
To address the issue, Citi chose Ayasdi to supplement its capital planning process.
The process began with the leaders of the bank’s business units reviewing the macroeconomic variables stipulated by the Federal Reserve. Aysadi enriched these variables using several techniques and created over two thousand variables. Further, ML-powered software was used to correlate and analyze the impact of these variables on each business unit’s monthly revenue performance over a six-year period, uncovering statistically significant variables that were highly correlated with each business unit’s performance.
“A comprehensive business review was conducted to screen the identified variables prior to inclusion in the models for each business unit. Ayasdi then conducted exhaustive statistical tests (including stationarity and multicollinearity tests) to validate these models’ ability to predict revenues for the business units. The business leads then evaluated the candidate model and the challenger models, selecting those that best represented their business units.”
Long story short, the exercise allowed the bank to easily clear their most challenging regulatory hurdle. More importantly, the process compressed the resources required for a nine-month process requiring hundreds of employees to a three-month sprint with less than one hundred.
Reviewed cases are certainly not exhaustive for the functional potential for risk, governance, and compliance software. Opportunities for financial services institutions to leverage RegTech for compliance include, but are not limited to:
1. Technology-enabled process efficiencies
Robotic process automation (RPA)
2. Data sharing and aggregation
Regulatory data sharing
Regulatory data aggregation
3. Data-driven insights generation
Real-time data monitoring and anomaly detection
AI/advanced analytics-enabled prediction of risks
4. Platform development
Compliance over cloud
Blockchain-based platforms for compliance
On-demand compliance expertise
For financial institutions to be able to fully harness obvious and proven benefits of software adoption for risk, governance, and compliance functions, investments in regulatory technology cannot be seen purely as an extra weight in expenses. Numerous case studies prove adoption of RegTech solutions to bring immediate or short-term positive implications on operational efficiency at the least, and significant reduction of the cost of resources deployed for supporting the compliance and risk management functions.
“We believe the move towards a more data-driven and granular approach to supervision will improve scrutiny of the financial sector and help ensure better outcomes for market participants and consumers. The use of RegTech is an important tool in supporting that process.” – Patrick Armstrong, Senior Officer, Financial Innovation, ESMA, said.