A decade has passed since the financial crisis, there has been an ensuing raft of new regulations since, and the job of compliance officer has changed beyond recognition. It is no longer enough for compliance teams to have a textbook knowledge of regulations. They must now learn to process the unprecedented amount of data and information triggered by new regulations to monitor client activity and handle alerts both promptly and efficiently. Despite this, compliance processes are still largely manual as evidenced by staff costs, which represent around 80%1 of total compliance costs on average. We can easily argue that new technologies will be able to streamline compliance tasks, but the real question is whether that is enough or is there a need for even more ambitious projects in order to increase efficiency?
Rising interest of compliance technology
Among the most interesting technologies being tested today, machine learning is the most promising. Many compliance processes include repetitive tasks or recurring features, especially when it comes to the handling of surveillance alerts. Technologies which are able to detect recurrent patterns to allow automated closure of these alerts are particularly interesting. The most exciting aspect of machine learning lies in the tools’ capacity to save previous answers in order to provide a full audit trail of subsequent alerts. Of course by automating some of these manual and repetitive tasks it will also allow for compliance teams to realise greater capacity in the face of an increasing regulatory burden.
Another much-debated technology applied to compliance are the so-called ‘behaviour-based’ surveillance tools. Instead of trying to define anticipated misbehaviour (‘scenario-based’), the new generation of surveillance tools can detect deviance from self-defined standards. As such, they are well suited to the ‘cat and mouse’ play between fraudsters and compliance officers. However, such tools have proven difficult to audit, and buy-in from regulators is still pending in most jurisdictions. A handful of regulators – such as the Monetary Authority of Singapore - have recently endorsed specific features of behaviour-based surveillance systems in addition to scenario-based ones. We expect more regulators to publish opinions on the topic in the months to come.
A wider perspective for the whole industry?
However, focusing on automating processes, notably through the introduction of new technology is only one line of improvement. Just as happened in the securities and cash payment industry when faced with a sudden surge in the volumes of detailed processes, the compliance industry is now looking at how market infrastructures and common norms and standards could help alleviate the pressure on compliance teams.
There have been already a few such attempts at creating new infrastructures, the most high profile one being SWIFT’s KYC Registry, which went live in early 2019. Previously, every institution had to establish multilateral processes to collect KYC data when needed. Institutions received hundreds of requests for documents and had to reply individually to each request. With SWIFT’s centralised register of KYC data and documents, institutions can now deposit documents into the centralised registry at a predefined time. Firms looking to renew their KYC documentation can pull out this data at their discretion, thereby greatly reducing the effort and time needed to renew their clients’ KYC. In addition, this framework operates within the rules established by SWIFT, ensuring that institutions fully control who can access their data.
Creating such an infrastructure required industry agreement on a minimum set of rules and standards. It can be difficult to reach an agreement on standards and take years to implement new rules. However, the industry can greatly benefit by expanding norms and standards to local regulators in order to establish international standards. Obvious examples of areas which could benefit from international standards include jurisdictions where notarised documents are still required, or where identification details include disclosing information about parent companies.
Fintech and industry collaboration
As fintech continues to advance and change the financial industry, compliance departments must look for ways to adopt these new technologies. Technologies such as AI and machine learning show great promise in streamlining compliance – particularly for repetitive tasks and it is only a matter of time before these technologies are the norm. However, implementing technology in itself is not enough; industry collaboration is going to be key. If financial institutions are able to organise themselves, and cooperate, then we have an enormous opportunity to re-define the compliance foundations. Medium-term projects such as standards and norms definition will play a big role and it will take working with market infrastructures to make this happen. It is only through agreed standards and norms we can together achieve a more efficient and robust compliance monitoring for our industry.
1 McKinsey Compliance 360 Benchmarking Survey 2018