Staying on top of regulatory changes and risk exposure

Regulatory changes and risk exposure

If you are looking at a long career in the compliance business, you cannot help but notice how things have changed over the last decade or two. Everything is bigger and more complex nowadays, isn’t it?

At the turn of the millennium the typical compliance department in many financial institutions was just a one-man show, with a few more people looking at other aspects that touch on the typical responsibilities we are so accustomed with now. Following the Global Financial Crisis of 2007/2008 staff numbers have skyrocketed. Research shows that as a consequence an estimated 10-15% of total workforce at financial institutions is dedicated to governance, risk management and compliance. A report put this in absolute numbers and suggested that tier one banks are spending well in excess of $1 billion a year on compliance-related costs, or some $270 billion a year for the industry as a whole.

This became necessary because the industry had been hit by a tsunami of new regulations. Counting only the last five years from 2015 until the end of this year approximately 300 million pages of regulatory documents will be published. FinTech alone is said to face almost 400 new regulations in the next two years. At the same time, regulators have shown an appetite to issue large fines for the shortcomings of banks and other financial institutions before, during and after the crisis. And there are no signs of slowing down: while we have yet to see enforcement actions of the likes we have witnessed in the last decade, there is no doubt that there is likely to be rather more than less work for compliance departments. For example, a recent study from Regulatory Studies Center at the George Washington University showed that staffing for Federal Regulatory Agencies in the U.S. focusing on Finance and Banking had increased by more than 30% from 2010 to 2019 (as opposed to a meagre 3% between 2000 and 2010). It also shows that at the current rate more than 180,000 pages are published every year in the code of federal regulations.

Great strides

Fortunately, technology has made great strides, too, and the tools compliance professionals have at their disposal today are no longer limited to spreadsheets. Innovative technologies like AI and machine learning, Biometrics, Distributed Ledger Technology, Open API and Big Data Analytics have changed the financial industry in general and regulatory technology in particular. RegTech has become the label of the digital revolution that is taking place and transforms all aspects of the compliance lifecycle.

Getting back to the aspect of new regulations and the enormous number of new rules that financial institutions have to track, decode and implement into their own processes, regulatory change is one of the most important fields of application of RegTech. Regulatory change is one of the biggest challenges for companies today. Especially for businesses in a highly regulated industry such as financial services, things can be even more complicated and can be incredibly hard to keep up to date with.

It is not only that new laws and regulations are being proposed and approved almost on a daily basis. The existing rules are concurrently being amended and updated to adapt to the new realities the industry faces: the application of blockchain technology in cryptocurrencies has created an entirely new field financial instruments that need to a regulatory framework. Open banking and the digitalization of financial services has transformed the sector and therefore the rules have to change, too. As a result, the complexity of regulatory changes can often feel overwhelming and may seem like a constantly moving target. Besides all this, regulators are increasingly demanding more detailed information and reporting, at greater levels of responsiveness and accuracy.

Keeping up with compliance regulations by creating the necessary internal procedures and implementing them isn’t a matter of choice, it is an obligation and a necessity that needs to be addressed in the most efficient and productive way possible.

A competitive advantage

But it is not only a question of playing by the rules and being able to prove it. A powerful compliance software should help your business maintain national and even international compliance standards, whilst also helping you keep up to date on reviewed policies. Only then it goes beyond the necessary and creates a competitive advantage for an organization.

It is a tempting and powerful proposition and has attracted a number of firms that seek to provide a solution that can do all this.

The right solution

However, such a solution can be nothing less than a real-time, risk-driven client lifecycle management platform with full ownership of policy automation. That is what KYC Portal (KYCP) offers with its fully dynamic built-in configuration engine, which allows your compliance team to dynamically tweak, define and maintain their entire regulatory framework. It achieves this not only at company level but at service and product level as well. This gives compliance teams the possibility to set the system in such thorough detail to create and tailor an entire process based on the kind of risk one perceives.

The settings include but are not limited to, the definition of the risk-based approach, the review process, the actual scoring methodology, the data that is required for each type of entity, the document requirements as well as the associated risk levels for Enhanced Due Diligence processes, the digitisation of questionnaires and forms with embedded risk (to remove manual checking of each and every form being submitted), the definition of statuses, roles, rights and also the workflow and rules engine that allows the operational team to define within KYC Portal the actual logic on who needs to handle what, based on risk, status and authority.

Allowing clients to define and tweak such processes, in real-time and also at service level, allows for utmost flexibility. The ability of having a real-time perception of the risk, based on the same service offered, but within different jurisdictions is indeed powerful. Also, such changes are instantly perceived not only on subjects going forward but also on all past subjects so whenever a change or new adoption of risk interpretation is applied, the system will instantly re-assess all the subjects in the database, re-calculate the risk and alert the compliance team should the subject have moved across the brackets of the risk-based approach.

The entire lifecycle

Another important element of the right solution is its capability to cover the entire lifecycle of a client relationship. The moment a financial institutions on-boards a new customer, it is exposed to risk. A risk that is not limited to the surface of the client relationship but extends to individuals, suppliers, operators, affiliates or any other business relationship. Given the complexity of regulations and the framework firms operate in the manual approach of due diligence is no longer fit for purpose. Too time consuming, it is unable to constantly assess the risk in real-time can cause major issues of risk exposure. Risk can vary on so many factors due to all the regulatory changes and updates, that it would be impossible to monitor all subjects manually.

On the other hand, KYCP’s automatic risk assessment is constantly checking the risk based on all factors that you feed the system with, and in real time, instantly alerting the compliance team when the organisation is exposed. The real-time calculation of risk allows for newly on-boarded subjects whose risk is low, to be automatically approved without involving any human interaction. On the other hand, the second a subject is marked as high risk for whatever reason, the compliance team is notified to put the on-boarding process on hold until the risk is assessed and cleared.

Overcoming obstacles

One of the key obstacles RegTech firms in any discipline face, is the existing structure of financial institutions like the use of legacy systems or methodologies, which often prove incompatible with new solutions. KYCP, however, allows the organisation to set the system in such a way that it tallies with their current methodologies to overcome any issues that may arise. The entire solution was built specifically for the compliance function within organisations, the requirements of which were actually drafted by senior personnel within compliance functions in various industries on the market. Based on these invaluable insights into how compliance teams work across various markets and industries, KYCP has created  a complete end-to-end Client Lifecycle Management solution on the market that helps organisations stay compliant with all the regulatory changes, and be in full control while risk exposure reduced to a minimum.