About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

It’s Time to Embrace Risk Profiling for Regulatory Compliance

Subscribe to our newsletter

By Richard Pike, Managing Director, KYR Solutions, MyComplianceOffice.

Regulations, frameworks, policies and controls define the day-to-day of Chief Compliance Officers (CCO) and their teams in what can best be described as a world of monitoring spaghetti. At the same time, the teams also need to ensure they are keeping senior executives and the front office engaged and compliant. So how can the CCO set regulatory priorities, identify policy and procedure gaps and interrogate compliance obligations?

The answer lies in a clear approach to a pragmatic Know Your Risk (KYR) strategy. While best practice is still emerging in this area, firms of various types and sizes are making progress, and a three-stage approach is emerging.

The first stage is all about deconstructing your compliance obligations and the best way to solve this complex problem is to make it visual. Humans are visual beings and by mapping obligations to set out and understand the linkages and relationships, we get a much clearer library of the ‘business as usual’ obligation. By visualising the regulatory spaghetti, we are also helping to identify patterns of data and logic.

Of course, not all compliance risks are created equal and compliance risk exposure changes over time, so the once typical annual compliance review isn’t always enough to keep on top of a rapidly evolving regulatory risk landscape. By mapping the current state of compliance obligations we are putting in place building blocks to understanding the policies and procedures in place to uphold them. This will then enable us to find the gaps in compliance programmes so appropriate action can be taken to mitigate risk. It also means we can map changing commitments as they happen.

As for the data mapping of the compliance risks, any firm already collects vast amounts of data, but the question is whether it is the right data, collected at the right time and from the right source. It’s not as big a lift as it first seems – the key is being smart with what data you capture, using data you already have and understanding the interconnectedness of those datasets. This significantly simplifies the scope.

Stage two is all about bringing simplicity and clarity to monitoring spaghetti…and being a little bit ruthless about what we can cut loose. Essentially, at this stage, we need to answer the question: What do we actually need to monitor?

For each mapped obligation there will be a well-defined set of metrics and/or assessment points that are required for oversight. As those data points are recorded the process should also require the attachment of evidence data lineage so that overseers can easily track back to the source. The ability to see demarcation zones between first- and second-line activities is also important – we want to be clear about expectations for each line of defence. In an ‘Oversight Map’ each item can have a clear statement of responsibility to ensure that both 1st and 2nd lines clearly understand what their roles are in the process.

Importantly, simplification and clarity will win the hearts of minds of your senior stakeholders who are all too often suffering from dashboard and report blindness as the previous norm has been for them to spend hours in front of them. More metrics doesn’t equal better compliance. The right metrics at the right time to the right people. This means risk-based decisions are being taken on the right data points and we don’t have to worry about data gaps.

The third and final step is to evidence that compliance. This is a critical step because, as far as the authorities are concerned, without supporting evidence, it’s like it didn’t happen.

CCOs are under every increasing pressure both from the regulators and internal stakeholders and this has often led to evidencing of compliance turning into a beast of burden with a big overhead. However, by focussing on the tenets of simplicity and clarity in the first two steps you are already ahead of the game.

If we take the stance that evidence is everything in compliance then, again, we simplify what’s in and what’s out. Too often, keeping track of data proof points has been a poor cousin to other parts of the compliance process. And technology is your best friend when it comes to making this happen – with clarity from deconstructing our obligations and knowing how we are performing against what matter, it becomes easier to evidence that compliance.

Having technology underpin the recordkeeping part of the compliance function means it is also easily interrogated on a regular basis to ensure everything is being monitored correctly, the data points you are expecting to have are all in place and make it easier to identify data gaps or errors as early as possible.

By adopting this three-step approach and creating the right processes supported by the right compliance technology, CCOs won’t have to waste time hunting and gathering information and can pivot to doing the high-level advisory work that adds real value to their firm while developing that all-important clear and holistic view of compliance risk.

Subscribe to our newsletter

Related content


Recorded Webinar: Meeting the challenges of regulatory change

Regulatory change is constant, complex and challenging, calling on financial institutions to attend to details of change whether relatively minor or large scale. Recent regulatory changes include MiFID II post-trade transparency requirements, including ESMA’s increase in data continuity checks that brokers must prepare for, and trading venues must make, when reporting instrument reference and quantitative...


ISDA Adds Flagship FX Definitions and Documents to MyLibrary Digital Documentation Platform

The International Swaps and Derivatives Association (ISDA) has added its flagship foreign exchange definitions and related annexes, supplements and templates to the ISDA MyLibrary electronic documentation platform. The move streamlines access to these documents for regulated firms, creating significant operational efficiencies, and represents a key step toward automation. The new additions include ISDA’s 1998 FX and Currency...


Data Management Summit London

Now in its 12th year, the Data Management Summit (DMS) in London brings together the European capital markets enterprise data management community, to explore the evolution of data strategy and how to leverage data to drive compliance and business insight.


Regulatory Data Handbook 2022/2023 – Tenth Edition

Welcome to the tenth edition of A-Team Group’s Regulatory Data Handbook, a publication that has tracked new regulations, amendments, implementation and data management requirements as regulatory change has impacted global capital markets participants over the past 10 years. This edition of the handbook includes new regulations and highlights some of the major regulatory interventions challenging...