Skip to main content
Category

Featured

Suspicious Activity Reports [Part 1/2]: Big Leaks, Tighter Controls

By Blog, Featured

SARs have been in the media a lot recently, dragging these reports into the limelight. Here we discuss how financial firms are expected to respond.

Suspicious Activity Reports (SARs) are undoubtedly the most sacrosanct of all anti-money laundering (AML) work product. Beyond confidential, these reports cannot be disclosed even at grand jury proceedings. Years ago the Financial Crimes Enforcement Network (“FinCEN”) issued a set of final rules on SAR confidentiality, expanding that secrecy from the SAR itself to disclosing the underlying transactions behind the report. By extension this rule has been further interpreted to include the rationale for filing, as well as any discussions on whether or not to file a SAR at all. Still, despite this secrecy, SARs have been referenced in the media a lot in the past few years, bringing the reports begrudgingly into the limelight. 

READ MORE: A New Dawn for AML Compliance + 7 Questions You Should be Asking

 

A Slow Crescendo: SARs in the Limelight

In 2008, there was a reference to a now-former state politician’s implication in a prostitution ring. At the heart of one article was the mention of how investigators were clued into the politician’s alleged misconduct thanks to a SAR filed by the bank where the politician went, trying to send unusual round-dollar transactions to the ring’s operator. Years later, the public was likely unaware of another “leak” event.

This leak was brought to light by an investigator at a bank who had actually reached out to the subject of a SAR to solicit a bribe in exchange for information on the case. It wasn’t until years later that SARs not only reemerged, but they did so with a bang. A major publication had been given in-depth details of SARs filed from multiple banks in regards to Michael Cohen, and his reported misuse of a shell company, as well as Paul Manafort, and a foreign agent named Maria Butina. The SARs were reportedly leaked from within the Treasury, and several guilty pleas have since been proffered.

Thankfully for both global and financial institutions, there were no indications that any banks had done anything unsound to cause or exacerbate the leak. Still, the articles and related activity should serve as a trigger event for financial institutions to review their SAR-related procedures to reinforce a framework of confidentiality. 

SAR Trigger Events: Financial Firms Expected to Respond

In part 2 of this article, we will talk about some of the institutional concerns regarding the “FinCEN Files”exposé from September 2020. Even though the majority of the recent SAR leak events have been sourced in the public sector, they should serve as a major trigger event for financial institutions to review their own policies and procedures regarding SAR confidentiality. 

Employees with any exposure to or knowledge of any area of AML compliance should be acutely aware that they should:

1) Never disclose the existence of (or contemplation of filing of) a SAR,

2) Immediately report any suspected breaches of SAR confidentiality.

In addition, when considering IT or information security testing, financial services firms should consider whether there are controls in place to limit access to case management tools, investigators’ case journals, and supporting documents.

These controls should focus both on internal privacy (i.e., need to know access only) and data tagging (i.e. confidential, classified, etc. for all SAR materials), as well as outward screening tools to ensure that SAR-sensitive documents are not sent out of the bank by email, external drive, or other file transfer methods.

Similarly, all SAR filing staff should have enhanced procedures and likely training to reiterate the need to store SAR-sensitive documents and communications in those secure platforms.

While financial services firms cannot anticipate all misconduct related to SAR leaks, it is guaranteed that they will need to demonstrate to their regulators that they have taken these recent leak events under consideration, and confirmed that all of their identifiable leaks have been plugged. This process starts by first identifying what your regulatory obligations are in regards to SARs and other FinCEN rules.

READ MORE: Broker-Dealer automates SEC, FINRA, and NFA obligations with Ascent

 

Know Your FinCEN Obligations

When it comes to identifying your requirements and obligations for FinCEN and other regulators, automation can create massive efficiencies. 

The process of collecting regulatory updates across multiple sources is time-consuming and at high risk for gaps. Conducting impact analysis to determine which of those updates are actually applicable to your firm adds another layer of manual work and complexity. 

Ascent is a regulatory knowledge automation solution that generates your firm’s obligations keeps them updated as rules change. Ascent helps compliance teams zero in on the regulatory information that is relevant to the firm, freeing up time and resources to focus on higher-value activities such as maintaining policies and procedures and executing compliance throughout the organization.

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

 

For more on regulatory knowledge automation and how it can play a role in your compliance framework, check out this blog. To stay up to date on all things compliance and technology, subscribe to our email series Cliff Notes below.

 

Subscribe



A New Dawn for AML Compliance + 7 Questions You Should be Asking

By Blog, Featured

To those in the anti-money laundering practice, Nina Simone’s memorable singing that it’s a “new dawn” and “a new day” may be best suited to the recently-passed Anti-Money Laundering Act (AMLA) of 2020. Passed as part of a broader National Defense Authorization Act (NDAA), the AMLA is likely the most sweeping financial crime-related law update in the U.S. since the USA PATRIOT Act almost two decades ago.

There are, of course, some appropriately-hyped provisions within the AMLA, as well as a few that are related to it, that bear a little bit more attention from compliance practitioners. 

WATCH: [Compliance Over Coffee] Preparing for the Next Wave of U.S. Regulatory Changes 

There’s Risk, then there’s Risk

The AMLA is clearly written, with no in-between-the-lines review needed. As a result, the Secretary of the Treasury will review components of current BSA/AML requirements to see where “adjustments” are necessary. From there, a report that will effectively de-prioritize what the AMLA calls “noncomplex” reporting will be issued, perhaps such as Suspicious Activity Reports (SARs) that deal with run-of-the-mill structuring. 

SARs as a Strategic Priority

The big shift with the AMLA is that there will be yet another report on “strategic priorities,” meaning that SAR reporting is going back to its roots as an information gathering tool for law enforcement and intelligence agencies. Still, what the AMLA hasn’t clarified is whether financial institutions will be able to forgo the “simple” SARs to focus on the more “valuable” SARs, or whether banks will be on double duty to report both. Risk assessments will be put in the same boat as SARs; having to review for those strategic priorities while still looking for the risks unique to their bank’s profile.  

READ MORE: How Bad is PPP Fraud in Financial Services?

 

Anonymously Speaking

Maybe the most lauded of the AMLA’s provisions is the Corporate Transparency Act (CTA), which doesn’t criminalize or ban shell companies as a structure, but requires that most incorporated entities fall in line with beneficial ownership requirements. The biggest change is that the CTA requires FIs to collect historical information that was exempt from the 2018 regulation’s requirements. FinCEN will then create a registry, with certain exceptions, and will allow FIs to scrub KYC data for their due diligence processes against that list. The mechanics of the list, collection, and verification process aren’t known, meaning that FIs will have to continue to take a risk-based approach to business types. 

READ MORE: SEC Priorities and a Changing of the Guard in 2021

 

Corruption in Politics and Art

What should get special attention, tying into the NDAA, is the emphasis on the risk related to corrupt political leaders (see the “Kleptocracy Asset Recovery Reward Act”) as well as arts and antiquities dealers. The NDAA goes further here by expanding the foreign bank account records held by a U.S. affiliate, such as KYC information, making those records fair game for subpoena.  

READ MORE: What Recent OCC Enforcements Signal for Firms

 

7 Questions You Should be Asking

While we wait for the underlying regulations from the AMLA, a few lingering questions remain. First of all, where the AMLA references the intention to streamline and automate, will firms be held accountable if they don’t find ways to do so? Not very likely.  

However, as FIs are required to automate more processes and reporting, will there be a risk of over-automation while regulators challenge the insufficiency of a BSA/AML compliance program’s human touch?  

There is still time before the one-year window for the Treasury to issue supporting regulations kicks in. In the meantime, here are a few questions that FIs should be asking:

1. Are we asking enough questions? Or, minimally, are we asking the right questions for LLP/LLC-type customers? Are we prepared to retroactively work towards data collection beyond the 2018 Customer Due Diligence (CDD) rule’s requirements?

2. What are we doing in terms of Politically Exposed Persons screening? Are we looking for stolen government funds? 

3. How will we risk-rate art/antiquity dealers going forward?

4. What’s the status and strength of our risk assessment process? Have we kicked the tires on the methodology recently? Will we be ready when new priorities emerge? Or will we be behind and at risk of missing critical requirements ?

5. Are our SARs “highly” useful to law enforcement? Or do we need to reinvent our processes with a closer eye on crime and intelligence?

6. If we are going to revamp our SAR processes, what are the best ways to make sure that second-line testing and audit are on board?

7. What should we automate? Where can we innovate? What processes are the most vulnerable to regulatory gaps?

Automate Regulatory Knowledge for AML Compliance

When it comes to identifying your requirements and obligations for AMLA and other regulations, automation can be especially helpful. 

The process of collecting regulatory updates across multiple sources is time-consuming—and it’s only step one of a multi-step process. The next step of determining which updates will actually impact your firm is even more of a challenge.

Ascent is a regulatory knowledge solution, which automatically surfaces the right information and pinpoints your firm’s obligations. Ascent helps compliance teams zero in on the regulation that is relevant to the firm, freeing up time and resources to focus on higher-value activities such as maintaining policies and procedures and executing compliance throughout the firm.

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

Ascent Named to the Prestigious RegTech 100 List for the Third Consecutive Year

By Blog, Featured

Ascent has been named to the prestigious RegTech 100 list for the third year running. The RegTech 100 list is comprised of the world’s most innovative technology firms helping financial services firms address the challenges of regulatory compliance.

Press Release | Chicago, IL | December 2, 2020 Ascent, an AI-driven solution that helps customers identify the regulatory obligations and rule updates that apply to them, is today celebrating the news that the firm has been named to the prestigious RegTech 100 list for the third year running. Overseen by specialist research firm RegTech Analyst, the RegTech 100 recognizes the world’s most innovative technology providers that are solving a significant industry problem, or to generate efficiency improvements across the compliance function. 

READ MORE:  Rapid Review: What is RegTech?

 

Ascent’s groundbreaking RegulationAI™ rapidly and accurately identifies a financial firm’s regulatory obligations, then keeps them updated as rules change. This targeted regulatory knowledge can be accessed and managed through Ascents cloud-based platform, or fed into a separate GRC (governance, risk and compliance) via API. 

By automating a process that would typically take compliance personnel significant time to complete manually, Ascent helps maximize efficiencies, reduce error, and ensure that firms know exactly what needs to be done in order to avoid fines and mitigate risk. 

“Ascent was founded to give businesses greater confidence in their compliance and risk operations. The turmoil of 2020 has highlighted for us the importance of that mission.” —Brian Clark, President and Founder, Ascent

“We are honored to once again be named in the RegTech 100,” said Brian Clark, Ascent President and Founder. “Ascent was founded to give businesses greater confidence in their compliance and risk operations. The turmoil of 2020 has highlighted for us the importance of that mission. The age-old problem of regulatory compliance – ‘you don’t know what you don’t know’ – is what Ascent was built to solve, and by doing so, we aim to help our customers achieve certainty in an uncertain world.”

“The RegTech100 list helps senior management filter through all the vendors in the market by highlighting the leading companies in [each] sector.” —Mariyan Dimitrov, Director of Research, RegTech Analyst

RegTech Analyst director of research Mariyan Dimitrov said, “Banks and other financial institutions need to be aware of the latest RegTech innovation in the market in order to avoid new compliance risks and stay competitive despite new regulations around customer onboarding and remote communication post Covid-19. The RegTech100 list helps senior management filter through all the vendors in the market by highlighting the leading companies in [each] sector.”

Ascent has been rapidly gaining momentum since its founding in 2015. Since its inception, Ascent has secured $26.7M in funding and doubled its staff. Ascent serves a range of financial institutions, including global financial firms and SMBs in the banking, securities, and derivatives industries.   

Ascent's RegTech 100 Badge

 

To stay up on the latest in regulatory technology and other news, subscribe to our monthly Cliff Notes newsletter below.

 

Subscribe


What is SupTech and How Will it Change Compliance?

By Blog, Featured

What is SupTech?

SupTech, short for supervisory technology, is the application of emerging technology to improve how supervisory agencies conduct supervision.

Regulatory technology — or, RegTech — is in the midst of a full-blown revolution, overhauling how financial service firms handle regulatory compliance. 

Asset managers are automating laborious processes like disclosure production through robotic process automation. Wealth managers are streamlining the tiresome process of know-your-customer data collection and suitability analysis through compliance management solutions. And firms of all sizes and shapes are now able to automate the burdensome work of regulatory change management through AI-powered knowledge automation solutions.

In short, the industry is in the throes of digital disruption. The advances in technology that have upended so many other industries are doing the same to regulatory compliance. And, to date, financial institutions have been the ones to bear the benefit of this.

But that’s beginning to change.

The same technologies that have launched the RegTech industry over the last few years are now propelling a similar rise in a sector very, very closely related to RegTech.

SupTech, short for supervisory technology, is the use of those same breakthrough technologies but by supervisory agencies to help support supervision. In essence, it’s leveraging the technologies of RegTech for regulators themselves.

READ MORE: What is RegTech?

SupTech Solutions for a Data-Driven World

SupTech benefits from a serendipitous coincidence. Both the work of supervisory agencies and the technologies that are fueling our current technological revolution are underpinned by the same thing: data.

Data — and specifically the ability to aggregate and analyze large sets of it — is what has fueled the deep learning revolution of the last decade. 

Neural networks can crunch the large data sets of online images to create image recognition software. Machine learning algorithms ingest massive troves of regulatory documents to create knowledge automation solutions. For industries built around big data, technology now offers a plethora of ways to reduce errors and improve efficiencies.

This perfectly coincides with the modern approach to financial regulation, which is built around big data. But today’s approach also manages data in a manual, time-intensive, and usually backward-looking manner. 

Consider, for example, the lengthy onsite inspections regulators regularly conduct as a means of collecting data, and the cumbersome analysis process which, when it results in supervisory action, is often focused on incidents that happened months or even years ago.

SupTech offers that possibility to fundamentally change this.

Imagine a scenario where regulators receive data feeds directly from the firms they are regulating. Rather than having to go out and collect the data, the data is funneled into their systems — and is then analyzed by machine learning and natural language processing technologies in order to flag suspicious transactions or behaviors.

This is the dream of SupTech, which is quickly becoming a reality. It is built around two aspects of financial supervision: data collection and data analytics.

SupTech Use Cases

READ MORE: What the Tech? Machine Learning Explained

 

Streamlining Data Collection

Historically, data collection for regulatory reporting has focused on using standardized reporting templates — a holdover from the days of paper-based reporting. While these templates help organize data uniformly, they can be costly to update, making it difficult to keep them current with the fast-paced change occurring across financial services.

Additionally, these templates can be extremely inefficient. Because of how heavily regulated financial services is, one transaction may have to be reported to multiple regulatory bodies, meaning multiple reports have to be completed and submitted by financial institutions and then also ingested and analyzed by regulatory bodies, creating inefficiencies for all parties involved.

As regulations have increased, regulators have been forced to step up the frequency and granularity of the data they ingest. It’s quickly become clear that standardized reporting templates aren’t up to the challenge.

SupTech providers are already creating solutions. One, pioneered by the Austrian regulator OeNB, is AuRep (Austrian Reporting Service GmbH) — a reporting platform that can be used by both supervised entities and supervisors. It allows banks and other financial firms to input their data into the system to seamlessly send it to the OeNB.

This allows for a much higher level of integration between parties, improving the speed at which regulators can receive data and the granularity and accuracy of that data. But this methodology — known as data-input — is just one way to improve on the standardized template process.

Other SupTech solutions are investigating data-pull processes, where data is sourced directly from an institutions operational system and then pulled into the supervisory platform. Alternatively, a real-time access approach would let supervisors “see” the data at will rather than only during reporting periods, allowing them to monitor and interact with data without a time delay.

Data-input, data-pull, and real-time access approaches would all rely on APIs, short for application program interfaces — a technology making waves in other sectors of financial services as well.

READ MORE: Open Banking: What It Is, Why It Matters, and How RegTech Can Help

 

Overhauling Data Analytics

Once regulators have collected these massive pools of raw, unformatted data, the next question is what do they do with it. While it can be a challenge for humans to sift through and make sense of large data sets like these, this is where big data tools like AI and machine learning really begin to shine.

Here are just a few of the ways SupTech solutions are tackling data analytics:

  • Supervisors can use machine learning tools to create a “risk score” for supervised entities. FINTRAC, the Financial Transactions and Reports Analysis Centre of Canada, has created one such score, evaluating the risk factors related to an institution’s profile, compliance history, reporting behavior, and more.
  • Supervisors can also use network analysis to assess an entity’s exposure to money laundering risk. DNB (De Nederlandsche Bank), for example, analyzes transactional data in order to detect whether related entities are sending funds to the same party through different financial institutions. 
  • A number of regulators, including ASIC (Australian Securities and Investments Commission), the Bank of Mexico, and the FCA (Financial Conduct Authority), are leveraging natural language processing technologies to audit the promotional materials, prospectuses, and financial advice documents that are produced by financial institutions.

Beyond Data: Other SupTech Solutions

Data collection and analytics aren’t the only domains of SupTech solutions.

The FCA and BSP (Bangko Sentral ng Pilipinas) in the Philippines are both working on implementing chatbots to interact with supervised entities more efficiently. The chatbots would be able to answer questions for the supervised entities and also provide regulators with a wealth of information about what kinds of concerns supervised entities had.

The FCA is also looking into machine-readable regulations, what it is calling Digital Regulatory Reporting. In a tech sprint, the FCA developed a trial system that translated reporting rules into machine-readable language — non-English text, standardized so it can automatically be read by a computer system. Once translated, machines could then process these rules to compare them against a firm’s policies and procedures. 

This and other efforts acknowledge the heavy burden of regulatory change management that’s plaguing financial institutions — and the ability of technology to help alleviate this process.

The Future of SupTech

SupTech is undeniably still in its early days. In recent research conducted by the Bank of International Settlements, only half of the participating regulators surveyed had or were developing SupTech strategies. And, of those strategies, less than a third were operational, with most still being in the experimental or developmental stages. 

As SupTech advances, it will undoubtedly find new ways to make the work of regulators more accurate and efficient, but it will have serious questions to consider as well.

For example, by interconnecting regulators and supervised entities, will SupTech create new avenues for cyberattacks? And if supervisory technologies make a mistake, what will the cascading effect of this be?

Even more importantly, how much automation is the right amount for regulators? When implementing RegTech solutions, many financial firms have found the solutions work best when augmenting the work of Risk and Compliance teams, not replace it. It is likely that, in work as complex as that carried out by supervisory agencies, the same will be true for SupTech solutions. It will take patience and practice, though, to find that precise balance.

What is undeniable is that the processes of supervisors are ripe for digital disruption, much as those of Risk and Compliance teams were. It will be exciting to see how SupTech solutions add value to regulatory agencies in the years to come — and how they change the regulatory landscape in the process.

READ ARTICLE: How Ascent Simplifies Regulatory Change Management with Automation

 

Enjoy this article? Subscribe to receive helpful content designed to help you win at compliance.

Subscribe

Simplifying FX Compliance with RegTech

By Blog, Featured

(7 min read)

Regulatory complexity has exploded in the dozen years since the Global Financial Crisis. Massive new regulations, from Dodd-Frank to EMIR to MiFID II, have been brought down on the financial markets with increasing frequency and severity. The SEC set records last year with the highest number of enforcement actions against public companies in a decade, and the CFTC recently signaled it plans to move more in-line with the SEC

The forex market has certainly felt the effects of these massive waves of regulatory change. Affected in areas as widespread as price transparency and order execution to trade reporting and business conduct rules, FX traders now live in a world where, for any given transaction, they risk higher non-compliance fines for the regulations they know about, and also risk not knowing about all of the regulations that may apply

But FX traders don’t have to feel stuck between a rock and a hard place. RegTech — or, regulatory technology — provides solutions to these exact issues.

In this article we’ll dive into what RegTech is and how its solutions can revolutionize regulatory compliance for FX firms.

What is RegTech?

In its simplest definition, RegTech is the application of technology to improve the way we manage regulatory compliance. RegTech companies are employing machine learning (ML), natural language processing (NLP), blockchain, AI, and other technologies, in an attempt to streamline compliance processes, increase efficiencies, and lower costs and risks.

The FX marketplace is no stranger to the transformative power of technology. After all, it was technology that expanded FX from the trading desks of the few to the smartphones of the many. 

Now, Technology has developed to the point where it can take over some of the more labor-intensive aspects of regulatory compliance to produce more accurate results and at a lower cost.

READ MORE: What is RegTech and Why Does it Matter?

 

How is RegTech changing the FX industry?

RegTech solutions can be segmented into three categories: point solutions, workflow management, and knowledge automation. Each group is already making a profound impact on FX.

Point Solutions

Point solutions solve one specific regulatory compliance need. While more limited in scope than workflow management and knowledge automation solutions, the right point solution can have a powerful impact on an FX firm’s processes.

Here are just a few point solutions that can help the FX market:

  • Electronic identity verification tools to streamline and automate laborious Know-Your-Customer procedures
  • Anti-money laundering tools that can automatically flag suspicious transactions and dubious trading behaviour at a scale and speed not possible for humans
  • Reporting solutions to streamline the heavy burden created by MiFID II transparency requirements
  • Voice-to-text translation technology which decipher complex trader jargon and convert it to text, creating a searchable database which ML algorithms can then crawl to identify problematic transactions or trends
  • Data aggregation tools to collect instant messaging, email, and phone call data in a single place in order to better monitor for market abuse and to help meet regulatory requirements

Workflow Management

Workflow management solutions — specifically, governance, risk management, and compliance (GRC) platforms — are intended to help solve operational risk management needs. This may mean improving communication between team members, creating a better audit trail, providing a platform to reconcile obligations against policies and procedures, etc.

At their most basic level, GRC platforms act as a container, much like a customer relationship manager (e.g., Salesforce, Oracle, etc.,). They are known for their extreme flexibility, allowing users to customize the experience to their needs, but the specific components of each GRC platform helps determine how it may address a firm’s individual operational risk management needs.

For example, some GRC platforms are built around one specific aspect of risk management, such as risk assessment. Others drill down one level further and are structured around one particular regulator. Some are known for improving collaboration across business functions — aligning IT, operations, legal, and others by providing access to the same data within one framework — while others specialize in the ability to integrate with existing systems and legacy data.

FX firms will have to evaluate the factors of each to determine which is right for their specific needs, but GRC platforms can bring Risk and Compliance teams out of the quagmire of Excel spreadsheets and into the modern era.

Knowledge Automation

Knowledge automation represents the next frontier of RegTech — as well as one of the most powerful manifestations of how technology can help regulatory compliance.

Knowledge automation solutions are positioned upstream of both workflow management and point solutions, situated right at the very beginning of the compliance process. They help solve one of the most complex and intractable challenges of compliance: regulatory change management.

How are FX traders supposed to keep up to date on the constant flow of new regulatory updates being released? When towering new regulations like GDPR are released onto the marketplace, how can FX firms assess which aspects relate to their business in a quick and accurate manner? In short, how can FX traders have confidence that they’re trading compliantly?

At large banks and enterprise firms, these questions are answered by employing a small army of compliance analysts, consultants and lawyers to collect and sift through the dense legalese of regulatory updates. But smaller firms, who usually can’t afford such a hit to their bottom line, are instead left with a few exhausted Risk and Compliance officers, pouring over documents day-in and day-out while traders put trades in with fingers crossed. 

Change management solutions are now finally able to leverage technology to help solve these challenges. 

Some of these solutions act as a news feed, aggregating all relevant regulatory updates, proposed rule changes, enforcement actions, and speeches in a single place. They automate the laborious and time consuming horizon scanning aspect of change management.

Recent advances in AI technology can take us beyond this, though. At Ascent, we’ve created RegulationAI™ — a true innovation in regulatory technology — which leverages neural networks to automate both the organizing and the sifting processes of change management.

Neural networks are deep learning systems that are taught how to complete a task by being fed large data sets. Our knowledge automation solution treats the vast trove of existing regulatory documentation as a giant data set, runs that data through our trained RegulationAI™, which is then able to automatically determine which obligations apply specifically to a business — automating the transformation from data to knowledge.

Knowledge automation represents the next frontier of RegTech — as well as one of the most powerful manifestations of how technology can help regulatory compliance.

READ ARTICLE: The Rise of Data Privacy Regulation and How RegTech Can Help

 

Meeting the unique needs of FX

FX firms have the opportunity to get ahead of their competition by embracing regulatory compliance.

There are two aspects of the FX marketplace that make RegTech of special importance to it.

One is the fact that, by its very nature, FX operates within a global marketplace. 

This means that FX traders can be subject to even more rules and regulations than, for example, an RIA focused only on domestic operations. Through AI and machine learning, RegTech has the ability to simplify the impact of multi-jurisdictional compliance.

The other is that FX operates within a decentralized marketplace.

Outside of the country-based regulators that oversee FX — like FCA and CFTC — there are two organizations that are globally-focused on  “governing” or “guiding” organizations within the FX trading marketplace: FX Global Code and BIS Markets Committee. Both organizations provide guiding principles instead of rules due to the decentralized nature of the FX marketplace. The lack of formality in this regulatory framework has led to a lack of adoption and enforceability.

This represents a competitive advantage for FX firms. One need only look passingly at the path of regulatory compliance to see that, in all likelihood, the decentralized marketplace of FX will only be burdened by more and more regulations in the near future. FX firms have the opportunity to get ahead of this — and ahead of their competition — by embracing regulatory compliance.

READ ARTICLE: “But Does RegTech Actually Work?” 3 Ways Financial Firms and RegTechs Can Bridge the Trust Gap

 

Stop drowning in regulation.

The superhuman rate of regulatory change and the ever-increasing penalties for non-compliance don’t have to be a stumbling block for your business. RegTech offers a way to feel empowered rather than restricted by the rule of law.

LEARN MORE: Click here to learn about Ascent Solutions

 

Want to receive more articles like these? Subscribe to our monthly Cliff Notes newsletter.

Subscribe

Easing Asset Management’s Regulatory Burden with RegTech

By Blog, Featured

(5 min read)

For any given trade, asset managers risk higher non-compliance fines for the regulations they know about, and also risk not knowing about all of the regulations that may apply.

The bombshell that was the Global Financial Crisis of 2007-2008 radically remade the financial services landscape. It brought the global economy to its knees, set the stage for the longest bull market on record, and ushered in a new era of regulatory oversight.

And it is perhaps this last point which could have the most lasting effect. Because while the global economy has mostly recovered, and while at some point even this bull market will meet its bear, the new burden of regulatory oversight has transformed almost all sectors of financial services.

Asset management has certainly not been immune. Those managers looking to simply raise capital, bring in clients, and put up strong risk-adjusted returns are instead shouldering an increasingly complex regulatory burden.

A few facts can illustrate the deep strain of this weight: Every seven minutes a new regulatory update goes into effect. Also: Last year, the SEC published more than 2,750 enforcement actions, including 95 against public companies — the highest number in a decade

In short, for any given trade, asset managers risk higher non-compliance fines for the regulations they know about, and also risk not knowing about all of the regulations that may apply. 

But while the challenges of increased regulatory complexity may seem intractable and insurmountable, a nascent industry is determined to provide solutions to exactly these issues — the regulatory technology industry, or, RegTech.

In this article we’ll dive into what RegTech is and examine how its solutions can help asset managers escape from under the increasingly heavy weight of regulatory compliance.

What is RegTech?

In its simplest definition, RegTech is the application of technology to improve the way we manage regulatory compliance. RegTech companies are employing machine learning (ML), natural language processing (NLP), blockchain, AI, and other technologies, in an attempt to streamline compliance processes, increase efficiencies, and lower costs and risks.

Initially, many RegTech providers focused on solutions relevant to retail and institutional banks, especially around anti-money laundering and fraud protection. But the technologies of RegTech have advanced enough in recent years — particularly as relates to ML, NLP, and AI — that automation can now meaningfully streamline the work of Compliance teams. For asset managers, the timing of this couldn’t be better, as new regulation rollouts like MiFID II and GDPR only further raise the stakes for trade and transaction reporting.

READ MORE: What is RegTech and Why Does it Matter?

 

Revolutionizing How Asset Managers Handle Compliance

As RegTech has blossomed over the last handful of years, a plethora of solutions have popped up to help with solving problems across the regulatory compliance landscape.

Some of these operate more like point solutions, solving one particular problem for asset managers. For example, one massive lift facing many asset management Compliance teams is the production of hundreds of disclosures that firms are required to produce throughout the year. RegTech solutions now exist that employ robotic process automation (RPA) to turn this laborious, manual process into an automated one.

Similarly, RegTech can help streamline investor onboarding, reducing the process down to minutes and making it fully digitized. And NLP can be applied to the onerous task of communications management, digitizing vast troves of telephone conversations so they can then be mined via machine learning in order to catch potential red flags.

But the truly revolutionary power of RegTech lies beyond these point solutions. In its most impactful form, RegTech offers ways to leverage the big data of regulatory compliance in order to significantly streamline labor intensive processes, such as determining which obligations apply to your business.

For example, imagine if every time another seven minutes ticked by and one of those new regulatory updates was introduced, you were able to know nearly instantaneously whether it applied to your business and how it might impact your policies and procedures. Imagine if you were able to approach a massive new regulation like GDPR and — rather than feeling that it would take hundreds of hours and a meaningful chunk of your bottom line to untangle what it meant for your company — you were able to see a complete list of your obligations in mere minutes.

This is the power of Ascent’s RegulationAI™, a true innovation in RegTech. Our technology leverages machine learning and natural language processing to automate the most tedious and error-prone parts of compliance. 

Based on your firm’s unique profile, Ascent automatically delivers the obligations and rule changes that are relevant to your business, cutting out significant white noise so that you can focus on a much narrower set of obligations. 

Ascent is faster and more comprehensive than humans alone, saving Risk and Compliance Officers hundreds of hours of manually researching, reading, and analyzing regulation so that they can instead focus on the more critical tasks.

READ ARTICLE: “But Does RegTech Actually Work?” 3 Ways Financial Firms and RegTechs Can Bridge the Trust Gap

 

Reduce the Weight of Your Regulatory Burden with Ascent.

In a world where the trend toward passive management has pushed fees ever downwards, asset managers have to operate as efficiently and effectively as possible. Leveraging RegTech solutions can help reign in the skyrocketing costs of compliance, meaningfully reduce the time Compliance teams are spending on laborious, manual tasks, and protect against the risks of human error in the process.

LEARN MORE: Click here to learn about Ascent Solutions

The Rise of Data Privacy Regulation and How RegTech Can Help

By Blog, Featured

(7 min read)

If data is money, it’s often left sitting out in the open.

Ascent founder and CEO Brian Clark has a hypothetical question he often likes to ask new people when meeting them: If you were given a giant bag of money, what world problem would you solve? 

Homelessness, poverty, world hunger — there are ample crises to choose from. But what Brian’s really interested in is your answer to his second question: If that bag of money were then taken away, and you were instead given a giant bag of data, what problem do you solve now and how do you do it?

The implication, of course, is that ultimately the two bags equate to the same thing. They’re both resources. And as technology has revolutionized our ability to capture and analyze huge troughs of data, big data has in turn become an increasingly powerful resource and disrupted industry after industry.

And much of that disruption has come at a price.

Facebook, Equifax, Yahoo! — these are just a few of the massive data breaches that have happened over the last handful of years. As companies have collected more and more data, they have not always taken the proper precautions to protect that data. In the terms of our original analogy, if data is money, it’s often left sitting out in the open.

As a result, we have seen a number of large new data privacy regulations come into play recently, with many more on the horizon. Like all things related to big data, these regulations have been extremely hefty, sometimes to the point of seeming overwhelming. But we would argue that they don’t have to feel this way.

In this article, we dig deeper into the rise of data privacy regulation, examining the major new regulations that have recently come into play, the way these regulations are transforming the compliance function, and how RegTech can help transform them from overwhelming obstacles into exciting opportunities.

READ CASE STUDY: How a Global Top 50 Bank Secured Its GDPR Obligations Using Ascent

 

GDPR: The Game-Changer

The modern age of data privacy regulation was ushered in by four letters: GDPR. The first significant update to Europe’s data protection rules since the 1990s, GDPR (or, the General Data Protection Regulation) serves as both the core of Europe’s digital privacy legislation and as the benchmark the rest of the world began comparing their data privacy policies against.

First introduced in 2012 and then argued over until it was adopted in 2016, GDPR finally came into effect in May of 2018. The regulation was revolutionary for its emphasis on citizens’ rights. It was designed to give EU citizens control over their personal data, as exemplified by the eight rights for individuals within the regulation. These rights include giving EU citizens easier access to data companies hold about them, laying out fines for the failure to do so, and requiring companies to receive consent from individuals before collecting their data. 

There are many more details to the 99 articles in the regulation, but it’s these individual rights that caught a lot of public attention, both for the burden they placed on companies and the pop-up banners they created on our web browsers

GDPR came to seem so ubiquitous because its obligations applied not only to companies headquartered in the EU, but to any company gathering the personal data of an EU citizen. In the borderless age of the internet, this more or less meant any company with a website that tracked any information about its visitors

Of course, the EU wasn’t likely to chase down every mom-and-pop shop around the world that failed to comply with GDPR regulations. But the breadth and depth of the legislation acted as a standard-bearer, telling companies and countries it was time to update data privacy regulation for the twenty-first century. It would only be a matter of time until other countries followed suit.

CCPA: GDPR Hops Across the Pond

That most notably and recently happened in the US with the California Consumer Privacy Act (CCPA). The CCPA, which was just implemented at the beginning of this year, brought similar GDPR-like obligations to the US, including consumer rights related to the disclosure of personal information and requests for personal data

The CCPA affects a significant number of companies. It applies to businesses that either exceed a gross revenue of $25 million, gain 50% or more of their annual revenue by selling consumer’s personal information, or that buy, sell, receive, or share personal information of 50,000 or more consumer households.

Like GDPR, the CCPA is similarly focused on consumer rights, including a section known as data subject requests, which grants users the right to access or delete the personal information a company may have about them.

And — just as GDPR acted as the data privacy blueprint for the rest of the world — the CCPA is acting as the blueprint for the rest of the US. A number of other states are quickly catching up:

  • Washington State currently has a bill with requirements and fines drawn straight from the CCPA currently working its way through the state senate and house.
  • New York, in typical coastal one-up-manship, recently introduced an even more comprehensive bill into its state senate, which disregards the CCPA’s revenue requirement for covered entities.
  • Nevada actually implemented privacy legislation a few months before California, but its definition of “sale” resulted in a law that was narrower and more lenient on financial institutions.

The Changing Role of the Compliance Officer

The above litany of legislation, without any guiding federal framework, is a significant challenge for companies, especially those transacting business across the country. This patchwork of regulation means, for simplicity’s sake, companies often have to comply with the strictest requirements of any one regulation, even if it doesn’t necessarily apply to all the states where they are doing business. That is, of course, assuming companies and Compliance Officers can keep up-to-date on the waves of new regulation constantly being released and updated.

But in another light, these new data privacy regulations actually represent an opportunity for Compliance Officers

These regulations could help raise the visibility of the compliance role at companies, especially those that might have dismissed data privacy as not relevant to their day-to-day. That’s because compliantly following these privacy regulations is going to require companies to make real changes in their policies and procedures and in their corporate culture — all of which are crucial aspects of the compliance role. 

As companies update and overhaul internal procedures accordingly, Compliance teams will need to play an integral role in developing business processes to ensure that personal data is being managed compliantly.

But for Compliance teams to do that, they will somehow need to keep current with the massive amount of new regulations being rolled out and find a way to quickly and concisely understand how those regulations relate to their policies and procedures. Between the hefty laws already in place and the long list of those in process, this can seem like an insurmountable task.

Technology, though, provides a path forward.

READ ARTICLE: How Your Peers in Financial Services are Tackling 3 Big Compliance Issues

 

RegTech Offers the Key to Data Privacy Regulation

RegTech (Regulatory Technology) is an emerging industry of companies leveraging machine learning, natural language processing, blockchain, AI, and other technologies to solve the challenges of regulatory compliance. These technologies offer a way to leverage the big data of regulatory compliance to help solve the problems of data privacy regulation.

In a recent case study, one global Top 50 bank tried to identify its obligations under GDPR within one of its business units. The bank had a lack of clarity around which aspects of GDPR it was required to follow, and it attempted to solve this problem via a traditional solution: hiring a consulting firm.

The consulting firm, though, proved expensive and inaccurate. The firm missed a number of obligations and the bank was forced to hire a second consulting firm to correct those initial mistakes — adding duplicative costs. It was in the midst of this frustrating process — causing costly mistakes and creating continued regulatory uncertainty — that the bank decided to try a different approach.

The bank partnered with Ascent, an AI-powered compliance automation solution. At Ascent, our proprietary RegulationAI™ technology generates the obligations that apply to our customers, helping banks and other financial firms reduce risk and gain confidence in their compliance programs.

RegulationAI™ was able to generate a complete obligations register in mere minutes and at a 99% cost savings. This technology — a true innovation in RegTech — leverages machine learning and natural language processing to ingest hundreds of regulations and then rapidly determine which obligations apply to your business — with zero manual effort from you.

Rather than the time-consuming, expensive, and inaccurate results it had received before, the bank now had all its obligations in an easy-to-read digital format, produced with significantly lower risk of human error.

READ ARTICLE: How Ascent Simplifies Regulatory Change Management with Automation

 

Secure Your Obligations with Ascent.

The complexity of data privacy regulation is likely only going to increase in the future. But you don’t have to drown in regulation. Ascent can help you leverage technology to make this fast-paced world of digital disruption work for you.

LEARN MORE: Click here to learn about Ascent Solutions

 

Want to receive more articles like these? Subscribe to our monthly Cliff Notes newsletter.

Subscribe


Open Banking: What It Is, Why It Matters, and How RegTech Can Help

By Blog, Featured

If open banking lives up to its promise, it could revolutionize modern banking and simultaneously usher in waves of new regulation and compliance changes.

Digital disruption is burning through almost every sector of our modern economy, creating exciting new opportunities while also unleashing chaos on long-established ways of doing business.

Banking is one of digital disruption’s latest beneficiaries, and one specific trend has been causing a lot of buzz: open banking. It’s a topic that, if it lives up to its promise, could revolutionize modern banking and simultaneously usher in waves of new regulation.

In this brief primer we’ll break down what open banking is, why it’s making so much noise, and how technology can help solve the compliance challenges technology has created.

What is Open Banking?

Broadly, open banking is a banking practice that gives users the ability to grant third-party financial service providers access to their financial data. 

The basics of open banking have been around for a few years now — the same principles can be found in budgeting tools like Mint or YNAB. But historically, apps like these have used a process known as “screen scraping” — where users give the budgeting app their bank username and password so the app can then “scrape” their financial information from the bank’s site. What is generating all the excitement around open banking now is the possibility to extract this information by instead using an API.

APIs (or, application programming interfaces) are a way for third-party providers to plug directly into an app or web service. So rather than giving Mint your bank username and password, you would instead grant it authorization to access your bank information, which Mint would then connect to directly through the API. 

So why is an API so much more powerful than screen scraping?

Because for one, you don’t have to share your username and password with third parties, whose cybersecurity protocol might not be robust as your bank’s. Also with an API, if the username or password is changed, the connection isn’t broken. And the process is significantly more efficient for the third party, who now has direct information to the data they want, rather than having to scrape it from another source, reformat it, and then ingest it.

But open banking’s most exciting opportunities extend far beyond budgeting apps.

What open banking really allows for is a more efficient and secure way to share financial data. 

When looked at from this perspective, the possibilities start to become industry-shaking opportunities. Here are just a few examples:

  • The labor-heavy process of getting a loan, currently requiring the lendee to pass off reams of financial statements and information to a lender, who then has to ingest those materials, could become significantly easier for all parties involved. An API would allow lenders to have more efficient access to up-to-the-minute information with much less work from the lendee, and would allow lendees to only share the information relevant to the lender.
  • Aggregation tools are already making money management a much simpler, more cohesive process. Existing solutions allow investors to get a truly holistic view of their investment portfolio, even if assets are custodied at different institutions. And emerging solutions are revolutionizing how investment advisors interact with custodians, how they analyze client data, and how they present to clients.
  • The complicated payment system that exists today is also starting to be streamlined. APIs are now connecting developers with payment systems, and it could soon become possible to make payments directly out of a bank account rather than needing an acquirer to process payments via a credit card company. This would limit the number of times user data needs to be shared and reduce costs for both vendors and customers.
  • Accounting solutions for both businesses and consumers are emerging that would make the process more efficient and less costly. Businesses will be able to benefit from bookkeeping applications that can plug directly into their payments feed and consumers could see a cheaper and easier tax-preparation process.

The great promise of open banking is that it liberates your data from being held solely at one financial institution in order to make it available to companies of your choosing. Ultimately, it will take some time before the benefits of this are truly understood and realized.

Regulating the Open Banking Revolution

As these benefits start to come to light, though, they will not be without risks. For example, direct access to user data, even if theoretically more secure than current practices, is an unsettling idea. And digital disruption within any industry can be chaotic, as rules and best practices become upended, outdated, and replaced. That’s why the open banking revolution is certain to be accompanied by new regulations designed to help protect consumers. 

The European market already offers a preview of those regulations — and the challenges that come with them.

The second Payment Services Directive (PSD2) was rolled out in Europe by the Competition and Markets Authority as a way to spur more innovation and competition in the banking sector. In recognition of the opportunities presented by open banking, PSD2 required enterprise banks to make their data available in a secure, standardized form, so that third-party providers (TPPs) could plug into and leverage that data through APIs.

Banks were given until March 2019 to provide TPPs with a simulated bank environment where they could test their APIs before they became fully operational in September of that same year. And yet over 40% of the European banks missed the deadline.

This is just one example of how, even in the early days of open banking, a significant number of large banks are struggling to meet the demands of the associated regulations. As the effects of open banking are more widely felt, and as wider-reaching regulation accompanies them, the workload on banks and financial firms is sure to only increase. 

New technology, though, can help solve the same problems that new technology has created.

RegTech: Open Banking’s Best Friend

Just as advances in technology are upending the banking industry, they’re also revolutionizing the world of regulatory compliance. RegTech (Regulatory Technology) companies are leveraging machine learning, natural language processing, blockchain, AI, and more to solve the problems of regulatory compliance.

RegTech solutions will be crucial both to new open banking companies looking to quickly get off the ground and to traditional, large banks implementing new solutions to stay competitive in a changing environment. AI-powered regulatory change management solutions can help automate the burdensome tasks of regulatory research and analysis, so banks and financial firms can stay up to date on all regulatory updates — related to open banking and otherwise. And obligations management tools can automatically deliver up a complete obligations register, reducing to mere minutes a task that can take thousands of hours. 

Ultimately, the wide variety of RegTech solutions currently available will allow banks and financial firms to stay ahead of the waves of regulation by quickly and efficiently building a RegTech stack specific to their needs.

READ ARTICLE: How Ascent Simplifies Regulatory Change Management with Automation

 

The digital disruption revolutionizing the financial services industry isn’t going to subside anytime soon. And banks and financial services firms can leverage RegTech solutions to help make this fast-paced change work for them.

LEARN MORE: Click here to learn about Ascent Solutions

 

Ready to see a live demo? Get in touch today!


The Rise of Regulatory Sandboxes and What They Signal for Financial Firms

By Blog, Featured

The entire industry takes its cues from the regulators. Therefore, we know with certainty that digitalization is not a trend, but a permanent paradigm shift that every firm will need to embrace, or be left behind.” 

The word “sandbox” has over the years experienced an intriguing evolution. The tech world saw the word morph into a term meaning a closed environment for testing digital or web-based projects; now in the same digital universe, the word also refers to a “regulatory sandbox” — an environment for testing new business models insulated from current regulations. 

The first regulatory sandbox was formed in the U.K. in 2014: Project Innovate, which would serve as a model for subsequent sandboxes. In the U.S., Arizona became the first state to sanction a regulatory sandbox, and Illinois is currently considering enacting one. 

Experts have generally viewed regulation and innovation as inherent adversaries. A sandbox can be seen, though, as a sort of compromise where innovative ideas are tested in the absence of outright regulation while still preserving consumer protections. A sandbox helps companies with unique business ideas avoid the trappings of traditional compliance while still adhering to any regulations already in place.

READ ARTICLE: Building Regulation AI: Solving Compliance in the Age of AI

 

The Origin of GFIN

The Financial Conduct Authority (FCA) in the U.K. had advanced the idea in 2018, along with eleven other regulatory groups, of a global sandbox, a fintech term for an environment designed for testing technological ideas on a global level. The concept became a reality, resulting in the creation of a conglomerate of 38 organizations called the Global Financial Innovation Network (GFIN). The initiative listed its three purposes as follows:

— To give companies an environment conducive to testing international solutions.

— To unite regulators so they could discuss new business models and technologies, as well as provide companies with regulatory information.

 — To provide a venue for policy discussions.

Responses to the initial idea of a global sandbox included a concern that the project be just in its dealings with those who want to test across international borders, along with other issues like blockchain technology, data protection, artificial intelligence, regulation of initial coin offerings (ICOs) and securities.

Responses also included enthusiasm over how quickly news of such technological innovations encryption technology would reach the global marketplace, interest in cooperation among regulators on common issues that companies must face across different jurisdictions, with a focus on the challenges bilateral relationships between companies and regulators face, and interest in providing businesses and regulators an environment where they could discuss policy issues.

“Many regulators around the world are themselves embracing technology, as seen by the global rise of regulatory ‘sandboxes’ and other initiatives like ASIC’s Innovation Hub in Australia,” said Dean Patzer, Ascent’s Director of Solutions Engineering, who previously served as Senior Compliance Officer and then as Capital Markets Vice President at BMO.  “The entire industry takes its cues from the regulators. Therefore, we know with certainty that digitalization is not a trend, but a permanent paradigm shift that every firm will need to embrace, or be left behind.”

The FCA announced in April the proposed creation of a cross-border pilot program to test new technologies under GFIN. Ascent, an AI-driven platform that provides insight to customers on regulatory responsibilities, was one of eight solution providers selected for consideration in the trial program. A pioneer in RegulationAI, Ascent works with regulators the world over, including the U.S., the United Kingdom, Asia and Australia. 

READ ARTICLE: Ascent Selected by GFIN for Regulatory Cross-Border Pilot

 

Modern challenges require modern tools. Interested in seeing how Ascent can help you automate horizon scanning, change management, and obligations management? 

Request a Demo