Skip to main content
Tag

rcm

Mar 25
Love0

What makes a good RegTech partner: fit and scalability

By Blog

Finding the right RegTech partner can be difficult. So we sat down with an industry expert to get his take on how he evaluates vendors.

As an expert in regulatory change management, Vincent Schultinge has seen the evolution and impact of regulation on financial firms firsthand. So, naturally, he has also been drawn to the niche industry that emerged to try to solve these RCM challenges—RegTech. 

Now, in his current role as a senior RegTech consultant at ING, he is responsible for defining, developing and implementing RegTech innovation throughout the ING organization. During his sit-down with Ascent, Vincent shares:

  • His perspective on what makes a good RegTech partner
  • What methodology ING follows when looking to implement a RegTech partner
  • How making machine readable regulation will open doors for the future of RegTech

Editor’s note: This interview has been lightly edited for clarity.

Using RegTech Maturity as an Evaluation Benchmark

To Vincent, managing regulation is a task that’s too fluid and too risky to put into the hands of new-to-the-market solutions. Here’s how he considers the maturity of RegTech.

When assessing a RegTech provider, you want to make sure it fits your business’s demands. I have a firm belief that we should strive for market standard solutions. Therefore I look to see whether a RegTech has the potential to become a market standard for their solution or offering. Once we have measurable results from a Proof of Concept (PoC), then we can decide if a RegTech is suitable for our purpose or not.

The way we assess RegTechs differs from the way we look at other vendors. Due to constant regulatory oversight as a bank, we have less freedom to experiment. For many business cases we will look for parties that are more mature and that have, for example, delivered the equivalent product to our peers or are engaging in sandboxes with regulators.

 

Being Able to Audit RegTech’s Black Box

Vincent believes that “auditability” is a key factor that firms should also consider when determining whether or not to work with a RegTech provider.

Providers should always be able to explain and demonstrate how their machine learning works. For risk and compliance teams, auditability of machine learning is absolutely key. If you can’t audit a technology solution properly, especially a machine learning solution, it becomes Pandora’s box. Not to mention that regulators won’t accept anything less than full transparency.

 

Aligning Around a RegTech Provider

At ING, Vincent’s team relies on what they call “PACE” methodology when considering what RegTech solution to implement.

Whatever methodology you are using to implement RegTech, you have to be consistent, thorough, and constantly verify that you are doing the right thing. 

At ING, we use our in-house PACE methodology for the delivery of innovation. This applies to our delivery of RegTech as well. With PACE, we combine Design Thinking, Lean Startup and Agile Scrum into a single process. PACE consists of five stages being: discover, problem fit, solution fit, market fit and scaling. 

For us this works really well and we gained a lot of traction with this in the organization. On top of PACE methodology at the whole of ING we practice an agile way of working. This helps accelerate the way we set up PoCs as well as other partnerships. 

 

Unlocking the Value of RegTech

For RegTech to truly be effective, Vincent has learned that it’s important to first have a culture of innovation prior to implementing a solution.

It is essential that you have business owners with the right mandate and budget who are convinced by the usage of technology. Business and innovation teams have to be able to establish the demand and create strong use cases for the application of RegTech. Teams should collaborate in such a way that the business demand and the premise of the solutions are a true match. This will help with validating and demonstrating the benefit of using certain RegTech solutions along the way. Regardless of the size of the firm, you need the right innovative culture and the right appetite from business owners; otherwise, it just won’t work.

 

Using RegTech to Manage Pandemic Woes

According to Vincent, the pandemic has only amplified the need for RegTech.

Regulatory changes keep coming, especially considering that people are working remote and are having to align virtually due to the pandemic. Regulators demand that banks remain in control. So, firms need to be able to monitor upcoming changes in the regulatory landscape by scanning the regulatory horizon as well as assessing obligations and potential risks. This is where having proper tooling in place for horizon scanning and risk assessment will definitely help firms to maintain control in these difficult times.

 

Pioneering the Next Frontier of RegTech

What’s next for RegTech? Vincent believes that making regulation machine readable will open incredible opportunities for financial firms to unlock the true potential of RegTech.

In order for RegTech to play an even bigger role in the industry, we first need to look into a few things— machine readable regulations, data and format standardization, and global harmonization of regulations. If regulations, updates and guidelines become machine readable and ingestible globally, it will become easier for firms to demonstrate compliance and adhere to rules and guidelines more efficiently. It will open a whole range of possibilities for the adoption of RegTech within financial institutions.

The same applies to data and format standardization. If we can agree on common data and format standards, adherence to regulations becomes more efficient. With the financial system being a truly global system nowadays, it allows institutions to act across jurisdictions in a safer and more compliant manner. Together, with harmonizing regulations globally, this could translate into a much broader usage of RegTech within the financial system. This end goal is something that I believe will contribute to the overall safety and stability within the financial industry.

ING is a global bank that aims to empower people to stay a step ahead in life and in business. Visit ING’s website. 

For more content like this, subscribe to our email updates.

Subscribe


Dec 21
Love0

SEC Priorities: Cryptocurrency Regulation and a Changing of the Guard

By Blog

Despite the pandemic, Reuters reports that the U.S. Securities and Exchange Commission (SEC) has had a banner year, with more than 700 cases and enforcement actions. As of November, that number represented over USD $4.7 billion in penalties, fines, and disgorgements assessed. The ratio of fines to penalties is a bit askew, considering that one fine alone represented a USD $1.2 billion settlement.

Still, the agency has been particularly busy with disclosure and regulatory-related penalties, in contrast to a mere seven enforcement actions by the Financial Crimes Enforcement Network (FinCEN). Of course there is an issue of the remit of the respective agencies that would need to be taken into consideration, but one priority of the SEC has seemed to remain squarely in the initial coin offering (ICO) / cryptocurrency-related space. Here’s a look back at SEC cryptocurrency regulation from this year and what’s to come from SEC leadership in 2021.

ICOs Strictly Subjected to Howey Test

The SEC announces its enforcement priorities annually, and 2020 was no different, if only in that respect.  At the start of the year, the Office of Compliance Inspections and Examination (OCIE) released its 2020 Examination Priorities, and in it the agency noted that “digital assets” would be a priority. Many of the enforcement actions that occurred throughout the year were related to either ICOs, either as fraudulent schemes or due to poor regulatory disclosures.

The SEC has treated ICOs fairly strictly over the past few years, perhaps punctuated by the Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (the “DAO”), released in mid-2017. This report galvanized the agency’s approach to tokenization and ICOs, noting that strict adherence to the Howey test (i.e., an investment of money and expectation of profit as the result of a common enterprise, with the profits coming from the efforts of a third party) would apply to ICOs.

To that end, ICOs who tested the SEC’s resolve found that the failure to register or seek an exemption to the Howey criteria would result in multi-million dollar penalties.  In one enforcement action in particular, the SEC noted that the ICO in question—though it knew or had reason to know that it was a security based on the DAO report and prongs of the Howey Test—continued to sell its offering without making appropriate disclosures to its investors.  

READ MORE: The Most Telling Guidance of 2020: Corporate Compliance Programs, AML & More

 

Changing of the SEC Guard

The current chairman of the SEC, Jay Clayton, has publicly stated that he intends to step down from the position, leaving the incoming administration to make a nomination. Clayton’s tenure was remarkable, and has seen lauding from both sides of the aisle.  The two current names being floated to replace him are Gary Gensler, former chairman of the Commodities Futures Trading Commission (CFTC), and former prosecutor Preet Bharara. Already named to President Elect Biden’s transition team, Gensler has no shortage of experience dealing with both regulators and the private sector.

During his time at the CFTC, Gensler pushed for sweeping regulation of swap trades and has been viewed as someone who—as a former partner at Goldman Sachs—could potentially deliver diplomatic regulatory outcomes. Bharara, on the other hand, poses a far more significant shift in regulatory tone. Bharara is known, and well-respected, for his work on major insider trading and white collar cases.

Despite the significant number of actions under Clayton’s tenure (over 3,000 examinations in 2020 alone), Bharara’s appointment would signal a no-nonsense approach to both civil and regulatory engagements.

Preparing for What (and Who) is Next

Other names circulated are Dodd-Frank contributor Michael Barr, as well as Allison Lee (a former securities law practitioner and currently an SEC commissioner) and Kara Stein (a former SEC commissioner) who would both bring senior-level, hands-on experience to the position. There are innumerable variables still at play after the outcome of the November 2020 election. Needless to say, the SEC and other high-profile regulatory positions will keep Wall Street waiting with baited breath, and those of us in the bleachers a lot to consider. 

READ MORE: What are “granular” obligations in RegTech, and how do they reduce your risk?

 

No matter who takes the helm at the SEC (and at other U.S. regulators), it’s important for financial institutions to keep tabs on regulation at both the national and state level. It’s within these agencies that incremental changes occur and often catch organizations off guard. Be sure that your firm is ready for what’s next. Shore up your compliance and risk strategy by identifying all of your key risk factors, including any potential gaps in your firm’s regulatory obligations / requirements.

READ MORE: Regulatory Change Management: A Tech-Based Approach

 

Ascent helps banks and other financial firms stay above the rising tide of regulation, from the SEC and other regulators. Learn more about our regulatory coverage here.

To stay up on the latest in regulatory technology and other news, subscribe to our monthly Cliff Notes newsletter below.

Subscribe


Dec 14
Love0

The Most Telling Guidance of 2020: Corporate Compliance Programs, AML & More

By Blog

There has been no shortage of media chatter in the very unusual 2020 calendar year.  For those concerned with organizational compliance, the release and re-release of regulatory guidance and legislation — particularly around BSA/AML and corporate compliance programs — has been nearly unparalleled.  As we will show, these developments have significant implications, if not direct calls to action, for banks.   

The BSA/AML Manual Hits Hard

At the risk of hyperbole, the Federal Financial Institutions Examination Council’s (“FFIEC”) Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”) is perhaps the most sacrosanct of all regulatory frameworks. Intended to serve as a field guide for examiners, instead its outlines and parameters are utilized by banks’ BSA/AML compliance departments as the foundation for their compliance programs and by auditors as a basis for testing protocols. Updated in April, the Manual was not radically updated but the updates that were made were significant.  First and foremost, the Manual makes reference to “other illicit activity” as a nod to the nebulous nexuses between crimes like healthcare fraud, corruption, and money laundering.  The Manual further updates provisions in regards to risk assessments (while not flat out requiring them) and board-level oversight, broadly, requiring that banks ensure that their compliance programs are tailored to their unique risk profiles.  

Perhaps the most significant updates include expansions to the expectations around training.  Where only a paragraph existed previously, the updated Manual expands its expectations to have role-based technical and subject-matter training, along with much more precise guidance on the expectations for board of directors training.

READ MORE: Regulatory mapping is key to compliance. Are you doing it effectively?

 

A Major Emphasis on Corporate Compliance Programs

As many compliance practitioners were settling into remote working, the U.S. Department of Justice (USDOJ) re-issued its Evaluation of Corporate Compliance Programs (the “Guidance”).  In examining whether to consider and the depth of criminal penalties, prosecutors too (harkening back to the Manual) should look at whether the organization at issue maintains and leverages a risk assessment to inform decisions about compliance and mitigate the risk of misconduct.  The Guidance goes on to note that perhaps one of the most important factors is, based on the risk assessment, how were allocations for staffing, technology, and resources such as training allocated.  Were cost centers given hiring priority over compliance staff?  Is the annual compliance training program a leaflet?  Are the sales staff on top-of-the-line computers while the compliance and audit teams are using ineffective tech? 

All seem like fair questions. 

The Guidance directly states that compliance should be built into the compensation scheme, and that it should be a considerable factor in the allocation of (or withholding of) bonuses.  Lastly, the Guidance reiterates the need for ongoing monitoring, testing, and escalation of the state of misconduct-related controls and their investigations.  

READ MORE: How an Integrated Risk Management (IRM) approach can transform your organization

 

On the AML Horizon

There are two fairly significant developments  pending approval, and we cannot emphasize “pending” enough – a shell company transparency provision and the Anti-Money Laundering Act of 2020.  They are both embedded within a defense spending bill that the White House has threatened to veto for unrelated reasons. The shell company provision would mandate the registration of beneficial owners with the Treasury department, effectively ending anonymous shell company use within the U.S.  

Secondarily, if passed, the Anti-Money Laundering Act of 2020 would mandate that the Secretary of the Treasury take steps to “streamline” BSA/AML compliance requirements.  In its September Advance Notice of Proposed Rulemaking (“ANPRM”), FinCEN sought input from the banking community on how to make more “effective” use of BSA/AML systems and processed, skewing more in favor of law enforcement’s needs than compliance.  The proposed AML Act seems to end-run the feedback solicited by the ANPRM, and place the obligation with the Treasury to ease, reduce, or otherwise better facilitate the production and utilization of BSA/AML-related information.  

While the approval of the AML Act and its governing bill are in a tentative state, the ongoing developments in this space speak to big changes for the BSA/AML compliance space going forward.  

Keeping Pace with Change: A Tech-Based Approach

While these regulatory developments are broad reaching, their impact is different at each financial institution. This leaves Compliance teams with the tall order of reading through and analyzing the regulatory text to determine which parts of the Manual or the Guidance applies to their organizations — which can be like looking for a needle in a haystack.

According to an Ascent internal analysis, 65 percent of the regulatory text (the haystack) is made up of definitions and clarifications. The remaining 35 percent, which actually consists of obligations, is what compliance teams need to be reviewing in order to determine what regulatory requirements and obligations specifically apply to their firm (the needle).

READ MORE: Regulatory Change Management: A Tech-Based Approach

Ascent can help banks and other financial firms stay above the rising tide of regulatory change. Read this article to learn how our RegTech platform can help your firm quickly produce “granular obligations” and keep them current as new regulatory developments arise.

If you’d like to contact a team member directly, you can do so here

To stay up on the latest in regulatory technology and other news, subscribe to our monthly Cliff Notes newsletter below.

Subscribe


Dec 03
Love0
Webinar screenshot

[Webinar] Effectively Managing Your Regulatory Obligations Register

By Blog

Struggling to understand what your organization needs to comply with? Wasting too much time and resources scraping through regulations and building your obligation register? You’re not alone.

In this webinar, experts from LogicGate and Ascent we walk you through regulatory compliance insights and best practices to save you time and resources.

Learning Objectives

» What is the difference between a “top down” vs. “bottom up” approach to regulatory compliance?

» How do you evidence compliance, especially during a pandemic when the labor force is spread out?

» Boards are scrutinizing compliance more closely; how do you balance in-house staff, outsourcing, and technology?

» Learn how to set up a repeatable process around your compliance program to manage change & downstream impact.

Speakers

  • Brian Clark, Founder and President, Ascent
  • Marc Van de Ven, Sr. Solutions Engineer, LogicGate
  • Moderated by Megan Brown, Head of Strategic Alliances, LogicGate

This webinar is hosted by OCEG (Open Compliance and Ethics Group)

 

About the Ascent / LogicGate Platform Integration

LogicGate Risk Cloud™ is a cloud-based platform with a suite of risk management applications that transforms the way businesses manage their governance, risk and compliance processes. Now with a powerful new integration, you can fuel your compliance program housed in LogicGate Risk Cloud™ with targeted regulatory data from Ascent. Seamlessly map your regulatory obligations and citations to your controls and P&Ps, trigger change alerts, and more. Learn more about Ascent’s API integrations here

 

For monthly insights on compliance and technology, subscribe to our monthly newsletter Cliff Notes below.

Subscribe


Nov 25
Love0

Regulatory Change Management: A Tech-Based Approach

By Blog

What is Regulatory Change Management?

Regulatory change management (RCM) is a multi-step process that ensures your organization stays compliant with any new changes in regulation. At a high level, RCM involves the intake of regulatory changes (rule amendments or additions), determining the impact of those changes to the organization’s existing obligations, updating the necessary controls, policies and procedures, and then working with the lines of business to ensure those changes are socialized and implemented.

Flow chart of traditional regulatory change management process (manual)

Firms Struggle with Regulatory Change

For regulated businesses, keeping up with the torrent of regulatory change is a constant struggle. In an environment where rule updates have increased by 500 percent in the last decade, Risk and Compliance workers face a confluence of challenges:

  • Compliance personnel must determine the impact of rule amendments or additions to their existing obligations, a process that repeats with every change in regulation.
  • Relevant changes must be reconciled with a firm’s controls, policies and procedures. Manual documentation and siloed pockets of knowledge throughout the organization leave the business vulnerable to human error.
  • The economic turmoil spurred by COVID-19 has seen many companies reigning in their budgets. As a result, those tasked with regulatory change management are now being asked to do more with fewer resources.

There are some 300 million pages of regulatory documents published globally, full of dense language and crucial but often subtle implications. Teasing out relevant regulatory obligations from these texts and mapping them to your organization has historically required countless hours of manual work. 

READ MORE: Regulatory mapping is key to compliance. Are you doing it effectively?

 

As compliance operations move increasingly into the digital era, it is clear that regulatory change management is particularly ripe for automation. 

 

Regulatory Change Management in the Age of Digitalization

Technological innovation has allowed financial firms to significantly improve their compliance processes. Here are some of the ways RegTech tools are helping financial institutions better manage regulatory change:

» By collecting regulatory content in one place, making it easier to monitor the regulatory landscape and reducing reliance on email/mailing lists.

» By surfacing regulatory changes that apply to a specific firm, narrowing the universe to applicable insights only.

»By helping compliance personnel organize and triage regulatory changes by mapping them to the firm’s business taxonomy.

» By helping compliance personnel map regulatory changes to the firm’s policies and controls, streamlining the process of assessing impact.

» By providing continuous insights, updating a firm’s obligations register in real time and flagging instances where operations no longer match requirements. 

Modern approaches to compliance risk are becoming increasingly necessary as regulation continues to grow and evolve. By investing in regulatory change management tools, financial firms are able to increase their compliance team’s efficiency and effectiveness while proactively protecting the business from regulatory and reputational risk. 

READ MORE: Solution Highlight: How Ascent Automates Regulatory Change Management

 

To stay up on the latest in regulatory technology and other news, subscribe to our monthly Cliff Notes newsletter below.

 

Subscribe