When it comes to implementing regulatory technology (Regtech) software for AML compliance, financial institutions (FIs) share many barriers to these solutions’ smooth and functional deployment. In an oversight environment disrupted by the COVID-19 pandemic, the mass migration to mobile and online banking, and the dizzying rate of regulatory change, these obstacles have become a critical procurement and operational challenge for organizations.
Regardless, given the post-COVID risk landscape cited above, along with regulators’ corresponding embrace of AI and high-dimensional big data (HDBD), next-generation Regtech solutions are essential for financial compliance operations in the 21st Century.
According to a 2021 report authored by Thomson Reuters Regulatory Intelligence, 16% of some 720 firms surveyed globally had “implemented a Regtech solution, with a further 34% reporting that Regtech solutions were affecting the management of compliance.”
But with the soaring growth of daily regulatory alerts faced by compliance organizations since 2008, punctuated by the cyber-enabled financial crime risks that skyrocketed during the pandemic (for instance, the occurrence of romance fraud), mass adoption of Regtech has become an inevitability for the financial industry.
Some examples of core Regtech use-cases are regulatory reporting, sanctions screening, risk management, identity management, anti-money laundering (AML) compliance, and transaction monitoring. Furthermore, the days of cumbersome on-premise Regtech deployment are over. Regtech is also a great tool for cryptocurrency platforms, ensuring regulatory compliance for users.
Today’s Regtech stacks are almost always deployed as software-as-a-service (SaaS) solutions like Unit21, delivered entirely in the cloud, with many claiming to offer plug-and-play composability, access to high-quality risk data, and an effective AI-powered product. However, many institutional adopters of Regtech software have learned to evaluate vendors’ marketing hype carefully.
But in a rapidly growing Regtech market valued at $15.68 billion in 2020 and increasingly crowded by a growing influx of new entrants, how can FIs make the right choice – and how can they ensure that the implementation of their solution goes as painlessly as possible?
In this post, we'll discuss four best practices financial organizations can use as a roadmap to help guide their Regtech transformation and integration journeys.
4 Tips for Optimizing Regtech Transformation in Financial Services
The first step is to anticipate a transformation. Successful transformation is always a cross-functional process that engages all organizational stakeholders.
Secondly, firms need to have a data governance strategy tailored to the demands of modern AI and machine learning (ML) solutions. This ensures that their current and forward-looking IT stacks will optimize the functionality of sophisticated solutions they may procure. For example, machine learning solutions are extremely adept when it comes to AI predictive scoring for compliance alerts, saving your team valuable time and effort adhering to regulatory requirements.
Thirdly, firms need to effectively onboard and train talent with the skills and tech fluency to use Regtech solutions. The following compendium will elaborate on how financial organizations can navigate Regtech transformation using these guideposts.
Properly implementing a Regtech software solution demands a strategic vision and documented action plan. In addition, firms must have a thorough understanding of the compliance pain point they are trying to address via Regtech and the specific benchmarks they are trying to hit that will signify operational success.
To achieve this, managers must collect and document as much data as possible about their process efficiencies and survey the compliance analysts for input about their collective user experience while performing their jobs. In addition, transformation managers should specifically request feedback on their compliance teams’ experience using whatever Regtech solution may currently be running on their systems. It's important to ensure that risk team are included early on in the product development stage as well for the best output.
Obviously, this initiative also requires a holistic review of the firm’s IT stack to identify any technical debt or interoperability issues that could potentially hinder Regtech integration and any complementary technologies that could follow.
Managers should also consult peers at other firms that have deployed the Regtech solution they envision for their enterprise to learn about their experience installing, using, and maintaining the tool. It's also important to adopt a solution early on to ensure security and compiance standards are met.
Once this diligence has been conducted, transformation leads can create a realistic budget and action plan that they can bring to management and boards, enhancing the odds of securing buy-in from all essential stakeholders.
A crucial part of the diligence process discussed above entails formulating a data strategy. This inherently requires thinking about data as a “governance” issue. To this end, a modern, machine-readable, and executable Regtech solution will inevitability render legacy frameworks for data quality, availability, timeliness, analytics, transformation, storage, security, compliance, and other vital functions obsolete.
Because modern Regtech solutions transform raw data and redeploy it into the enterprise as meaningful analytics and predictions, firms must ensure that their IT stack and cloud configurations have thus been optimized for machine-executable SaaS software.
As such, organizations need to create an up-to-date data governance strategy to help plan how their data will be ingested, processed, transformed, transmitted, stored, and secured. In addition, having a granular understanding of these functions will further help remove potential friction from implementing and operating new Regtech tools.
Broadly, firms must anticipate the likelihood of possible data issues and create everyday data cleansing and formatting processes to perpetuate new technologies. They must also establish a framework and chain of command for migrating data across environments and, depending on the complexity of their operating footprints, across regulatory jurisdictions.
The Human Touch is Still Essential
Even the most cutting-edge Regtech solution will fail if the human operators are using it lack the ability to operate next-gen SaaS technology. Optimally, they should also have a longer-term commitment to the organization to ensure that departmental attrition doesn’t sabotage the continuity of compliance operations.
In the same way, Goldman Sachs revamped itself and hired an army of quants to guide its 21st Century business model. Effective Regtech adoption requires that FIs hire specialists. According to a 2021 European Banking Authority report on Regtech, FIs should look to “data scientists and engineers, to be able, where relevant, to scout, assess, operate, and maintain updated RegTech solutions.”
According to the European Banking Authority (EBA), with these specialists in high demand globally, recruiting may pose a challenge for “FIs, as currently there is high competition in both private and public sectors for talent.” In addition, beyond new talent, FIs must invest adequately in training their staff in how to use next-gen Regtech applications.
Black-Box Models for Diligence
In the same way, the cybersecurity community has become leery of the indulgent use of the buzzword “Zero Trust” by vendors; FIs should take a similar stance when assessing the AI capabilities of potential third parties, often referred to as "black-box models.”
This is particularly crucial today, as the growing Regtech market has been oversaturated by a deluge of new entrants, all claiming to have the latest competitive advantage over their peers. But diligence is inherently complicated when evaluating these solutions because these technologies are opaque by design. People don't have visibility or explainability into the models used.
Generally, there is insufficient understanding of how the algorithms used by vendors ingest, train, clean, structure, transform, store, and share data. In addition, many stakeholders also have limited knowledge about highly technical details like the types of code libraries used by algorithms to make predictions.
Firms need to kick the proverbial tires as much as possible to confidently understand how vendor AI really works at the developer level. FIs must also satisfy themselves that prospective vendors are as transparent about their tech as possible and that they fully grasp the unique regulatory challenges faced by their potential customers. Many experts recommend using AI for the more manual and low-value tasks but bring in the field operators on the front line to control and adjust to what’s going on.