Can RegTech's Transformation Lead to Proactive Compliance?
Regulatory compliance in the financial services industry is undergoing a fundamental transformation. RegTech holds promise, but can it lead the industry to a future of proactive compliance?
Reactive compliance may not be sufficient anymore
In the securities sector, compliance processes have always centered on policy-driven reviews of actions of registered employees. This is to hopefully uncover non-compliant activities that could lead to fines or sanctions and avoid closer regulatory scrutiny. However, relying solely on traditional, after-the-fact inspection of activities of regulated users can contribute to compliance gaps. Here’s why:
- Business communications undergoing review have already been delivered and have likely received a response or reply from others who are not regulated
- Content containing potential policy infractions has already been stored in a long-term system of record
- Increasingly, activities are likely to be delivered on interactive digital communications tools including voice and video platforms, embedded apps and emojis
- Conversations take place across multiple communication channels
Today, after-the-fact procedures alone may be necessary but not sufficient. Finding a simple policy infraction in a two-hour-long persistent chat with 100 participants, multiple files and video attachments, and sprinkled with smiley-face and four-leaf clover emojis is not easy if relying solely on a set of lexicons.
Now apply that same exercise against a sophisticated money-laundering scheme, and you’ll appreciate the complexity that data volume and variety have unleashed.
The push to adopt AI/ML-powered compliance technology
Many financial services organizations are attempting to address this challenge through a broad, forward-looking set of analytically driven technologies. These are collectively referred to as RegTech, or individually by their underlying artificial intelligence or machine learning-driven (AI/ML) technologies. In fact, a recent FINRA report on the adoption of AI in the securities industry indicated that 77% of all financial services respondents anticipate AI to possess high or very high overall importance to their businesses in the next two years.
Both the SEC and FINRA are aggressive consumers of AI/ML in their inspections tools and have stated publicly that they expect firms to be embracing these technologies in their compliance programs.
Unfortunately, the discussion of RegTech or underlying AI is often oversimplified as an either/or battle of human versus machine. One extreme argues that we’ve finally arrived at the tipping point where the keyword-based inspection of information is now producing diminishing returns. The opposite perspective stresses that AI requires a significant level of investment and training to develop even a rudimentary understanding of a firm’s regulatory policies given the plethora of unique content sources that each firm uses today.
FINRA’s June AI note stated that “data is the lifeblood of any AI application. Accordingly, the quality of the underlying dataset is of paramount importance in any AI application. One of the most critical steps in building an AI application is to build the underlying dataset, as AI applications are best positioned to yield meaningful results when the underlying datasets are substantially large, valid, and current.”
We see this moderate view — where AI is applied as an extension of a clean, policy-controlled dataset — as ultimately prevailing for most firms.
RegTech enables proactive views of known and unknown risks
So, while RegTech is not a panacea, it does offer the transformative potential to help firms adopt a more proactive posture toward compliance, both of the regulatory variety as well as other forms.
For previously identified risks that can be encoded in policies (e.g. harassment or use of restricted words/phrases), firms can use modern, cloud-based content capture and archival systems that aggregate and normalize today’s social, collaborative and mobile-first content sources to spot possible red flags. Those point-in-time red flags can then be interrogated by AI-driven surveillance tools to aggregate points with other data to uncover patterns, sentiment and behaviors and arrive at a determination of risk.
Conversely, when the AI tool encounters a suspicious pattern that is not expressed within inspection policies (i.e. a sophisticated insider scheme that crosses multiple communications tools or uses expressions encoded by combinations of emojis), those policies can be adjusted to account for those new risk patterns. Ultimately, firms will improve their ability to detect and respond sooner to bad behaviors and previously undetected risk vectors. This helps them elevate compliance mandates and drive greater efficiencies while defending against criminal risks and protecting their brand reputation.
The ability to augment expert-driven policy inspection with RegTech will allow firms to shift their focus from reactive compliance to more proactive safeguards in response to today’s data volume and variety.
Join Robert and guests for a discussion on additional benefits of proactive supervision, "Expanding the Sphere of Supervision Value," on Tuesday, September 29 at 10am PDT.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US