Skip to main content

digital disruption

9 Common RegTech Questions, Answered

By Blog

As a young industry, RegTech often gives rise to a host of questions — everything from “what is it?” to “how does it work?” to “how will it affect me?” We’ve collected a handful of the more common ones and answered them below.

Have a question that’s not on our list? Drop us a line at and we will be happy to help answer it!

What does RegTech mean?

RegTech (Regulatory Technology) is the application of emerging technology to improve the way businesses manage regulatory compliance. 

RegTech companies can be established GRC (Governance, Risk, and Compliance) platforms, startup companies, and everything in between. They are united by their use of new, groundbreaking technology in the service of solving the problems of regulatory compliance.

As an industry, RegTech has emerged over the last few years to address the rising tide of regulation and its growing complexity. To learn more about the history and future of RegTech, check out our comprehensive guide, “What is RegTech?”

READ MORE: What is RegTech?


What are the benefits of RegTech?

For financial services, the benefits of RegTech are substantial:

  • Efficiency gains — As regulation continues to grow, it becomes nearly impossible for compliance personnel to keep up without the aid of technology. Technology, capable of processing a high volume of data at incredible speeds, can quickly parse and analyze raw legal text and extract valuable insights. 
  • Greater accuracy and comprehensiveness — Manual, siloed processes tend to create gaps in the compliance operation, leading to human error and increased exposure. Implementing the right technology (and integrating those technologies thoughtfully where necessary) shores up gaps and creates a streamlined compliance process.
  • Greater internal alignment — Technology tools enable greater transparency throughout the business, connecting once siloed people and processes. The result is better insights between business units that can be shared faster, which also leads to a stronger culture of compliance.
  • Improved risk management — Many RegTech tools help protect against various types of risk, including market abuse, cyber attacks, and fraud, by monitoring systems and alerting personnel to suspicious activity.

READ MORE: How Ascent customers reduce risk, slash costs, and save time


What is end-to-end compliance and how does RegTech fit in?

End-to-end (E2E) compliance is a fully traceable process that connects external regulatory events to a business’ specific obligations, then all the way through to that business’ internal controls, policies, and procedures. In an ideal world, E2E compliance leverages automation and other technologies to create a complete functional system of compliance. To achieve E2E compliance, different RegTech solutions can be used together (often referred to as a ‘compliance technology stack’) to create a seamless process that automates rote work, connects once-disjointed processes, and supports a robust compliance framework.

With a properly implemented E2E system, businesses could 1) be alerted to relevant new rules or changes to existing rules, 2) be directed to the exact parts of their internal controls or P&Ps that are impacted so team members can make the appropriate changes, 3) manage their obligations digitally including assigning work and tracking progress against deadlines, 4) easily produce records of their compliance activities, and 5) generate useful reporting dashboards. 

Again, due to the complexity and nuance of regulatory compliance, one-size-fits-all solution. Rather, compliance leaders should take a modular approach to building a technology stack that meets the firm’s unique circumstances and objectives.

What kind of tech stack should I consider for my compliance framework?

Compliance and Risk professionals are responsible for not only determining what their firms’ regulatory framework is, but also how to maintain it once it’s set. Thankfully, there are a number of solutions within the RegTech universe that support this effort and can be combined into a comprehensive, end-to-end tech stack. The key is to know which ones to bring into your tech stack in the first place, so here are a few types of solutions to consider:.

Regulatory content tools are situated at the beginning of the compliance process. They typically take the form of a content library, feed, or resource center. Content tools consolidate documents published by regulators into one platform (including the laws, enforcement actions, guidance, rule updates, and more), making research and horizon scanning more efficient. Leaders in this space include Thomson Reuters Regulatory Intelligence, LexisNexis and Reg-Room.

Regulatory knowledge automation is technology that bridges the gap between the raw data of regulatory content and actionable insight. Market leader Ascent, for example, generates the regulatory obligations that pertain to your specific firm based on key factors like what type of financial entity you are, what services/products you offer, and where you operate. Ascent then automatically updates your obligations as rules change. This targeted regulatory knowledge allows compliance personnel to know exactly what the firm must comply with at all times, without the manual effort. 

GRC (governance, risk and compliance) platforms help operationalize compliance and often house all of a firm’s regulatory information, including obligations, controls, policies and procedures. Workflow capabilities allow users to track and manage their compliance efforts. Leaders in the space include LogicGate, MetricStream, IBM OpenPages, and RSA Archer to name a few. 

Point solutions cover a wide swath of RegTechs, helping firms execute compliance in a compliant way or assess compliance with an obligation or control. These could include (but are not limited to) trade monitoring, portfolio risk, know-your-customer, anti-money laundering, operations risk management, and cybersecurity tools. Point solutions are more limited in scope than regulatory knowledge automation or GRC solutions, but when they meet the right need they can provide substantial value.

READ MORE: The first (and most difficult) step in setting a regulatory compliance framework


What technologies do RegTech solutions use?

RegTech providers leverage a wide variety of emerging technologies. Here are a few of the most common:

  • Machine learning (ML) is the application of algorithms that improve automatically through experience. Rather than being specifically programmed to complete a task, ML models are fed large amounts of data, which they use to learn and improve on their own. In regulatory compliance, ML models can process large amounts of regulatory data and gradually draw conclusions about that data, becoming more and more accurate over time.
  • Natural language processing (NLP) is the field of using computers to process and analyze human language. In compliance, NLP can parse the unstructured raw text of regulation and reorganize it or otherwise transform it so that people can retrieve meaningful insights. 
  • Blockchain is a digital record of transactions, most often associated with cryptocurrencies. Blockchain has many other purposes however, such as enabling the secure sharing of know-your-customer data within or between organizations for compliance purposes.
  • Robotic process automation (RPA) allows users to configure metaphorical “robots” or “digital workers” to replicate the actions of a human in a digital environment in order to complete a business process. RPA tools can automate laborious manual processes, like the production of hundreds of disclosures that asset management firms are required to generate throughout the year.

READ MORE: RegulationAI™: World-Class Technology Built for Compliance


What’s the difference between RegTech, FinTech, and SupTech?

RegTech leverages emerging technology to create tools focused on solving the challenges of regulatory compliance. While the majority of existing RegTech solutions are currently focused on the world of financial regulation, RegTech could also be leveraged for other regulated industries — for example, healthcare.

FinTech, short for financial technology, is the application of technology to solve problems or create new value in financial services. Examples include crowdsourcing platforms, mobile payments, cryptocurrency, robo-advisors, budgeting apps, or the use of open banking APIs. Recently, digital banks that operate purely online with no physical locations are also being referred to as FinTechs. 

SupTech, short for supervisory technology, is the application of emerging technology to improve how regulators conduct supervision. Just as RegTech leverages technology for regulated companies, SupTech leverages technology for the regulators.

READ MORE: What is SupTech and how will it change compliance?


Can RegTech help me with specific regulation like GDPR?

The rise of data privacy legislation like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) have added necessary protections for consumers but have increased financial institutions’ already significant regulatory burden in the process. Depending on what you are trying to achieve with specific regulation like GDPR, RegTech offers various solutions. 

There are many point solutions that help firms execute GDPR-compliant behavior. For example, UserCentrics helps firms obtain customer data in a transparent way. Syrenis provides one central platform to manage personal data, legal basis for obtaining that data, consent, and marketing practices. GDPR365 is a compliance assessor that offers guidance on what security weaknesses need to be fixed.

To understand what your organization’s obligations are under GDPR (or any other regulation), look to regulatory knowledge tools like Ascent. Ascent’s AI-driven technology pinpoints the GDPR obligations that your firm must comply with, then updates them automatically if the rules change.

READ MORE: How a Global Top 50 Bank Secured Its GDPR Obligations Using Ascent


How can I use RegTech to help my firm ease compliance burdens?

There are many use cases for RegTech, but here are some of the most common:

  • Horizon Scanning — monitoring regulatory developments including rule updates, guidance, and any other communications from regulators to better understand potential threats and opportunities.
  • Identifying Obligations and Changes — conducting regulatory analysis (also referred to as regulatory mapping) to understand which obligations or requirements your business must comply with. These obligations must then be routinely updated as rules change.
  • Compliance Management — managing your daily compliance activities and aligning them with the broader framework of regulatory strategy and process.

Finding a solution for these use cases can be challenging since the RegTech space is vast and each solution facilitates a different part of the compliance process. Breaking the RegTech landscape into these four categories makes it easier: 1) Regulatory content tools, 2) Regulatory knowledge automation, 3) GRC platforms, and 4) Point solutions.

For the examples above, the solutions for each use case vary:

  • Solution for Horizon Scanning: A regulatory content provider such as Thomson Reuters Regulatory Intelligence helps save time with horizon scanning and research.
  • Solution for Regulatory Obligations: A regulatory knowledge provider such as Ascent identifies your obligations and keeps them updated as rules change. This targeted regulatory knowledge can also be used to understand downstream impact. For example, a rule change identified by Ascent can be used to trigger alerts or workflows related to that rule in your GRC or other compliance management platform. 
  • Solution for Compliance Management: A GRC or other compliance management system such as LogicGate or IBM OpenPages allows you to house and project manage your compliance activities, including assigning tasks, tracking progress against deadlines, and managing any internal documentation such as your controls, policies and procedures. Ascent’s granular obligations can be seamlessly fed into these systems so your regulatory data and activities are monitored, tracked, and managed all in one place.

If you are looking to accomplish all of these use cases, it is likely that your compliance operation requires multiple solutions, combined to create a full-scale compliance technology stack.

What questions should I ask a RegTech vendor that leverages “AI”?

What kinds of AI technologies do you use, and why?

First, brush up on machine learning and natural language processing basics so you can follow the vendor’s response. You do not need to be an AI expert; a good vendor will be able to explain their process in a way that any business leader can understand. What’s important is that you get a clear picture of how the specific technologies and approaches used create business value for you. Is the vendor using “AI” as a flashy marketing term, or is it actually integral to the solution?

Where are you getting the data that is training your algorithms?

Good AI tools require significant amounts of quality data – as they say, ‘bad in equals bad out.’ The vendor should be able to explain how they are ingesting regulatory text (did they build an ingestion or scraping tool, or are they white-labeing another product?), from where (the best case scenario is that the vendor is pulling straight from official regulatory websites), and at what frequency (this should be reasonably frequent so you know you have the most up-to-date information at any given time). The vendor should also be able to explain the quality-assurance process that ensures all intended data points are properly captured. 

Are there humans involved in the training of your algorithms, and to what degree?

In many industries, the notion of humans-in-the-loop (meaning the technology is not 100% machine-driven; humans are still involved in some part of the process) is considered a negative sign because it means “that the tool isn’t really AI.” The compliance industry, however, is unusual in that a humans-in-the-loop process is considered a positive. Why? Because the world of regulatory compliance is so nuanced and complex, that AI solutions are far better when trained and QA-ed by human experts in regulation and law. This does not mean that all AI-driven RegTechs require humans-in-the-loop to be great tools, but the vendor should be able to explain why they do or do not involve people in the process.

Who is held liable if your solution fails?

This question is as important for you as it is for the vendor. Because this issue exists in a legal gray area, you must carefully weigh the risk of implementing any new solution (AI or not). A good AI vendor will understand why this is a concern, and should show evidence of a strong model risk management framework, rigorous internal controls, and most importantly be completely transparent about what the solution can and cannot do. If it sounds too good to be true, it probably is. 

*Ascent offers a performance guarantee for its AI solution that is backed by an insurance cover from Munich Re Group. Read the case study to learn more.

We recommend checking out these articles to continue learning about RegTech and how it can be applied throughout the compliance process:

Want to receive more articles like these? Subscribe to receive helpful content designed to help you win at compliance.

Inside the complicated world of digital assets

By Blog, Compliance Over Coffee

[Feat. Val Dahiya, Partner, Perkins Coie] — As the former Branch Chief of the Division of Trading and Markets at the SEC, Val Dahiya knows a thing or two about risk exposure and the  impact of regulatory change. Now as a Partner at global law firm Perkins Coie, Val focuses on helping broker-dealer firms comply with regulation and navigate new transactional developments such as digital assets, NFTs, and blockchain technology.

In this episode of Compliance Over Coffee, Val draws from her time at FINRA and the SEC to show how these innovations are disrupting financial regulation. Here’s a clip of what she had to say:

“Innovation moves at the speed of light. And regulation, it’s responsive. It’s reactive. It oftentimes moves at the speed of a sloth.”

Watch as Ascent President and Founder Brian Clark and Val discuss how firms can reduce their risk exposure even in the face of unprecedented change. 

Also in this chat:

  • Gary Gensler and the new Administration
  • The role of social media in regulating markets
  • Environmental Social Governance (ESG) disclosures

Perkins Coie is a leading international law firm that is known for providing high value, strategic solutions and extraordinary client service on matters vital to our clients’ success. Visit Perkins Coie to learn about the firm’s full array of corporate, commercial litigation, intellectual property and regulatory legal services.

For the latest in the Compliance Over Coffee executive video series, subscribe to our email updates.


What makes a good RegTech partner: fit and scalability

By Blog

Finding the right RegTech partner can be difficult. So we sat down with an industry expert to get his take on how he evaluates vendors.

As an expert in regulatory change management, Vincent Schultinge has seen the evolution and impact of regulation on financial firms firsthand. So, naturally, he has also been drawn to the niche industry that emerged to try to solve these RCM challenges—RegTech. 

Now, in his current role as a senior RegTech consultant at ING, he is responsible for defining, developing and implementing RegTech innovation throughout the ING organization. During his sit-down with Ascent, Vincent shares:

  • His perspective on what makes a good RegTech partner
  • What methodology ING follows when looking to implement a RegTech partner
  • How making machine readable regulation will open doors for the future of RegTech

Editor’s note: This interview has been lightly edited for clarity.

Using RegTech Maturity as an Evaluation Benchmark

To Vincent, managing regulation is a task that’s too fluid and too risky to put into the hands of new-to-the-market solutions. Here’s how he considers the maturity of RegTech.

When assessing a RegTech provider, you want to make sure it fits your business’s demands. I have a firm belief that we should strive for market standard solutions. Therefore I look to see whether a RegTech has the potential to become a market standard for their solution or offering. Once we have measurable results from a Proof of Concept (PoC), then we can decide if a RegTech is suitable for our purpose or not.

The way we assess RegTechs differs from the way we look at other vendors. Due to constant regulatory oversight as a bank, we have less freedom to experiment. For many business cases we will look for parties that are more mature and that have, for example, delivered the equivalent product to our peers or are engaging in sandboxes with regulators.


Being Able to Audit RegTech’s Black Box

Vincent believes that “auditability” is a key factor that firms should also consider when determining whether or not to work with a RegTech provider.

Providers should always be able to explain and demonstrate how their machine learning works. For risk and compliance teams, auditability of machine learning is absolutely key. If you can’t audit a technology solution properly, especially a machine learning solution, it becomes Pandora’s box. Not to mention that regulators won’t accept anything less than full transparency.


Aligning Around a RegTech Provider

At ING, Vincent’s team relies on what they call “PACE” methodology when considering what RegTech solution to implement.

Whatever methodology you are using to implement RegTech, you have to be consistent, thorough, and constantly verify that you are doing the right thing. 

At ING, we use our in-house PACE methodology for the delivery of innovation. This applies to our delivery of RegTech as well. With PACE, we combine Design Thinking, Lean Startup and Agile Scrum into a single process. PACE consists of five stages being: discover, problem fit, solution fit, market fit and scaling. 

For us this works really well and we gained a lot of traction with this in the organization. On top of PACE methodology at the whole of ING we practice an agile way of working. This helps accelerate the way we set up PoCs as well as other partnerships. 


Unlocking the Value of RegTech

For RegTech to truly be effective, Vincent has learned that it’s important to first have a culture of innovation prior to implementing a solution.

It is essential that you have business owners with the right mandate and budget who are convinced by the usage of technology. Business and innovation teams have to be able to establish the demand and create strong use cases for the application of RegTech. Teams should collaborate in such a way that the business demand and the premise of the solutions are a true match. This will help with validating and demonstrating the benefit of using certain RegTech solutions along the way. Regardless of the size of the firm, you need the right innovative culture and the right appetite from business owners; otherwise, it just won’t work.


Using RegTech to Manage Pandemic Woes

According to Vincent, the pandemic has only amplified the need for RegTech.

Regulatory changes keep coming, especially considering that people are working remote and are having to align virtually due to the pandemic. Regulators demand that banks remain in control. So, firms need to be able to monitor upcoming changes in the regulatory landscape by scanning the regulatory horizon as well as assessing obligations and potential risks. This is where having proper tooling in place for horizon scanning and risk assessment will definitely help firms to maintain control in these difficult times.


Pioneering the Next Frontier of RegTech

What’s next for RegTech? Vincent believes that making regulation machine readable will open incredible opportunities for financial firms to unlock the true potential of RegTech.

In order for RegTech to play an even bigger role in the industry, we first need to look into a few things— machine readable regulations, data and format standardization, and global harmonization of regulations. If regulations, updates and guidelines become machine readable and ingestible globally, it will become easier for firms to demonstrate compliance and adhere to rules and guidelines more efficiently. It will open a whole range of possibilities for the adoption of RegTech within financial institutions.

The same applies to data and format standardization. If we can agree on common data and format standards, adherence to regulations becomes more efficient. With the financial system being a truly global system nowadays, it allows institutions to act across jurisdictions in a safer and more compliant manner. Together, with harmonizing regulations globally, this could translate into a much broader usage of RegTech within the financial system. This end goal is something that I believe will contribute to the overall safety and stability within the financial industry.

ING is a global bank that aims to empower people to stay a step ahead in life and in business. Visit ING’s website. 

For more content like this, subscribe to our email updates.


The Shortest Commute: How to Set Up a Fully Remote Workforce

By Blog, Culture

(6 min read)

As the global health pandemic has swept across the country (and the world), business after business has locked up its office space and moved employees to working remotely — often under government mandate. 

This transition happened much more quickly than most of us could have imagined. And while some companies might have been more prepared than others, virtually every company had to make some adjustments to accommodate this new reality. 

We recently spoke with three team members at Ascent who were critical in getting our fully remote workforce up and running — Carrie Pinkham (VP People), Sarah Samuels Taylor (Chief of Staff), and Chris Doyle (Chief Technology Officer) — to better understand what challenges this new environment poses and to share advice on overcoming them.

You can watch the full conversation here or read the highlights (edited and condensed for clarity) below.

LEARN MORE: Ascent’s Open House: Socially Distant, Virtually Connected


What are some of the biggest challenges facing a company when setting up a fully remote workforce?

Sarah: In general, I’d say two of the biggest challenges are maintaining seamless communication and preserving team culture. These areas are especially important given the current environment because they both help establish a sense of normalcy — something very much missing at the moment. We’ve made them specific areas of focus for that very reason.

Carrie: I’d add too that, to Sarah’s point, the actual challenges of working remotely are exacerbated by the fact that we’re doing all of this during a global health crisis. That brings a lot of new questions to any company. How do we support our customers in this new environment? How do we support our team? For those of us who are parents, how do we balance childcare with our professional responsibilities? How do we manage the stress and concerns that come with a crisis like this?

As a company, that’s been one of the biggest challenges we’ve tried to take on — how can we make sure we’re supporting our employees as people during this crisis.

How has our team tried to address those challenges?

Sarah: Thankfully, we already had a few key tools in place which helped make our transition much smoother. We already relied primarily on Slack for internal communications and had Google Meet in place as a video conferencing tool (much like other companies might use MS Teams and/or Zoom). Our task then was to figure out the best way to use those tools in the new environment. 

As the situation has evolved, our communication strategy did too. We started out with daily updates, and frequent opportunities for non-work connections, like virtual lunch-and-learns and happy hours. As it became clear that this crisis was going to be around for the near future, we adjusted that cadence. Right now, Brian Clark, our CEO and founder, provides company-wide updates three times a week. We’ve also created a handful of more long-term engagement opportunities, like Donut, an app that randomly pairs employees for get-to-know-you chats. 

The lunch-and-learns in particular have been a great way to showcase internal talent and maintain culture. We started with one hosted by teammates that were already exclusively remote, so they could share their best practices and answer questions. Brian also led a session on our company mission and values — something both helpful for our new hires and a good reminder for folks who have been with us for awhile. We’ve also had more social opportunities, including a magic show, a virtual Quiplash (a group game where players ask and answer fun questions) session, and a college spirit day. 

Are there benefits to a remote workforce?

Carrie: Again, it’s important to distinguish here between the benefits in a normal environment and our current one.

In a normal situation, there are a number of potential benefits for both individual employees and for the company. Employees can eliminate their commute and add hours back to their day. For some, depending on your home environment, working remotely can have fewer distractions than an office environment and be more conducive to deep work. And, of course, there’s also the general flexibility working from home can provide.

For companies, a remote workforce allows them to pick from a broader talent pool, rather than being limited to local candidates or those willing to relocate. Additionally, by having employees in different parts of the world, it can give your company coverage over more hours of the day.

Obviously, though, in our current climate some of those benefits are undercut. If you have small children at home, finding time for deep work is far from easy. But I do think one interesting benefit to come out is a renewed sense of community internally. We opened one of our virtual happy hours with asking people to tell us the worst job they’ve ever had and we had some really interesting, engaging conversations that probably wouldn’t have taken place otherwise.

What role does technology play in keeping a remote workforce connected?

Chris: Quite simply, you can’t have a remote workforce without tech. Here at Ascent, we rely on a handful of tools, including Google Meet, Slack, Miro (an online whiteboarding and collaboration tool), and Google Docs.

Another thing I think this crisis has really brought to the forefront is the importance of a stable internet connection. Being digitally connected is the fundamental aspect of collaboration right now. If you don’t have a stable connection, it cuts you out of the loop — whether that means you can’t access your work at all or you can’t fully interact with coworkers through tools like video chat.

But having the right tools is just a part of the equation. Just as important is how you use those tools. I think one of our strongest assets going into this was having a well established operating cadence. Having pre-existing status meetings, standups, and 1-on-1s helped prevent duplicating work and improved communication. Because that cadence was already set up — and because it was relying on digital tools, like Google Docs or Google Sheets and video conferencing like Google Meet — it helped create continued momentum as we shifted into a fully remote workforce.

Ascent’s technology is completely cloud based. What is that important — both for our customers and our employees?

Chris: Two of the biggest advantages are the flexibility and scalability it gives us. Leveraging cloud servers like AWS lets us serve companies around the world and frees us up to grow more quickly. Quite simply it allows us to keep our focus on what we are the best in the world at — building AI for regulatory compliance — without getting bogged down in logistical considerations that a cloud vendor is better equipped to manage.

Also, we’re seeing more and more of our customers moving to the cloud. Some are there already, some are still early in that journey, but cloud computing is so well established now that even many global banks are starting to make that transition. So creating cloud-based solutions helps us serve our customers better — either as they make those transitions now or for when they likely will in the future.

READ ARTICLE: “But Does RegTech Actually Work?” 3 Ways Financial Firms and RegTechs Can Bridge the Trust Gap

Modern challenges require modern tools. Interested in seeing how Ascent can help you identify your obligations and automatically keep them updated as rules change?

Contact Us

[pardot-form id=”227″ title=”Talk to Sales Form”]

All Tech is Not Created Equal: The Difference Between “Top-Down” and “Bottom-Up” Automation

By Blog

An automation solution that’s not adequately aligned with your business needs or not properly developed can, sometimes, do more harm than good.

Technology is often touted as a panacea for our overloaded work lives. And while we at Ascent believe strongly in technology’s ability to help save firms time and money, we also know that not all technology is created equal.

An automation solution not adequately aligned with your business needs or not properly developed can do more harm than good. “Top-down” automation in particular can have significant consequences.

Below we break down the difference between “top-down” and “bottom-up” automation, define the risks that can come with top-down providers, and explain how to evaluate your options.

READ MORE: What are ‘granular’ obligations in RegTech?

Top-Down Vs. Bottom-Up: What’s the Difference?

Imagine you are given a document about cybersecurity and tasked with analyzing how that document relates to your company’s cybersecurity policy. 

What do you do? Do you scan through the document looking for any mention of the term “cybersecurity”? Or do you read through the document thoroughly — sentence by sentence, word by word — in order to understand it as completely as possible?

These two methods can be seen as metaphors for how top-down and bottom-up automation approach the work of regulatory compliance. 

Top-down automation acts like a search, skimming through the document for a specified search term. The technology involved isn’t meaningfully different from that powering any website search bar. 

Bottom-up automation, however, uses natural language processing and machine learning models to analyze a document at a word-by-word level. Because of this, it’s able to extract a significantly greater amount of information from each document and to employ that information in many more ways.

RegTech providers often shy away from trying to develop bottom-up solutions because they can take years to initially ramp up and can require much more complex technology. But those that spend the time and are able to develop the AI end up with a far more powerful solution.

Bottom-up automation is akin to having a cybersecurity expert analyze that document for your company, while top-down is more like running a quick word search of it. One can provide a deep understanding of the material. The other can carry some hidden risks.

3 Big Risks with Top-Down Automation

Risk #1: Top-down automation creates more work, not less

The promise of any kind of automation is that it will reduce your workload.

In regulatory compliance, one of the most challenging aspects of compliance is analyzing the massive troves of regulatory documents constantly being released in order to determine which obligations apply specifically to your business. This process, if automated properly, can reduce a team’s workload by hundreds or even thousands of hours while simultaneously reducing risk and improving accuracy.

But, if automated improperly, tech providers can create the opposite result.

Rather than a select, curated list of obligations being automatically created for you, top-down automation tools can inundate you with a massive dump of results that may have only a tangential connection to your business. This happens because top-down tools return every result where a search term is mentioned — regardless of whether that mention is meaningful.

Ultimately, this adds yet more to the ever-increasing workload of Risk and Compliance teams, and further widens the trust gap many companies already have regarding AI’s capabilities. 

Risk #2: Top-down automation adds risk instead of reducing it

When teams are inundated with a massive list of “potential” obligations, it doesn’t just create more work for them. It can also create more risk. 

Let’s say a top-down automation tool provides you with a long list of search-based results. Combing through it, you realize the tool hasn’t actually streamlined your process because it hasn’t narrowed down your results at all. You decide to revert mainly to your historical, manual process, occasionally referencing the search results as needed.

But, if in your manual process you happen to miss an obligation, your top-down automation tool might have opened you up to additional risk.

Regulators, combing over the audit trail, might see that the missed obligation was buried in the massive list returned by the automation tool. Seeing this, and that the obligation wasn’t implemented, the regulator could conclude that your team disregarded it. 

This situation is far from hypothetical. Regulators are already going on record asking firms what they’re doing to leverage regulatory technology. As they examine firms’ use of tech, they likely won’t be considering whether firms chose helpful solutions or harmful ones — just whether firms effectively employed them.

Risk #3: Top-down automation undermines faith in the power of technology

Digital disruption is here to stay

Before the current crisis, implementing emerging technologies was a way to leverage a team’s time more efficiently and gain an edge on competition. Now, in our new tumultuous environment with its bear market budget constraints, it’s a cost-saving necessity.

But garnering executive buy-in for a new tech solution, uniting a team around it, and working through a successful implementation is no easy task. It’s made exponentially harder if the stakeholders involved have a fresh memory of a solution that didn’t live up to its promise and ended up wasting precious funds.

In pursuit of end-to-end compliance, teams will likely need to build a RegTech stack of multiple solutions — not just to stay ahead of the competitive curve, but simply to keep up with the pace of regulatory change. That won’t be possible if an institution has lost its faith in the power of technology because of a bad experience with a problematic vendor.

How to Avoid the Pitfalls of High-Risk Automation

To make sure your tech solutions actually act like a solution, we suggest the following:

Take time to vet providers. Learn about the technology behind the tools — whether its machine learning, natural language processing, or something else. The more you understand about how the technologies work, the more you’ll be able to evaluate whether they align with your goals.

Consider using a piecemeal implementation approach. It can feel like a real leap of faith to take on the cost and implementation of a new solution. But by beginning with the starter tier of a platform, you can see firsthand how the solution integrates with existing procedures, build faith in and support for the solution across the company, and see the cost-saving benefits in real time. 

Find a tool that can grow with your company. Part of finding the right tech solution is avoiding one that is too limited in scope. If you can instead leverage a robust tool offering a platform of solutions, you won’t have to rip out a more limited point solution a year or two down the road when the needs of your company have outgrown it. 

Ascent — AI Built from the Bottom Up

At Ascent, we’ve built a truly innovative, bottom-up, regulatory technology solution — RegulationAI™. This “digital brain,” trained on tens of thousands of lines of regulatory text and with hundreds of hours of human expert review, powers the entire Ascent platform.

Our machine learning models decompose regulatory texts down to their most basic units — line by line, word by word. This provides us with not just the “raw data” of a regulatory document but the connections between that data as well. Because of this, we’re able to map a company’s regulatory obligations with significantly more detail and accuracy than a simple search-based approach. We provide our customers not with a massive list of potential obligations but with a select list of requirements specific to their business needs.

READ MORE: RegulationAI™ – Why It’s Different


Modern challenges require modern tools. Interested in seeing how Ascent can help you identify your obligations and automatically keep them updated as rules change?

Contact Us

How to Win (and Fail) When Evaluating RegTech Solutions

By Blog

Compliance workers, financial advisors, risk managers, lawyers, regulatory consultants, and others who deal regularly with compliance all share a similar predicament: They bring a lot to the table in terms of expertise and experience, but are endlessly bogged down by administrative tasks such as scouring regulator websites and newsfeed to keep up with rule changes, or reading dense regulatory text to advise the business on what is required of them to stay in compliance.

The global pandemic has upended businesses across the world, and compliance leaders are now being asked to do more with the same — or reduced — headcount. As RegTech grows in both necessity and ubiquity, finding the right balance of in-house staff, contractors, and technology is more crucial than ever.

But the processes of evaluating technology providers and implementing new solutions are not easy ones. Some organizations work through them with great success — and others with great frustration. 

At a time when wins and failures have greater impact than ever, here are few examples of each to help you better plan your next technology implementation.

Win: When Automation Empowers and Equips People

Risk and Compliance teams possess unique and significant expertise, so the point of bringing on new technology should not be to eliminate humans from the equation. Instead, it should be about determining how you can better leverage existing skills to drive better results. Where does technology fit, and where do humans fit? 

With the right balance, technology can transform once highly manual processes into ones of efficiency.

Fail: When New Tech Does Not Align with Business Objectives

Sometimes tech solutions are tasked with pie-in-the-sky objectives — which would require a significant investment and years of work to achieve (while in the meantime, most likely, new tech would appear that would offer a better fit). Other times it’s the opposite. Companies will sometimes onboard point solutions that hit only a very narrow need and that do not offer the ability to expand in functionality over time. This approach can be successful if the business does not expect this specific to evolve, but often the lack of apparent value weakens the case made for implementing it in the first place. The tool must then be ripped out and replaced down the road as business objectives expand beyond it.

This is why it the capabilities of any new tech should be as aligned as possible with organizational goals. Will the technology meaningfully automate an existing process where resources can then be redirected in service of a business objective? Do the right resources — both financially and personnel-wise — exist to make the implementation a success so the full value of the solution can be realized? Is the timing right for the business? 

Where implementations happen most successfully is when these questions have answers.

Win: Getting Buy-In from Senior Leadership

The opportunity to leverage new technologies can appear at any tier of a business — from a supervisor recognizing a way to streamline efficiencies as a team, to an analyst recognizing a routine task that can be automated. But for the application of technology to be successful, there needs to be buy-in from the top down. 

Leadership needs to not only recognize and believe in the value of a new solution, they also need to understand their role in helping to drive usage. When this happens, doors are opened for a successful implementation, and — even more importantly — culture is aligned around the importance and proper use of technology. 

READ MORE: How to Instill a Vigorous Culture of Compliance

Fail: An All or Nothing Approach

Too often, companies look at taking on a new technology as something that must be done completely or not at all. There are a few issues with this approach.

Even after thoroughly auditing a new solution, it can sometimes be difficult to know if it is a right fit for your processes until you actually adopt it and implement it. Making this a piecemeal approach, where you might implement one tier of a solution before taking on the complete version, can help make the process much smoother. You have an opportunity to gradually introduce automation into your workflow, increasing your understanding of its functionality and your trust in its capabilities.

Additionally, a piecemeal approach can make the price point less painful. Decision makers are likely more willing to sign off if this is the case, and you can begin to see the cost-saving power of the solution in real time.

Win: Thoroughly Vetting Tech Providers

The more you know about the solutions you are considering, the more you can accurately evaluate them — and trust that they work as advertised.

This includes educating yourself about how the technology works so that it does not seem like a black box. This also includes educating other stakeholders, so they can appreciate the total value offered.

Ask the vendor for references. Ask to speak to customers where the solution worked well — and where it didn’t. Ask for case studies and results that bear out the true cost-benefit. Ask to speak to the vendor’s product and operations teams. 

These questions are key to understanding at a hands-on level how the solution would fold into your team’s day-to-day activities.

READ CUSTOMER STORY: Global Top 50 Bank Achieves 99% Cost Reduction in GDPR Compliance


Stay Ahead of the Curve — And Your Competitors

The world will almost certainly be somewhat different after this crisis is over, but some things will undoubtedly still be the same. Organizational pressures will still exist. Competition will still be there. Companies will still see a need to be as efficient as possible. 

The right technology solution can help drive better response time to customers, optimize costs, open up new revenue streams, and create better processes to reduce risk. Consider taking the time to determine which solution is best for your business and your needs so you can stay ahead of the curve.


Enjoy this article? Subscribe to receive helpful content designed to help you win at compliance.


Virtual Chat | Creating Data Certainty in Uncertain Times

By Blog

How, when working with data sets that are too large to be manually checked, can we have confidence in the data we’re producing? As part of our Virtual Open House, Spencer Allee, VP Data Science, discusses “Creating Data Certainty in Uncertain Times.”

Check out the full talk above and be sure to visit our Open House page for more great conversations!

LEARN MORE: Ascent’s Open House: Socially Distant, Virtually Connected


Enjoy this webinar? Subscribe to receive helpful content designed to help you win at compliance.


[pardot-form id=”323″ title=”Cliff Notes Subscriber Form”]

Virtual Chat | Digital Transformation in Financial Services: How to Make it Work for You

By Blog

As part of our Virtual Open House, we talked to Craig Novack in our fireside chat “Digital Transformation in Financial Services: How to Make it Work for You,” to discuss how to capitalize on the digital disruption ripping through financial services.

Check out the full talk above and be sure to visit our Open House page for more great conversations!

LEARN MORE: Ascent’s Open House: Socially Distant, Virtually Connected


Enjoy this webinar? Subscribe to receive helpful content designed to help you win at compliance.


Virtual Chat | Thinking Machines: Why Ethical AI Matters in Tumultuous Times

By Blog

To kick off our Open House, we had Ascent Founder & CEO Brian Clark discuss “Thinking Machines: Why Ethical AI Matters in Tumultuous Times.” Check out the full talk above and be sure to visit our Open House page for more great conversations!

LEARN MORE: Ascent’s Open House: Socially Distant, Virtually Connected


Enjoy this webinar? Subscribe to receive helpful content designed to help you win at compliance.