Tuesday, January 19, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Adopt a Regtech Culture with Compliance at the Epicenter

by Nick Paraskeva
January 22, 2018
in Compliance, Featured
business planning meeting

The Benefits and the Challenges

For compliance professionals, the opportunities presented by regulatory technology are plentiful, even though challenges exist. Several best practices can help ensure they are getting the most out of the tools they choose for their businesses.    

Regulatory technology (regtech) is a subset of financial technology (fintech) as well as of the larger cyber realm, and it offers compliance and risk departments in financial service institutions great benefits, while also introducing potential threats and challenges.

By all accounts, it looks like the benefits outweigh the latter concerns, but only a business with an effective compliance program will see that presumption play out.

Challenges for Firms

The challenges for firms range from the need to have the appropriate skill sets at all levels of the business — from the capacity to know what technology is needed, to evaluating possible tech solutions, to skillfully selecting and monitoring technology vendors. Plus, there will likely be a need to revamp legacy systems and implement internal rulebook changes.

Skill sets within compliance and risk departments need not match those in the IT department, but the selection of these tools must be an informed one, and the ability to use them and know when they are not functioning appropriately should become part of the compliance remit.

Cyber threats are incredibly challenging to insulate against, detect and contain – and they make for some of the worst kinds of publicity. The concern is borne out by the statistics regarding cyber attacks and their increasing incidence, cost and the breadth of corporate types as victims.

Regtech is supposed to make our lives easier, but when they are under attack by ransomware – which cybersecurity researchers estimate criminals used to haul in over $1 billion (USD) in 2016 – consumer data and money, plus market integrity, are compromised.

Another challenge in this arena revolves around assigning who does what in the selection, maintenance, auditing and updating of tools and in handling their breakdowns, plus any attacks on or misuse of them.

Another one is dealing with U.S. (and local) regulators that are just now assembling divisions to oversee cyber and all things “tech,” leaving businesses still trying to figure out what the regulators expect of them as they use the tools for key compliance tasks.

Benefits to Business

For compliance professionals, the opportunities presented by regtech are plentiful: They sift through data or offer information quickly, helping firms comply with regulations and laws, and enable those businesses to evidence their compliance. The ability to have such tools track ever-changing, global regulatory enactments that impact your business — from their proposal stage to their implementation – often more than justifies the cost of tools by making such the task far less time-consuming and efficiently compiled.

More specifically, they can scour watch lists and discern aberrant behavior; take a huge amount of regulatory detail and parse it down to what your firm needs; help build a new product or service and help test the compliance controls upon which a compliance program relies.

Individual jurisdictions are signing memoranda of understanding with each other and regulators are developing “sandboxes” to encourage innovation. And while each financial market and regulatory infrastructure has its own characteristics, regtech helps offer solutions that factor in these geographical and market nuances.

As regulators publish their policies and advertise their supervisory approaches to technology, several large financial firms have established dedicated teams to explore the technology, and some market participants have formed consortia to create industry standards.

Customers expect to use increasingly sophisticated tools that make investment-management more efficient, which is also spurring firms to create and refine them. But just as customers want easy access, they insist on having protections undergird them to safeguard their money and identities, and to ensure they are investing in products suitable for them.

Best Practices

There is no one-size-fits-all solution to regtech adoption, deployment and supervision.

Regulatory technology that is developed in-house can often be tailored precisely to the firm’s business and risk profile, but those developed by vendors may benefit from having people with broader skill set – people who have worked with an array of institutions and might know what offers a better solution. Firms need to consider whether one or the other — or some mixture of both solutions — works best for them.

To use regtech wisely, whether developed in-house or not, companies need to assess the skills they have internally and begin to remediate gaps as needed.

Again, this is not just an audit that should occur in the IT department; it needs to cover risk, compliance and internal audit as well. Even if much of the regtech solution comes from a vendor, someone (or several persons) needs to be able to appreciate what the business needs and be able to vet possible vendors and tools effectively.

Compliance and risk functions should be involved in all stages to ensure that a solution suits the business and actually improves the overall compliance soundness of the firm.

As noted above, many personnel will have a role and responsibility that will be split into clear lines of demarcation. But there must still be a clear owner for these technology solutions. If decision-making is too diffuse, such tasks as reporting to the regulator and other authorities, making statements to the public, and adopting new potential solutions will be slowed down to a crawl or delivered in inconsistent messaging.

To be sure, effective governance in a business using regtech dictates that there are clear lines of reporting and escalation to the board on all matters relating to the firm’s technology that tracks regulation.

At the board level, a cyber-risk tolerance should be established and reporting obligation spelled out, plus the board should spell out what it seeks in terms of regtech design and implementation — and what it sees as gauges of effectiveness.

These systems must be tested routinely for their efficacy and fitness as intended. The efficacy of any regtech tool must involve some inclusion of an independent third party that can get in under the hood and spot where any problems lurk or where improvements could be made.

Finally, as part of the process, there is always some need to consider how each tool could be eradicated when the firm no longer needs it in a secure fashion, with those actions taken overseen by experts and documented for the board and upper management.


Tags: fintechregtech
Previous Post

3 Ways GDPR Will Help Privacy Executives

Next Post

Considering an M&A Deal? What You Should Know

Nick Paraskeva

Nick Paraskeva is the founder and principal of Reg-Room LLC. The company’s Reg-Track service is a global online resource to help firms manage the plethora of regulations across hundreds of regulators. Nick can be reached here. 

Related Posts

man working on smartphone and laptop

Adverse Media Screening: Relying on Google Alone Can Expose Organizations to Risk

January 19, 2021
hand showing three fingers on gray background

A Culture of Compliance: The 3 R’s

January 19, 2021
2021 with light bulb in place of zero on orange background

Why 2021 is a Fresh Start for Compliance Training

January 18, 2021
challenge and solution concept with person standing at large gap

General Counsel Post-Pandemic: A Catalyst for Risk Fragmentation

January 18, 2021
Next Post
puzzle pieces put together

Considering an M&A Deal? What You Should Know

Access realtime data

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights