The banking and financial-services industry has been among the most regulated industries over the last decade, owing to an increased awareness of the inadequacies within the global financial system. Banks and financial institutions (FIs) of all sizes and geographies have been subjected to various regulations—from capital adequacy and prudential norms to enhanced transparency in the products and services offered to customers with fair and acceptable levels of business conduct. The financial industry has been overawed by the sheer magnitude and volume of regulatory transformation coupled with pressing deadlines, and compliance to regulatory expectations has largely been met in a siloed manner built on tactical solutions that have been far from optimal or efficient. This is largely reflected in regulatory architectures and solution landscapes that are not only complex with high costs of continued compliance but not agile enough to respond to incremental regulatory updates or meet regulators’ most fundamental requests for the demonstration of controls and transparency in compliance with existing regulations.
Although smaller banks and FIs received regulatory relief measures, institutions are still spending enormous amounts of time, money and effort in the regulatory-compliance space, and the industry is looking towards optimizing its regulatory compliance. There is no denying that next-generation technologies have helped transform the industry as a whole, revolutionizing how banks and FIs offer their products and services to customers and enhance their experiences; similarly, these innovations present promising possibilities for regulatory transformation.
Challenges in compliance management
Recommendations for optimized regulatory transformation
Holistic view of the regulatory landscape: Deriving the big picture of enterprise regulatory compliance through a business-driven architecture approach can enable the identification of business functions that overlap across regulations. This can eliminate duplicate processes and streamline them to make them more consistent. For instance, single-counterparty credit limits (SCCLs) require information-gathering around controlling relationships to aggregate exposures. Similarly, information about controlling entities and other key stakeholders must be gathered as part of the U.S. Department of Treasury’s FinCEN’s (Financial Crimes Enforcement Network’s) beneficial ownership regulations, paving the way for cross-leveraging capabilities between these two regulations. Another example is extending the application of the forecasted scenarios and economic variables used for CCAR (Comprehensive Capital Analysis and Review) stress testing in expected loss computations to current expected credit loss (CECL) regulations.
Risk and finance integration: Given the overwhelming overlap between risk and finance attributes in regulatory analytics and reporting functions, integration of risk-and-finance data-provisioning platforms would not only ensure a golden source of data in the enterprise but also enable huge savings for a bank in terms of time and effort spent on reconciling the various regulatory reports across risk and finance. For instance, one example is the reconciliation of the Federal Reserve’s (the Fed’s) CCAR FR Y-14Q with FR Y-9C numbers, a perennial problem to overcome every year. Additionally, the savings derived from optimizing the number of data-aggregation and provisioning platforms for individual regulatory needs can spare millions in licensing and maintenance costs along with achieving greater consistency in disclosures.
Enterprise compliance-management solutions: The biggest challenge for banks and FIs today in regulatory compliance is knowing the superset of all regulations to which they might be subject and the specific aspects of those applicable regulations. Even when conforming with existing regulations, banks face the added complexity of staying compliant with additional regulatory updates. Many tasks in the compliance-management space today are manual and duplicative, with little or no synchronization among the stakeholders at the enterprise and line-of-business levels. The recommended solution for banks is to implement a holistic enterprise compliance-management solution that can track regulations; enable impact assessment; assign ownership; identify risks and controls with implementation; track key issues; and support supervisory review and examination management. This can be very efficacious in integrating all components and bringing in greater optimization levels in regulatory-compliance management.
Model-implementation platforms: Banks and FIs continue to receive MRAs (matters requiring attention) in the areas of data lineage and model governance. The solution for both these problems could be the development of robust model-development platforms. Not only does having a model-implementation platform ensure that the required model governance is established by making models auditable and traceable, but also having a model-implementation platform “talking” to an authoritative data source (ADS) can ensure that the data lineage for disclosures derived from modeling outputs can be traced to the source. For instance, establishing data lineage for the Fed’s FR Y-14M is relatively easier than for FR Y-14A since the latter has disclosures largely gathered from predictive models, which often run as business-managed applications in non-robust IT (information technology) platforms, making traceability an excruciating process.
Rewriting models: The last decade witnessed some of the most analytics-heavy regulations, such as Basel (Basel Committee on Banking Supervision – BCBS), CCAR and CECL, which required banks to develop a lot of predictive models on expensive modeling platforms; they continue to spend huge amounts of money running these models for their regulatory needs. The legacy-model platforms do provide diverse options and flexibility to business users during model exploration or initial build, but once a model is built, rewriting models into more economical modeling alternatives such as R and Python can significantly reduce the spend on managing and maintaining the models year after year.
Consolidated reporting: Most regulations in the last few years have been mandated to address the specific limitations of financial systems across areas of capital adequacy, stress testing, liquidity risk, concentration risk, operational risk and market risk, to name a few. The fact that most of these have run parallel to each other combined with stringent deadlines has meant that banks and FIs have ended up with multiple regulatory-reporting solutions, putting great stress on the overall costs of regulatory reporting and compliance. Banks and FIs need to step back and identify and analyze overlapping disclosure needs and move towards consolidating all or at least most of their reporting needs into a global reporting platform, thus reducing the licensing costs, resources and infrastructure around maintaining multiple reporting solutions.
Digital levers: Banks have benefited from adopting big data platforms and are evaluating the benefits of potentially moving some of their regulatory assets into cloud infrastructure. Additionally, leveraging AI (artificial intelligence) and ML (machine learning) can not only provide additional business or risk insights but also be huge sources of savings for banks on their compliance spends. For instance, leveraging an ML-based model to further screen and optimize the numbers of alerts generated by the rules-based engines for suspicious transactions will directly result in fewer alerts needing to be investigated. This can significantly impact the budgets that banks have set aside to fight anti-money laundering (AML) and financial crimes.
Self-service analytics: Given that most of the recent regulations have been analytics heavy, an enormous amount of money has been spent on supplying the exploratory data sets required by business teams to build predictive models. Data from multiple sources have been extracted by IT teams and provisioned in dedicated sandbox environments, making the entire process very redundant, complex and inefficient. With advancements in big data technologies, banks can enable self-service business analytics for their business users, who can then leverage huge volumes of source data with the added flexibility of historical reach, making the process more efficient and optimized.
Optimizing regulatory compliance is not a one-time activity; it requires continual reviews of business and technology landscapes to identify areas of improvement. Unfortunately, there is no silver bullet for this problem. Understanding the big picture of regulatory compliance, integrated and shared data, application infrastructures and leveraging next-generation technologies is imperative for achieving the most optimized state for regulatory compliance. The objectives at all times should not only be reduced costs of compliance but also assurances that the regulatory transformation is aligned to the enterprise business strategy—and also making the regulatory infrastructure nimble enough to respond to any incremental regulatory asks, future-proofing the business to the maximum extent possible.