Sibos Update

Harnessing human and artificial intelligence to meet evolving compliance challenges

In the second of a series of articles addressing the 2019 conference sub-themes, we discuss the evolution of ‘Regtech’ in the compliance space

A decade of far-reaching regulatory reforms and increased compliance checks has left few processes or tasks untouched across the finance sector. Fines for non-compliance have been steep, as have implementation costs. In many cases, firms hired extra staff to meet new requirements, but soon found this was not a scalable, sustainable solution.

Both regulated firms and regulators themselves are turning to technology to increase efficiency and effectiveness. ‘Regtech’ is being deployed to support compliance, improve oversight and reengineer regulatory frameworks. In a hyper-connected world, data can help us make connections needed to identify risks quicker.

Algorithms are being used to identify unusual transaction flows, flagging suspicious behaviour for financial crime compliance teams to investigate. Advances in natural language processing are pushing the boundaries of technology’s supporting role in compliance. Machine-readable regulation is being trialled in a number of jurisdictions to streamline reporting processes and reducing scope for misinterpretation.

The scope of regulatory requirements has broadened significantly and will continue to expand. The UK’s Financial Conduct Authority (FCA) receives around 500,000 scheduled reports a year from regulated firms. According to a recent study[1] by regulatory consultancy JWG, 374 legislative initiatives aimed at the finance sector will come into force by 2021. “After more than a decade of tactical responses to increased regulatory reporting requirements, both regulators and regulated firms are putting more effort into new approaches to data management, typically based on standardisation and interpretation in a collaborative manner,” says PJ di Giammarino, CEO of JWG.


Best interest

Advisory firms serving Australia’s small but sophisticated pension and wealth management sector are turning to intelligent automation to handle heightened regulatory expectations following the Royal Commission into Misconduct in the BankingSuperannuation and Financial Services Industry. Published in February, the report made 76 recommendations, many addressing failings in the quality and impartiality of financial advice, as well as inappropriate fees and commissions.

Often misconduct went unchecked because firms – both large institutions and smaller networks of financial advisors – were not fully implementing the stringent levels of oversight required by existing regulation to cut costs. As few as 10% of advice files were being sampled for compliance purposes.

Now, the Australian Securities and Investments Commission (ASIC) is increasing the pressure on institutions to demonstrate they are providing customers with impartial advice. “The industry understands that manual reviewing and monitoring is not sustainable or cost effective. They’re taking regtech more seriously than ever”, says Samantha Clarke, CEO of Advice Regtech, a Sydney-based firm that uses AI to automate checks.

The task of proving a financial advisor has taken all reasonable steps to act in the best interests of the consumer has both subjective and objective elements. Regtech solutions can scan and assess reports for compliance with objective aspects of regulation more quickly and reliably than humans, for example, ensuring certain key words are included in documents provided to consumers. “The majority of the questions from regulators can be dealt with by machines, freeing up expert reviewers to focus on the more subjective questions”, says Clarke. Further, the responses of the most experienced reviewers can serve as feedback from which algorithms can learn and adjust.

But if today’s algorithms rely too directly on past assessment techniques, AI could “fast track the next failure”, warns Clarke. “We need to take a fresh look at how compliance is handled by the human experts, before the new methodology can be programmed into the algorithm.”

It may have previously been sufficient, for example, to inform a customer of the availability of a shortlist of alternative products to the one recommended. But the customer’s best interests are only served if the list is regularly audited for the continued suitability of long-established products and the potential appropriateness of new alternatives. “The Royal Commission has raised the bar from the letter to the spirit of the law, meaning certain things that were previously considered binary should be treated more subjectively”, Clarke adds.


Machine-readable regulation

ASIC is among a growing number of regulators pioneering greater use of technology. It recently issued a tender for friction licensing solution, potentially delivered as a chatbot, and has participated in one of the FCA’s ‘techsprint’ events. These are intensive collaboration sessions in which which software engineers, graphic designers, project managers and subject matter experts attempt to solve specified problems by building prototype technology solutions.

Following a 2017 techsprint, the FCA ran a six-month pilot project last year with the Bank of England to explore whether technology could make the current process “more accurate, efficient and consistent”, thus reducing workload and improving oversight. The aim was to establish the feasibility of digital regulatory reporting (DRR), whereby systems within regulated firms respond automatically to rules and requests for reports from regulators expressed as machine-readable code.

Six regulated firms signed up for the challenge of creating a machine-executable reporting process for two use cases: reporting mortgage sales to support loan-to-income calculations; and reporting capital-to-asset ratios under Basel III. The agreed approach involved first standardising the relevant data, then creating machine-executable versions of regulatory instructions for generation and delivery of reports, and finally developing a system to facilitate the end-to-end process.

Although the DLT-based prototype could not be deployed live without further development, it was clear that the biggest challenge was converting regulation into code in an efficient and unambiguous fashion. Two approaches were tried and three more were identified but not fully explored. A second phase started in February to further explore data standardisation, methodologies for creating machine-readable rules and identifying further regulatory reports appropriate for DRR.


A sense of urgency

Great advances in data standardisation have been achieved in recent years, from the use of ISO 20022 across market infrastructures to the development of a Common Domain Model in the derivatives market by the International Swaps and Derivatives Association. “These are positive developments. But sometimes you also need the urgency of a regulatory compliance deadline – like Europe’s Securities Financing Transactions Regulation (SFTR) – to focus attention and resources on developing, validating and implementing new practices that will deliver effective and efficient reporting”, says JWG’s di Giammarino.

Although regulatory priorities and approaches have converged over the past decade, precise requirements continue to vary, often due to differences in underlying legal systems. Despite explicit agreement – for example on the framework for oversight of OTC derivatives outlined at the 2009 G20 summit – practical alignment can still lag.

As incremental progress is made, technology innovation is beginning to ease the pain for firms obliged to comply with similar reporting requirements across multiple jurisdictions. “Data translation and transformation tools are helping to bridge the gap between regulatory requirements, enabling firms to optimise reporting processes globally, rather than investing resources to replicate workflows locally”, says Jennifer Peve, Managing Director, fintech strategy at DTCC, the global post-trade services and market infrastructure provider. To take a simple example, such tools might convert dates on transaction reports into the format specified by regulators in different countries.

DTCC is working with Xceptor, a data automation specialist, to streamline client compliance with SFTR’s reporting requirements. Xceptor’s software ensures user firms’ data is in an SFTR-compliant format before being submitted to DTCC’s Global Trade Repository. Separately, DTCC has partnered with Droit, a transaction reporting services provider, to help clients determine the cross-regulatory reporting implications and obligations of their transaction flows in real-time. “The industry is striving to agree standards, but if the path is not there yet, technology can help with compliance”, says Peve.


“Context means relevance”

Technology is playing an increasing role in meeting banks’ fast-expanding financial crime compliance obligations, particularly the AML and KYC checks needed when onboarding clients and facilitating transactions. Significant resources have been deployed to detect and prevent fraud and money laundering, but efforts have been impeded by legal restrictions on information-sharing between banks, regulators and law enforcement agencies.

Here too, innovation is overcoming barriers to efficiency, says Sophia Bantanidis, head of regulatory strategy and policy at Citi’s trade and treasury solutions division. “Regulators are bringing together the various players in the financial services ecosystem such as banks, fintechs, academics and others to explore how technology, including privacy enhancing technology, can be used to combat financial crime.”

Such technologies redact personal information to retain customer anonymity while allowing more data sources to be shared in the battle against illegal activity. Systematic contextualisation and cross-referencing of data from multiple sources is a critical component of more effective compliance with financial crime regulation, according to Alexon Bell chief product officer at Quantexa, a data analytics solutions provider. This requires both sophisticated technologies and highly-skilled staff, he suggests, advocating a triage approach to identify and prioritise the most severe threats. “Context means relevance”, says Bell. “The better you are able to understand connections between entities, the quicker you can spot something out of the ordinary, such as an unusual payment."

Quantexa’s platform aggregates and analyses data from multiple data sources to establish a real-time single entity view of an enterprise and its connections to the wider ecosystem. This helps to identify a firm’s most important commercial relationships, but can also reveal less-obvious connections to politically exposed persons or other AML and fraud risks. “AI plays a big role, but this is not a pure data science exercise. There are still elements that the data cannot take into account which must be left to human deduction”, explains Bell. “The aim is to use AI-based tools to combine artificial intelligence with human intelligence, to make human investigators more efficient, effective and consistent.” The feedback from their decisions – for example the reason for closing a false positive – must be fed back into the system, insists Bell, to further enhance the overall effectiveness.

[1] Ready for Digital Regulation? (April 2019)