Regulators around the world already expect firms to have comprehensive policies and procedures for record keeping. That focus is set to increase as not only regulators are investing in technology and revamping their data strategies but also firms are expected to be able to preserve an ever widening range of content including emojis, GIFs, chat, etc. Given the expectations around retrieval and surveillance, the capture and preservation needs to be in the native context to allow, if need be, the content to be retrieved in its original state and surveilled.
Suptech
In 2018 the Financial Stability Institute (part of the Bank for International Settlements) defined suptech as the ‘use of innovative technology by supervisory agencies to support supervision. It helps supervisory agencies to digitise reporting and regulatory processes, resulting in more efficient and proactive monitoring of risk and compliance at financial institutions.’
The Bank for International Settlements (BIS) Innovation Hub’s wider work on suptech and regtech reported that there is a ‘growing interest from financial institutions in the use of technology to satisfy regulatory and compliance requirements more effectively and efficiently (referred to as regtech)’. That is in addition to the interest from ‘the official sector in the use of technology for regulatory, supervisory and oversight purposes (referred to as suptech)’.
Indeed regtech and suptech solutions are seen to be emerging for a wide range of regulatory focus areas, including regulatory change tracking, fraud detection, know-your-customer (KYC), countering the financing of terrorism (CFT), conduct and prudential risk management, systematized regulatory reporting and, critically, the associated auditable recordkeeping.
The consensus from the State of Suptech Report 2022 is that ‘suptech is happening’ with most financial authorities having already engaged in suptech initiatives. As a further example, in June 2023, the European Securities and Markets Authority published its Data Strategy 2023-2028 to, among other things, consider the possibilities created and challenged posed by the rapid growth of new technologies suited for supervision, reporting, data collection or data use, and fast-evolving digital developments.
Suptech solutions could result in benefits for firms as well as their regulators with, for instance, more automated regulatory compliance, lower costs and greater consistency in regulatory reporting. However that benefit can only begin to materialize if firms have the capability for complete, accurate and native context records retention, preservation and retrieval.
Step change
In April 2023 Jessica Rusu, UK Financial Conduct Authority Chief Data, Information and Intelligence Officer, spoke of the ‘Big Data Challenge’ and the FCA's strategy to become a data-led regulator being centered on making better use of data to spot and stop harm faster.
Among other Big Data challenges and the continuing need to optimize how the data is collected, stored and exploited:
- The FCA has seen a 200% rise in the volume of data processed for investigations, including through encrypted channels such as WhatsApp
- FCA enforcement teams sift through millions of legal records
- The FCA supplement data with publicly available information, for example from Companies House, or insights driven from social media, as well as more specific data that collected directly from firms or that is shared through regulatory partners, such as the UK Prudential Regulation Authority, Financial Ombudsman Service or Citizens Advice
- The FCA has improved its capability to spot harm through utilizing web scraping techniques and scan approximately 100,000 websites every day
- The data pipelines provide daily updates into the FCA Data Lake and deliver 100,000 record updates per day
In May 2023, Rebecca Jackson, Director of Authorisations, RegTech and International Supervision at the UK Prudential Regulation Authority discussed a ‘step change’ in how the PRA uses supervisory and firm data. The step change was informed by not only the PRA’s statutory objectives and post-Brexit freedoms but also technological and market developments.
The point was made that following Brexit the regulators have the opportunity to tailor reporting requirements more to the UK market, and to look again at the aggregate burden of reporting on the industry. Whilst there is likely to be a significant number of current returns which are stopped there will be some new returns, ‘including some where we need you to have the capacity, either routinely or in times of crisis, to submit them with a higher frequency and more timeliness.’
The capability of firms to deliver on the new style of returns will be utterly dependent on the robustness of up front record keeping. As indicated, any new returns are unlikely to be simply a variation on trade and transaction reporting or prudential returns but are likely to include elements of management information, surveillance and other internal risk and compliance reporting.
Robust recordkeeping
The UK regulators are not alone in seeking to become data driven and a key source of that data is from firms where robust and complete recordkeeping is ever more critical. In future risk management terms, firms would be very well advised to pro-actively invest in solutions which enable robust and complete native context records capture, retention and retrieval.
How Theta Lake can help
Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. It is exactly the kind of technology investment referenced in one of the firm’s own remedial actions to facilitate compliant communications.
- Theta Lake captures and compliantly archives communications including videos, voice, chat, screen share and file transfer from mobile messaging platforms to SMS and WhatsApp to enable compliance with relevant record keeping and other requirements. It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption.
- AI-enabled automated detection of potential or actual misconduct requiring reporting to the risk committee or regulator. Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams. Theta Lake has more than 85 risk detections which are pre-trained and ready for customer use with customers able to provide feedback and training on the classifiers.
- The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors, regulators or prosecutors. For example, chat messages can be viewed in their native format over the entire history of the conversation with full context retained together with in-meeting communications and images, GIFs, emojis or reactions that change meaning and context.
- Theta Lake’s compliance suite is SOC2, Type II audited and maps controls to ISO 27001 so confidential, privileged or sensitive data can be automatically redacted to meet data privacy and other legal obligations.
Ways to learn more:
- You can find further regulatory perspectives from Theta Lake here.
- Get our guide: “Smart Compliance Capture Considerations for Unified Communications” which outlines a buyer's checklist to use when evaluating capture solutions.
- Join a weekly 30-minute demo webinar showing Theta Lake’s Smart Capture solution by registering here.