New rules: stay ahead by predicting regulatory risk

Finan­cial ser­vices firms that can pre­dict prob­a­ble reg­u­la­tion can use this insight to improve busi­ness prac­tices, avoid non-com­pli­ance, and cre­ate a more pos­i­tive rep­u­ta­tion with clients and author­i­ties.

“Reg­u­la­to­ry expec­ta­tions are not sta­t­ic,” says David Law­ton, part­ner at con­sul­tan­cy Alvarez and Marsal, and for­mer direc­tor of mar­kets pol­i­cy and inter­na­tion­al at the Finan­cial Con­duct Author­i­ty. “Issues and approach­es, which might have been under the radar ten years ago, sud­den­ly come to the top of the agen­da, and firms will then have to scram­ble to con­firm they are not falling foul of these.”

Post-cri­sis bank­ing has had a rel­a­tive­ly con­sis­tent stream of court cas­es and reg­u­la­to­ry rul­ings as his­toric prac­tices are brought to light and found want­i­ng. These range from engage­ment in car­tel behav­iour when set­ting the Lon­don Inter­bank Offered Rate (LIBOR) bench­mark to tax advi­so­ry busi­ness, which was found to be help­ing eva­sion, rather than avoid­ance. More­over the sets of rules that frame finan­cial ser­vices activ­i­ty have changed con­sid­er­ably in this peri­od.

Using process management tools to keep abreast of new rules  

“We have had to man­age a wave of new rules since the 2007/8 cri­sis,” says Jean-Marc Gui­teau, head of reg­u­la­to­ry tech­nol­o­gy (regtech) for BNP Paribas Secu­ri­ties Ser­vices. “The size of the wave is reduc­ing now, but that does not mean the flow of work is becom­ing less con­stant. While new top­ics are not aris­ing, the rules that have been set are con­stant­ly being fine-tuned and cor­rect­ed.”

To keep abreast of both chang­ing rules and themes, finan­cial ser­vices busi­ness­es must have a sol­id set of process­es, which can cap­ture that infor­ma­tion and inte­grate it into plans and oper­a­tions.

“Even if you are cap­tur­ing all the data from reg­u­la­to­ry announce­ments and feed­ing that back into your bank, you still need to ensure you have qual­i­fied what effect that infor­ma­tion has on your busi­ness,” says Mr Gui­teau. “You need busi­ness process man­age­ment tools to bring the new rules into your work­flow. That must feed into your poli­cies, pro­ce­dures and doc­u­ments. As a result there is not one sin­gle tech­nol­o­gy that address­es the end-to-end solu­tion; it will be a mix, and will depend on the com­plex­i­ty and scale of your busi­ness.”

Tech­nol­o­gy providers are find­ing fer­tile ground in their sup­port for man­ag­ing reg­u­la­to­ry risk. Research by Alvarez and Marsal, pub­lished in Jan­u­ary, found that of 352 regtech star­tups, the largest seg­ment (84) were offer­ing sup­port for reg­u­la­to­ry com­pli­ance and the seg­ment of firms that showed most growth (68.8 per cent) in their col­lab­o­ra­tion with banks, reg­u­la­tors and domain experts was com­pli­ance sup­port.

Regulatory tech helps 360º visibility of compliance

Work­ing with regtech providers can help finan­cial insti­tu­tions of all sizes to tap into new tech­nolo­gies and over­come any lim­its that exist­ing IT infra­struc­ture might have. Where the prac­ti­cal chal­lenges of super­vis­ing activ­i­ty once required an expan­sion of head­count and man­u­al pro­cess­ing, the increas­ing elec­tron­i­fi­ca­tion of busi­ness is mak­ing auto­mat­ed super­vi­sion more viable.

“If you are a human, you might have to look at sam­ples of all the events that have occurred to mon­i­tor com­pli­ance. How­ev­er, if you have a machine doing the mon­i­tor­ing, it ought to be look­ing at 100 per cent of events,” says Michael Gre­coff, chief exec­u­tive of regtech firm Bay Street Tech­nolo­gies.

Bri­an Collings, chief exec­u­tive of Tor­stone Tech­nol­o­gy, observes: “Recent­ly the reg­u­la­tors have been mak­ing sure the rel­e­vant data is being pro­vid­ed from finan­cial firms, but increas­ing­ly the focus will be on the qual­i­ty and com­plete­ness of that data. Firms now need to show there are sys­tem­at­ic con­trols in place to ensure you are pro­vid­ing accu­rate reg­u­la­to­ry and com­pli­ance report­ing.”

The key is an integrated approach and qualification of data

A grow­ing num­ber of report­ing require­ments have made firms more trans­par­ent, par­tic­u­lar­ly in the areas of trad­ing activ­i­ty, risk man­age­ment and fees. Many busi­ness­es are cap­tur­ing that data and feed­ing it back into the firm to build a sin­gle view of risk.

“An inte­grat­ed approach, when deal­ing with reg­u­la­to­ry com­pli­ance, is also a much more effi­cient way of pro­vid­ing accu­rate reg­u­la­to­ry and com­pli­ance report­ing, because the qual­i­ty and com­plete­ness are already part of your reg­u­lar dai­ly oper­a­tional process­es, so with min­i­mal addi­tion­al effort, you can add the con­trols to ensure the accu­ra­cy,” says Mr Collings.

The key to deriv­ing val­ue from tech­nol­o­gy in this way is to ensure that infor­ma­tion is turned into usable knowl­edge, notes Mr Gui­teau.

“This kind of widened data access and the capac­i­ty to man­age more data is use­ful, but you can reach a point you have so much data you don’t know what to do,” he says. “So I do believe broad­ly that the more data we have, the more con­fi­dence we can get, but we have to be cau­tious regard­ing the qual­i­fi­ca­tion of the data, its analy­sis and that any deci­sion we take [based upon it] is in con­text.”

Reducing regulatory risk by applying risk management strategies to compliance

The clas­sic mod­el of risk man­age­ment is to oper­ate three lines of defence in which the busi­ness line man­ages risk, over­sight is pro­vid­ed to check that man­age­ment and then the process is audit­ed to assess its suc­cess. Impos­ing this with­in com­pli­ance allows firms to improve con­trol of their expo­sure to reg­u­la­to­ry risk. This must be built upon thought­ful­ly if firms are to han­dle reg­u­la­tion suc­cess­ful­ly as they do oth­er risks.

“To take a risk-based approach you need to first con­sid­er the inher­ent risk­i­ness of what you do; sec­ond­ly, the com­fort you have in your first-line con­trols around what you do; and third, keep a for­ward-look­ing eye on the poten­tial for reg­u­la­tors to move their own focus as to what is impor­tant,” says Mr Law­ton of Alvarez and Marsal.

It will be nec­es­sary for busi­ness lead­ers to cre­ate the right envi­ron­ment for a risk-based approach to bed down and to enable change

To some extent that will require invest­ment in, and engage­ment, with new tech­nol­o­gy providers to devel­op capa­bil­i­ties that meet the expec­ta­tions of author­i­ties.

“If you are a large firm and you do not bud­get appro­pri­ate­ly to use the lat­est tech­nol­o­gy, then you could be fail­ing your reg­u­la­to­ry oblig­a­tions,” warns Mr Gre­coff.

How­ev­er, it will be nec­es­sary for busi­ness lead­ers to cre­ate the right envi­ron­ment for a risk-based approach to bed down and to enable change.

Mr Gui­teau con­cludes: “Senior man­agers have to sup­port not just the cre­ation of ideas, but they must give the time to test and run new solu­tions.”