Skip to main content
Category

Blog

Stay Ahead of GDPR Compliance with Ascent

By Blog

The General Data Protection Regulation (GDPR) enforces strict requirements around Chief Data Officers (CDOs), EU citizen data management, and data permissions—including protocols for dealing with data breaches.

GDPR, the EU’s personal data protection and privacy regulatory ruleset for companies around the world became active in May 2018. Forrester reported that just four months before the laws went into action, 11% of organizations were still figuring out what to do about it and 8% of firms had no familiarity with GDPR rules and regulations.

Overview of GDPR

GDPR regulations require all businesses which meet the satisfy the following conditions to employ a CDO:

  • Employ over 250 people
  • Process or store large amounts of EU citizen personal data
  • Process or store special personal data
  • Regularly monitor data subjects
  • Are a public authority

Beyond requiring CDO employment, GDPR regulations enforce the following restrictions on EU citizen data:

  • Right Of Erasure
  • Right Of Data Control
  • Right Of Data Portability
  • Right To Be Informed
  • Right To Access Personal Data
  • Right Of Correction
  • Right To Object
  • Rights Related To Automated Decision Making Including Profiling

Each of these rights require EU citizens’ data be kept separate and compartmentalized, ensuring the ability to remove them from a database at-will.

American consumers expressed support and would like to see some GDPR-esque laws enforced within the U.S. specifically, 38% responded with the ability to control how their data is used while 39% favored the “right to be forgotten” rule.

Consequences of Non-compliance

If businesses fail to comply with GDPR regulations, they can be fined between 1-4% of annual revenue or up to €10-20 million, whichever is higher. These fines will depend on which parts of GDPR were not followed, how many people and how much data was affected, and a slew of other factors.

The cost of GDPR compliance failure is substantial, as is the risk of attempting to ‘fly under the radar’. Anyone within the EU can file a complaint, starting the trend of unsavory consequences. 

Read More: The Not So Hidden Costs of Compliance

Stay Ahead of GDPR Compliance with Ascent

The key to staying current on GDPR is a compliance program that evolves with new regulations. A system with the right fail-safes in place will help ensure that your firm’s obligations are always up to date.

Great technology makes this easier than ever. Ascent provides you with a feed of regulatory changes (including those related to GDPR) that apply to your firm, helps you visualize how the rule text has changed, and indicates whether that change impacts your existing controls, policies and procedures. 

Ascent also serves as a central repository for all regulator documents so you can easily search for speeches, guidelines or other releases concerning GDPR, allowing for comprehensive research.

SOLUTION HIGHLIGHT: How Ascent Automates Regulatory Change Management

 

Enjoy this article? Subscribe for fresh thoughts designed to help you stay at the forefront of compliance and technology.

 

Subscribe


Championing Change: How to Instill a Vigorous Culture of Compliance

By Blog

Friction between the compliance department and the rest of the business often stems from a fundamental misunderstanding of the overall function of compliance. Here we explore how leaders can reshape this narrative and establish a strong culture of compliance across the organization.

A Perception Problem

While the business as a whole may position compliance as the police station filled with rules and regulations, compliance is actually the company’s line of defense and vigilant resource to protect against supervisory actions that ultimately impede company growth. However, that may not be how employees perceive the compliance department.

Unfortunately, compliance’s goal of reducing risk often puts it at odds with areas of the business that are attempting to generate revenue. Since most other departments don’t directly interact with regulatory bodies, compliance departments can be perceived by the lines of business as an inner regulatory body that should be treated with apprehension.

Whether prosecutors or companies, whether compliance officers or in-house counsel or boards, we all have critical roles to play in compliance. —John Cronan, U.S. Department of Justice

The Golden Goose of Compliance

While some of the more forward-thinking CEOs in financial services may understand the importance of compliance, others may need an additional push. It’s critical that the C-suite (especially the CEO) get on board with compliance — top-down corporate changes are usually the most successful.

Compliance leaders can help get the CEO on board by coming armed with an arsenal of relevant data that play to the CEO’s values. If the CEO is a corporate entrepreneur-type or financial-driver, make sure that he or she knows that proper compliance procedures give them a competitive advantage. Regulation is changing more rapidly than ever; companies that are able to expertly navigate the regulatory morass will be better positioned to win in a hyper-competitive world.

It’s much easier to institute quick corporate changes aimed at increasing revenue if business unit leaders don’t have to fear the “men-in-suits” — not to mention the fines associated with a failure to comply.

If the CEO is the people’s champion or corporate missionary-type, appeal to his or her desire to build an ethical business with a pristine reputation, and be prepared to come with specific examples of industry peers whose business has taken a hit due to reputation damage.

Beyond the CEO, the Chief Compliance Officer also wields significant influence and can institute change. By being transparent, friendly, and personable, and by making an effort to raise compliance awareness across the business (via annual compliance trainings and consistent communication to other departments) the CCO can transform the perception of compliance from “the police” to “the defender of employees”.

Once the C-suite is on board with corporate culture shifts, it’s much easier to introduce an environment of positive culture growth. For example, compliance can even be built into variable compensation, meaning that business units who do well in compliance receive a higher bonus.

This environment of top-down support is what we call the “golden goose of compliance” — a wealth of positive impact that continues to drive value for the organization. The C-suite should institute a positive reinforcement strategy with frequent rewards and recognitions; this will cultivate positive compliance practices and ease any of the initial frictions that come with new training and bonus-ing systems.

A Change of Style

As compliance teams continue to navigate the space between inward regulation and outward defense, we see the evolution of RegTech ushering in a new breed of compliance officer — one that is rooted in personality as much as technical proficiency.

We are accustomed to the image of the compliance officer tied to his or her computer, deeply entrenched in research and analysis. However, as new tech tools increasingly free compliance teams from the rote, manual tasks traditionally associated with their roles, they will spend more time fostering relationships with other business units.

Striking a balance between friendliness and assertiveness is a diplomatic art, and one that compliance officers will need to master — especially when dealing with big personalities from other business units. This need for relationship-building skills will play a larger part in hiring more than ever.

Embracing Technology

A major pain point for many businesses is that their traditional lines of defense — compliance, risk, and audit — act as isolated systems instead of congruent channels. The right technology can help these units better gather and share information, relay insights, and manage tasks in a way that ensures completion and accountability.

Financial firms are investing more in compliance technologies every year, and it’s clear why – non-compliance costs (due to business disruption, declines in productivity, fees, and penalties) are 2.71 times the cost of compliance.

RegTech tools don’t replace humans; instead, they empower them and give them the freedom to interact and negotiate in a business environment — which makes your business more, not less, human. This alignment of people, process, and technology also frees up wasted CCO time, which was previously spent on fostering inward relationships between the lines of defense to reduce friction. With streamlined operations, CCOs can focus their time on working with other departments and outside businesses to create deep relationships that go beyond the meeting room.

What does this all look like in the end?

You want a C-level change that positions compliance at the heart and soul of the business. Instead of being viewed as the internal regulators, they should be viewed as a regulatory defense mechanism. Bonuses and training can help unload the change quickly, and AI-powered software can free CCOs and compliance workers from repetition and give them the ability to move between departments and foster real, meaningful change.

 

Subscribe below to receive helpful content designed to help you stay at the forefront of compliance and technology.

Subscribe


Ascent and the UK’s Financial Conduct Authority (FCA) Announce Ongoing Collaboration

By Blog

PRESS RELEASE

Ascent announced today that it has formalized an ongoing collaboration with the Financial Conduct Authority (FCA) with the purpose of componentizing the FCA Handbook. These efforts will help financial firms, and other firms subject to the FCA Handbook, more easily find and understand the FCA regulations that apply to them, thereby increasing their ability to comply.

In response to concerns from financial firms about the difficulty in parsing through voluminous regulatory text and extracting their specific obligations — a challenge faced by both businesses and regulators — the FCA sought out innovative RegTech solutions and ultimately connected with Ascent in part due to the startup’s traction in the market with global banking entities. Founded in 2015, Ascent uses natural language processing and machine learning algorithms to convert oceans of regulatory text into workable tasks. With its proprietary combination of automation and domain expertise, Ascent is a first-mover in RegulationAI™.

The volume and complexity of regulatory compliance — especially in heavily regulated industries such as financial services — makes it difficult for compliance teams to keep policies current, manage compliance programs and staff, and mitigate risk. These challenges are further exacerbated by the rise of personal liability and the possibility of massive fines, reputation damage, and even jail time. Coordination between the FCA and Ascent marks an important shift in the compliance industry, demonstrating that regulators and startups can work directly together to address these challenges and increase firms’ ability to comply.

“The reality is that 99% of firms out there are ‘good actors’ — they are making every effort to comply, but the complexity of our current regulatory landscape does not support those efforts,” said Brian Clark, Founder and CEO of Ascent. “By coordinating directly with the FCA and making regulation more accessible and easy to understand, we can increase compliance across the industry, freeing up the FCA to direct critical time and effort towards high-risk issues. This kind of collaboration is a win-win for financial firms and regulators.”

Ascent is actively looking to coordinate with regulators around the globe. Interested parties can email contact@ascentregtech.com for more information. 

About the FCA

The Financial Conduct Authority (FCA) regulates the financial services industry in the UK. Its role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers. The FCA is the conduct regulator for 58,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms. Learn more at www.fca.org.uk

 

Modern challenges require modern tools. Interested in seeing how Ascent can help you stay ahead of changing regulation? Request a demo below.

Request a Demo

[pardot-form id=”6″ title=”Request A Demo Form”]

ING & CBA use Ascent in Successful MiFID II Pilot

By Blog

ING and Commonwealth Bank of Australia (CBA) have successfully completed a RegTech pilot to simplify processing of information and implementation of regulation using the Markets in Financial Instruments Directive II (MiFID II) as a test case.

The Financial Conduct Authority (FCA) was a key member of this experiment and participated as an observer of the project. The FCA understands the benefits of collaboration in areas where an industry solution is beneficial for the overall system, such as compliance. Observing the project gave the FCA greater understanding of the potential applications of RegTech, Natural Language Processing (NLP) and Artificial Intelligence (AI), and how these technologies can help organisations simplify and meet their compliance obligations.

The project, completed in partnership with fintech firm Ascent RegTech and law firm Pinsent Masons, used NLP and AI to interpret and convert 1.5 million paragraphs of regulation into a series of bitesize, actionable tasks appropriate for the banks.

Using Ascent’s intelligent technology, the banks were able to quickly identify items in the regulation that could be reviewed and actioned, saving hundreds of hours of manual processing.

Ian Hollowbread, Director, Enterprise Office, ING UK said, “We are proud to have taken part in this state-of-the-art pilot that brings major industry players, regulators and new technologies together, to explore solutions to challenges we all face today. This pilot has brought into focus a number of barriers to RegTech adoption, but also see its massive potential. Only by uniting the industry, RegTech and regulators, can we begin to bridge the gap between technological potential and the cost of becoming regulatory compliant.”

Supun King-JayawardanaHead of London Innovation Lab, Commonwealth Bank of Australia (CBA), said, “This pilot provides all participants the opportunity to test some of the latest applications against complex industry regulation. When RegTech meets financial services, we create opportunities for banks, start-ups and regulators to collaborate and solve industry-wide challenges. By working together, we can share best practice in due diligence, experimentation costs, business knowledge and resources — ultimately driving great outcomes for all parties.”

Brian Clark, CEO & Co-Founder at Ascent Technologies Inc, said, “This pilot demonstrates the power of RegTech, and we’re pleased that our solutions proved effective at automating and enhancing MiFID II compliance processes. Ascent uses NLP and AI to help transform complex regulatory data into actionable knowledge. By automating their compliance processes with Ascent’s first-of-its-kind technology, users can save significant time and money while reducing their regulatory risk. We were proud to work with ING, CBA, FCA and Pinsent Masons on this project and look forward to continued collaboration.”

Luke Scanlon, Head of Fintech Propositions, at Pinsent Masons, said, “We see great potential for RegTech solutions to assist regulated businesses in making their approach to remediation more efficient and effective over the long-term. From a legal adviser’s perspective, it means that more time and resource can be spent on helping clients develop regulatory strategy and understand the impact of, and opportunities to be gained from, regulation on their businesses.”

 

On the Quantitative Value of Diversity

By Blog, Culture

Diversity is good for people, and for businesses. It’s not only the socially conscious thing to encourage, it’s also our fiduciary duty.

By Brian Clark, Founder and CEO

Ascent recently had the privilege of showing our support of ChickTech, a women-in-tech nonprofit that empowers women to stay in tech and encourage girls to join. As a sponsor of the Career Fair at the organization’s ACT-W Conference in Chicago, we had the opportunity to meet many bright, highly skilled, and generally awesome women and girls in tech, and we were reminded of the importance of diversity — especially in the technology world.

The startup and tech communities are notorious for their lack of diversity — so much so that this serves as common fodder for countless blog posts, articles, seminars, and speeches — and many who rightfully assert that diversity is important for the social fabric of a business often contrast it with the economics of success. After all, root capitalism is irreverent to notions of fairness for anything except price. How, then, do we reconcile these two juxtaposed ideologies?

diversity

The answer, surprisingly, is highlighted quite accurately both by nature and in the unique fabric of the American melting pot. In nature, biodiversity plays a key role in allowing for competitive and naturally selective outcomes. Diseases or predators that target specific variations of species are incapable of targeting those that develop sufficient biodiversity (in essence, natural selection). This diversity creates an optimal outcome for the species: namely, survival. The introduction of gene-editing techniques and the risks of removing specific gene sequences without knowing what they could eventually protect against creates risks of bio-homogeneity — and, as grandma would say, the bigger they are, the harder they fall. Biodiversity protects species from extinction and ensures optimal outcomes given conditions out of our control.

A society, whether ancient or contemporary, is an amalgamation of the various people within it. The definition of a society is “the aggregate of people living together in a more or less ordered community.” The definition of a data system refers to an “organized collection of symbols and symbol-manipulating operations.” Each is a unique structure made up of components that create a complex, interwoven equation that depends on each variable’s difference to generate an optimal outcome.

The melting pot that is America encourages the same social diversity. Race, religion, creed, sexual orientation, age, national origin, and many more, create a culturally rich group of individuals. The frustrations we endure, the iterative challenges to “getting it right” regarding an egalitarian society, the discussions, the failures, the successes, and the progress are equally as chaotic as the alignment of any set of diverse data points coming together to form a trendline. The very struggle to create such a world is what defines the breadth of those who are able to live comfortably in it. America’s struggle to ensure equal access (not equal outcomes) is the equivalent of the cogs grinding in a massively productive machine.

It may seem inconsequential to compare such grandiose notions of diversity to that of a commercial enterprise. Nonetheless, the “firm” has cemented itself in American society as the single most effective means of wealth creation and efficient method of resource allocation ever conceived.

Turning to economics, the three main sources of production (or wealth creation) are land, capital, and labor. Land is a constant, and capital (cash) is homogeneous. What, then, separates different types of wealth creation?

The answer, quite simply, is labor (made-up by the people in it). Ergo:

Production (Supply) = Land + Capital*B1 + Labor*B2.

Production (or supply) coupled with market demand produces, in efficient markets, proper prices. Nonetheless, supply and demand only determine price for a market of defined size. When identifying a market, we must look at the attributes of the demand constituents to ensure they fit the needs of the customers in that market. And, of course, each customer’s needs are made up by the idiosyncratic experiences, interests, and commercial behaviors of its participants.

If we want to design a product for the largest possible market (thereby maximizing market fit), we must appeal to the broadest group of people in said market. As a result, one should consider the makeup of the market and expand the potential pool of buyers before analyzing supply-demand behavior.

In other words, the more a company understands or represents its customers in a given market, the larger the potential revenue. As capital and land are homogeneous, the only alterable variable is labor.

What this encourages, then, is a labor curve that is diversified by experiences. These come from creed, race, religion, gender, geography, and a litany of other attributes of each of the employees. The more diverse the labor, the more optimal the labor trendline, and the larger the potential product-market fit.

In summation: Diversity is good for people, and for businesses. It’s not only the socially conscious thing to encourage, it’s also our fiduciary duty.

Interested in joining the Ascent team? Check out our open roles below!

Careers