(How to best defend yourself from the tidal wave of new Regulations.)
Regulatory Alphabet Soup
The veritable tidal wave of recent regulations – most notably those emanating from Europe and the EU – are taking effect almost immediately. This will require urgent action – and of the ‘across the board’ type. Consider the following three regulations:
- General Data Protection Regulations (GDPR)
- Markets in Financial Instruments Directive – the second missive (MiFID II)
- Payment Services Directive – also the second version (PSD2)
All of the above require many significant changes to Firms’ existing systems. Failure to properly comply with the requirements can be very costly. For example – GDPR clearly states that there will be penalties for non-compliance. After an initial warning for first and non-intentional failure to comply, the penalties include:
- A first fine up to 10,000,000 EUR or up to 2% of an enterprise’s annual worldwide turnover the preceding year, whichever is greater.
- A subsequent fine up to 20,000,000 EUR or up to 4% of an enterprise’s annual worldwide turnover the preceding year, whichever is greater.
The more hidden, yet far from subtle costs – include the fact that, in the case of MiFID II – you or your staff will have to wade through 1.7 million paragraphs of regulations and figure out exactly what changes will need to be made to your current systems.
As if the above responsibilities weren’t enough to keep you busy – and in addition to ensuring your systems and sensitive data are secure – came the recent news that Intel (and other Chip manufacturers) chips had serious flaws making servers susceptible to at least two (Spectre and Meltdown) vulnerabilities.
Worse still – some attempts at patching resulted in servers randomly crashing and/or rebooting – as well as instances reported of CPU being up to 30% less effective. To date, there have been no reports of IBM Mainframes (using Power9 chips) being affected by the design flaws of Intel/AMD etc., chips.
RegTech to the rescue?
Regardless of which platforms your systems are running on, RegTech (and other initiatives) may be able to ease these burdens of responsibilities. Despite the hype – I personally very much doubt that Blockchain technology will somehow magically ride to the rescue.
A far better approach (in my humble opinion) would be to focus on where sensitive data resides, and ensure that your investigation is thorough. It also includes identifying where back-ups might reside, and further ensuring that you determine where it gets shared with third-parties.
Also – be sure to examine how sensitive data is structured and make certain that you will be able to efficiently identify those records where the underlying persons have requested that you do not share that data with third-parties.
Wherever possible – try to ensure that data is encrypted – whether it is in transit via API’s – at rest – or simply being viewed.
AI and IBM’s WATSON could assist
A recent Credit Suisse article describes how Credit Suisse has deployed some pretty smart technology to improve their compliance (KYC, AML etc.,) effectiveness. They claim that they have managed to reverse years of rising compliance costs, using a new “Big Data” platform and software robots.
Apparently, their new approach has generated a 45-fold increase in the number of productive alerts from its predictive monitoring of transactions compared to the previous year. Resolution of alerts is 60% faster despite the increases in the volume of data, and the result comes at a fraction of the historical cost of such monitoring.
The huge pool of data and advanced analytics accessible to compliance teams via the platform comprises some four billion records. Thanks to a combination of real-time processing and on-the-money monitoring, the bank is now able to perform KYC checks on international client transactions 80% faster at approximately 40% lower costs.
Further, they have also been deploying an army of software robots to carry out certain repetitive compliance tasks. One of them, dubbed ‘James the Robot’, is used for suitability and appropriateness checks – to ensure clients are invested in the right products. ‘James’ conducts these checks 200 times faster than when they were done manually, representing a significant reduction in risk for the bank. And – ‘James’ doesn’t need sick-days, vacations or even coffee breaks!
All in all – their new system illustrates how real efficiencies and cost reductions can be achieved via a new, smarter approach.
In another recent article, compliance professionals interacting with an AI system like Watson, have witnessed that a dramatic shift is underway. Compliance work is expanding from a center of research, to a center of analysis, corporate insight and competitive advantage. Acting as a helpful colleague, Watson is able to provide valuable insights and evidence to compliance professionals to better inform business decisions.
In all probability, the industry will continue enhancing existing legacy systems, and AI will almost certainly be further integrated into the core of essential business processes. Throwing more people at the exponential problem of regulatory complexity is clearly no longer the answer.
Rather, it is time to start thinking and working smarter, which is exactly what Watson, powered by superior domain expertise, does best: that is, it helps professionals perform at their best. By helping them make more informed decisions, understand their obligations, and close the gaps in knowledge and best practices.
Bottom line: Make sure that you and your systems are at the forefront of a technological revolution in the financial services industry – and don’t get left behind.
Worked continuously in the Financial Services Industry (primarily on the IT side) for over thirty years.
During this time has worked first-hand on major Industry Initiatives both in the U.K. and in the USA – such as TALISMAN, TAURUS, CREST, (the Bank of England’s) CGO, Counterparty/Client/Settlement Risk Reporting, CHAPS, Model A and B type Clearing, Intra-Day Payment Netting, Capital Gains Tax Reporting, Regulatory Reporting, Trading Interfaces (from DOT through to FIX API’s and beyond), Multi-Instrument and Multi-Currency systems, Direct Market Access and Custodian Services.
In short, I have been pretty much continuously involved with various types of FinTech for the longest time.