The first (and most difficult) step in setting a regulatory compliance framework | Ascent

Compliance and Risk professionals have a tough job. Not only are they responsible for maintaining compliance according to their organizations’ existing regulatory framework, but—more importantly—they are responsible for determining what their firms’ regulatory framework is in the first place.

But first, what is a regulatory compliance framework?

A regulatory compliance framework “is a structured set of guidelines that details an organization’s processes for maintaining accordance with established regulations, specifications or legislation. It outlines the regulatory compliance standards relevant to the organization and the business processes and internal controls the organization has in place to follow to these standards.” (source: TechTarget)

Regulatory compliance framework
When it comes to financial regulation, this process of outlining relevant standards and requirements is the first and foundational step in setting a strong regulatory compliance framework. It is also a huge liability for both financial firms and their compliance / risk officers due to the sheer amount of regulation that exists today.

READ ARTICLE:  Regulatory mapping is key to compliance. Are you doing it effectively?


Faulty foundation of regulatory requirements = susceptibility to risk

On average, U.S. firms are overseen by a handful of regulators (significantly more if they operate globally), and each regulator has hundreds to thousands of pages of regulation that they maintain, update, and enforce regularly. For example, between 2019 and the fourth quarter of 2020, the Securities and Exchange Commission (SEC) published 147 rule changes and 263 guidance notes. And that’s just for one regulator.

With rule changes up nearly 500 percent and a new regulatory update issued every 7 minutes globally, it is increasingly more difficult for Risk and Compliance professionals to identify all of the regulatory developments that apply to their business.

In fact, aligning policies with new and changing regulations is a top challenge for over a third of organizations (35%) according to an Ethics & Compliance Policy & Procedure Management Benchmark Report from Navex Global. In that same report, just over one quarter (27%) of organizations also attested that they are challenged in improving version control, reducing policy redundancy, and inaccuracy.

And yet, many firms continue to try to manage and synthesize this influx of information in the same ways that it always has—by increasing personnel to do the work manually.

Manual solutions only plug the cracks in the foundation

Today, Risk and Compliance teams undergo the tedious and burdensome task of gathering information from:

  • International, national, state, and local legislative action
  • Court decisions
  • Executive actions (regulations, guidelines, and enforcement) 
  • Other supporting legal materials

Once they have compiled this information, compliance analysts then assess those regulatory documents to extract the laws, rules and regulations within them, and analyze those requirements to determine which might apply to their business. After hundreds of hours of hard work, the analysts finally are able to present the foundation for the firm’s regulatory compliance framework back to the business for approval. 

Only then, finally armed with this knowledge, are teams able to begin the real, vital work of compliance—reconciling their obligations with their policies and procedures, creating controls, and implementing compliance throughout the business. 

However, in our current regulatory climate, this process is becoming increasingly impractical. The pace of regulatory change and the cost of compliance haven’t slowed down. At the same time, neither has the cost of non-compliance. In just the last three months, the Office of the Currency Comptroller (OCC) has issued fines of $60 million, $85 million, and $400 million.

Missing even the finest detail within a body of regulation or rule amendment can be disastrous for financial firms’ bottom lines, not to mention their reputation. Like the proverbial needle in the haystack, any obligation missed among the thousands of lines of regulatory information could have severe consequences come audit time.

‘Regulatory knowledge automation’ restores framework from the ground up

What is regulatory knowledge automation?

‘Regulatory knowledge automation’ is the process of using algorithms to create knowledge from data, such as analyzing regulatory text to determine an organization’s applicable regulatory obligations.

By leveraging next-generation technologies like machine learning (ML) and natural language processing (NLP), this knowledge creation work can be completed in mere minutes, at a fraction of the cost, and greater accuracy than ever before.

At a glance: 

  • NLP is the combination of computer science and linguistics that allows computers to understand human language. In essence, NLP takes the dense texts of regulatory documents and “translates” them into machine-readable language. 
  • ML is the capability to “train” systems how to complete a task. Once NLP has translated regulatory text into something that can be read by a machine, trained ML systems can extract the rules and requirements from that dense text.

These two technologies are at the heart of Ascent’s RegulationAI™, a true innovation in regulatory technology. RegulationAI™ is able to:

  • Process thousands of pages of regulatory documents
  • Identify all of the standard requirements that derive from the laws, rules, and regulations within those documents
  • Determine which of those standard requirements correspond to a singular financial firm based on their business practices and unique regulatory burden

You can learn more about regulatory knowledge automation and RegulationAI™ by subscribing to our monthly newsletter Cliff Notes. For more on how Risk and Compliance teams use Ascent to fortify their regulatory compliance programs, visit our website.

Subscribe to Cliff Notes

Subscribe to Cliff Notes

Our monthly newsletter keeps you at the forefront of compliance and technology.