Skip to main content
Category

Blog

Apr 08
Love1

5 Quick Ways to Beef Up Your AML Program

By Blog

For compliance executives, steering clear of inadvertent involvement in money laundering should be a top priority. The challenge, of course, is that money laundering typically happens in the financial shadows and is, by design, difficult to spot.

The Challenge of Truly Knowing Your Customer

The Bank Secrecy Act, USA Patriot Act, and their associated regulations impose a heavy burden on U.S. financial institutions to combat money laundering. Similar obligations saddle firms in other jurisdictions. So-called “Know Your Customer” (KYC) obligations form the centerpiece of the laws’ anti-money laundering (AML) provisions affecting the financial sector.

KYC programs typically comprise two related, but separate, efforts: Customer Identification Programs (CIP) and Customer Due Diligence (CDD) initiatives.

Each requires firms to gather, verify, and monitor information on their “customers” (a term that encompasses a variety of counterparties) in order to flag suspicious profiles, behaviors, and transactions that may raise the red flag of money laundering.  

Straightforward in concept, the devil for these duties is in the details. Most firms meet their obligations through a combination of low-tech, customer-side information gathering followed by efforts to verify and monitor that information through third-party databases.

Those efforts can be effective as a first pass, but compliance officers often feel understandable angst about whether they’re enough. After all, no one wants a FinCEN enforcement action or, worse, a subpoena from prosecutors in the Southern District of New York, to serve as a test of the effectiveness of their firm’s KYC program.

A common question posed by compliance teams: Is there more we can do?

The answer is yes, there is, and it’s not as expensive or time-consuming as you might think. Here are a few of the options for boosting your AML due diligence efforts:

1) Building on Existing KYC & Due Diligence Programs by Having Third-Party Investigators on Standby

As we said at the outset, one of the biggest challenges of detecting money laundering is that money launderers are sophisticated about not getting caught.

And, while it may be a defense that a client or customer was too good at money laundering for you to sniff it out, it’s far better to be the firm that earns kudos and credibility by spotting an illegal practice that others missed.

When something smells a little fishy to a compliance officer, asking experienced investigative due diligence firms to look closer can make for a smart insurance policy.

One way of doing this is to have a third-party investigation firm, such as our partner Prescient, on call to take a deeper dive into a customer’s business and its associated dealings. For instance, compliance officers tending to customer due diligence efforts sometimes find it particularly difficult to get to the bottom of identifying the beneficial owner of a company.

This can relate to both a direct customer account, or a 3rd party in which the customer conducts business.

These types of firms are experts in using open-source investigative tactics to peel away layers of (sometimes intentionally) complex corporate ownership structures with numerous shell entities buried deep in corporate filings to uncover the ultimate beneficiaries of the company.

There is an up-front expense, but when something smells a little fishy to a compliance officer, asking experienced investigative due diligence firms to look closer can make for a smart insurance policy without having to turn away business done in good-faith.

2) Achieve Regulatory Clarity

Small and mid-size financial firms often blanche at the prospect of deciphering, much less complying with, the AML regulations across the numerous regulatory bodies and legal statutes that apply to them.

Many small and mid-size firms choose to avoid the regulatory headache and associated risk of taking on [certain] customers, effectively leaving unnecessary money on the table.

This is particularly true of firms doing domestic business who are worried that taking on a new customer with, for example, a foreign address or business ties, may subject them a host of obligations for which they’re not prepared.

Unfortunately, many small and mid-size firms choose to avoid the regulatory headache and associated risk of taking on these types of customer, so they choose to not onboard the customer; effectively leaving unnecessary money on the table.  

Enter RegTech to the rescue. With modern advances, RegTech can help solve the conundrum of unfamiliar and shifting regulatory obligations. At Ascent, we are putting our AI-driven solutions to work in parsing and analyzing millions of lines of raw regulatory text.

READ MORE: What are ‘granular’ regulatory obligations and how do they reduce your risk?

Our goal is to give firms tools to evaluate quickly and accurately not just whether they are subject to specific regulations, but if so, what steps the specific regulations require them to take.

By automating the process of regulatory development and change management, we aim to alleviate the pain felt by firms who are (rightfully) daunted by the prospect of learning how to comply with new and unusual AML compliance obligations.

READ MORE: How to identify and map your AML obligations in Ascent

3) Automate Compliance Tasks

Once a firm knows what and how regulations apply, there are also solutions on the market that can help automate the process of AML compliance.

These products run the gamut from facilitating the process of client-side information gathering, screening and monitoring customer information against international watch lists, examining and flagging suspicious transaction activity, and reporting flagged activity to regulators.

These solutions offer the promise of making compliance more efficient, cost-effective, and accurate.

4) Know Your Jurisdictions

The more jurisdictions where a firm’s customers operate, the more challenging any AML compliance efforts can become.

Firms can leverage the knowledge and experience of their peers regarding foreign jurisdictions and even specific customers – a potentially significant boost.

Any firm with international business should ensure its AML compliance officer has a working knowledge of the regulatory and business landscape in that jurisdiction.

That may seem like a tall order for many firms, which is why in addition to hiring the right staff, it is also important to take advantage of information-sharing and learning opportunities.

One way to gain critical knowledge about foreign (and domestic) customers and the environments in which they operate is for a firm to opt-in to information sharing under section 314(b) of the USA Patriot Act.

As FinCEN explains, opting-in allows participating financial institutions to “share information with each other regarding individuals, entities, organizations, and countries for purposes of identifying, and, where appropriate, reporting activities that may involve possible terrorist activity or money laundering.”

In short, firms can leverage the knowledge and experience of their peers regarding foreign jurisdictions and even specific customers – a potentially significant boost.

5) Take Advantage of Learning Opportunities

Another way compliance officers can grow their knowledge-base is to attend AML conferences, such as ACAMS-sponsored events, where they can share insight and techniques with their peers in the AML world.  

These types of conferences can keep compliance officers abreast of the latest techniques, products and industry happenings, as to always stay on the cutting edge of the industry, so they can get in front of any malicious activities as much as possible.  

Check out our Ultimate List of Compliance Conferences and Events.

 

Wrapping Up

In sum, these are just a few of the many quick, easy and cost-effective ways to enhance your program.

Money laundering is not a static crime, as criminals and non-do-gooders are getting smarter and are incorporating more advanced techniques by the day; therefore your AML program shouldn’t be static either.  

As a best practice, it is highly recommended that financial services firms should stay on top of the latest industry trends and updates, and if you consider at least some of these options, you are well on your way to doing your part to not only stay compliant with laws, rules and regulations, but to also make the world a safer place.  

 

Enjoy this article? Subscribe to receive helpful content designed to help you win at compliance.

Subscribe


Mar 18
Love1

We Can’t Help But Climb: The Ascent Mission

By Blog

In 2017, 32 year-old Alex Honnold made history as the first and only person to free solo Yosemite’s El Capitan.

His ascent up the 3,000 foot granite monolith without rope, harness, or any other protective gear was memorialized in the documentary film Free Solo, which likens the historic climb to setting out to win an Olympic gold, only with certain death as the price for failure.

Even more interestingly, it explores the psychology of having a singular mission to put oneself to a seemingly impossible test that others find incomprehensible.

Far be it for us to compare ourselves to an icon like Alex Honnold, but committing our team to the mission of using radical technology to cut the “tax” of financial regulation to zero can feel, at times, like staring up at El Capitan without a rope and saying “let’s climb this.”

Yet it’s also a mission we feel passionate about achieving for our customers. We can’t help but climb.

Where Others Have Tried

We can’t help but climb because we see a pressing need to solve the massive global complexities of regulatory compliance. In the past few years, financial firms have incurred record fines from regulators, despite lionhearted efforts (and eye-popping expense) to stay above board.

Without question, there has been progress. Thanks to the hard work of many from financial firms, regulators, consultants, and solutions providers, parts of the process have indeed been improved. And yet, we as an industry have not surmounted the wall.

In the past few years, the industry formation of RegTech is proof of the excitement and need for innovation in solving regulatory compliance. We know that this monumental challenge will require monumentally new ways of thinking.

READ ARTICLE: What is RegTech and Why Does it Matter?

 

Where Disruptive Innovation Beckons

We can’t help but climb because we believe strongly that a new path forward and up exists, and that anyone seeking it has to survey the financial regulatory landscape with an innovator’s eye.

We’re not alone in this mindset. Over the past ten years, technology has taken gigantic leaps forward, challenging participants in every industry to adapt or fall behind.

Netflix changed the way that we consume media, shattering pre-held assumptions and expanding the boundaries of what’s possible in entertainment. 

Not only did ride-sharing apps completely disrupt an entrenched industry and forever alter how we get from point A to point B, but they also spurred countless new services as part of the sharing economy. In this new era, thousands of jobs have been created and brand new areas of opportunity have yawned open, for consumers and merchants alike.

Innovations like these prove the business case for using new technological tools as inspiration for rethinking a problem from the ground up.

Progress can be scary, but as we’ve witnessed with the digitalization of so many industries, the early friction of adoption eventually gives way to a whole new way of being.

READ ARTICLE: Building Regulation AI: Solving Compliance in the Age of Artificial Intelligence

 

Where Our Technology Can Make a Difference

We can’t help but climb because we feel inspired by the tireless efforts of our favorite person — the compliance officer — the companies they protect, and the possibilities opened up by artificial intelligence to make their lives easier.

We didn’t invent AI, but we proudly take credit for leading the way in recognizing the potential it holds to revolutionize regulatory compliance.

With our backgrounds in the industry, we know firsthand how current regulations comprising millions of lines of text can take thousands of hours for a human to absorb.

We believe technology can eliminate the historically gargantuan task of manually reading and applying regulations, freeing firms from costly uncertainty, effort, and error.

READ ARTICLE: How Ascent Simplifies Regulatory Change Management with Automation

 

Where Regulatory Purpose and Function May Finally Align

We can’t help but climb because we believe the purpose and function of regulations have been out of alignment for a long time, and that our solutions can help bring them back together.

In our view, rulemaking could become more flexible and responsive to the finance industry if firms didn’t have to worry so much about the massive cost of interpreting and complying with a newly-adopted rule.

By reducing compliance costs, our technology can, we believe, contribute to greater regulatory precision and effectiveness.

READ ARTICLE: How Ascent Helps Customers Save Money on Compliance

 

Where Collaboration Holds Greater Promise Than Confrontation

We can’t help but climb because we recognize the lasting value of collaboration as an inoculation against future confrontation. Compliance costs rise in proportion to the degree of disagreement over regulatory interpretation among stakeholders.

Emerging technologies like ours can spur a rare moment of reassessment across an industry, inviting traditional adversaries to drop their guards and work together toward a more sensible consensus on compliance obligations and objectives.

We believe, in other words, that collaborating with regulators and advisors is the only viable way to achieve our ultimate goal of shrinking the cost and complexities of compliance.

READ ARTICLE: Ascent Selected by GFIN for Regulatory Cross-Border Pilot

 

We Are Ascent

We can’t help but climb because surmounting what everyone else believes are unconquerable challenges in financial compliance is what our company was founded to do. Our name reflects our commitment to this fundamental principle.

Alex Honnold’s ropeless ascent of El Capitan inspired so many in large part because it had never been done before. Certainly there were naysayers, as there always are with those who aim high — but we know that Alex ultimately perseveres and achieves the unachievable.

At Ascent, we understand the drive to do what other people say can’t — or even shouldn’t — be done simply because the status quo, while not optimal, is at least in some ways comfortable. We’ve assembled an incredible team of data scientists, technologists, and compliance experts to solve this problem.

The result?

Our market-leading RegulationAI™ — artificial intelligence built uniquely for the regulatory domain. It’s already changing the way our customers work and think about compliance, and we know the future holds even more promise for a world that’s not constricted, but empowered by the rule of law.

We can’t help but climb because we are Ascent, and revolutionizing the financial compliance industry is our El Capitan. We hope you’ll join us on the way up.

 

Enjoy this article? Subscribe to Cliff Notes to receive helpful content designed to help you win at compliance.

Subscribe


Mar 13
Love2

Breaking Down the Ascent Hiring Process

By Blog, Culture, Tech

By Chris Doyle, CTO

At Ascent, we’ve spent a lot of time thinking about our technical hiring process and how it reflects our tech team values. We view our hiring process not just as our chance to evaluate candidates, but our best opportunity to give candidates an opportunity to evaluate us. To that end, we like to be as transparent as possible about our process and what kind of experience a candidate can expect when they interview at Ascent.

Below is a pretty detailed look at our technical hiring process. If you’re interested in learning more about Ascent and potentially going through this process yourself, take a look at our open technical roles and feel free to apply!

 

STEP 1: Introductory Conversation with the Hiring Manager

Let’s introduce ourselves to each other! Typically we either grab coffee or hop on a Google Hangout for 30 minutes. During this time the hiring manager explains more about Ascent, our values, our product, and the open role. The candidate can also share a bit about their technical background and especially what they’d like their next career step to look like. We end by talking about our hiring process, our technical values, and next steps.

STEP 2: Continued Conversations with the Team

If both the candidate and the hiring manager want to move forward, we next have the candidate chat with a couple other members of the team, including potentially the tech lead or others. At this time, we get into more depth with the technical problems we solve on the team and learn more about how the candidate operates.

STEP 3: Take-Home Technical Exercise

In parallel with scheduling and having the conversation with other members of the team, we also ask you to spend a couple of hours at your leisure working on a technical exercise. We give you a week so that you don’t feel undue pressure, but generally candidates spend about two hours altogether on this exercise.

After completing the exercise, we spend around an hour with the candidate on Hangouts walking through it, asking about specific technical decisions or tradeoffs, and inquiring about possible extensions to the work and how the candidate might approach them. Finally, we provide more opportunity for the candidate to ask us questions!

STEP 4: Onsite Half-Day 

If all has gone well up to this point, we’ll be eager to introduce the candidate to other folks on the team with a series of in-office discussions that take place over about four hours. During this time, the candidate will meet with more members of the team — both technical and non-technical —  to discuss the role, the relationship between tech, product, and customers, and the candidate’s past experiences.

STEP 5: Offer

Within a couple of days of meeting, the team internally will meet to share their experiences with the candidate. We use an internal rubric centered on our values to remove as much bias as possible from our evaluation. Ultimately the hiring manager will make a final decision about extending an offer to the candidate. If we’re lucky enough to be able to make an offer, the hiring manager will reach out to the candidate with the details of the offer and give the candidate some time to consider their decision.

STEP 6: Onboarding

If the candidate accepts our offer, we first get extremely excited at the prospect of welcoming a new team member! Then we put together a comprehensive onboarding plan, including a first day schedule, a first three month plan based on the work available and our perception of the candidate’s strengths and growth opportunities during the hiring process, a one-pager with links to all our important documents (e.g. Employee Manual, Tech Team Onboarding Guide, links to various benefits and tech accounts), and we order a computer for the candidate. We also appoint a current team member as the candidate’s onboarding buddy, and we set up a Day 1 welcome lunch with the candidate and the team.

Then, we get to work!

Interested in joining the Ascent team? Check out our open roles below!

Careers

 

Mar 11
Love1

Digital Disruption: Two Big Shocks to the Industry and What They Mean for Compliance

By Blog

Managing regulatory risk may be business as usual, but the stakes continue to rise.

Few things ramp up pressure on compliance officers more than industry “shocks” — high-volume, high-impact dislocations in the marketplace that render existing regulation inadequate (at best) and cause both regulators and businesses to scramble to put new controls in place.

In this article, we discuss two emerging shocks to the financial industry and how they impact compliance.

Shock #1: The Tech-Fueled Great Acceleration

Technology is at the root of virtually every recent shock to the financial industry affecting compliance.

For awhile, incumbents saw tech as a band-aid for legacy problems and inefficiencies. Now, however, technology is viewed as the necessary bedrock of the industry.

This mindset drives the financial industry toward a Great Acceleration: faster, more efficient interactions with clients and counterparties, faster flow of capital between institutions and across borders, and faster execution of trades and strategies.

Regulators and Firms Struggle to Keep Pace

For compliance departments, the Great Acceleration poses a huge risk.

The fact that regulators (and even many market participants) are still coming to grips with new technologies and products – e.g., AI, blockchain, cryptocurrencies, data privacy, and cybersecurity – will not slow the pace of innovation.

Existing regulations will increasingly fail to respond to market conditions, making compliance difficult by virtue of a frequent disconnect between market rules and practices.

What’s more, as markets continue to innovate much faster than regulators can respond, new regulations will grow obsolete faster and faster.

One area in which the Great Acceleration has caused particular pain for compliance officers is the realm of “know your customer” (KYC) and other anti-money laundering (AML) compliance obligations. Investigative and reporting obligations have turned compliance departments into what amount to private law enforcement operations.

Already, firms face substantial fines for working in embargoed or sanctioned jurisdictions. As the volume and speed of trades and capital flows increase, these compliance and investigative obligations will continue to trend toward greater complexity and risk.

RegTech Boosts Compliance Speed and Efficiency

RegTech solutions can help relieve the shock of the Great Acceleration by doing in minutes what would take humans hundreds of hours.

For example, AI-driven technology can help regulators understand their impact across regions more quickly, making rule-making potentially more efficient and effective.

Similarly, RegTech has a massive role to play in helping financial firms pick through  increasingly detailed and onerous regulations that often (albeit unintentionally) suppress value-creation to a far greater extent than they deter wrongdoing.

Emerging solutions will help firms automate KYC data collection, monitor capital flows and trading patterns, and report suspicious behavior to regulators and prosecutors.

Shock #2: The Shift to an All-Digital Environment

Another significant shock we’re experiencing in the financial world involves the tidal-wave shift in consumer demand toward a “digitally native” investing and financial management experience.

The FinTech boom has begun to transform entire business models by catering to that demand. Businesses have a choice to either stagnate or adapt to meet the needs and changing expectations of new customers.

No Market Niche Left Untouched

It’s difficult to overstate the breadth of change the demand for a fully-digital experience will continue to bring to the marketplace.

As it has in so many other industries affected by the digital revolution, the shift to an entirely digital mode of accessing and consuming financial products and services will require firms to innovate and re-create physical goods and services in the digital realm.

The shift has already spurred entirely new business sectors in banking (e.g., challenger “virtual” banks), money (crytpo, obviously), and payments (which grew so large, so fast, it already feels like a mature business model by today’s standards).

With the exception of the early “e-banks,” none of these businesses existed at the turn of the century, and many weren’t even around at the beginning of the 2010s.

RegTech Leverages AI to Reshape Compliance Roles

For every market sector and asset class affected, the rate and pace of regulatory changes and downstream compliance efforts will also increase, putting pressure on compliance departments to keep up.

That won’t be easy.

Firms will face difficulty following, tracking, and complying with all the new rules and regulations that emerge. The sort of over-regulation typical of an industry in transition seems inevitable, as does the risk of harsh penalties for non-compliance.

The only way to stay ahead of the frequency and growing complexity of regulatory change, and to protect firms from feeling the wrath of regulators, will be to shift much of the work traditionally done by humans onto machines.

The function of human compliance staff must change from rote collection and manual sifting of data to higher-level review and analysis of machine-generated reports.

AI and natural language processing will take over the heavy lifting of analyzing regulatory text, freeing up compliance officers to concentrate their efforts on relationship-building and overseeing the safety of the firm from the perspective of strategic decision-making.

Feb 25
Love1

4 Tactics to Prevent Market Manipulation

By Blog

Market manipulation schemes can subject financial firms to enormous penalties and, in some cases, tear down the enterprise altogether. How can executives protect against the outsized harm of market manipulation?

There’s a recurrent nightmare shared by many compliance officers.

It involves as little as a single rogue trader secretly conspiring with peers at other firms over an encrypted channel like WhatsApp or ProtonMail to manipulate interest rates, or energy prices, or one of the many other trading markets.

Schemes like these can result in catastrophic consequences — both monetary and reputational. Because they often originate from a single point of weakness – an unscrupulous employee – they can also be very difficult to spot before they blow up.

The Problem? Schemesters are Evolving

The Securities and Exchange Commission (SEC) reports that market manipulation enforcement actions comprised 7% of the cases it brought in FY2018, down slightly from 9% in FY2017. That may seem like a relatively small percentage, but it’s not wholly surprising considering that market manipulation requires a degree of coordination and malice beyond that of simply trading on inside information or including misleading information in an offering document.

What tends to trouble compliance officers is not necessarily the volume of market manipulation schemes but, rather, their potentially large impact on a firm’s bottom line and their increasing variety and computer-aided sophistication. In one annual report, the SEC reflected on how technology has emboldened market manipulators and other wrongdoers:

Just a few years ago, it was difficult to imagine a market manipulation scheme accomplished by hacking into the electronic accounts of others and then forcing trades to pump up on a stock price. Or the brokering of stolen inside information on the so-called ‘dark web,’ paid for in untraceable cryptocurrency. Yet these are the sort of schemes we now frequently encounter.” – Stephanie Avakian & Steven Peikin, SEC Division of Enforcement Co-Directors

Other schemes the SEC has pursued in the past two years include traders manipulating markets by spreading false information via social media, manipulating stock prices through false regulatory filings, and engaging in a variety of pump-and-dump schemes involving misleading press releases timed to coincide with long and short trades.

These challenges do not just bedevil the SEC — they also keep compliance officers up at night.  How can firms build a bulwark against this sort of misbehavior by a rogue employee?

Read More: 2021 SEC Priorities – Cryptocurrency Regulation and a Changing of the Guard

 

Mandatory Leave

Forcing employees to take periodic breaks from work and their access to trading and account tools can both interrupt a market manipulation scheme and help to reveal it.

The thinking goes that a scheme requiring constant attention from the wrongdoing employee will falter if he is forced to take time away from it. An interruption in market manipulation tactics may also generate noticeable changes in trading activity that clue compliance offices in to the existence of the scheme.

Still, compliance officers are right to worry that savvy, clever manipulators may plan their schemes around vacation time to avoid detection. That is why some firms consider taking it a step further and institute a randomized and unannounced mandatory leave policy, such that rogue traders do not know when they might lose access to accounts and facilities necessary to keep their scheme running.  

This may seem drastic, but sometimes the only way to catch someone in the act is to utilize the element of surprise, much like unannounced regulatory examinations that regulators sometimes conduct when they receive a tip from a whistleblower. Although this may put a damper on some trading strategies, it’s pennies on the dollar compared to the 7, 8, 9, or even 10-digit fine that your firm could incur from regulatory penalties.

 

Enforce Strong Controls and Immediate Follow Up

One often fail-safe way to avoid the more common market manipulation schemes is to adopt controls around the types of markets your firm will trade in. The market in thinly-traded “penny” stocks, for instance, provides fertile ground for manipulative activity. Banning your employees from dipping their toe into that and similar markets can head problems off before they ever begin.

A commonly overlooked control is to impose a ban on the use of communications channels not monitored by the firm. This can close off any secretive communications between co-conspirators. Although it is difficult to outright prevent an employee from using outside communication mediums, imposing an official ban can often make an employee think twice before engaging in these types of activities. In the unfortunate occurrence that your compliance team does spot an anomaly, it is also critically important to follow up immediately.

Read More: How to Instill a Vigorous Culture of Compliance

 

Share War Stories

One reason the SEC publishes details about the schemes it uncovers is to alert market participants to emerging dangers. By the same token, compliance officers can harness the knowledge of their peers by attending industry conferences like ACAMS-sponsored events and sharing details of schemes they have uncovered or suspected.

Read More: The Ultimate List of Compliance Conferences and Events [Updated 2021]

 

Harness Big Data and RegTech

Market manipulation schemes rely, in part, on wrongdoers’ ability to hide tiny droplets of market-moving information within the torrent of trading data that firms generate and process daily. In yesteryear, these droplets could be almost impossible to detect, but that is no longer the case. Today, a compliance team familiar with big data and equipped with the right tools with which to parse it can spot anomalies and red flags with surprising consistency.

There are many RegTech providers that can help by arming a compliance officer with AI-driven data about the firm’s, and even an individual employee’s, historical trading patterns and how particular trades deviated from the norm (See Deloitte’s list of RegTech solutions, including those that help with surveillance and trade monitoring). 

With this information in hand, compliance officers can assess whether a trader’s explanation of the logic behind a position sounds legitimate or suspicious. That same information can also be reliable raw material for self-reporting suspicious activity to market regulators.

Know Your Requirements

To start with, firms need to understand and stay on top of how regulations define permissible and impermissible trading behaviors. Ascent is a regulatory knowledge solution that uses AI to help compliance teams understand exactly what their traders can and cannot do, and what their requirements/obligations as compliance officers are to monitor trading activity.

Read More: What are ‘granular’ obligations and how do they reduce your risk?

 

Once a compliance team has clarity on its obligations, it can also equip itself with compliance solutions that screen data for anomalous activity. As AI-powered data analysis becomes more sophisticated, these solutions can learn from your firm’s historical trading patterns to identify anything that seems out of the ordinary.

Like it or not, compliance officers are in the business of private law enforcement. Just as information sharing among governmental investigative agencies helps uncover plots, so too can talking shop with a compliance executive at a peer firm help you protect against market manipulation within your organization.

 

 

Enjoy this article? Subscribe to receive helpful content designed to help you stay at the forefront of compliance and technology.

Subscribe


Feb 18
Love1

The Role of the Compliance Officer is Rapidly Evolving — Are You?

By Blog

The role of the compliance officer is rapidly evolving — are you? We teamed up with financial services consulting firm Catalyst to explore this topic. 

Commercial partner Blythe Barber, having worked formerly at JWG, Capco, Schneider Trading Associates, and Expand Research (a Boston Consulting Group subsidiary), brings years of practical knowledge and industry experience to our discussion.

1. What have been the major shifts in compliance jobs over the past 5, 10, or 20 years?

We’ve seen fundamental shifts.  The CCO’s skillset has had to increase in tandem with the volume and complexity of regulation.

Regulation has become a ‘show me’ culture, requiring compliance to use more sophisticated tools to enhance their monitoring oversight, including automated exception handling methods.  

More sophisticated compliance functions now focus on fewer, but more senior staff, who will often have worked in the business and across other parts of the firm and industry. Systems, not people, are now the compliance guardians.

Across the industry, compliance has expanded over the years to significant headcount, with multiple processes and workflows coming at a huge price: a legacy of panic hiring to satisfy massive regulatory regimes.

Now, the costs of carrying a large compliance function are beginning to bite.

Now, the costs of carrying a large compliance function are beginning to bite. In addition, compliance is now much more involved in the design of products to ensure regulatory checkpoints are built into the design of automated data tools.

And the next big shift is already happening: technology innovation, combined with regulators’ growing appetite for sandbox and RegTech vendors to automate the rule books.

Couple that with the rise of sophisticated natural language processing and artificial intelligence and it’s a very different world from even five years ago.

2. What new skills must compliance professionals have in 2019 and beyond?

The main competencies needed now are technical and communication skills, coupled with the cultural dexterity to be successful agents of change. 

Compliance is not for the fainthearted – it’s a multi-dimensional challenge.

Where once compliance staff operated like lawyers, now they need to be techies, with a deep understanding of the technology estate – even to the level of core code – and a firm grip on the whole reporting process from ‘natural language’ to control frameworks. 

They also need to be diplomats, facing-off to diverse stakeholders from regulators to colleagues to technology leads.

And, they’re indirect revenue generators.

The front office has been fighting a perfect storm for years, with margins squeezed by low interest rates while regulation causes capital costs to rise.

The drive to reduce costs via automation and standardization feeds into the bottom line of the bank’s revenues.

And then there’s the complex topic of culture changeCompliance is not for the fainthearted – it’s a multi-dimensional challenge.

3. Has the perception of the compliance function shifted, especially in the C-suite?

Compliance firmly have a seat at the table — high cost and senior roles. With SMR and other Regs, senior figures need excellent compliance people, and they need them on their side!

Compliance should no longer be seen as the ‘back office police’ playing second fiddle to front office profit-makers. There’s now a seat at the table and a chance to lead the agenda. 

But equally, many specialists operating at C level spent their careers in a very different world on the way up. Now they’re there, the rules have changed.

Today’s CCO needs to be tech savvy and people-, culture- and change-oriented. 

The competition for clients, the pressure on margins, and the war for talent all mean CCOs must enable the whole firm to understand ‘why’ — not just ‘what’ or ‘how’. 

Compliance needs to be chief cheerleader for the fact that doing the right thing isn’t just a mandatory exercise to avoid punishment, but an active enabler of good business

All too often, the stumbling block is knowing what ‘good’ looks like, proving why it matters and making a compelling case for what it can achieve.

To tackle this, Catalyst developed a High-Performance Behaviours Model with six key metrics. This ensures firms can implement a measurable way to harness hearts and minds for clear business benefit and move compliance from a necessary evil to a valued – and valuable – business partner.

4. What’s next for the compliance officer?

The challenge now is to mind that gap between current and future state and ensure compliance has the tools and techniques to close it.

As the estate becomes more modular, compliance roles must evolve to high levels of engagement with regulators, clients, tech vendors, outsourcers and internal stakeholders.

Tech savviness will be key to deal with new platforms and new ways of working that enable — rather than eradicate — the human dimension.

It’s seriously not a great use of anyone’s career to fill in spreadsheets and undertake manual tasks at high cost.

As for a prediction?  

It’s already here: regulators publishing “up to the minute” automated rule books that can be consumed in code and pushed through the organization, automatically updating the numerous artifacts and records necessary to prove compliance or be investigated by a regulator or data inspection.

That’s perfectly possible, but one heck of a contrast to the all-too typical scenario of time-consuming, labour intense and costly reconstruction, legacy systems, poor data and lack of accountability.

The challenge now is to mind that gap between current and future state and ensure compliance has the tools and techniques to close it, building and buying where appropriate for a firm’s estate – and of course picking the correct partners with which to do so.  

Feb 11
Love1

Robots Take The Wheel: Driverless Cars and Digital Compliance Officers

By Blog

The rise of AI is to knowledge work what assembly lines were to manufacturing work. The usage of this technology across industries is radically reshaping how work is accomplished, turning knowledge work (in our case, extracting meaningful insights from oceans of regulatory text) into a computational output, rather than one of human purview.

Driverless cars have quickly worked their way into the public consciousness, and we think they’re a fascinating way to explain the core functions of Ascent’s RegulationAI™. While it may seem strange to compare RegTech to robot cars, it’s not a stretch. In fact, they are both analytics-driven AI whose primary goal is taking over tedious activity so that humans can redirect their time towards more – well, human efforts. But the similarities don’t end there.

Crafting a Digital Person

“Car companies make cars, and that’s what they should do. Self-driving companies should make drivers.” —John Krafcik, CEO, Waymo

Machine learning is all about adaptation and self-improvement. The end goal for any Knowledge-as-a-Service (KaaS) company is to efficaciously and efficiently take over mundane human tasks. Driverless car companies are, at their core, trying to create the perfect AI driver. Ascent, by comparison, is transforming the compliance officer’s mindset to be one that’s digital-first.

SaaS aims to make our lives easier by giving us adaptable tools that are scalable. KaaS is certainly scalable, but the goal isn’t only delivery of a unit of service; it’s both delivery of a unit of service and the creation of activity as a result of that unit. We’re creating a scalable, learning-driven, adaptable, and functional compliance officer, that works relentlessly and at above-human accuracy. Speaking of accuracy:

Accuracy is the Hinge

“Society expects autonomous vehicles to be held to a higher standard than human drivers.” —Professor Amnon Shashua, MobilEye Chief Executive Officer

Both driverless cars and Ascent rely on a risk tolerance that requires almost ~100% accuracy. Certainly, this is required for driverless cars — how many of us would step into a vehicle that is only 88% safe? There’s a common misconception that driverless cars merely need to be statistically more accurate than the populace on average, when, in reality, they need to be almost 100% accurate. We see this trend reflected in surveys regarding consumer concerns.

The same is the case for RegTech. Brokers, on average, have to comply with 12 different regulatory bodies, while major financial firms are looking at as many as a hundred. Of course, anything that deals in compliance requires accuracy to navigate through this trench of regulatory oversight, especially considering the fines, personal liability, and gap risks associated with compliance failures.

These accuracy liabilities are what breathe life into KaaS as an industry. The better your machine learning processes and the more accurately you can pinpoint raw data, the more accurate and self-adapting your AI becomes.

AI Doesn’t Replace Your People, It Empowers Them

“Artificial intelligence is the new electricity.” —Andrew Ng

Driverless cars will replace a human role. This complete overtaking of human responsibility is in stark contrast to what drives Ascent — both in technical and philosophical terms.

Ascent is meant to be deployed in the areas of your business where you need critical support. One of the major hurdles that that financial firms face is that most services simply act as data aggregators that still require compliance officers to manually input data and build their compliance programs.

Ascent dynamically changes this process by creating a regulatory channel that’s automatically filled with rich data that is transformed into useful “products” within minutes —these include a firm’s specific obligations converted into tasks, compliance reports, WSPs, and more. By automating the most tedious and error-prone aspects of compliance, we free up people to focus on the critically human parts of the job, like working with the lines of business and proactively defending the firm from risk.

 

Like what you read? Subscribe for helpful content designed to help you win at compliance.

Subscribe


Jan 26
Love1

Crypto Compliance is Still a Global Conundrum

By Blog

Read Update: 2021 SEC Priorities – Cryptocurrecy Regulation

 

Major cryptocurrencies like bitcoin and ether represent a class of financial instrument that is here to stay. Here we discuss the emerging issues they pose for finance-industry compliance officers.

For the time being, these digital mediums of exchange have a “black box” quality that worries institutional investors and appears to hold unfortunate appeal for criminals and fraudsters.

Unsurprisingly, the explosion of cryptocurrency as a means of raising capital for startup businesses and a spate of fraudulent ICOs has attracted the attention of regulators around the world.

Cryptocurrency Overview

The term “cryptocurrency” is shorthand for a wide and evolving range of “digital” mediums of exchange.

The two foundational concepts of a cryptocurrency are “decentralization” (there is no sovereign central bank creating it or controlling its supply) and “scarcity” (there is a predefined maximum number of “coins” that may exist for any given currency, thereby giving the coins their “value”).

Most cryptocurrencies rely on blockchain technology, a “distributed ledger” of ownership for every unique coin (to put it simply, blockchain is simply a clever way to have many different people create one version of something on the internet). A copy of the distributed ledger is available to all users of the currency at once and essentially prevents counterfeiting by tracking and confirming the existence, transfer, and ownership of each coin.

New cryptocurrencies are created through a process that has come to be known as an “initial coin offering” or ICO. In an ICO, the issuer creates a new unit of currency (often referred to as a “coin” or “token”) that can be purchased in exchange for an existing, more widely-traded currency like bitcoin or ether.

The purpose of an ICO is to raise capital for the issuer. The token issued in an ICO may have a variety of attributes, from serving as a new medium of exchange for certain goods and services to representing a bundle of rights (to vote, to receive a future benefit, etc.). It may also appreciate or depreciate, and thereby serve as a means of speculative investment in its own right.

Global Compliance Challenges

Given the description above, any financial compliance officer will immediately wonder whether a cryptocurrency issued in a capital-raising ICO is a security subject to regulation. The answer is, it depends. The global regulatory community remains unsure of how to characterize cryptocurrencies. It does not help that no two digital currencies are identical in their attributes. Some regulators even dispute that cryptocurrencies are currencies or assets at all.

Compliance officers cannot afford to wait for the global regulatory community to reach consensus on how to characterize ICOs. They must familiarize themselves and stay on top of the regulatory climate.

And yet, ICOs offer a potentially attractive means of raising capital. They are becoming easier by the day to launch and, for the time being, involve substantially less upfront expense than the roughly-comparable process of raising capital through an IPO or a private placement. Compliance officers cannot afford to wait for the global regulatory community to reach consensus on how to characterize ICOs. They must familiarize themselves and stay on top of the regulatory climate in their relevant jurisdictions, such as the following:

— United States

In the U.S., the dominant regulatory stance as of early 2019 appears to be a suspicion about the potential for ICOs to be used as a means of money laundering or for funding criminal enterprises and terrorism. For now, the SEC (Securities and Exchange Commission) has contented itself to applying existing U.S. securities laws and anti-money laundering regulations to evaluate the legitimacy of ICO transactions. Regulators have also expressed, but have yet to resolve, concerns about the potential for front-running and manipulation in cryptocurrencies that do not trade on regulated exchanges.

— United Kingdom

Amidst continuing Brexit chaos, U.K. regulators have remained largely aligned with their E.U. counterparts (and the U.S.) in warning of the potential for bad actors to abuse cryptocurriences and ICOs. The FCA had previously signaled its plan to issue guidelines on cryptocurrencies by the end of 2018, but as of this writing has yet to do so. There is little doubt, however, that the U.K. plans to step up regulation in the future.

— Australia

Down Under, the Australian Securities and Investments Commission (ASIC) has issued guidance alerting the public to the potential for cryptocurrencies to be subject to regulation as financial products under Australia’s existing financial regulatory schemes (although ASIC has stated its view that bitcoin is not a financial product). Regardless of whether a cryptocurrency represents a “financial product” under Australian law, issuers may not engage in misleading or deceptive conduct toward consumers.

— Singapore

According to Bitcoin Magazine, local regulators in Singapore historically took a relatively laissez-faire view of cryptocurrency issuance and trading. As reported in the Singapore Business Review in January 2019, however, Singapore regulators have more recently moved to tighten regulation to protect investors from fraud and money-laundering risk.

— China

China exercises strict regulatory oversight of cryptocurrencies. It has banned ICOs, and in August 2018, its central bank likened cryptocurrencies to a ponzi scheme. In early January 2019, government cyberspace regulators issued sweeping regulations applicable to Chinese blockchain platforms requiring them to censor content, give authorities access to their data, and confirm the identity of users.

— Japan

Having initially embraced cryptocurrencies, Japanese regulators have also exercised tighter control over the industry of late after a high-profile hack of crypto exchange Coincheck. As reported recently in The Japan Times, the Financial Services Agency (FSA) effectively stopped issuing licenses for exchanges in 2018, and only recently issued new licenses while signaling that new rules are coming that will protect cryptocurrency investors.

Vigilance is Paramount

As the examples above show, cryptocurrency regulation is in a state of increasing flux around the globe. Worries about fraud and money laundering bedevil the industry. Compliance officers confronting the prospect of their firm investing in, facilitating, or even raising capital through ICOs should take extreme care to apprise themselves of the latest regulatory guidance in their relevant jurisdiction(s).

Jan 13
Love2

Ascent’s Tech Team Values

By Blog, Culture, Tech

By Spencer Allee, VP Data Science

At Ascent we have a set of core company values – Integrity, Cooperation, Persistence, Innovation, and Customer Obsession. These values work across teams and departments and give our teams a short enough list to remember. However, as a tech team we spend a lot of time talking about what makes a good tech team culture; we’ve arrived at a longer list of values around which we’ve built our engineering team.

We are a Best Effort Community

good faith, proactivity, hardworking, accountability

Best effort means we assume everyone is always doing the best they can in whatever situation they’re in with the information they have at the time. Community means we’re all in this together, and we succeed or fail together. Everything we do is in cooperation.

If we had to sum up Ascent in a single idea, it would be this.

Openness

listening, feedback, positive feedback, disagreement

Learning how to carefully listen, respectfully disagree, and provide and accept useful feedback stabilizes and magnifies all the other cultural efforts we make.

Growth

curiosity, learning, teaching, humility, collaboration

It’s everyone’s personal responsibility to constantly improve, and to help others improve. Since we all have much to learn, we try to be humble and curious. Since we all have much to teach, we endeavor to be generous with our time and knowledge. The fastest growth comes from collaboration, when we have the opportunity to teach and encourage each other robustly and directly.

Technical Intensity

deep knowledge, rigor, predictability

A deep, detailed understanding of our systems, libraries, and tools opens new opportunities, encourages comprehensive solutions, reduces chaos, and creates the predictability that allows the rest of the organization to trust us.

Intellectual Engineering

context, ROI, concepts/mental model, simplicity

Conceptual crispness and concision provides the clarity necessary to focus our efforts on the most valuable activities, and accelerates our progress by anticipating tomorrow even as we build for today.

Inclusion

diversity, attribution, helping, documentation, “yes, and”

Diverse teams produce better outcomes and tech should be available and accessible to everyone.  Soliciting engagement from underrepresented groups and actively removing the boundaries around technical participation allows us to increase the breadth of our best ideas.

Compassion

humanity, empathy, emotion, impact

Allowing emotion and encouraging empathy, among ourselves and our constituencies, acknowledges that while we’re all professionals, we’re also inextricably human.

Examples

examples, data-driven decisions

Examples are incredibly helpful to clarify communication and expose assumptions.

 

When we enter the technical hiring process with a candidate, we share our Tech Team Values with them as a first step before proceeding with the rest of the process. We view values alignment and technical skills as equally important, and we’re proud to have built a team of strong, value-driven engineers. If these values resonate with you, take a look at our open roles below and feel free to reach out! And if you’d like to see how these values play out in our hiring process, take a look at this blog post.

Careers

 

Jan 06
Love1

Stay Ahead of GDPR Compliance with Ascent

By Blog

The General Data Protection Regulation (GDPR) enforces strict requirements around Chief Data Officers (CDOs), EU citizen data management, and data permissions—including protocols for dealing with data breaches.

GDPR, the EU’s personal data protection and privacy regulatory ruleset for companies around the world became active in May 2018. Forrester reported that just four months before the laws went into action, 11% of organizations were still figuring out what to do about it and 8% of firms had no familiarity with GDPR rules and regulations.

Overview of GDPR

GDPR regulations require all businesses which meet the satisfy the following conditions to employ a CDO:

  • Employ over 250 people
  • Process or store large amounts of EU citizen personal data
  • Process or store special personal data
  • Regularly monitor data subjects
  • Are a public authority

Beyond requiring CDO employment, GDPR regulations enforce the following restrictions on EU citizen data:

  • Right Of Erasure
  • Right Of Data Control
  • Right Of Data Portability
  • Right To Be Informed
  • Right To Access Personal Data
  • Right Of Correction
  • Right To Object
  • Rights Related To Automated Decision Making Including Profiling

Each of these rights require EU citizens’ data be kept separate and compartmentalized, ensuring the ability to remove them from a database at-will.

American consumers expressed support and would like to see some GDPR-esque laws enforced within the U.S. specifically, 38% responded with the ability to control how their data is used while 39% favored the “right to be forgotten” rule.

Consequences of Non-compliance

If businesses fail to comply with GDPR regulations, they can be fined between 1-4% of annual revenue or up to €10-20 million, whichever is higher. These fines will depend on which parts of GDPR were not followed, how many people and how much data was affected, and a slew of other factors.

The cost of GDPR compliance failure is substantial, as is the risk of attempting to ‘fly under the radar’. Anyone within the EU can file a complaint, starting the trend of unsavory consequences. 

Read More: The Not So Hidden Costs of Compliance

Stay Ahead of GDPR Compliance with Ascent

The key to staying current on GDPR is a compliance program that evolves with new regulations. A system with the right fail-safes in place will help ensure that your firm’s obligations are always up to date.

Great technology makes this easier than ever. Ascent provides you with a feed of regulatory changes (including those related to GDPR) that apply to your firm, helps you visualize how the rule text has changed, and indicates whether that change impacts your existing controls, policies and procedures. 

Ascent also serves as a central repository for all regulator documents so you can easily search for speeches, guidelines or other releases concerning GDPR, allowing for comprehensive research.

SOLUTION HIGHLIGHT: How Ascent Automates Regulatory Change Management

 

Enjoy this article? Subscribe for fresh thoughts designed to help you stay at the forefront of compliance and technology.

 

Subscribe