Skip to main content


Pillars of Regulatory Compliance Part 1: Setting Your Foundation  

By Blog

Compliance is the cornerstone upon which businesses build trust, stability, and longevity in an ever-evolving regulatory landscape. However, the complexity of today’s regulatory environment can make it challenging for financial services businesses to efficiently identify their regulatory obligations. 

In this three-part series, we delve into the essential components of a strong regulatory compliance program.

Here, in part one, we review two topics outlined in Ascent’s Regulatory Compliance Scorecard: 1) Defining corporate entities and 2) Identifying laws, rules and regulations that apply to your business. 

Step One: Defining Corporate Entities

The first step in crafting a rock-solid compliance program is to define your corporate legal entities and their associated products and services. This foundational step establishes a crystal-clear understanding of the scope and scale of your business operations. By mapping these entities to products and services, you gain a comprehensive view of your organizational structure, enabling a more targeted and efficient compliance initiative.

Defining corporate entities is a holistic exercise akin to creating a detailed map of your organization, allowing you to navigate the complex terrain of regulations with confidence. Furthermore, this detailed understanding enables you to allocate resources effectively, and direct compliance efforts precisely where they are needed most.

Step 2: Identifying Applicable Laws, Rules, and Regulations

Once you define your corporate entities and product offerings, the next step is to identify applicable laws, rules, and regulations. This involves conducting a comprehensive review of the regulatory landscape, with a specific focus on the industries and jurisdictions relevant to your business. This  involves meticulously mapping each of your regulatory requirements to the corresponding entities, products, and services within your business. Additionally, providing direct links to supervisory agencies ensures easy access to the primary sources of regulatory information, facilitating ongoing compliance efforts.

By establishing a clear and well-documented path through the labyrinth of regulations, you can empower your organization to operate with confidence and integrity.


In the next article in our series, we explore the process of establishing a robust obligations library by creating tailored lists of obligations and centralizing compliance data, to ensure that your compliance program stands strong. Read part two here.

Subscribe to our newsletter for industry expertise delivered right to your inbox.

Rate your compliance-readiness in just 5 minutes

Rate your compliance-readiness in just 5 minutes

Are you ready for regulation?

Are you ready for regulatory change?

By Blog

Recent upheavals in the banking industry have sharpened the regulatory gaze for 2023. Regional banks have the usual complex interplay of state, federal and international compliance requirements, but those are further complicated by the likelihood of intensified regulatory oversight, and the potential for additional regulations. Industry watchers predict that some rules will see modernizations while others will be replaced altogether. 

Knowing what’s coming, now is the perfect time to gain a firm, proactive grasp of your compliance stature. As always, responding quickly and efficiently to change will be key to maintaining compliance, but shifting from reactive to proactive mode will greatly simplify any adjustments new regulations might require.

Per Deloitte, the following areas will be key to regulatory oversight:

  • Demand for better data governance and reporting – Increasing data availability and improving data quality as critical priorities for banks. As bank regulators become more data dependent, they are driving the already high prioritization of strategic data programs at the banks they supervise.
  • Cyber and information technology (IT) risk – Deficiency in effective cybersecurity policies and procedures to secure organization assets and data is an increasing concern of regulators. 
  • Consumer protection and financial inclusion – We expect regulators’ continued momentum in protecting against consumer harm in 2023, especially at the margins of the regulatory perimeter.

An organized compliance regimen will help you not only maintain compliance in all of these areas of oversight, but also help you quickly adapt when they change. Ascent recently published the Regulatory Compliance Confidence Scorecard designed to help identify gaps and areas for improvement in banks’ compliance environment.

The Scorecard measures organizational principles. For instance, are your corporate legal entities defined, and are laws, rules and regulations identified and mapped to those  entities, products and services? The Scorecard questions are based on principles that provide a sound foundation for ensuring the quality of compliance data. 

With rigorous organization of business entities against applicable rules and regulations, plus automatic notification of new enforcement actions or guidance relevant to your entities, you’re in an excellent position to measure new rules against ongoing business and strategic initiatives. 

You can prepare to accommodate changes quickly and with minimal internal disruptions through a clear understanding of the current nexus between your organization, its entities, its products, and the rules that apply to each.

For instance, recent failures in the banking industry have opened discussions about new regulations or extending regulations that currently apply to large institutions to regional banks as well. A sound compliance organizational structure will greatly simply accommodating whatever new guardrails go up, saving your time and money, and of course, minimizing the risk of non-compliance.

Events suggest that 2023 will be a significant year for regulatory change. Consult the Regulatory Compliance Confidence Scorecard [link] to assess your bank’s ability to deal with what’s coming. If you come up short, you’ll know it’s time to prepare and get organized. 

For more information on improving compliance readiness, feel free to shoot us a line at

Rate your compliance-readiness in just 5 minutes

Rate your compliance-readiness in just 5 minutes


Is the CCO Liable? Two SEC Cases, Two Wildly Different Rulings

By Blog

Understandably, CCOs worry about being held personally responsible for compliance failures.

That is, in fact, exactly what legislators and regulators intended by creating rules subjecting CCOs to personal liability for their firm’s missteps. The fear of personal prosecution, the thinking goes, compels CCOs and their staffs to adhere to strict regulatory standards.

It’s hard to argue with that logic. Incentives work, even negative ones. But these days, CCOs may find the somewhat unpredictable outcomes of regulatory action even more compelling than the threat of personal exposure in the abstract.

Two SEC Cases, Different Outcomes

Two recent cases demonstrate how difficult it can be to anticipate whether an enforcement action will break against or in favor of a CCO’s personal interests. 

According to compliance professional and blogger Doug Cornelius, the SEC has historically refrained from using its enforcement authority against CCOs personally in all but three specific circumstances:

  • Participating in the wrongdoing
  • Hindering the SEC examination or investigation
  • Wholesale failure

Two recent enforcement actions illustrate the relative unpredictability of the outcome of enforcement actions that rely in-sum-and-substance on the third of those factors, “wholesale failure.”

SEC Comes Down Hard on CCO in Southwind Ruling 

In December 2017, the SEC issued a ruling that took investment advisor Southwind Associates, its CCO Anthony LaPeruta, and its President Scott Villafranco to task for what can only be viewed as a wholesale failure of Southwind’s compliance program. LaPeruta, who had served for 14 years as Southwind’s CCO, bore the brunt of the SEC’s ire.

The agency faulted LaPeruta in particular for having failed to implement measures to correct compliance deficiencies, despite having retained a compliance consultant that had alerted him to the compliance shortcomings repeatedly over a period of several years. Specifically, ignoring his consultant’s recommendations and acting in violation of his firm’s own compliance manual, LaPeruta:

  • Failed to receive annual surprise examinations of client funds by an independent public accountant qualified to conduct those examinations;
  • Failed to ensure the timely distribution of audited financial statements; and
  • Failed to keep proper books and records by omitting certain electronic communications.

The SEC deemed LaPeruta’s actions to have “willfully aided and abetted and caused” his firm’s compliance violations. For his malpractice, the SEC imposed a limitation on LaPeruta barring him from acting in “a supervisory or compliance capacity with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or nationally recognized statistical rating organization.”

SEC Punishes CEO in Pennant Ruling 

A little less than a year after Southwind, the SEC issued two orders in an enforcement action against investment advisor Pennant Management and its CEO, Mark Elste.

Pennant had fallen victim to a massive fraud involving a fictitious portfolio of loans and loan repurchase agreements (“repos,” for short). The SEC faulted Elste for the firm’s failure to perform due diligence on the portfolio despite numerous red flags. But, significantly, the agency did not name or pursue action against Pennant’s CCO.

The regulator instead found that the CCO, who had been appointed to the position with no prior compliance experience, had done his best by repeatedly requesting resources for his compliance program and by repeatedly warning of his inability to assess counterparty risk without receiving that support, all to no avail.

The lack of funding for compliance oversight, the agency concluded, had contributed to the firm’s failure to notice the warning signs of the fraudulent scheme. The agency fined Pennant $400,000 and fined Elste $45,000.

So what?

At first blush, Southwind and Pennant may seem like materially different situations. In the former case, Southwind’s CCO had ample resources for his compliance mission but inexplicably failed to execute it over an extended period, to his own material detriment. In the latter, Pennant’s CCO lacked resources and support despite asking for them repeatedly, and thereby avoided liability.

Both [cases] signal the SEC’s continuing willingness to hold business leaders accountable when their investment advisory firms fall down on their compliance function.

Still, beneath the surface these cases are not dissimilar. Both involve significant compliance failures. Both take a hard look at the individual actions of CCOs and other C-suite executives for those failures. Both signal the SEC’s continuing willingness to hold business leaders accountable when their investment advisory firms fall down on their compliance function.

Compliance officers and executives should not assume either case was predestined to turn out as it did. No doubt Southwind’s CCO mounted a vigorous defense of his actions, and the Pennant CCO likely came in for a fair share of finger pointing by others. Moreover, compliance executives often struggle with lack of funds and resources to adequately manage a firm’s compliance program.

For any CCO and business leader, Southwind and Pennant should serve as a signal example of the degree of personal financial and reputational risk they take by not adopting, funding, following, and documenting compliance policies and procedures.

RegTech as the Shield

Advances in regulatory technology may help allay the looming threat of an enforcement action that targets a CCO individually.

It is one thing to tell business leaders in the investment advisory world to pay attention to compliance. It is another thing to help them implement effective, efficient compliance programs.

CCOs know the difficulty of managing a department that often gets treated as an unwanted hindrance rather than an essential function. The rulings above, however, highlight just how critical, and personally significant, regulatory compliance can be for financial firms.

Fortunately, advances in regulatory technology may help allay the looming threat of an enforcement action that targets a CCO or other executive individually. Tools continue to emerge that streamline compliance functions and automate record-keeping, leading to more efficient and effective management of the compliance process.

As rulings by the SEC and other regulators will not likely ever be predictable, these tools may be a CCO’s best hope of not just staying diligent about compliance, but also being able to prove the firm’s (and their own) diligence should any enforcement action come to pass.  

9 Common RegTech Questions, Answered

By Blog

As a young industry, RegTech often gives rise to a host of questions — everything from “what is it?” to “how does it work?” to “how will it affect me?” We’ve collected a handful of the more common ones and answered them below.

Have a question that’s not on our list? Drop us a line at and we will be happy to help answer it!

What does RegTech mean?

RegTech (Regulatory Technology) is the application of emerging technology to improve the way businesses manage regulatory compliance. 

RegTech companies can be established GRC (Governance, Risk, and Compliance) platforms, startup companies, and everything in between. They are united by their use of new, groundbreaking technology in the service of solving the problems of regulatory compliance.

As an industry, RegTech has emerged over the last few years to address the rising tide of regulation and its growing complexity. To learn more about the history and future of RegTech, check out our comprehensive guide, “What is RegTech?”

READ MORE: What is RegTech?


What are the benefits of RegTech?

For financial services, the benefits of RegTech are substantial:

  • Efficiency gains — As regulation continues to grow, it becomes nearly impossible for compliance personnel to keep up without the aid of technology. Technology, capable of processing a high volume of data at incredible speeds, can quickly parse and analyze raw legal text and extract valuable insights. 
  • Greater accuracy and comprehensiveness — Manual, siloed processes tend to create gaps in the compliance operation, leading to human error and increased exposure. Implementing the right technology (and integrating those technologies thoughtfully where necessary) shores up gaps and creates a streamlined compliance process.
  • Greater internal alignment — Technology tools enable greater transparency throughout the business, connecting once siloed people and processes. The result is better insights between business units that can be shared faster, which also leads to a stronger culture of compliance.
  • Improved risk management — Many RegTech tools help protect against various types of risk, including market abuse, cyber attacks, and fraud, by monitoring systems and alerting personnel to suspicious activity.

READ MORE: How Ascent customers reduce risk, slash costs, and save time


What is end-to-end compliance and how does RegTech fit in?

End-to-end (E2E) compliance is a fully traceable process that connects external regulatory events to a business’ specific obligations, then all the way through to that business’ internal controls, policies, and procedures. In an ideal world, E2E compliance leverages automation and other technologies to create a complete functional system of compliance. To achieve E2E compliance, different RegTech solutions can be used together (often referred to as a ‘compliance technology stack’) to create a seamless process that automates rote work, connects once-disjointed processes, and supports a robust compliance framework.

With a properly implemented E2E system, businesses could 1) be alerted to relevant new rules or changes to existing rules, 2) be directed to the exact parts of their internal controls or P&Ps that are impacted so team members can make the appropriate changes, 3) manage their obligations digitally including assigning work and tracking progress against deadlines, 4) easily produce records of their compliance activities, and 5) generate useful reporting dashboards. 

Again, due to the complexity and nuance of regulatory compliance, one-size-fits-all solution. Rather, compliance leaders should take a modular approach to building a technology stack that meets the firm’s unique circumstances and objectives.

What kind of tech stack should I consider for my compliance framework?

Compliance and Risk professionals are responsible for not only determining what their firms’ regulatory framework is, but also how to maintain it once it’s set. Thankfully, there are a number of solutions within the RegTech universe that support this effort and can be combined into a comprehensive, end-to-end tech stack. The key is to know which ones to bring into your tech stack in the first place, so here are a few types of solutions to consider:.

Regulatory content tools are situated at the beginning of the compliance process. They typically take the form of a content library, feed, or resource center. Content tools consolidate documents published by regulators into one platform (including the laws, enforcement actions, guidance, rule updates, and more), making research and horizon scanning more efficient. Leaders in this space include Thomson Reuters Regulatory Intelligence, LexisNexis and Reg-Room.

Regulatory knowledge automation is technology that bridges the gap between the raw data of regulatory content and actionable insight. Market leader Ascent, for example, generates the regulatory obligations that pertain to your specific firm based on key factors like what type of financial entity you are, what services/products you offer, and where you operate. Ascent then automatically updates your obligations as rules change. This targeted regulatory knowledge allows compliance personnel to know exactly what the firm must comply with at all times, without the manual effort. 

GRC (governance, risk and compliance) platforms help operationalize compliance and often house all of a firm’s regulatory information, including obligations, controls, policies and procedures. Workflow capabilities allow users to track and manage their compliance efforts. Leaders in the space include LogicGate, MetricStream, IBM OpenPages, and RSA Archer to name a few. 

Point solutions cover a wide swath of RegTechs, helping firms execute compliance in a compliant way or assess compliance with an obligation or control. These could include (but are not limited to) trade monitoring, portfolio risk, know-your-customer, anti-money laundering, operations risk management, and cybersecurity tools. Point solutions are more limited in scope than regulatory knowledge automation or GRC solutions, but when they meet the right need they can provide substantial value.

READ MORE: The first (and most difficult) step in setting a regulatory compliance framework


What technologies do RegTech solutions use?

RegTech providers leverage a wide variety of emerging technologies. Here are a few of the most common:

  • Machine learning (ML) is the application of algorithms that improve automatically through experience. Rather than being specifically programmed to complete a task, ML models are fed large amounts of data, which they use to learn and improve on their own. In regulatory compliance, ML models can process large amounts of regulatory data and gradually draw conclusions about that data, becoming more and more accurate over time.
  • Natural language processing (NLP) is the field of using computers to process and analyze human language. In compliance, NLP can parse the unstructured raw text of regulation and reorganize it or otherwise transform it so that people can retrieve meaningful insights. 
  • Blockchain is a digital record of transactions, most often associated with cryptocurrencies. Blockchain has many other purposes however, such as enabling the secure sharing of know-your-customer data within or between organizations for compliance purposes.
  • Robotic process automation (RPA) allows users to configure metaphorical “robots” or “digital workers” to replicate the actions of a human in a digital environment in order to complete a business process. RPA tools can automate laborious manual processes, like the production of hundreds of disclosures that asset management firms are required to generate throughout the year.

READ MORE: RegulationAI™: World-Class Technology Built for Compliance


What’s the difference between RegTech, FinTech, and SupTech?

RegTech leverages emerging technology to create tools focused on solving the challenges of regulatory compliance. While the majority of existing RegTech solutions are currently focused on the world of financial regulation, RegTech could also be leveraged for other regulated industries — for example, healthcare.

FinTech, short for financial technology, is the application of technology to solve problems or create new value in financial services. Examples include crowdsourcing platforms, mobile payments, cryptocurrency, robo-advisors, budgeting apps, or the use of open banking APIs. Recently, digital banks that operate purely online with no physical locations are also being referred to as FinTechs. 

SupTech, short for supervisory technology, is the application of emerging technology to improve how regulators conduct supervision. Just as RegTech leverages technology for regulated companies, SupTech leverages technology for the regulators.

READ MORE: What is SupTech and how will it change compliance?


Can RegTech help me with specific regulation like GDPR?

The rise of data privacy legislation like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) have added necessary protections for consumers but have increased financial institutions’ already significant regulatory burden in the process. Depending on what you are trying to achieve with specific regulation like GDPR, RegTech offers various solutions. 

There are many point solutions that help firms execute GDPR-compliant behavior. For example, UserCentrics helps firms obtain customer data in a transparent way. Syrenis provides one central platform to manage personal data, legal basis for obtaining that data, consent, and marketing practices. GDPR365 is a compliance assessor that offers guidance on what security weaknesses need to be fixed.

To understand what your organization’s obligations are under GDPR (or any other regulation), look to regulatory knowledge tools like Ascent. Ascent’s AI-driven technology pinpoints the GDPR obligations that your firm must comply with, then updates them automatically if the rules change.

READ MORE: How a Global Top 50 Bank Secured Its GDPR Obligations Using Ascent


How can I use RegTech to help my firm ease compliance burdens?

There are many use cases for RegTech, but here are some of the most common:

  • Horizon Scanning — monitoring regulatory developments including rule updates, guidance, and any other communications from regulators to better understand potential threats and opportunities.
  • Identifying Obligations and Changes — conducting regulatory analysis (also referred to as regulatory mapping) to understand which obligations or requirements your business must comply with. These obligations must then be routinely updated as rules change.
  • Compliance Management — managing your daily compliance activities and aligning them with the broader framework of regulatory strategy and process.

Finding a solution for these use cases can be challenging since the RegTech space is vast and each solution facilitates a different part of the compliance process. Breaking the RegTech landscape into these four categories makes it easier: 1) Regulatory content tools, 2) Regulatory knowledge automation, 3) GRC platforms, and 4) Point solutions.

For the examples above, the solutions for each use case vary:

  • Solution for Horizon Scanning: A regulatory content provider such as Thomson Reuters Regulatory Intelligence helps save time with horizon scanning and research.
  • Solution for Regulatory Obligations: A regulatory knowledge provider such as Ascent identifies your obligations and keeps them updated as rules change. This targeted regulatory knowledge can also be used to understand downstream impact. For example, a rule change identified by Ascent can be used to trigger alerts or workflows related to that rule in your GRC or other compliance management platform. 
  • Solution for Compliance Management: A GRC or other compliance management system such as LogicGate or IBM OpenPages allows you to house and project manage your compliance activities, including assigning tasks, tracking progress against deadlines, and managing any internal documentation such as your controls, policies and procedures. Ascent’s granular obligations can be seamlessly fed into these systems so your regulatory data and activities are monitored, tracked, and managed all in one place.

If you are looking to accomplish all of these use cases, it is likely that your compliance operation requires multiple solutions, combined to create a full-scale compliance technology stack.

What questions should I ask a RegTech vendor that leverages “AI”?

What kinds of AI technologies do you use, and why?

First, brush up on machine learning and natural language processing basics so you can follow the vendor’s response. You do not need to be an AI expert; a good vendor will be able to explain their process in a way that any business leader can understand. What’s important is that you get a clear picture of how the specific technologies and approaches used create business value for you. Is the vendor using “AI” as a flashy marketing term, or is it actually integral to the solution?

Where are you getting the data that is training your algorithms?

Good AI tools require significant amounts of quality data – as they say, ‘bad in equals bad out.’ The vendor should be able to explain how they are ingesting regulatory text (did they build an ingestion or scraping tool, or are they white-labeing another product?), from where (the best case scenario is that the vendor is pulling straight from official regulatory websites), and at what frequency (this should be reasonably frequent so you know you have the most up-to-date information at any given time). The vendor should also be able to explain the quality-assurance process that ensures all intended data points are properly captured. 

Are there humans involved in the training of your algorithms, and to what degree?

In many industries, the notion of humans-in-the-loop (meaning the technology is not 100% machine-driven; humans are still involved in some part of the process) is considered a negative sign because it means “that the tool isn’t really AI.” The compliance industry, however, is unusual in that a humans-in-the-loop process is considered a positive. Why? Because the world of regulatory compliance is so nuanced and complex, that AI solutions are far better when trained and QA-ed by human experts in regulation and law. This does not mean that all AI-driven RegTechs require humans-in-the-loop to be great tools, but the vendor should be able to explain why they do or do not involve people in the process.

Who is held liable if your solution fails?

This question is as important for you as it is for the vendor. Because this issue exists in a legal gray area, you must carefully weigh the risk of implementing any new solution (AI or not). A good AI vendor will understand why this is a concern, and should show evidence of a strong model risk management framework, rigorous internal controls, and most importantly be completely transparent about what the solution can and cannot do. If it sounds too good to be true, it probably is. 

*Ascent offers a performance guarantee for its AI solution that is backed by an insurance cover from Munich Re Group. Read the case study to learn more.

We recommend checking out these articles to continue learning about RegTech and how it can be applied throughout the compliance process:

Want to receive more articles like these? Subscribe to receive helpful content designed to help you win at compliance.

How Mortgage Lenders Can Leverage Automation to Strengthen Compliance in a Turbulent Economy

By Blog

This post was contributed by Michael Rasmussen, GRC Pundit & Analyst.

In today’s ever-changing economy, mortgage lenders and service providers face a growing number of regulations and risks in compliance. This opens up an opportunity for organizations to rearchitect their compliance processes and leverage automation to remain competitive in this uncertain environment.

Mortgage lenders and service providers, as a segment of the financial services industry, face a lot of change. The mortgage space right now is a tough one and interest rates are only going up. Firms are writing fewer loans, whether it’s a new loan or a refinance. The market is shifting and drying up for the foreseeable future of the next year or two. The industry is changing and reacting to uncertainty in the economy. Mortgage companies’ internal processes and employees are changing, particularly with the economy staff is shrinking and expected to do more with less employees. Regulations and risks in compliance are also increasing that impact mortgage lenders and service providers.

While the volume of loans is decreasing, regulatory change – including enforcement actions and guidance – remains on a steady stream of growth. The law or regulation itself does not have to change, but how it is enforced and monitored over time evolves. However, it is more than regulatory change as the business itself is changing. If that employee is not aware of the policy related to the regulation, or not trained properly, it leads to compliance failure. If that process changed, or technology, and the controls needed to comply with the regulation are not in place, then compliance fails.

WATCH NOW: 5 Tips to Supercharge Your Compliance Programs in 2023

The challenge is that many mortgage lenders and service providers are short-staffed when it comes to compliance. There is a barrage of regulatory changes, updates, and enforcement actions. But even if the firm is fully knowledgeable, they must ensure the culture, operations, processes, and behavior of individuals is compliant. Regulatory compliance is not an option. Amid uncertainty and change comes increased compliance risk exposure. While executives may be in cost-cutting mode, they cannot afford to become non-compliant. It is time for organizations to look at innovation and adjustments to make regulatory change and compliance more efficient in human capital and financial capital resources while at the same time striving for effectiveness, resilience, accountability, and agility.

This might seem like a conflict, to save money and time while increasing effectiveness and agility, but technology delivers this. To address the volume of regulatory change and its impact on the business requires that mortgage lenders and service providers seek to automate compliance with technology. Cognitive GRC technologies that leverage artificial intelligence – natural language processing, machine learning, predictive analytics, and robotic process automation – is delivering real value in efficiency while increasing effectiveness and agility of regulatory change management processes. It is times of uncertainty that companies can become stronger through redefining their processes and leveraging automation to cut costs and be more effective than their competitors.

During this time of uncertainty, there is an opportunity for mortgage firms to rearchitect their compliance processes to keep pace with the volume of regulatory change and ensure the business operationally remains compliant within the scope of this change. Technology enables this allowing the organization to filter through the volume of updates and changes and flag what really matters and how it impacts the mortgage business, operations, processes, policies, and behavior. Regulatory change technology delivers cognitive compliance to make the mortgage lender/service provider more efficient in their time and resources to monitor regulatory change and effectively keep operations current with regulatory change amid changing processes and employees. 

Ascent Named to the Esteemed RegTech 100 List for the Fifth Year

By Blog

The RegTech100 list compiles the world’s most pioneering businesses in the regulatory technology market that are helping financial institutions deal with the most pressing compliance and risk management challenges.


Ascent is proud to be named to the 2023 RegTech100 list. This marks our fifth year on the list and it is an honor to be recognized amongst some of the most innovative companies in the regulatory tech ecosystem.

“It’s an honor to be named to this esteemed list for the fifth year. Ascent was built to give businesses greater confidence in their compliance operations, and this recognition is proof that we’re achieving our mission,” said Christopher Junker, CEO of Ascent. “It is because of our cutting-edge technology, dedicated team and strong partnerships, that Ascent continues to provide clarity in an industry that is filled with complexity and constant change.”

According to FinTech Global, this year’s selection process for the 100 most innovative RegTech companies covered the widest range of enterprises yet. A panel of analysts and industry experts reviewed a list of nearly 1,300 companies to identify the solutions that need to be on the radar screen of every financial institution in 2023.

A range of factors are considered by the Advisory Board and FinTech Global team to make the final selection including:

  • Industry significance of the problem being solved;
  • Growth, in terms of capital raised, revenue, customer traction;
  • Innovation of technology solution offered;
  • Potential cost savings, efficiency improvement, impact on the value chain and/or revenue enhancements generated for clients;
  • How important is it for financial institutions to know about the company?

A full list of the RegTech100 and detailed information about each company is available to download for free here.

Regulatory mapping is key to compliance. Are you doing it effectively?

By Blog

Regulatory mapping may mean different things to different organizations, but new RegTech tools can help you more accurately and efficiently meet all your mapping challenges while freeing you from manual, administrative work. 

Defining Terms

As regulatory burdens increase and regulations change in response to everything from political winds to well-publicized industry failures, regulatory compliance will remain a rapidly changing and growing industry segment. 

Despite the near-universal concern about regulatory compliance, standard terminology around many common concepts is still missing. One such concept is “regulatory mapping,” a compliance term that means different things across the industry. Below are three distinct definitions we have encountered:

1) Regulatory mapping – of laws, rules and regulations to your business to determine your obligations

In this instance, regulatory mapping refers to the process of reading and analyzing voluminous regulatory text to understand exactly which specific obligations apply to your business. Whether conducted in-house by compliance personnel or outsourced, this process typically has people digging into the rules to determine which obligations are applicable to the business. Personnel will capture the firm’s baseline obligations across jurisdictions and determine which obligations are the same or similar across jurisdictions, and which are unique.

To do this, most firms create and maintain a rule register or rule inventory, i.e. a list of all the rules that apply to the business. An obligations register is a newer concept that refers specifically to a register or inventory of the specific obligations that apply to the firm, detailed down to the line level of regulation.

LEARN MORE: How Ascent Delivers Targeted Obligations


2) Regulatory mapping – of regulatory changes to your obligations

This definition involves compliance personnel constantly scouring regulatory websites, newsfeeds, and other sources to capture the latest rule amendments or additions and then conducting applicability analysis to determine which changes apply to your organization. 

Compliance personnel must then do the complex work of impact analysis to understand how the changes impact the firm’s existing obligations – Has an existing obligation changed in some way? Are there new obligations due to the rule change? Are any existing obligations now rendered unnecessary due to the change? 

Compliance teams must answer all of these questions before updating their rule register and obligations register accordingly. 

LEARN MORE: How Ascent Automates Regulatory Change Management


3) Regulatory mapping – of your obligations to your internal controls, policies, and procedures

Regulatory changes need to flow through to your controls and policies so that you can properly coordinate and execute the changes throughout the business. In this context, regulatory mapping is the process of tying your obligations to those internal controls, policies, and procedures. 

LEARN MORE: How Ascent Maps Obligations and Rule Changes to Your Controls and P&Ps


Mired in the Manual

Regulatory mapping represents a complex web of legal documentation, rule changes and internal processes. Regulatory change management is considered especially daunting as sources of regulatory change include international, national, state, and local legislative action, court decisions, and executive actions. The work of identifying these changes and dialing them in to what applies to the organization remains largely mired in manual and siloed processes.  

READ MORE: The State of the Compliance Industry


RegTech to the Rescue

The explosion of RegTech now provides an alternative solution to managing the challenge of regulatory mapping that does not require throwing additional personnel, time, and resources at the growing regulatory burden. The right automation tools can help alleviate much of the manual work of mapping regulatory requirements (regardless of which definition you are focused on)—but only if the tools are well-designed and implemented.

“Automation, technology, and expertise help transform the regulatory mapping and compliance functions from merely a cost center to a function that supports financially sound and efficient decision-making by capitalizing on business intelligence and supporting the commitment to appropriate compliance processes.” Compliance Week

The benefits of leveraging automation in regulatory mapping processes are many, including:

  • The ability to convert regulatory text into your specific obligations more efficiently and accurately, with less chance of human error (Ascent’s output is 99.5% accurate)
  • Streamlining the process of capturing regulatory changes relevant to your business, understanding their impact, and mapping them to your policies and controls
  • Freeing your compliance team from tedious, error-prone administrative work and increasing their focus on facilitating compliance, developing regulatory strategy, and proactively planning for regulatory change 
  • Providing a more complete understanding of your regulatory landscape, while spending less time and money
  • Reducing regulatory and reputational risk, avoiding fines, and lowering your overall cost to comply

READ MORE: What is RegTech?


Mapping Regulatory Requirements with Ascent

Ascent helps financial firms conduct all three types of regulatory mapping more accurately, efficiently, and at a lower cost. Ascent offers:

  • Automation to identify the obligations that pertain to your specific organization
  • Constant discovery of rule amendments and updates that apply to you, connected to your existing obligations so you can instantly understand the impact to your business
  • Seamless connection via API to best-in-class GRC platforms like IBM OpenPages so you can map your obligations to organizational controls, policies, and procedures

The first (and most difficult) step in setting a regulatory compliance framework

By Blog

Compliance and Risk professionals have a tough job. Not only are they responsible for maintaining compliance according to their organizations’ existing regulatory framework, but—more importantly—they are responsible for determining what their firms’ regulatory framework is in the first place.

But first, what is a regulatory compliance framework?

A regulatory compliance framework “is a structured set of guidelines that details an organization’s processes for maintaining accordance with established regulations, specifications or legislation. It outlines the regulatory compliance standards relevant to the organization and the business processes and internal controls the organization has in place to follow to these standards.” (source: TechTarget)

Regulatory compliance framework
When it comes to financial regulation, this process of outlining relevant standards and requirements is the first and foundational step in setting a strong regulatory compliance framework. It is also a huge liability for both financial firms and their compliance / risk officers due to the sheer amount of regulation that exists today.

READ ARTICLE:  Regulatory mapping is key to compliance. Are you doing it effectively?

Faulty foundation of regulatory requirements = susceptibility to risk

On average, U.S. firms are overseen by a handful of regulators (significantly more if they operate globally), and each regulator has hundreds to thousands of pages of regulation that they maintain, update, and enforce regularly. For example, between 2019 and the fourth quarter of 2020, the Securities and Exchange Commission (SEC) published 147 rule changes and 263 guidance notes. And that’s just for one regulator.

With rule changes up nearly 500 percent and a new regulatory update issued every 7 minutes globally, it is increasingly more difficult for Risk and Compliance professionals to identify all of the regulatory developments that apply to their business.

In fact, aligning policies with new and changing regulations is a top challenge for over a third of organizations (35%) according to an Ethics & Compliance Policy & Procedure Management Benchmark Report from Navex Global. In that same report, just over one quarter (27%) of organizations also attested that they are challenged in improving version control, reducing policy redundancy, and inaccuracy.

And yet, many firms continue to try to manage and synthesize this influx of information in the same ways that it always has—by increasing personnel to do the work manually.

Manual solutions only plug the cracks in the foundation

Today, Risk and Compliance teams undergo the tedious and burdensome task of gathering information from:

  • International, national, state, and local legislative action
  • Court decisions
  • Executive actions (regulations, guidelines, and enforcement) 
  • Other supporting legal materials

Once they have compiled this information, compliance analysts then assess those regulatory documents to extract the laws, rules and regulations within them, and analyze those requirements to determine which might apply to their business. After hundreds of hours of hard work, the analysts finally are able to present the foundation for the firm’s regulatory compliance framework back to the business for approval. 

Only then, finally armed with this knowledge, are teams able to begin the real, vital work of compliance—reconciling their obligations with their policies and procedures, creating controls, and implementing compliance throughout the business. 

However, in our current regulatory climate, this process is becoming increasingly impractical. The pace of regulatory change and the cost of compliance haven’t slowed down. At the same time, neither has the cost of non-compliance. In just the last three months, the Office of the Currency Comptroller (OCC) has issued fines of $60 million, $85 million, and $400 million.

Missing even the finest detail within a body of regulation or rule amendment can be disastrous for financial firms’ bottom lines, not to mention their reputation. Like the proverbial needle in the haystack, any obligation missed among the thousands of lines of regulatory information could have severe consequences come audit time.

‘Regulatory knowledge automation’ restores framework from the ground up

What is regulatory knowledge automation?

‘Regulatory knowledge automation’ is the process of using algorithms to create knowledge from data, such as analyzing regulatory text to determine an organization’s applicable regulatory obligations.

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

By leveraging next-generation technologies like
machine learning (ML) and natural language processing (NLP), this knowledge creation work can be completed in mere minutes, at a fraction of the cost, and greater accuracy than ever before.

At a glance: 

  • NLP is the combination of computer science and linguistics that allows computers to understand human language. In essence, NLP takes the dense texts of regulatory documents and “translates” them into machine-readable language. 
  • ML is the capability to “train” systems how to complete a task. Once NLP has translated regulatory text into something that can be read by a machine, trained ML systems can extract the rules and requirements from that dense text.

These two technologies are at the heart of Ascent’s RegulationAI™, a true innovation in regulatory technology. RegulationAI™ is able to:

  • Process thousands of pages of regulatory documents
  • Identify all of the standard requirements that derive from the laws, rules, and regulations within those documents
  • Determine which of those standard requirements correspond to a singular financial firm based on their business practices and unique regulatory burden

Visualizing RegTech Findings Powers Swifter Solutions

By Blog
Rapidly evolving regulatory rules have created an unequivocally challenging environment for financial services. As compliance teams face pressure to respond at breakneck speed, many firms are finding relief through top-notch technology solutions fueled by AI. What was once a strategic advantage enjoyed by early adopters has now become essential for nearly every industry player. While this industry has garnered speed around identifying and solving for regulatory changes thanks to automation and machine intelligence, challenges around confirmation, implementation, and solving for human error still persist across compliance channels. 

Our Ascent team is proud to announce a partnership with Onspring that solves these critical issues and places control back into the hands of compliance leaders. Coupling Ascent’s regulatory automation with Onspring, a leading cloud-based business automation and real-time analytics platform, allows firms to streamline compliance to keep pace with rapidly evolving regulations. 

Firms will benefit from boosted visibility into relevant regulatory obligations, reducing manual research hours and optimizing overall performance of compliance teams. By housing accurate data in one centralized view, teams can efficiently map granular obligations into policies, procedures and controls. And when policies shift, built-in algorithms empower compliance teams with a direct line of sight allowing for improved response times and tighter control over every regulatory aspect of the firm. 

As firms compete for top talent and seek to retain highly-adept compliance managers, optimizing workloads and creating space for success becomes increasingly important. Engaged teams are critical to the bottom line, ensuring fewer mistakes, better communication and teamwork while minimizing human capital expenses associated with higher turnover. The friction caused by intensified regulatory scrutiny post-pandemic can have a dramatic impact on compliance teams that are improperly equipped to navigate essential regulatory changes. Empowering employees with effective solutions that reduce manual tasks will elevate firms this year.

“We could not be more excited to give firms the assurance they need to quickly and effectively assess the impact of regulation within the context of their businesses, with the help of Onspring,” shared Dominick Campagna, Ascent’s Vice President of Sales.

If your firm is eager to reduce the tedious, manual burdens that can bog down even the most advanced compliance leaders, a RegTech solution like Ascent could be the perfect answer. Learn more about our partnership with Onspring and what it means for the future of RegTech.