How Recent Technology Developments and Transformations in Compliance are Impacting your Business Environment

By Jenny Fung, Chief Compliance Officer, East Asia (excl China), Sumitomo Mitsui Banking Corporation

Jenny Fung, Chief Compliance Officer, East Asia (excl China), Sumitomo Mitsui Banking Corporation

The deployment of technological innovation in the financial services industry is no longer “nice to have” but a key investment item on the strategic planning agenda of most international banks, if not all. In the IDC forecast, the worldwide financial services risk IT spending is predicted to grow from US$80 billion in 2018 to US$94 billion in 2021. From the “Pulse of Fintech 2018” report published by KPMG in February 2019, the global Regtech investment increased substantially from US$1.2 billion in 2017 to US$3.7 billion in 2018, which was tripled within a year’s time. Though the U.S. and Europe continue to dominate in the Regtech investment globally, Asian countries such as Hong Kong, Singapore, Japan, and India are expected to catch up soon. The rising need for Regtech solutions in the financial services industry could largely be driven by the change of customers’ behaviors and expectation, increasing threats of new and competitors and the surging cost of compliance.

Customers’ behavior has been drastically changed with the increasing use of smartphone or other online platforms for account opening, payment, lending or transaction processing in recent years.

Customers are expecting more convenience and speed when using banking services. Convenience and speed of account opening and making payments, however, present greater risks for impersonation and fictitious transactions. The development of identity technologies such as biometry (e.g. fingerprint, iris, vocal recognition, touch ID, etc.) and scanning technologies, therefore, promote secure customer identification and authentication processes, facilitate a more efficient onboarding of customers and also mitigate impersonation risks. Even so, financial institutions continue to explore more sophisticated security measures in their systems to mitigate the potential cybersecurity risks and therefore the legal risks should there be any leakage of data as a result of a cyber attack.

Following the financial crisis and a vast number of market abuse, misselling and money laundering scandals in the financial services industry in the past decade, financial institutions have already invested significantly in resources and systems to cope with the increasing complexity of regulatory requirements and heightened public expectations. While investor protection and transparency have been enhanced, financial institutions are also facing the challenges of surging cost of compliance and uncertainty on the quality and timeliness of the data. The use of the technologies such as artificial intelligence (AI), cloud computing, machine learning, identity technologies, distributed ledger technology (DLT), application programming interface (API) is therefore expected to ease the pain of the financial services industry.

For e.g., the regulations purporting to prevent misconduct acts have forced financial institutions to increase their scope of surveillance and implement effective conduct culture.

Financial Institutions have Begun to Invest Significantly in Resources and Systems to Cope with the Increasing Complexity of Regulatory Requirements and Heightened Public Expectations

Instead of relying on reviewing a voluminous number of alerts generated by the systems, AIs or machine learning allows financial institutions to reallocate their manpower to areas that require more focus by way of filtering straight forward false positives. Machine learning can also identify deviation of trading patterns from the norm, draw the attention to behavioral patterns of the traders and therefore able to stop improper behavior before getting worse.As reported in the Financial Times on “Banks use AI to catch rogue traders before the act”, IBM said a dozen banks have already deployed its AI and machine learning technology to monitor the conversations or email communications by traders to identify any keywords or tone that reveal potential fraud for further investigation.

Another example is the adoption of advanced data analytics, which enables aggregation and processing of non-structured real-time risk data for analysis and comparison with historical trends and data. The reports generated are more meaningful for the risk professionals and the management to understand the current risks and forecast potential risks so as to plan ahead. It also allows the regulatory reporting to be more efficient and accurate. The combination of machine learning and advanced data analytics can facilitate AML professionals to conduct transaction monitoring and report suspicious transactions more effectively. One remarkable example is the deployment of a new software system by HSBC, as mentioned in its Environmental, Social, and Governance Update published in April 2019, to spot financial crime networks in near real-time by looking at internal and external data to find possible links between individuals or companies, and the use of AI to recommend whether further investigation is required after assembling all the relevant information on a particular suspicious transaction.

Other technologies such as retrieving the regulations from various sources by using robo-advisor can reduce the time-consuming research process and facilitate the compliance officers to provide advice or conduct investigation.

There is no doubt that technology has continuously changed the business model in the financial services industry. It is however not only improving efficiency and accuracy but also introducing new types of risks. For instance, it is anticipated an increasing reliance by financial institutions on third party service providers for the deployment of new technology or data storage. Generally, financial institutions, which are subject to more stringent regulatory measures on data protection and outsourcing, are cautious with sharing customer information with the service provider. A disruptive event or cyber incident of the third party service provider could result in significant outsourcing risk, in particular when there is a high concentration on a small number of service providers could even amplify the adverse impact. Another impediment lies with data governance as data housed in the legacy systems may be incomplete or of poor quality. Financial institutions may need to incur considerable time and efforts to address the data quality and completeness before they can fully optimize the benefits of using technology.

Lastly, regulators are also seeking to stay current with the new era and are revisiting their supervisory focus to cover those new sources of risks. For example, following the unprecedented misconduct incidents revealed in a number of Australian banks, the Australian regulators are exploring how AI can use natural language processing technology to detect misconduct acts by analyzing large amounts of speech and text so as to identify irregular patterns. Another trial will use software to scrutinize marketing materials to identify any problematic advice or deploy AI to monitor and screen conversations between sales agents and customers to identify any misselling tactics or non-compliance of disclosure rules. Regulators in the U.K., U.S., the Netherlands, and Singapore are using cloud computing to process a large volume of data to enhance their supervisory oversight.