Digital transformation has been a fundamental enabler for financial services firms. It is hard to underestimate the opportunities and regulatory benefits firms can derive from the implementation of technological solutions but maximising their potential can present challenges. Thomson Reuters Regulatory Intelligence's sixth annual survey and report on fintech, regtech and the role of compliance explores these challenges, particularly in the context of corporate governance and risk management.
The most significant challenges
The most significant challenges highlighted by respondents to this year's survey concerned data, operational resilience, the management of third parties and skill sets.
- Data — Data is the strategic asset of the digital age, and firms need to embed data governance frameworks as a core competency within their corporate governance arrangements.
- Operational resilience — Digital solutions, which at times operate critical business functions, must be resilient to any disruption. Equally, risk and compliance applications must be able to accommodate any shift to alternative working patterns.
- Third parties — Third parties are crucial to the development of many fintech applications. Outsourcing or third-party arrangements need to be part of firms' risk management infrastructure.
- Skill sets — Firms need to invest in more specialist technological skills, although determining what those skills should be is a challenge in its own right.
The shift to alternative working patterns
The shift to alternative working patterns has become a huge focus for financial services firms and has been enabled by the use technological solutions both fintech and regtech, and from the regulatory perspective suptech.
The ways firms use the outputs from regtech solutions has varied over time, and while more firms are considering the adoption of regtech solutions, the output from those solutions already in use has yet to become a trusted source of management information. It may be that the solutions need to be further embedded and tested, or that at least some of the solutions deployed have failed to live up to their potential.
" … other commonly cited obstacles to adoption [ of technological solutions ] were the need for better interoperability (38%) and integration of technology (41%), especially among firms with large or complex legacy systems. Enabling financial services firms to link multiple systems and allow for easier integration is considered crucial when considering new technology and processes." Insight, UK Financial Conduct Authority, June 2021
Compliance and regulatory risk management most likely to be impacted
Respondents nevertheless reported that regtech solutions were likely to be used in a wide range of compliance procedures within their firms. At the top was compliance monitoring and regulatory reporting, followed by financial crime and onboarding, as well as elements of regulatory change management.
These results are reflected in responses about the solutions being introduced, in practice, to meet the compliance needs of automated governance, risk and compliance (GRC) solutions: financial crime, AML/CTF and sanctions compliance and the capturing and implementation of regulatory change (regulatory change management).
The challenges of compliance monitoring in a hybrid environment
The challenges of compliance monitoring in a hybrid working environment are not to be underestimated, and hybrid or at least flexible working arrangements are here stay. In October 2021, the UK Financial Conduct Authority (FCA) codified its previous expectations regarding, among other things, the need for firms to prove that there is satisfactory planning on a range of governance, culture, technological and control risks, such that:
- That there is a plan in place, which has been reviewed before making any temporary arrangements permanent and which is reviewed periodically to identify new risks.
- There is appropriate governance and oversight by senior managers under the senior managers regime, and by committees such as the board, and by non-executive directors where applicable, and that this governance is capable of being maintained.
- A firm can cascade policies and procedures to reduce any potential for financial crime arising from its working arrangements.
- An appropriate culture can be put in place and maintained in a remote working environment.
- Control functions such as risk, compliance and internal audit can carry out their functions unaffected, such as when listening to client calls or reviewing files.
- The nature, scale and complexity of its activities, or legislation, does not require the presence of an office location.
- It has the systems and controls, including the necessary IT functionality, to support the above factors being in place, and these systems are sufficiently strong.
- It has considered any data, cyber and security risks, particularly as staff may transport confidential material and laptops more frequently in a hybrid arrangement.
- It has appropriate record-keeping procedures in place.
- It can meet and continue to meet any specific regulatory requirements, such as call recordings, order and trade surveillance, and consumers being able to access services.
- The firm has considered the effect on staff, including wellbeing, training and diversity and inclusion matters.
- Where any staff will be working from abroad, the firm has considered the operational and legal risks.
"The above is an indicative and non-exhaustive list. It's important any form of remote or hybrid working adopted should not risk or compromise the firm's ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them," the FCA said.
What solution have you introduced/are in the process of introducing and to meet what compliance need? “ …GRC technology to monitor compliance and manage frameworks, registers and monitor risks.” Head of risk and compliance, Australia
A continuing need for technological innovation to meet changing working and regulatory environments
Financial services firms have embraced digital transformation but there is a continuing need for technological innovation to meet changing working and regulatory environments. A key issue for firms is the sheer volume of data being generated – without a robust means for firms to be able to use data to, say, get line of sight to risks and evidence compliance there can be no benefit in terms of process automation and efficiency.
The one thing firms would like technological innovation to deliver
The point on data in particular is borne out by the responses to the question about the one thing firms would like technological innovation to deliver in the next 12 months, the top five being:
- Data aggregation and governance.
- Process automation and efficiency.
- Enhanced customer experience.
- Cost savings.
- Automated monitoring of regulatory change.
Firms need to embrace the fact that data is a vital strategic asset, and from there build a business-wide approach to data aggregation, management, storage, security, retrieval and destruction; in other words, build a business-specific approach to data governance. The successful governance of data will have multiple benefits including greater line of sight to risks being run in a hybrid working environment and enhanced recordkeeping.
“…a lack of awareness of Regtech. This is especially the case at board and senior management level, where leaders are often not fully on board with Regtech adoption because they do not fully understand its potential benefits” Arthur Yuen, Deputy Chief Executive, Hong Kong Monetary Authority, November 2020
To deliver on data governance, firms will need to invest wisely in both skills and infrastructure. Firms may well need to re-assess their priorities in a (post-) pandemic world.
The report
The Fintech, regtech and role of compliance in 2022: challenges arising from technological opportunities can be downloaded from here. The Compliance Clarified podcast series can be found here exploring the hot topics of the day, the challenges faced and offering up practical ideas for emerging good practice. Episode 10 of series 3 features a discussion between the authors of the Fintech, regtech and the role of compliance in 2022. Further information on Thomson Reuters Regulatory Intelligence can be found here.
Security and compliance in the modern workplace
Find out how Theta Lake provides security and compliance for modern communications, whether staff are hybrid, remote or office-based, through frictionless partner integrations with Cisco Webex, Microsoft Teams, RingCentral, Slack, Zoom, and more.
Using patented machine learning and NLP, Theta Lake detects risks in: video, voice, chat, and document content across what is shared, shown, spoken, and typed. Those risks are surfaced in an AI-assisted, patent-pending review workspace that adds consistency, efficiency, and scale for security and compliance teams.