Skip to main content


The first (and most difficult) step in setting a regulatory compliance framework

By Blog

Compliance and Risk professionals have a tough job. Not only are they responsible for maintaining compliance according to their organizations’ existing regulatory framework, but—more importantly—they are responsible for determining what their firms’ regulatory framework is in the first place.

But first, what is a regulatory compliance framework?

A regulatory compliance framework “is a structured set of guidelines that details an organization’s processes for maintaining accordance with established regulations, specifications or legislation. It outlines the regulatory compliance standards relevant to the organization and the business processes and internal controls the organization has in place to follow to these standards.” (source: TechTarget)

Regulatory compliance framework
When it comes to financial regulation, this process of outlining relevant standards and requirements is the first and foundational step in setting a strong regulatory compliance framework. It is also a huge liability for both financial firms and their compliance / risk officers due to the sheer amount of regulation that exists today.

READ ARTICLE:  Regulatory mapping is key to compliance. Are you doing it effectively?

Faulty foundation of regulatory requirements = susceptibility to risk

On average, U.S. firms are overseen by a handful of regulators (significantly more if they operate globally), and each regulator has hundreds to thousands of pages of regulation that they maintain, update, and enforce regularly. For example, between 2019 and the fourth quarter of 2020, the Securities and Exchange Commission (SEC) published 147 rule changes and 263 guidance notes. And that’s just for one regulator.

With rule changes up nearly 500 percent and a new regulatory update issued every 7 minutes globally, it is increasingly more difficult for Risk and Compliance professionals to identify all of the regulatory developments that apply to their business.

In fact, aligning policies with new and changing regulations is a top challenge for over a third of organizations (35%) according to an Ethics & Compliance Policy & Procedure Management Benchmark Report from Navex Global. In that same report, just over one quarter (27%) of organizations also attested that they are challenged in improving version control, reducing policy redundancy, and inaccuracy.

And yet, many firms continue to try to manage and synthesize this influx of information in the same ways that it always has—by increasing personnel to do the work manually.

Manual solutions only plug the cracks in the foundation

Today, Risk and Compliance teams undergo the tedious and burdensome task of gathering information from:

  • International, national, state, and local legislative action
  • Court decisions
  • Executive actions (regulations, guidelines, and enforcement) 
  • Other supporting legal materials

Once they have compiled this information, compliance analysts then assess those regulatory documents to extract the laws, rules and regulations within them, and analyze those requirements to determine which might apply to their business. After hundreds of hours of hard work, the analysts finally are able to present the foundation for the firm’s regulatory compliance framework back to the business for approval. 

Only then, finally armed with this knowledge, are teams able to begin the real, vital work of compliance—reconciling their obligations with their policies and procedures, creating controls, and implementing compliance throughout the business. 

However, in our current regulatory climate, this process is becoming increasingly impractical. The pace of regulatory change and the cost of compliance haven’t slowed down. At the same time, neither has the cost of non-compliance. In just the last three months, the Office of the Currency Comptroller (OCC) has issued fines of $60 million, $85 million, and $400 million.

Missing even the finest detail within a body of regulation or rule amendment can be disastrous for financial firms’ bottom lines, not to mention their reputation. Like the proverbial needle in the haystack, any obligation missed among the thousands of lines of regulatory information could have severe consequences come audit time.

‘Regulatory knowledge automation’ restores framework from the ground up

What is regulatory knowledge automation?

‘Regulatory knowledge automation’ is the process of using algorithms to create knowledge from data, such as analyzing regulatory text to determine an organization’s applicable regulatory obligations.

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

By leveraging next-generation technologies like
machine learning (ML) and natural language processing (NLP), this knowledge creation work can be completed in mere minutes, at a fraction of the cost, and greater accuracy than ever before.

At a glance: 

  • NLP is the combination of computer science and linguistics that allows computers to understand human language. In essence, NLP takes the dense texts of regulatory documents and “translates” them into machine-readable language. 
  • ML is the capability to “train” systems how to complete a task. Once NLP has translated regulatory text into something that can be read by a machine, trained ML systems can extract the rules and requirements from that dense text.

These two technologies are at the heart of Ascent’s RegulationAI™, a true innovation in regulatory technology. RegulationAI™ is able to:

  • Process thousands of pages of regulatory documents
  • Identify all of the standard requirements that derive from the laws, rules, and regulations within those documents
  • Determine which of those standard requirements correspond to a singular financial firm based on their business practices and unique regulatory burden

Compliance Mapping to a Risk Taxonomy in Ascent

By Solution Highlight

Regulatory compliance mapping is essential for financial firms to manage risks effectively. As regulations keep changing, firms need to stay abreast of updates and ensure that they remain compliant. Traditional methods of compliance can be time-consuming, expensive, and complex. However, with Ascent’s technology, organizations can easily identify their regulatory obligations and assign them to risk themes. This makes it simple for businesses to organize and access relevant information. In this blog post, we explore how Ascent’s AI and automation solution simplifies compliance mapping for organizations, enabling them to streamline their compliance efforts while reducing costs

But first, what is a risk taxonomy?

A risk taxonomy is a standard and comprehensive set of risk categories used within an organization to help define the types of risk that should be considered and measured.

Whether your firm uses its own set of classifications or ones set by the industry such as the ISO 3100, Ascent has the flexibility you need to classify and map your applicable regulatory obligations in the language that makes the most sense for your firm.

READ MORE: Regulatory mapping—are you doing it effectively?

As a starting point, Ascent provides a standard set of classifications or
themes, such as Credit Reporting, Investment, Know Your Customer, and Truth in Lending, to name only a few.

Ascent risk taxonomy

Ascent also enables customers to implement their firm’s unique taxonomy with a custom theme feature. 

custom risk taxonomy

No matter which type you choose, the themes that you set up in Ascent are more than just a glorified search feature or a way to organize regulatory content. They are a powerful way to understand what you need to do to stay in compliance, in a structured manner that allows you to make progress against your compliance goals. 

The power to understand exactly what you need to do.

Unlike tools that function primarily as searchable databases of regulatory documents, Ascent is an intelligent compliance platform that automatically surfaces the exact parts of the regulatory texts that apply to your business. Once your unique obligations have been identified, Ascent provides the depth and lineage you need to trace every obligation back to the rule it came from.

READ MORE: Traceability of obligations in Ascent


The ability to map to your controls, policies, and procedures.

The beauty of Ascent’s granularity is that it is made truly actionable through its custom and standard themes. After Ascent identifies your obligations, you can tag them using your chosen themes. The obligation pictured below, for example, fits into the scope of “Anti-Money Laundering.” However, it may also apply to other areas of a firm’s risk profile, and so it might require additional tagging to ensure that it sits properly within the firm’s taxonomy.

compliance mapping

Ultimately, risk themes in Ascent enable firms to:

  • Organize all applicable regulatory obligations into topics and map them to internal risk taxonomies
  • More easily perform impact assessments and map obligations to controls, policies and procedures. 
  • Easily divert obligations to the responsible people by themes in the organization

The flexibility to organize your world.

With Ascent, accuracy and actionability is possible. Learn how you can accurately identify your regulatory obligations and map them to your organization’s unique risk taxonomy for more streamlined compliance. 

Interested in learning more? Contact us to request a demo or talk to our Sales team.

Rate your compliance-readiness in just 5 minutes

Rate your compliance-readiness in just 5 minutes


What are ‘granular’ regulatory obligations and how do they reduce your risk?

By Blog

The challenge of knowing your obligations

What are regulatory requirements?

Regulatory requirements (also referred to as regulatory obligations or mandates) are an affirmative duty on an organization to complete, or refrain from, a set of actions in order to remain compliant with the law. Compliance personnel will typically analyze legal text to determine the regulatory requirements their organization must adhere to.

Accurately and efficiently determining your firm’s obligations is incredibly difficult, especially in the last decade as regulation has exploded in volume and complexity. 

This complexity is exacerbated by the fact that workers spend hours combing through mostly irrelevant information; based on Ascent’s internal analysis of regulatory text, only about 35 percent of any given regulation consists of actual obligations. The bulk of regulation – the remaining 65 percent – is made up of non-obligations such as definitions and clarifications. 

This challenging environment often has Risk and Compliance teams throwing up their hands in frustration; how do they get to the right obligations that matter to their firm, especially as rules continue to change? Is it even possible to do so without simply throwing more money and people at the problem? 

Recent advances in machine learning and other emergent technologies offer a path forward, but it is important to understand what makes some technologies more effective than others at pinpointing obligations from oceans of text.

Granularity: a crucial new concept in regulatory technology

In attempting to solve that problem, businesses need precision. Tools that offer a large breadth of regulatory information may provide value in terms of regulatory research and monitoring, but they do not solve the problem of helping firms target their exact obligations. This underscores the importance of granularity — in other words, precision.

Ascent generates the granular obligations that are relevant to your specific organization i.e. the individual requirements imposed on your firm, down to the line level of regulation. Granular obligations are independent of citation; as an example, a single rule may contain 1 or 100 obligations, or a sub-rule may contain 1 or 50 obligations. The takeaway is that obligations generated in Ascent are never an entire rule or large block of text that must be further analyzed by the user. 

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

Instead they are broken down into specific obligations that are easy to understand and map to your internal compliance taxonomy (i.e. the real-life business topics and risk areas that your team organizes around, such as AML, consumer credit, cybersecurity, etc.).

This allows compliance workers to spend significantly less time and resources manually reading regulation and tracking changes, while also guaranteeing a high degree of accuracy. 

Granular obligations in Ascent provide a single source of regulatory truth, enabling businesses to standardize their data and keep it current with changing regulations. 

Granular obligations help you avoid fines and reduce risk

Effective compliance starts with having the right obligations in hand, then keeping them up to date. By providing granular obligations that are targeted to your business, Ascent ensures that you have the dynamic regulatory knowledge you need to effectively implement compliance throughout your organization, mitigate risk, and avoid fines and penalties. Learn more.