Skip to main content
Category

Blog

The Gap in the Compliance Automation Value Chain

By Blog

Why must compliance teams spend so much time reading through a never-ending deluge of regulatory documents just to identify the rule changes that apply to their companies?

It comes down to automation – or the lack thereof.

To explore further, let’s take a look at what we call the “compliance automation value chain.”

There are three essential components to the compliance automation value chain:

  1.     Document collection
  2.     Regulation and obligation identification
  3.     Policy and control management

Until recently, only two of these components have been automated:

1. Document Collection

At the beginning of the compliance automation value chain, document vendors significantly automate horizon scanning or document collection. The challenge is that these documents provide little insight into which regulations and obligations apply to a particular company. They provide the document, and the rest is up to the compliance team, who must read through stacks of these reports, identify the changes, and then determine if and how they apply.

2. Policy and Control Management

At the back of the compliance automation value chain are technology solutions, such as GRC platforms. This is what compliance teams use to incorporate new rules and obligations into organizational policies, procedures, and workflows.  

Though effective at managing policies and procedures, GRC platforms traditionally offer no capabilities that identify the rule changes and obligations on which those policies and procedures should be based – hampering compliance teams’ ability to efficiently manage compliance policies and procedures. 

The compliance automation gap

The automation gap, which sits between these two components, is the identification of applicable rule changes and obligations. If your compliance team is like many, they’re forced to spend an enormous amount of time reading through document after document to identify their company’s regulatory obligations. 

And it’s the obligations that matter.

Completing the compliance automation value chain      

This is why we built the Ascent platform – to complete the compliance automation value chain for financial services compliance teams – to free them from reading through page after page of regulatory text to identify their company’s specific rule changes and obligations.

The Ascent platform employs AI to automatically identify and deliver company-specific rule changes and obligations from regulatory documents.  Ascent focuses on the regulatory obligations – serving only relevant information, removing the irrelevant, while surfacing a company’s applicable obligations under any given rule. 

With Ascent connected to a GRC platform, organizations benefit from a complete compliance automation solution that includes horizon scanning, obligations inventory, and policy and control management. 

–––

We invite you to learn more about compliance automation. Click here to schedule a call with an Ascent compliance specialist.

Compliance Insider: October Edition

By Blog

Welcome to the inaugural issue of Ascent’s Compliance Insider newsletter, your monthly go-to source for staying informed about the ever-evolving world of regulatory compliance. In this issue, we are excited to share a wealth of valuable information, from the latest updates on rule amendments to expert guidance on achieving compliance excellence. As always, we invite you to connect with Ascent to learn more about compliance automation and how it can transform your regulatory compliance journey.

Here’s what we covered in this month’s newsletter:

ANALYST REPORT

A Deep Dive into AI-Driven Compliance

We are thrilled to share an in-depth analyst report on Ascent’s compliance automation software. GRC 20/20, a renowned compliance analyst, has just published a comprehensive assessment of our solution. If you want to explore the full potential of the Ascent platform, from building an obligations inventory to efficiently managing regulatory changes, we encourage you to access the report by clicking [here](link-to-analyst-report).

NEW BLOG

Master the “Pillars of Strong Compliance”

In our latest blog series, “Compliance-Pillars,” we delve into what defines a superior compliance program. This three-part series provides insights into the essential pillars of a robust compliance program. In part one, we discuss the importance of defining your corporate legal entities, identifying associated products, and understanding the applicable regulations that govern them. To gain a deeper understanding, read the article [here](link-to-blog-article).

GRC PARTNER

Ascent’s Partnership with Diligent

We are excited to announce our recent partnership with Diligent, a leading GRC SaaS provider. This collaboration will empower Diligent customers to efficiently map compliance obligations to internal controls, policies, and procedures. Learn more about this partnership by clicking [here](link-to-partnership-details).

WHAT’S NEWS

Regulatory Roundup

Our “Regulatory Roundup” section features a monthly compilation of the latest news, regulations, and enforcement actions in the financial services industry. Here are some highlights from this month:

1. Emerging Enforcers: State regulators are increasingly taking a tougher stance than federal regulators. It’s essential for your organization to understand the requirements across multiple jurisdictions to ensure compliance with evolving standards and expectations.

2. Exam Priorities: The Office of the Comptroller of the Currency (OCC) has released its 2024 exam priorities. For banks, this is a critical reminder to review and align their operations with these priorities to maintain regulatory compliance. Now is the time to ensure that your organization is prepared for upcoming examinations.

__

Subscribe to Compliance Insider below.

Role of AI in Financial Services Regulatory Compliance

By Blog

New Analyst Report Explores the Role of AI in Managing Financial Services Regulatory Change 

Noted GRC industry analyst, GRC 20/20, has researched Ascent’s AI-enabled compliance automation solution, and the new report Delivering the A.I. Enabled Regulatory Change Lifecycle is the result.

The report looks at the increasingly complex challenges financial services companies face when trying to “navigate the tsunami of regulatory change in an environment that’s a shifting tapestry of local, regional, and international laws and guidelines.”

According to the report, the daunting challenge is that financial services firms are dealing with an unprecedented volume of regulatory changes. The number of regulatory updates has more than doubled over the past five years, while compliance teams’ capabilities to manage these changes have stagnated. 

As outlined in the report, most compliance teams lack adequate processes and resources to manage the deluge of regulatory changes efficiently. Challenges range from insufficient staffing and expertise to the overwhelming number of regulatory sources. Many organizations rely on antiquated, manual workflows that lack accountability, audit trails, and efficient reporting mechanisms. 

The Role of Artificial Intelligence in Regulatory Change Management 

The report explores how AI offers avenues to tackle these challenges head-on in these ways: 

  1. Automated Monitoring. AI algorithms monitor multiple sources of regulatory updates in real time, filtering out irrelevant information and prioritizing changes based on organizational relevancy.
  2. Natural Language Processing (NLP). AI-driven NLP tools analyze regulatory texts, identifying clauses and conditions relevant to an organization’s operations.
  3. Predictive Analysis. Machine learning models predict the potential impact of future regulatory changes, enabling proactive strategic planning.
  4. Workflow Automation. AI automates the workflows related to regulatory compliance, from notifying relevant stakeholders to new rules and obligations to initiating necessary policy and process changes.
  5. Risk Assessment. AI algorithms integrate regulatory compliance into broader compliance risk management strategies by analyzing how regulation changes interact with other business and operational risks.
  6. Audit Trail and Reporting. AI tools maintain an auditable, real-time trail of all regulatory compliance activities, satisfying regulatory demands for accountability and transparency. 

Ascent at the forefront

The report also takes a deep dive into Ascent’s AI-enabled approach to financial services regulatory compliance and change management, and details how Ascent’s compliance automation platform employs AI to help financial services compliance teams efficiently identify their specific regulatory changes and the associated obligations.

We invite you to read the entire report to learn how organizations are employing AI to overcome today’s myriad of compliance challenges.

Pillars of Regulatory Compliance Part 1: Setting Your Foundation  

By Blog

Compliance is the cornerstone upon which businesses build trust, stability, and longevity in an ever-evolving regulatory landscape. However, the complexity of today’s regulatory environment can make it challenging for financial services businesses to efficiently identify their regulatory obligations. 

In this three-part series, we delve into the essential components of a strong regulatory compliance program.

Here, in part one, we review two topics outlined in Ascent’s Regulatory Compliance Scorecard: 1) Defining corporate entities and 2) Identifying laws, rules and regulations that apply to your business. 

Step One: Defining Corporate Entities

The first step in crafting a rock-solid compliance program is to define your corporate legal entities and their associated products and services. This foundational step establishes a crystal-clear understanding of the scope and scale of your business operations. By mapping these entities to products and services, you gain a comprehensive view of your organizational structure, enabling a more targeted and efficient compliance initiative.

Defining corporate entities is a holistic exercise akin to creating a detailed map of your organization, allowing you to navigate the complex terrain of regulations with confidence. Furthermore, this detailed understanding enables you to allocate resources effectively, and direct compliance efforts precisely where they are needed most.

Step 2: Identifying Applicable Laws, Rules, and Regulations

Once you define your corporate entities and product offerings, the next step is to identify applicable laws, rules, and regulations. This involves conducting a comprehensive review of the regulatory landscape, with a specific focus on the industries and jurisdictions relevant to your business. This  involves meticulously mapping each of your regulatory requirements to the corresponding entities, products, and services within your business. Additionally, providing direct links to supervisory agencies ensures easy access to the primary sources of regulatory information, facilitating ongoing compliance efforts.

By establishing a clear and well-documented path through the labyrinth of regulations, you can empower your organization to operate with confidence and integrity.

––

In the next article in our series, we explore the process of establishing a robust obligations library by creating tailored lists of obligations and centralizing compliance data, to ensure that your compliance program stands strong. Read part two here.

Subscribe to our newsletter for industry expertise delivered right to your inbox.

Rate your compliance-readiness in just 5 minutes

Rate your compliance-readiness in just 5 minutes

DOWNLOAD NOW
Are you ready for regulation?

Are you ready for regulatory change?

By Blog

Recent upheavals in the banking industry have sharpened the regulatory gaze for 2023. Regional banks have the usual complex interplay of state, federal and international compliance requirements, but those are further complicated by the likelihood of intensified regulatory oversight, and the potential for additional regulations. Industry watchers predict that some rules will see modernizations while others will be replaced altogether. 

Knowing what’s coming, now is the perfect time to gain a firm, proactive grasp of your compliance stature. As always, responding quickly and efficiently to change will be key to maintaining compliance, but shifting from reactive to proactive mode will greatly simplify any adjustments new regulations might require.

Per Deloitte, the following areas will be key to regulatory oversight:

  • Demand for better data governance and reporting – Increasing data availability and improving data quality as critical priorities for banks. As bank regulators become more data dependent, they are driving the already high prioritization of strategic data programs at the banks they supervise.
  • Cyber and information technology (IT) risk – Deficiency in effective cybersecurity policies and procedures to secure organization assets and data is an increasing concern of regulators. 
  • Consumer protection and financial inclusion – We expect regulators’ continued momentum in protecting against consumer harm in 2023, especially at the margins of the regulatory perimeter.

An organized compliance regimen will help you not only maintain compliance in all of these areas of oversight, but also help you quickly adapt when they change. Ascent recently published the Regulatory Compliance Confidence Scorecard designed to help identify gaps and areas for improvement in banks’ compliance environment.

The Scorecard measures organizational principles. For instance, are your corporate legal entities defined, and are laws, rules and regulations identified and mapped to those  entities, products and services? The Scorecard questions are based on principles that provide a sound foundation for ensuring the quality of compliance data. 

With rigorous organization of business entities against applicable rules and regulations, plus automatic notification of new enforcement actions or guidance relevant to your entities, you’re in an excellent position to measure new rules against ongoing business and strategic initiatives. 

You can prepare to accommodate changes quickly and with minimal internal disruptions through a clear understanding of the current nexus between your organization, its entities, its products, and the rules that apply to each.

For instance, recent failures in the banking industry have opened discussions about new regulations or extending regulations that currently apply to large institutions to regional banks as well. A sound compliance organizational structure will greatly simply accommodating whatever new guardrails go up, saving your time and money, and of course, minimizing the risk of non-compliance.

Events suggest that 2023 will be a significant year for regulatory change. Consult the Regulatory Compliance Confidence Scorecard [link] to assess your bank’s ability to deal with what’s coming. If you come up short, you’ll know it’s time to prepare and get organized. 

For more information on improving compliance readiness, feel free to shoot us a line at sales@ascentregtech.com.

Rate your compliance-readiness in just 5 minutes

Rate your compliance-readiness in just 5 minutes

DOWNLOAD NOW

Is the CCO Liable? Two SEC Cases, Two Wildly Different Rulings

By Blog

Understandably, CCOs worry about being held personally responsible for compliance failures.

That is, in fact, exactly what legislators and regulators intended by creating rules subjecting CCOs to personal liability for their firm’s missteps. The fear of personal prosecution, the thinking goes, compels CCOs and their staffs to adhere to strict regulatory standards.

It’s hard to argue with that logic. Incentives work, even negative ones. But these days, CCOs may find the somewhat unpredictable outcomes of regulatory action even more compelling than the threat of personal exposure in the abstract.

Two SEC Cases, Different Outcomes

Two recent cases demonstrate how difficult it can be to anticipate whether an enforcement action will break against or in favor of a CCO’s personal interests. 

According to compliance professional and blogger Doug Cornelius, the SEC has historically refrained from using its enforcement authority against CCOs personally in all but three specific circumstances:

  • Participating in the wrongdoing
  • Hindering the SEC examination or investigation
  • Wholesale failure

Two recent enforcement actions illustrate the relative unpredictability of the outcome of enforcement actions that rely in-sum-and-substance on the third of those factors, “wholesale failure.”

SEC Comes Down Hard on CCO in Southwind Ruling 

In December 2017, the SEC issued a ruling that took investment advisor Southwind Associates, its CCO Anthony LaPeruta, and its President Scott Villafranco to task for what can only be viewed as a wholesale failure of Southwind’s compliance program. LaPeruta, who had served for 14 years as Southwind’s CCO, bore the brunt of the SEC’s ire.

The agency faulted LaPeruta in particular for having failed to implement measures to correct compliance deficiencies, despite having retained a compliance consultant that had alerted him to the compliance shortcomings repeatedly over a period of several years. Specifically, ignoring his consultant’s recommendations and acting in violation of his firm’s own compliance manual, LaPeruta:

  • Failed to receive annual surprise examinations of client funds by an independent public accountant qualified to conduct those examinations;
  • Failed to ensure the timely distribution of audited financial statements; and
  • Failed to keep proper books and records by omitting certain electronic communications.

The SEC deemed LaPeruta’s actions to have “willfully aided and abetted and caused” his firm’s compliance violations. For his malpractice, the SEC imposed a limitation on LaPeruta barring him from acting in “a supervisory or compliance capacity with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or nationally recognized statistical rating organization.”

SEC Punishes CEO in Pennant Ruling 

A little less than a year after Southwind, the SEC issued two orders in an enforcement action against investment advisor Pennant Management and its CEO, Mark Elste.

Pennant had fallen victim to a massive fraud involving a fictitious portfolio of loans and loan repurchase agreements (“repos,” for short). The SEC faulted Elste for the firm’s failure to perform due diligence on the portfolio despite numerous red flags. But, significantly, the agency did not name or pursue action against Pennant’s CCO.

The regulator instead found that the CCO, who had been appointed to the position with no prior compliance experience, had done his best by repeatedly requesting resources for his compliance program and by repeatedly warning of his inability to assess counterparty risk without receiving that support, all to no avail.

The lack of funding for compliance oversight, the agency concluded, had contributed to the firm’s failure to notice the warning signs of the fraudulent scheme. The agency fined Pennant $400,000 and fined Elste $45,000.

So what?

At first blush, Southwind and Pennant may seem like materially different situations. In the former case, Southwind’s CCO had ample resources for his compliance mission but inexplicably failed to execute it over an extended period, to his own material detriment. In the latter, Pennant’s CCO lacked resources and support despite asking for them repeatedly, and thereby avoided liability.

Both [cases] signal the SEC’s continuing willingness to hold business leaders accountable when their investment advisory firms fall down on their compliance function.

Still, beneath the surface these cases are not dissimilar. Both involve significant compliance failures. Both take a hard look at the individual actions of CCOs and other C-suite executives for those failures. Both signal the SEC’s continuing willingness to hold business leaders accountable when their investment advisory firms fall down on their compliance function.

Compliance officers and executives should not assume either case was predestined to turn out as it did. No doubt Southwind’s CCO mounted a vigorous defense of his actions, and the Pennant CCO likely came in for a fair share of finger pointing by others. Moreover, compliance executives often struggle with lack of funds and resources to adequately manage a firm’s compliance program.

For any CCO and business leader, Southwind and Pennant should serve as a signal example of the degree of personal financial and reputational risk they take by not adopting, funding, following, and documenting compliance policies and procedures.

RegTech as the Shield

Advances in regulatory technology may help allay the looming threat of an enforcement action that targets a CCO individually.

It is one thing to tell business leaders in the investment advisory world to pay attention to compliance. It is another thing to help them implement effective, efficient compliance programs.

CCOs know the difficulty of managing a department that often gets treated as an unwanted hindrance rather than an essential function. The rulings above, however, highlight just how critical, and personally significant, regulatory compliance can be for financial firms.

Fortunately, advances in regulatory technology may help allay the looming threat of an enforcement action that targets a CCO or other executive individually. Tools continue to emerge that streamline compliance functions and automate record-keeping, leading to more efficient and effective management of the compliance process.

As rulings by the SEC and other regulators will not likely ever be predictable, these tools may be a CCO’s best hope of not just staying diligent about compliance, but also being able to prove the firm’s (and their own) diligence should any enforcement action come to pass.  

9 Common RegTech Questions, Answered

By Blog

As a young industry, RegTech often gives rise to a host of questions — everything from “what is it?” to “how does it work?” to “how will it affect me?” We’ve collected a handful of the more common ones and answered them below.

Have a question that’s not on our list? Drop us a line at marketing@ascentregtech.com and we will be happy to help answer it!

What does RegTech mean?

RegTech (Regulatory Technology) is the application of emerging technology to improve the way businesses manage regulatory compliance. 

RegTech companies can be established GRC (Governance, Risk, and Compliance) platforms, startup companies, and everything in between. They are united by their use of new, groundbreaking technology in the service of solving the problems of regulatory compliance.

As an industry, RegTech has emerged over the last few years to address the rising tide of regulation and its growing complexity. To learn more about the history and future of RegTech, check out our comprehensive guide, “What is RegTech?”

READ MORE: What is RegTech?

 

What are the benefits of RegTech?

For financial services, the benefits of RegTech are substantial:

  • Efficiency gains — As regulation continues to grow, it becomes nearly impossible for compliance personnel to keep up without the aid of technology. Technology, capable of processing a high volume of data at incredible speeds, can quickly parse and analyze raw legal text and extract valuable insights. 
  • Greater accuracy and comprehensiveness — Manual, siloed processes tend to create gaps in the compliance operation, leading to human error and increased exposure. Implementing the right technology (and integrating those technologies thoughtfully where necessary) shores up gaps and creates a streamlined compliance process.
  • Greater internal alignment — Technology tools enable greater transparency throughout the business, connecting once siloed people and processes. The result is better insights between business units that can be shared faster, which also leads to a stronger culture of compliance.
  • Improved risk management — Many RegTech tools help protect against various types of risk, including market abuse, cyber attacks, and fraud, by monitoring systems and alerting personnel to suspicious activity.

READ MORE: How Ascent customers reduce risk, slash costs, and save time

 

What is end-to-end compliance and how does RegTech fit in?

End-to-end (E2E) compliance is a fully traceable process that connects external regulatory events to a business’ specific obligations, then all the way through to that business’ internal controls, policies, and procedures. In an ideal world, E2E compliance leverages automation and other technologies to create a complete functional system of compliance. To achieve E2E compliance, different RegTech solutions can be used together (often referred to as a ‘compliance technology stack’) to create a seamless process that automates rote work, connects once-disjointed processes, and supports a robust compliance framework.

With a properly implemented E2E system, businesses could 1) be alerted to relevant new rules or changes to existing rules, 2) be directed to the exact parts of their internal controls or P&Ps that are impacted so team members can make the appropriate changes, 3) manage their obligations digitally including assigning work and tracking progress against deadlines, 4) easily produce records of their compliance activities, and 5) generate useful reporting dashboards. 

Again, due to the complexity and nuance of regulatory compliance, one-size-fits-all solution. Rather, compliance leaders should take a modular approach to building a technology stack that meets the firm’s unique circumstances and objectives.

What kind of tech stack should I consider for my compliance framework?

Compliance and Risk professionals are responsible for not only determining what their firms’ regulatory framework is, but also how to maintain it once it’s set. Thankfully, there are a number of solutions within the RegTech universe that support this effort and can be combined into a comprehensive, end-to-end tech stack. The key is to know which ones to bring into your tech stack in the first place, so here are a few types of solutions to consider:.

Regulatory content tools are situated at the beginning of the compliance process. They typically take the form of a content library, feed, or resource center. Content tools consolidate documents published by regulators into one platform (including the laws, enforcement actions, guidance, rule updates, and more), making research and horizon scanning more efficient. Leaders in this space include Thomson Reuters Regulatory Intelligence, LexisNexis and Reg-Room.

Regulatory knowledge automation is technology that bridges the gap between the raw data of regulatory content and actionable insight. Market leader Ascent, for example, generates the regulatory obligations that pertain to your specific firm based on key factors like what type of financial entity you are, what services/products you offer, and where you operate. Ascent then automatically updates your obligations as rules change. This targeted regulatory knowledge allows compliance personnel to know exactly what the firm must comply with at all times, without the manual effort. 

GRC (governance, risk and compliance) platforms help operationalize compliance and often house all of a firm’s regulatory information, including obligations, controls, policies and procedures. Workflow capabilities allow users to track and manage their compliance efforts. Leaders in the space include LogicGate, MetricStream, IBM OpenPages, and RSA Archer to name a few. 

Point solutions cover a wide swath of RegTechs, helping firms execute compliance in a compliant way or assess compliance with an obligation or control. These could include (but are not limited to) trade monitoring, portfolio risk, know-your-customer, anti-money laundering, operations risk management, and cybersecurity tools. Point solutions are more limited in scope than regulatory knowledge automation or GRC solutions, but when they meet the right need they can provide substantial value.

READ MORE: The first (and most difficult) step in setting a regulatory compliance framework

 

What technologies do RegTech solutions use?

RegTech providers leverage a wide variety of emerging technologies. Here are a few of the most common:

  • Machine learning (ML) is the application of algorithms that improve automatically through experience. Rather than being specifically programmed to complete a task, ML models are fed large amounts of data, which they use to learn and improve on their own. In regulatory compliance, ML models can process large amounts of regulatory data and gradually draw conclusions about that data, becoming more and more accurate over time.
  • Natural language processing (NLP) is the field of using computers to process and analyze human language. In compliance, NLP can parse the unstructured raw text of regulation and reorganize it or otherwise transform it so that people can retrieve meaningful insights. 
  • Blockchain is a digital record of transactions, most often associated with cryptocurrencies. Blockchain has many other purposes however, such as enabling the secure sharing of know-your-customer data within or between organizations for compliance purposes.
  • Robotic process automation (RPA) allows users to configure metaphorical “robots” or “digital workers” to replicate the actions of a human in a digital environment in order to complete a business process. RPA tools can automate laborious manual processes, like the production of hundreds of disclosures that asset management firms are required to generate throughout the year.

READ MORE: RegulationAI™: World-Class Technology Built for Compliance

 

What’s the difference between RegTech, FinTech, and SupTech?

RegTech leverages emerging technology to create tools focused on solving the challenges of regulatory compliance. While the majority of existing RegTech solutions are currently focused on the world of financial regulation, RegTech could also be leveraged for other regulated industries — for example, healthcare.

FinTech, short for financial technology, is the application of technology to solve problems or create new value in financial services. Examples include crowdsourcing platforms, mobile payments, cryptocurrency, robo-advisors, budgeting apps, or the use of open banking APIs. Recently, digital banks that operate purely online with no physical locations are also being referred to as FinTechs. 

SupTech, short for supervisory technology, is the application of emerging technology to improve how regulators conduct supervision. Just as RegTech leverages technology for regulated companies, SupTech leverages technology for the regulators.

READ MORE: What is SupTech and how will it change compliance?

 

Can RegTech help me with specific regulation like GDPR?

The rise of data privacy legislation like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) have added necessary protections for consumers but have increased financial institutions’ already significant regulatory burden in the process. Depending on what you are trying to achieve with specific regulation like GDPR, RegTech offers various solutions. 

There are many point solutions that help firms execute GDPR-compliant behavior. For example, UserCentrics helps firms obtain customer data in a transparent way. Syrenis provides one central platform to manage personal data, legal basis for obtaining that data, consent, and marketing practices. GDPR365 is a compliance assessor that offers guidance on what security weaknesses need to be fixed.

To understand what your organization’s obligations are under GDPR (or any other regulation), look to regulatory knowledge tools like Ascent. Ascent’s AI-driven technology pinpoints the GDPR obligations that your firm must comply with, then updates them automatically if the rules change.

READ MORE: How a Global Top 50 Bank Secured Its GDPR Obligations Using Ascent

 

How can I use RegTech to help my firm ease compliance burdens?

There are many use cases for RegTech, but here are some of the most common:

  • Horizon Scanning — monitoring regulatory developments including rule updates, guidance, and any other communications from regulators to better understand potential threats and opportunities.
  • Identifying Obligations and Changes — conducting regulatory analysis (also referred to as regulatory mapping) to understand which obligations or requirements your business must comply with. These obligations must then be routinely updated as rules change.
  • Compliance Management — managing your daily compliance activities and aligning them with the broader framework of regulatory strategy and process.

Finding a solution for these use cases can be challenging since the RegTech space is vast and each solution facilitates a different part of the compliance process. Breaking the RegTech landscape into these four categories makes it easier: 1) Regulatory content tools, 2) Regulatory knowledge automation, 3) GRC platforms, and 4) Point solutions.

For the examples above, the solutions for each use case vary:

  • Solution for Horizon Scanning: A regulatory content provider such as Thomson Reuters Regulatory Intelligence helps save time with horizon scanning and research.
  • Solution for Regulatory Obligations: A regulatory knowledge provider such as Ascent identifies your obligations and keeps them updated as rules change. This targeted regulatory knowledge can also be used to understand downstream impact. For example, a rule change identified by Ascent can be used to trigger alerts or workflows related to that rule in your GRC or other compliance management platform. 
  • Solution for Compliance Management: A GRC or other compliance management system such as LogicGate or IBM OpenPages allows you to house and project manage your compliance activities, including assigning tasks, tracking progress against deadlines, and managing any internal documentation such as your controls, policies and procedures. Ascent’s granular obligations can be seamlessly fed into these systems so your regulatory data and activities are monitored, tracked, and managed all in one place.

If you are looking to accomplish all of these use cases, it is likely that your compliance operation requires multiple solutions, combined to create a full-scale compliance technology stack.

What questions should I ask a RegTech vendor that leverages “AI”?


What kinds of AI technologies do you use, and why?

First, brush up on machine learning and natural language processing basics so you can follow the vendor’s response. You do not need to be an AI expert; a good vendor will be able to explain their process in a way that any business leader can understand. What’s important is that you get a clear picture of how the specific technologies and approaches used create business value for you. Is the vendor using “AI” as a flashy marketing term, or is it actually integral to the solution?

Where are you getting the data that is training your algorithms?

Good AI tools require significant amounts of quality data – as they say, ‘bad in equals bad out.’ The vendor should be able to explain how they are ingesting regulatory text (did they build an ingestion or scraping tool, or are they white-labeing another product?), from where (the best case scenario is that the vendor is pulling straight from official regulatory websites), and at what frequency (this should be reasonably frequent so you know you have the most up-to-date information at any given time). The vendor should also be able to explain the quality-assurance process that ensures all intended data points are properly captured. 

Are there humans involved in the training of your algorithms, and to what degree?

In many industries, the notion of humans-in-the-loop (meaning the technology is not 100% machine-driven; humans are still involved in some part of the process) is considered a negative sign because it means “that the tool isn’t really AI.” The compliance industry, however, is unusual in that a humans-in-the-loop process is considered a positive. Why? Because the world of regulatory compliance is so nuanced and complex, that AI solutions are far better when trained and QA-ed by human experts in regulation and law. This does not mean that all AI-driven RegTechs require humans-in-the-loop to be great tools, but the vendor should be able to explain why they do or do not involve people in the process.

Who is held liable if your solution fails?

This question is as important for you as it is for the vendor. Because this issue exists in a legal gray area, you must carefully weigh the risk of implementing any new solution (AI or not). A good AI vendor will understand why this is a concern, and should show evidence of a strong model risk management framework, rigorous internal controls, and most importantly be completely transparent about what the solution can and cannot do. If it sounds too good to be true, it probably is. 

*Ascent offers a performance guarantee for its AI solution that is backed by an insurance cover from Munich Re Group. Read the case study to learn more.

We recommend checking out these articles to continue learning about RegTech and how it can be applied throughout the compliance process:

Want to receive more articles like these? Subscribe to receive helpful content designed to help you win at compliance.

How Mortgage Lenders Can Leverage Automation to Strengthen Compliance in a Turbulent Economy

By Blog

This post was contributed by Michael Rasmussen, GRC Pundit & Analyst.

In today’s ever-changing economy, mortgage lenders and service providers face a growing number of regulations and risks in compliance. This opens up an opportunity for organizations to rearchitect their compliance processes and leverage automation to remain competitive in this uncertain environment.

Mortgage lenders and service providers, as a segment of the financial services industry, face a lot of change. The mortgage space right now is a tough one and interest rates are only going up. Firms are writing fewer loans, whether it’s a new loan or a refinance. The market is shifting and drying up for the foreseeable future of the next year or two. The industry is changing and reacting to uncertainty in the economy. Mortgage companies’ internal processes and employees are changing, particularly with the economy staff is shrinking and expected to do more with less employees. Regulations and risks in compliance are also increasing that impact mortgage lenders and service providers.

While the volume of loans is decreasing, regulatory change – including enforcement actions and guidance – remains on a steady stream of growth. The law or regulation itself does not have to change, but how it is enforced and monitored over time evolves. However, it is more than regulatory change as the business itself is changing. If that employee is not aware of the policy related to the regulation, or not trained properly, it leads to compliance failure. If that process changed, or technology, and the controls needed to comply with the regulation are not in place, then compliance fails.

WATCH NOW: 5 Tips to Supercharge Your Compliance Programs in 2023


The challenge is that many mortgage lenders and service providers are short-staffed when it comes to compliance. There is a barrage of regulatory changes, updates, and enforcement actions. But even if the firm is fully knowledgeable, they must ensure the culture, operations, processes, and behavior of individuals is compliant. Regulatory compliance is not an option. Amid uncertainty and change comes increased compliance risk exposure. While executives may be in cost-cutting mode, they cannot afford to become non-compliant. It is time for organizations to look at innovation and adjustments to make regulatory change and compliance more efficient in human capital and financial capital resources while at the same time striving for effectiveness, resilience, accountability, and agility.

This might seem like a conflict, to save money and time while increasing effectiveness and agility, but technology delivers this. To address the volume of regulatory change and its impact on the business requires that mortgage lenders and service providers seek to automate compliance with technology. Cognitive GRC technologies that leverage artificial intelligence – natural language processing, machine learning, predictive analytics, and robotic process automation – is delivering real value in efficiency while increasing effectiveness and agility of regulatory change management processes. It is times of uncertainty that companies can become stronger through redefining their processes and leveraging automation to cut costs and be more effective than their competitors.

During this time of uncertainty, there is an opportunity for mortgage firms to rearchitect their compliance processes to keep pace with the volume of regulatory change and ensure the business operationally remains compliant within the scope of this change. Technology enables this allowing the organization to filter through the volume of updates and changes and flag what really matters and how it impacts the mortgage business, operations, processes, policies, and behavior. Regulatory change technology delivers cognitive compliance to make the mortgage lender/service provider more efficient in their time and resources to monitor regulatory change and effectively keep operations current with regulatory change amid changing processes and employees. 

Ascent Named to the Esteemed RegTech 100 List for the Fifth Year

By Blog

The RegTech100 list compiles the world’s most pioneering businesses in the regulatory technology market that are helping financial institutions deal with the most pressing compliance and risk management challenges.

 

Ascent is proud to be named to the 2023 RegTech100 list. This marks our fifth year on the list and it is an honor to be recognized amongst some of the most innovative companies in the regulatory tech ecosystem.

“It’s an honor to be named to this esteemed list for the fifth year. Ascent was built to give businesses greater confidence in their compliance operations, and this recognition is proof that we’re achieving our mission,” said Christopher Junker, CEO of Ascent. “It is because of our cutting-edge technology, dedicated team and strong partnerships, that Ascent continues to provide clarity in an industry that is filled with complexity and constant change.”

According to FinTech Global, this year’s selection process for the 100 most innovative RegTech companies covered the widest range of enterprises yet. A panel of analysts and industry experts reviewed a list of nearly 1,300 companies to identify the solutions that need to be on the radar screen of every financial institution in 2023.

A range of factors are considered by the Advisory Board and FinTech Global team to make the final selection including:

  • Industry significance of the problem being solved;
  • Growth, in terms of capital raised, revenue, customer traction;
  • Innovation of technology solution offered;
  • Potential cost savings, efficiency improvement, impact on the value chain and/or revenue enhancements generated for clients;
  • How important is it for financial institutions to know about the company?

A full list of the RegTech100 and detailed information about each company is available to download for free here.

Regulatory mapping is key to compliance. Are you doing it effectively?

By Blog

Regulatory mapping may mean different things to different organizations, but new RegTech tools can help you more accurately and efficiently meet all your mapping challenges while freeing you from manual, administrative work. 

Defining Terms

As regulatory burdens increase and regulations change in response to everything from political winds to well-publicized industry failures, regulatory compliance will remain a rapidly changing and growing industry segment. 

Despite the near-universal concern about regulatory compliance, standard terminology around many common concepts is still missing. One such concept is “regulatory mapping,” a compliance term that means different things across the industry. Below are three distinct definitions we have encountered:

1) Regulatory mapping – of laws, rules and regulations to your business to determine your obligations

In this instance, regulatory mapping refers to the process of reading and analyzing voluminous regulatory text to understand exactly which specific obligations apply to your business. Whether conducted in-house by compliance personnel or outsourced, this process typically has people digging into the rules to determine which obligations are applicable to the business. Personnel will capture the firm’s baseline obligations across jurisdictions and determine which obligations are the same or similar across jurisdictions, and which are unique.

To do this, most firms create and maintain a rule register or rule inventory, i.e. a list of all the rules that apply to the business. An obligations register is a newer concept that refers specifically to a register or inventory of the specific obligations that apply to the firm, detailed down to the line level of regulation.

LEARN MORE: How Ascent Delivers Targeted Obligations

 

2) Regulatory mapping – of regulatory changes to your obligations

This definition involves compliance personnel constantly scouring regulatory websites, newsfeeds, and other sources to capture the latest rule amendments or additions and then conducting applicability analysis to determine which changes apply to your organization. 

Compliance personnel must then do the complex work of impact analysis to understand how the changes impact the firm’s existing obligations – Has an existing obligation changed in some way? Are there new obligations due to the rule change? Are any existing obligations now rendered unnecessary due to the change? 

Compliance teams must answer all of these questions before updating their rule register and obligations register accordingly. 

LEARN MORE: How Ascent Automates Regulatory Change Management

 

3) Regulatory mapping – of your obligations to your internal controls, policies, and procedures

Regulatory changes need to flow through to your controls and policies so that you can properly coordinate and execute the changes throughout the business. In this context, regulatory mapping is the process of tying your obligations to those internal controls, policies, and procedures. 

LEARN MORE: How Ascent Maps Obligations and Rule Changes to Your Controls and P&Ps

 

Mired in the Manual

Regulatory mapping represents a complex web of legal documentation, rule changes and internal processes. Regulatory change management is considered especially daunting as sources of regulatory change include international, national, state, and local legislative action, court decisions, and executive actions. The work of identifying these changes and dialing them in to what applies to the organization remains largely mired in manual and siloed processes.  

READ MORE: The State of the Compliance Industry

 

RegTech to the Rescue

The explosion of RegTech now provides an alternative solution to managing the challenge of regulatory mapping that does not require throwing additional personnel, time, and resources at the growing regulatory burden. The right automation tools can help alleviate much of the manual work of mapping regulatory requirements (regardless of which definition you are focused on)—but only if the tools are well-designed and implemented.

“Automation, technology, and expertise help transform the regulatory mapping and compliance functions from merely a cost center to a function that supports financially sound and efficient decision-making by capitalizing on business intelligence and supporting the commitment to appropriate compliance processes.” Compliance Week

The benefits of leveraging automation in regulatory mapping processes are many, including:

  • The ability to convert regulatory text into your specific obligations more efficiently and accurately, with less chance of human error (Ascent’s output is 99.5% accurate)
  • Streamlining the process of capturing regulatory changes relevant to your business, understanding their impact, and mapping them to your policies and controls
  • Freeing your compliance team from tedious, error-prone administrative work and increasing their focus on facilitating compliance, developing regulatory strategy, and proactively planning for regulatory change 
  • Providing a more complete understanding of your regulatory landscape, while spending less time and money
  • Reducing regulatory and reputational risk, avoiding fines, and lowering your overall cost to comply

READ MORE: What is RegTech?

 

Mapping Regulatory Requirements with Ascent

Ascent helps financial firms conduct all three types of regulatory mapping more accurately, efficiently, and at a lower cost. Ascent offers:

  • Automation to identify the obligations that pertain to your specific organization
  • Constant discovery of rule amendments and updates that apply to you, connected to your existing obligations so you can instantly understand the impact to your business
  • Seamless connection via API to best-in-class GRC platforms like IBM OpenPages so you can map your obligations to organizational controls, policies, and procedures