The regtech space is in for a major shake-up, with the FCA‘s new Consumer Duty regulations coming into effect in two months. This presents an opportunity for financial institutions to adopt a new approach to compliance and regulation.
Throughout May, we’ll be examining the past and present states of regtech and compliance, highlighting lessons learned that will shape the future of the sector.
Naturally, as more technology is brought into the regulation space, more compliance challenges arise. Some companies have been able to adapt to these changes and successfully integrate the technology. Others… not so much. But what have been some of the biggest challenges faced? We reached out to the industry to find out.
No funds, no change
More often than not, you will be hard-pressed to find a company that doen’t wish to be compliant. However, due to the risk of a potential loss in profit, some organisations are reluctant to reassign resources to ensure compliance. To make matters worse, it is incredibly difficult to raise funds to assign to compliance teams. Especially in our current climate.
Erika Jackson, compliance and risk specialist at SCALE Healthcare, a healthcare management consulting firm, explains this issue further. She said: “Lack of sufficient resources and allocation of funds for compliance are noted areas of strain that many companies are experiencing. This strain appears to be increasing in our current economic climate of uncertainty too. While compliance teams are in need of more resources, the funds simply aren’t available.
“The support of consultants, fractional compliance officers and utilisation of some of the free resources CMS, HHS and industry leaders offer can provide the needed support. All the while alleviating some of the strain and staying within budget constraints. This not only saves the cost of additional personnel, but it also provides access to industry experts. Experts who can address issues more appropriately and expeditiously, ultimately saving time and money.”
Personally Identifiable Information (PII)
A huge hurdle that organisations often find themselves stumbling upon is privacy regulations. Patricia Thaine, CEO and co-founder of Private AI, the AI privacy solutions provider, explains which data sets have caused problems for organisations and how the introduction of AI can help deal with this problem.
She said: “One of the biggest challenges companies face when complying with privacy regulations is finding the Personally Identifiable Information (PII) within their systems. Especially when we’re dealing with unstructured data like pdfs, docx, emails, video and audio recordings, etc.
“To assess the privacy risk and obligations within unstructured data and to achieve compliance, AI technologies are instrumental. AI can help automate the process of extracting and analysing relevant information from unstructured data. Meanwhile, it can also detect and redact personal information to ensure that it is properly protected.”
The generative AI threat
When looking to describe the evolution of generative AI, it can only really be described in one way: a double-edged sword. While it is fantastic to see the technology come as far as it has, in the wrong hands, it can be disastrous. Farnoush Mirmoeini, co-founder of KYC Hub, an automated infrastructure for global KYC/AML compliance, explains how important it is that regtech is able to catch up to deal with these developing risks.
“With the advent of generative AI, regtech needs to do a quantum leap in order to keep up with the risks that such new tools in the hands of criminals would pose. Generative AI will enable fraudsters to easily create realistic images and videos. Media that is designed to hoodwink ID, biometric and liveness verification technology.
“Generative AI can furthermore provide tools to criminals to create sophisticated patterns for money laundering and fraudulent transactions. When used together with instant payment technologies, they can have destructive effects on organisations. Especially ones with weak compliance infrastructure.
Understanding the risks involved
“Organisations need to develop a deeper understanding of the risks associated with their business. They must be proactive in building compliance programmes that are best suited to their use case. In turn, they have to move away from a tick-in-the-box approach of performing point-in-time sanction checks and ID verifications,” continued Mirmoeini.
“Compliance teams, therefore, need to gain an understanding of new technologies and tools available in the market. Additionally, they must move to develop compliance programmes that are able to quickly adapt to new risks and new changes in the landscape. This can only be achieved by using tools and software that can be easily adapted to new risks and by avoiding excessive manual processes and technology debt.”
Not just marketers at the table
Nicky Watson, founder and chairperson at Cassie CMP Solution at Syrenis Ltd, the consent and preference management platform, took a holistic approach to regtech challenges, stressing that marketers are no longer than only ones deciding how consumer data is used: “The technology and regulation landscape is evolving more rapidly than ever before.
“This requires marketers to pivot their strategies in order to stay competitive – and compliant. Marketers no longer have the only seat at the table when it comes to deciding how to manage consumer data.
“In today’s world, marketers must collaborate with compliance and data architect teams to identify the best strategies for doing so while simultaneously meeting each department’s (sometimes competing) goals. There is changing sentiment from consumers when it comes to cookie tracking. New privacy laws are coming to the US that mirror the UK’s stringent GDPR privacy regulations.
“Companies that update their consent approach to consistently and transparently communicate with their customers will not only get ahead of privacy laws, but they’ll also gain a competitive advantage by building trust with their customers before more transparency becomes mandatory. Marketing teams should be honest about how they collect data and empower customers to decide what information they share.
“In a post-cookie world, it will be an arms race with adtech and marketers looking to capitalise on the most effective ways to respectfully gather customer data. Doing so with, consent and provide targeted personalised content.”
No longer a tucked-away department
Preparing for any situation involving risk is the essence of a compliance team. However, back in January 2020, only one team studied by VinciWorks, a provider of online compliance training and risk management software, had some groundwork in place in case of a pandemic. Teams must be better equipped.
As technology has evolved, compliance teams can no longer be a tucked-away department explains Gary Yantin, director of best practice at VinciWorks. Rather, they must be an expert on organisational culture.
Yantin said: “The challenge of compliance has always been dealing with constant change. How does an over-stretched team cut their way through regulatory thickets and bring some sense of order when it feels like the landscape is constantly growing and shifting? Not to mention preparing for the unforeseen challenges that come out of nowhere.
Compliance only becomes more complex
“Of all the compliance teams we spoke to back in January 2020, only one had the potential impact of a global pandemic on their risk register. With working ways evolving in a hybrid manner and workplaces going global, compliance teams have a world of complexity to deal with. The risks of getting it wrong are increasing. From reputational damage to possible sanctions breaches in supply chains rife with geopolitical challenges,” continued Yantin.
“That’s why we’ve seen a rapid evolution in the role of compliance, too. The old-school compliance function used to be tucked away in the legal department. But the compliance officer of the future needs to be an expert on organisational culture rather than a legal scholar.
“As the drivers of compliance shift from regulatory change to global best practices, building an inclusive, supportive, and open environment across a global workforce is the fundamental factor in risk management. So, compliance officers must be experts in leading their whole business on a journey to a better culture.”