By Maaike van Meer, General Counsel, Aegon Asia
In 1933, in the wake of the 1929 Wall Street Crash, the United States Congress established the Federal Deposit Insurance Corporation (FDIC) and prohibited the combination of commercial and investment banking, imposing broad restrictions on what was then seen as speculative bank activities. This regulation, with various other banking reforms, became the Banking Act of 1933, colloquially known as the Glass-Steagall Act. Since then, many regulations have followed which has brought us where we are today, an environment where technology-based solutions are imperative to support expanding regulations and requirements for transparency.
Typically, the emergence of new regulations is peaking after a financial crisis or high profile fraudulent incident. However, we should not underestimate the continuous evolution of existing regulations, as well as the efforts of regulators to establish more transparent, standardized and detailed reporting requirements. Compliance work is not limited to satisfying the compliance regime; there are the equally dominant implementation aspects of new and changing regulations:
A large number of new regulations have been implemented over the last decades around risk and capital (i.e. Solvency, RBC), accounting and reporting standards (i.e. IFRS), tax harmonization (f.e. CRS), privacy regulations (i.e. GDPR) and the global anti-corruption measures (i.e. FCPA).
Regulations tend to get relaxed when higher risk appetites grow, which is typical for booming economic cycles. After economic contractions, politicians and regulators tend to pressure financial services institutions towards a more stringent compliance culture.
These regulations, the changes that come with it and the ever-growing requirement for straight through process and transparency does not align well with (decades) old information and process architectures that are embedded in the legacy work processes and computer systems that perform a large part of transactions in financial services.
The Aim was to Automate the Capital Requirement Analyses as Required, a Task So Large that It Had to be Automated to Deal with the Volume and Complexity
The required changes required are expensive to carry through.
Compliance officers should no longer be ticking boxes or being perceived as “business prevention officers”. Interpretation of new or changing regulations and aligning these with corporate strategy while balancing risk appetite requires a compliance officer who is able to navigate both the rules as well as the commercial strategy. Whatever the outcome of that process, it will have a profound impact on the underlying processes and systems and operations, which requires a level of agility that is difficult to implement in computer systems.
One of the early layers of regulatory technology that was implemented by large financial institutions, as a response to the Basel II Capital accord, was based on integrated technology underlying – or imposed on - their internal processes. The aim was to automate the capital requirement analyses as required, a task so large that it had to be automated to deal with the volume and complexity.
Post the global financial crisis, regulators started to enhance their own monitoring systems and required more frequent, more detailed and more volume of data from the financial services industry to be fed into their systems; resulting in a de-facto digital interface with regulators.
Nowadays, regulators are looking for greater granularity, precision, and sophistication, both from a transparency perspective, as well as from a technology perspective dealing with data and analysis.
We have now working in an environment where each year, hundreds of regulatory changes are implemented and hundreds of billions of fines have been handed out. Meanwhile, the industry is transforming towards digital and a client-centric business models, which will drive innovation of product and client propositions. The emergence of digital business models has led to high profile cyber incidents that increased awareness that cybercrime is one of the main threats to our financial ecosystems and with that perhaps to society. Regulators will require more insight to monitor these innovative products and transactions to catch-up with market manipulation and risks.
This is an environment of ever-increasing cost of compliance and exponential growing complexity which makes it reasonable to assume we are only scratching the surface of what the future technology-based solutions will need to deliver in order to support expanding regulations, requirements for transparency and growing awareness and exposure of cybercrime. I am hopeful that we are also only scratching the surface of the transformative power of technology in the regulatory environment.