THANK YOU FOR SUBSCRIBING
The Quintessential Technology Source for Corporate Financial Professionals
CFO Tech Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CFO Tech Outlook
Technologies and compliance strategy influence each other. The ideal (and original) idea is that technology supports compliance activities. A typical example is an automated transaction monitoring that is used to fulfil Anti-Money Laundering („AML“) obligations. In the current environment it would be impossible to check all transactions manually, thereforetechnology became an integral part of financial institutions´ life. Moreover, in different areas regulators require assurance that certain rules are embedded in robust internal systems. On the other hand, technologies also determine compliance strategy of financial institutions. For example, in the process of implementation of a new regulatory requirement, management of a financial institution needs to take into account the current IT systems in order to determine the most feasible (and cost-efficient) way to implement the new rule. The previously mentioned will, in the end, have an immediate impact on compliance strategy.
“it is clear, that the compliance role is becoming more and more important and compliance teams must have a strong knowledge not limited to law but also including IT and technologies.”
As the number of regulations is constantly increasing and financial institutions are forced to use more sophisticated systems to comply with them, the IT environmenthas become very complex. In this regard, if a financial institution needs to implement a new rule, there is a long and exhausting list of internal systems needs to be updated, so even a small change of law may cause a long and expensive implementation. Sadly enough, this fact is not always fully understood by regulators and legislators. A recent example from Czech legislation is thelatest update of one paragraph of the Civil Administrative Code on the payment allocation order regarding due debts. Despite the fact that for most financial institutions the change means a demanding IT development, the granted grandfathering period is only 2 months.
In such working environment a management of all financial institutions face a challenging dilemma: shall we keep the low-profile IT architecture, react onlytothe regulatory requirements and keep the costs down; or massively invest in a new technology that will move the institution´s activity to the next level but risk that the technology will not be able to comply with the upcoming regulation meaning that either the investment is lost or additional costs will be needed?“ In the light of what was mentioned above, the decision to go for the latter option, be visionary and start a revolution is very courageous. Nevertheless, these decisions make an impact and help to move the entire industry forward. Despite all these obstacles and risks there are market participants who invest in progress and try to be a reference in the market, for example MONETA has recently invested in a machine-learning systems in the AML/CTF area.
So, this means that all three categories - compliance (and other) risks, technology and regulation – are closely linked and in the end have a greatimpact on the overallstrategy of the financial institution. The question might be: „Whatshould the ideal regulation look like?“
On one hand, a regulation that is not technology neutral is certainly not ideal in the current fast-pacing environment. Take for example the Czech AML law, which allows only for specific ways how online AML Identification&Verification can be performed (as opposed to other European jurisdictions, which allow various technology neutral solutions). This prevents Czech financial institutions from using the more advanced (and already available) solutions, serving the purpose of the regulation in a more appropriate manner. This, in a broader context, leads to an increased AML risk on the Czech market.
On the other hand, even a neutral (or inexplicit) requirement can cause problems. A good example is the definition of the so-called “inherence factor” in the European regulation for the Strong Customer Authentication (SCA) in payment services. Although the regulation itself seemed to be technology neutral, eventually the regulator did not accept the solution that had been intended to be widely accepted through the market (in this case, being the behavioral biometrics). This all resulted in an regrettable postponement of the major part of regulation (related to e-commerce payments), as the market relied on this method and a different solution was not readily available. Such unfortunate outcome could have been avoided should the regulation have outlined, at least to some extent, clear criteria for accepting (or not accepting) a new technological solution.
It is fair to say that not only financial institutions may struggle with the strict regulatory requirements. Regulatory technical standards to MIFID 2 introduced a transaction reporting of securities trades where each of the trade is accompanied with more than 50 fields (e.g. data of seller, trader, security, time of transaction, etc.). This is just one of many examples – EMIR, SFTR, FATCA, CRS, etc. This means that every day regulators, national or international agencies receive a massive amount of data. The question is, what happens with the data? What is the added value? And, more importantly, does each financial institution know where its data is and whether the data of financial institutions and their customers is still safe?
Having said that, it is clear, that the compliance role is becoming more and more important and compliance teams must have a strong knowledge not limited to law but also including IT and technologies.
Read Also
