Sponsored: Regulatory compliance - an informed technology response

  • By Paul Franks
  • SAS

SAS Director of Financial Services Paul Franks explores key themes behind technology in driving the transformation to digital banking. 

RegTech is very much top of mind with financial services industry stakeholders and regulators. Increasing expectations and demands for restoration of trust, confidence and reliability in risk management and compliance systems - and their enabling technologies - is driving a reassessment of past and future responses to meeting regulatory compliance obligations.  

In the same way, regulator expectations for technology solutions for risk management and regulatory compliance have been reset if not reaffirmed.  Any solution must be sustainable, scalable, resilient, reliable and auditable. 

How can the best of proven enterprise technology and new promising technology solutions interoperate to their respective strengths in capability and performance to solve current and future regulatory compliance obligations?  How can these technology components sustain and support the transformation to digital banking? 

Let’s consider some key elements of approach, capability and architecture.

Any solution must be sustainable, scalable, resilient, reliable and auditable

Proven technology and new technology – what is the best approach?

Proven technology and new technology are increasingly expected to interoperate at scale in an extended operating process ecosystem. 

Technology options for regulatory compliance continue to proliferate as both existing and new vendors provide either enterprise or point solutions and ‘as-a-service’ offerings to address multiple or singular regulatory obligations. With an increased focus on reducing technology complexity by standardisation and simplification - and preferences for modular or ‘plug and play’ components - an enterprise approach supported by best-in-class capabilities is recommended as a target state.  This implies enterprise solutions at the core addressing core obligations and functionality, with point solutions addressing specific or secondary obligations where greater analysis, management and remediation is warranted.

Organisational capability

Organisational capability to adopt and consume existing and new technology for regulatory compliance continues to be overlooked despite the overwhelming evidence from recent global regulatory reviews.  The reach for the ‘silver bullet’ to address major shortcomings in capability for regulatory compliance can seem compelling when under pressure to remediate capability gaps. However, is it the right and appropriate response? Is it better and more opportune to adopt a balanced and considered remediation path for enabling technology?

Artificial intelligence and machine learning are arguably at peak hype within financial services.  You could be forgiven if you think you are out of the game if your organisation has not fully considered these technology elements.  The reality is that they should be considered but only at the right time in your process and technology maturity and where it makes operational and commercial sense.  This approach is better suited for achieving expectations for sustainability, resilience and reliability within your organisational capabilities for regulatory and operational compliance. 

Supposed new analytical techniques and methods being applied to structured and unstructured data sources are, in most cases, seasoned and have been with us for some time.  A similar statement can be made for use cases across risk management, anti-money laundering, fraud management and financial and operational risk management.  

For a technology response to be genuinely effective and sustainable, three architectural elements need to be considered, developed, proven and maintained

What has changed is the availability of technology infrastructure and computing power to harness and realise the actionable insights, events and activities such that these analytical techniques can efficiently and consistently identify, process and determine next process steps and tasks for either machine or humans to take.  

The challenge is to define and navigate your own capability roadmap which brings together process, data and technology elements managed by individuals and teams equipped with the skills and competencies to enable and deliver the roadmap so that both compliance and business performance outcomes can be met. Your capability roadmap should be supported by proven global best practice and informed by leading edge technology developments, aligned with organisational risk appetite and tolerances.

An architectural trinity

For a technology response to be genuinely effective and sustainable, three architectural elements need to be considered, developed, proven and maintained. These being process architecture, data architecture and technical architecture.   Process architecture refers to the end-to-end major and supporting business processes and their connectedness and inter-dependencies. Data architecture refers to upstream and downstream data sources and their states of currency, accuracy, reliability, veracity and quality and what form and type of transformations occur across the process architecture. And technical architecture refers to the technology components and services within and external to the organisation which are required to enable, support and operate business processes. 

Meeting regulatory compliance and business outcomes

While it remains imperative that regulatory compliance obligations are met, attaining business outcomes aligned to operational performance and customer engagement are equally valid if the full benefits of technology investment are to be achieved. When these three elements are given due consideration, validated and tested for operability and performance, it is a reasonable expectation that both regulatory compliance and business outcomes have a high probability of being achieved.

How are these three elements addressed and covered in your technology strategy to enable you to meet your regulatory compliance obligations?