Regulatory Technology webinar for JCOA
In July, our Business Development Manager, Edmund Hatton, held a Regulatory Technology webinar for the Jersey Compliance Officers Association.
Edmund’s presentation, titled “Industrial Revolution 4.0” talked through how RegTech can help businesses improve efficiency, profitability and maintain the ever-changing uncertainties, faced by regulations.
Edmund shares some exclusive critical takeaways from his presentation on how blending the use of newer technologies is helping shape the future.
Regulatory Technology is not just for financial services businesses, any organisation that complies with regulations, codes of practice, or even internal standards can benefit from the use of RegTech.
Managing Regulatory problems in a secure environment, customised to your business sector, while delivering a wealth of audit and reporting, third party integrations and increased levels of user experience are key aspects when delivering enhanced process improvement and operational efficiency.
Soon regulators will expect additional technology stacks to be used to validate and verify your clients and entities ongoing due diligence, monitoring and reporting requirements because the way criminals, shell companies, fraudsters and opportunists generally work in the modern world is by staying ahead of the current technology standard and using techniques not quite rolled out to industry. A stack of technology, delivering AI driven machine learning, that mines structured and unstructured data, blended with real-world verification and validation, is much harder to beat, trick or deceive.
Digital Transformation of Regulations
- The continual increase in regulation is becoming overwhelming, and almost unmanageable without intelligent systems, mitigating, reminding and delivering key updates at the right time. For example, albeit for a mixture of industries, there are over 750 regulators globally issuing on average 201 daily regulatory alerts.
- With a wealth of ongoing regulatory change existing and continuing with the likes of MiFID II, Basel III, AMLD5, ISOSCO, ISO22022, Dodd-Frank II, or simply a local jurisdictional update to our beloved AML handbook, the terminology of text-based directives can be daunting even to the most seasoned professionals.
- By digitalising text-based compliance manuals into robust, digital, regulatory data and bringing them inline with AI driven solutions, RegTech emerges as a powerful facilitator when analysing this structured data. What is more, the use of ‘compliance by design’ reinforces the culture of compliance.
There are over 750 regulators globally issuing on average 201 daily regulatory alerts.
- RegTech deployment on the cloud is picking up speed, Innovative cloud-based services and niche deliveries are taking shape, the RegTech ecosystem continues to gain strong adoption within the compliance landscape.
- Barriers to adoption are breaking down as the transition of compliance operations are happening more seamlessly. For instance, data sharing, near real-time validation, customised workflows and dedicated tools for the various touchpoints within your onboarding process have started to become the norm.
- Historically, regulators had drafted and published recommendations on the use of Regulatory technologies, this guidance globally has been inadequate and, in many cases, becomes out of date as newer technologies are presented.
- In the coming years, it will be a standard toolset used by regulatory authorities all over the world to manage their activities, registrations, investigations and so on.
- It’s rare for professionals working in industry to deceive investors or forge documents - it’s more likely that an individual would simply have made a poor judgement call on their time, had too many plates spinning, missed a valuable piece of data or not updated a record.
- In the last ten years, compliance failures within the financial services industry have paid over $360 Billion in fines and penalties. That does not include negative media, reputational damage or loss of shareholders confidence.
- The vast majority of these shortfalls could easily be managed by leveraging technology at the right time. Implementing this change might sound expensive, but if your business fails to spot something adverse, you may start to wish you had kept up with the curve.
So how does RegTech work?
RegTech eases the burden of compliance costs, streamlines the processes and improves the wealth of insights, enabling faster client acquisition, onboarding, the ongoing monitoring of those clients, the detection of any adverse events such as risk, fraud and media, and can help with the reporting of these findings, ready for your MLRO to analyse and report if required.
The latest generation of RegTech leverages a growing stack of technology. Historically, a simple workflow process would be sufficient to provide enhanced levels of efficiency, however, with the ongoing development of regulations, cybersecurity threats and the expectation of using newer technologies to validate multiple points on a customer journey, RegTech is becoming more advanced by the day.
Onboarding refers to signing up of new customer, the collection and validation of their KYC/B and supporting documentation. To counter threats from money laundering and anti-terrorism financing, financial institutions must be able to identify the individual or entity and perform various checks to ensure the customer and their funds are legitimate.
This also includes full evidence, policy and procedures that your staff have indeed conducted these steps and having an audit and reporting feature throughout this process makes any subsequent investigation or remediation much easier and improves transparency.
Technologies starting to become prevalent
1. Biometric Technology
In the most simplistic term, biometrics allows a person to be identified and authenticated based on a set of recognisable and verifiable data points, which are unique and specific to them. These characteristics are based on two factors; physiological and behavioural. Physiological refers to face, fingerprint, hand, iris and DNA. Behavioural refers to keystroke, signature and voice.
The move towards multifactor authentication opens a door for biometrics as part of these solutions. Combining that with mobile platforms is a winning combination.
2. Digital Signatures
A digital signature is essentially an electronic signature; it is a mathematical algorithm routinely used to validate the authenticity and integrity of digital communication. Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect the information in digital messages or documents.
When a signer electronically signs a document, the signature is created using the signer’s private key. This is always securely managed by the signer. The mathematical algorithm acts as a bridge, creating data matching the signed document, called a hash. Once matched, the data is encrypted, and your document is complete.
The resulting encrypted data becomes the digital signature. The signature is also marked with the time, date and even IP address of the signer along with the production of a complete Audit Report.
If the document is amended after signing, the digital signature is invalidated and, in most cases, will notify all parties involved in the signed contract.
When selecting a digital signature, one should consider the status of that application, the most respectable digital signature is an e-IDAS qualified signature, which can only be provided by a trust service provider, e-IDAS is globally recognised as the highest level of digital signature assurance.
3. Artificial Intelligence
AI has a somewhat disturbing reputation - many of us have fond childhood memories of watching Terminator, Robocop or the rather watered-down iRobot. AI is not actually new, the first concept of Artificial Intelligence was from the 1950s, it came from a pair of scientists called Minsky and McCarthy, Their observation was that any activity not performed by a human that required some sort of intelligence to accomplish was classed as AI.
Fast forward to today, AI systems will typically demonstrate at least some of the following behaviours associated with human intelligence: planning, learning, reasoning, problem-solving, knowledge representation, perception, emotion, manipulation and, to a lesser extent, social intelligence and creativity.
AI is more a part of daily life than many of us realise; the reality is that if you own a smartphone or have an Alexa at home, you already have the very latest in AI technology.
CEO Sundar Pichai claimed that artificial intelligence (AI) will be more transformative to humanity than electricity.
4. Cognitive Learning
Cognitive learning is one subfield of Artificial Intelligence. The Cognitive learning process takes data and “learns” for itself, applying knowledge and training from large data sets for facial recognition, speech recognition, object recognition, translation, and other tasks.
Cognitive learning enables a system to learn to recognise patterns on its own and make predictions as opposed to a coded software program that contains specific instructions to complete a particular objective.
5. Sentiment Analysis
Sentiment Analysis is the process of determining whether a piece of writing is positive, negative or neutral. For example, an aspect-based classifier would be able to determine that the sentence "The battery life of this camera is too short" expresses a negative opinion about the battery life.
6. Natural Language Processing
Natural Language Processing, usually shortened as NLP, is a branch of artificial intelligence that deals with the interaction between computers and humans using the natural language. The ultimate objective of NLP is to read, decipher, understand, and make sense of the human languages in a valuable manner. NLP is the driving force behind common applications such as, language translation applications such as Google Translate, word processors such as Microsoft Word and Grammarly that employ NLP to check grammatical accuracy of texts and personal assistant applications such as OK Google, Siri, and Alexa.
7. Identification and verification
By utilising a secure and compliant identification and verification tool you can now;
- Request a selfie picture and or video
- Take a photograph of the passport
- Record the session
- Scan the RFID chip within passport & verify authenticity
- Analyse the selfie video for biometrics and match against the passport
- Provide a unique verification code e.g. 17049
Once read out loud, the voice verification confirms whether this is correct. Passport details are then screened for basic PEPs, Sanctions checks. Once approved, the individual can be sent a contract or terms and conditions via email with an e-IDAS qualified digital signature which uses a one-time password (OTP) for validation.
Commonly, address verification has been achieved manually by receiving a utility bill, and that has been sufficient to date. However, it’s now possible to validate and verify a residential address with the use of technology, geo-location and additional facial recognition. The latter allows for the customer identification to be verified and validated in under 5 minutes, a drastic improvement to the manual process or the many non-compliant apps available.
8. AI-Driven Due Diligence
When screening an individual or a company, the use of multiple databases is common. Mostly, a single provider will re-sell structured data; this is fine and has worked historically. However, as the internet is doubling in size every 24 months, the quality of this data can easily be diluted, replicated or lose credibility.
The great thing about AI is that it can be leveraged to identify the correct entities based on a variety of data points, e.g. picking up on a location mentioned in several online publications or inspecting specific IP addresses associated to articles or publication.
Structured data is easy, as its more a validation exercise, pulling back records from data sources and when it comes to unstructured data, AI has the ability to review thousands of social media posts, blogs and forums and leverage sentiment analysis to understand the tone of voice and emotions used.
This is all key when investigating and conducting enhanced due diligence, something that historically has taken weeks or even months for a report, and can now be done in a matter of minutes, ensuring that every possible avenue available on the open-source and subscription service internet is researched and evaluated and the positive findings are then presented as a dashboard.
9. AI Driven RegTech Systems
AI driven RegTech systems can support your business with operational efficiency, improved accuracy and validation, instantaneous classifications of subjects, resulting in faster false positives being discounted, risk ratings and continuous learning, ensuring subject connections become organically matched throughout the ongoing due diligence process.
An example of how AI – Cognitive Learning works.
The current and historic way a search engine and adverse media algorithm works is as follows;
Officer Mason Hennessy arrested criminal Terry Flannigan.
Mason Hennessy appears near a negative keyword, so he is flagged as a risk.
The reality is;
|Officer Mason Hennessy||arrested||criminal||Terry Flannigan|
- As you can see ‘Officer Mason Hennessy' has been identified as a Person
- The word ‘arrested’ has been identified as a Verb
- The word ‘Criminal’ has been identified as an adjective.
- The name Terry Flannigan has also been identified as a person
- And Cognitive AI has established the Risk is ‘Terry Flannigan’.
Syntactical language processing tells us that Mason Hennessy is not the adversely affected party in this text, and there for will highlight Terry Flannigan as a risk.
Cognitive learning will also
- Identify incorrect common spelling of names, addresses and ages
- Ability to search multiple languages
- Search all search engines, blogs, forums, social Media, and RSS feeds
- Covert findings to English or English to Arabic
- Provide a confidence rating, e.g. Officer Mason Hennessy is a police officer. High Rating
- Can discover relationships between parties throughout the learning process
- Remove duplications
- Ensure real time reporting on these entities
If you are not exploring the use of AI and Cognitive learning when conducting your due diligence, you;
- Are not guaranteed to find the best possible information available
- Require considerable time to review the findings and remove the false positives
- Increase your time spent
- At best, will be forced to rely on your existing sources
KPMG predicts that, by the end of 2020, RegTech will make up 34% of all regulatory spending. What’s more, it won’t peak there. They also predict that spending on compliance technology will grow by 48% year on year for the next five years. It is clear compliance departments are about to transform.
By automating daily routine tasks, RegTech can significantly cut the low-level workload. The time required for KYC checks, for instance, which typically take one to three months, can be cut by 90% - a staggering 5.4 million hours a year in time savings.
But RegTech isn’t just about speed. What’s more important is that with less time required for low-level tasks, human compliance capital can focus on analysis, strategy, and the development of better systems and controls. In other words, they can deliver more value.
A 2017 study found tech can cut anti-money laundering costs by 42%, saving banks £2.7 billion (about $3.6 billion) a year.
These savings free up funds for more investment and better returns for stakeholders. More importantly, they can be passed on to consumers in the form of better rates and more cost-effective products.
Jersey has every opportunity to become a leader in RegTech and become a highly recognised innovation centre of excellence; nothing is stopping our collective success as an industry. Unlike many other FC’s, Jersey integrates seamlessly through the various associations and presents so much cross-collaboration with innovation.
By providing cutting edge technology through your business to your clients, you will become more efficient, affordable and provide valuable additional resources to what matters the most; compliance review and approvals, strategy, customer satisfaction, relationship management, reporting, brand and continual growth.
Compliance departments should be reviewing already analysed data, providing them more time to evaluate, review and approve new business.
Here are some light suggestions on how an organisation can increase internal innovation without considerable spend. Ask yourself this:
- Does your business currently have an innovations officer, or internal representative utilising their spare time to promote innovation, efficiency and exploring where additional profitability can be driven from advances in technology? This can very easily be your internal IT guy, a Marketing professional or someone with a keen eye for technology generally.
- Does your business make contributions to thought leadership sessions, open forums and get involved in local events?
- Do you currently have a university graduate trainee programme, where you can attract some of the youngest and brightest minds?
Building internal skills and a diverse range of knowledge is key when ensuring success, to date compliance departments have generally been process driven. IT has dealt with the technology and, it’s becoming more common for IT to become involved in Compliance projects, so compliance will need to continue growing their IT skills in order the understand both regulations and the computer systems.