About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Managing Cognitive Dissonance in Regulatory Compliance with Corlytics

Subscribe to our newsletter

This past 18 months has been a time of significant growth for RegTech consolidator Corlytics. RegTech Insight recently spoke with founder and CEO John Byrne to delve into the Corlytics backstory and learn more about the company’s development.

Corlytics is Byrne’s fourth company. He describes how, after the 2018 financial crisis, experiences at his prior company shaped the insights and innovation that would become Corlytics.

“If you look back at the early 2000s, banking was about the P&L but after 2008, banking and the capital markets became about the balance sheet and risk. Compliance and operations practitioners were seeing risk in lots of different places that they’d never seen before.”

This shift in the perception of critical success factors revealed the importance of understanding and managing the settlement risks of complex financial instruments. Regulators globally began looking deeper into the activities of banks and financial service companies, particularly those considered to be systemically important financial institutions (SIFIs).

With an extensive background in fund accounting and post-trade operations, Byrne recognised a growing gap between the understanding of how regulations should be interpreted versus their operational implementation, and a new venture was conceived.

Corlytics launched in late 2013 and Byrne’s aim was to bridge that gap by treating regulation as a class of risk requiring careful management. By risk-ranking regulations and updates into a clear set of obligations, firms could use this to shape and maintain policies that reflect the latest regulatory expectations.

Cognitive Dissonance

Byrne describes the emergence of a “cognitive dissonance” in the financial sector, where “the lawyers could understand the regulation but couldn’t implement them, and the people implementing the regulations didn’t fully understand them and the resulting exposures.”

To address this, Corlytics adopted an alternative approach to regulatory compliance. As Byrne explains “I wanted to look at regulation as a class of risk, rather than just something that had to be done. In many parts of banking and post trade, people take a risk-based approach to credit risk, market risk and counterparty risk. And I felt we should take a risk-based approach to legal and regulatory risk, hence the name Corlytics (compliance risk analytics).”

Corlytics’ foundation was also rooted in Byrne’s desire to combine expertise from different fields, and, like his previous company, he chose to start Corlytics in a university setting, as a campus-based company. This setting fostered an interdisciplinary collaboration with PhDs in law and data science, aimed at building a robust business capable of tackling the complexities of modern regulatory compliance.

Byrne’s previous experience in operationalizing various aspects of banking and post-trade processes, such as fund accounting and corporate actions, provided a strong basis for Corlytics’ mission. In his words, “I wanted to bridge the knowing-doing loop, ensuring that regulations weren’t just understood but effectively implemented.”

Growth Strategy

Last year the company acquired regulatory lifecycle platform ING Sparq and policy management platform Clausematch. Earlier this year, specialist growth investor Verdane took a majority equity stake in the company and has committed to accelerating both organic growth and M&A.

In May the company acquired a RegTech platform from Deloitte UK adding considerable breadth and domain expertise to further Corlytics’ capabilities, from interpreting regulatory change, to mapping and validating policies and implementing controls.,

Corlytics has established strong relationships with 12 of the top 50 SIFIs. Corlytics has also established a strong presence with non-bank payment processors. Byrne points out that “most of the top 10 payment companies in the world are not banks, but technology companies.” These include giants like PayPal, Amazon, and Google. Corlytics has secured about 50% of the market share in this space.

Regulatory Coverage

In line with the global growth in financial markets and the evolution of novel asset classes, the numbers of regulators and regulatory authorities global firms have to deal with has grown substantially. According to Byrne, “a typical Corlytics client might have 900 regulators and regulatory authorities to deal with,” underlining the scale and complexity of the current regulatory environment.

At the same time, the scope and depth of regulatory scrutiny continues to increase. In the UK, the Financial Conduct Authority (FCA) has introduced the Senior Managers and Certification Regime (SMCR) that requires senior managers to have statements that clearly outline their regulatory responsibilities. These managers are permitted to delegate certain responsibilities to other individuals within the firm, provided they ensure that these delegations are appropriate and properly overseen?.

This is having organizational impacts as Byrne has observed, “if you look at the senior persons regime, it’s very typical now within an enterprise, not just to organize regulations by business units, but actually to start organizing regulations, policies and controls by ‘accountable executive’.”

This has huge implications on the technology, since accountable executives must now be able to demonstrate that the controls they supervise reflect the latest version of the regulations and that these are clearly defined in the latest version of their policies.

Data Science

Corlytics keeps an open mind on the adoption of new technologies but the primary criteria for selecting the latest AI and ML techniques is model accuracy. “We try to work to a level of accuracy of 99% or greater because if a firm is going to automate compliance, it needs very high levels of accuracy. Human error is about 98%, so, by setting a target above the level of human error, ensures you’re automating to a high standard” explains Byrne.

Corlytics combines extensive backtesting on historical data with regulatory subject matter expertise to validate model accuracy.

One consequence of prioritising high accuracy is the need for detailed examination of use cases, in particular when considering advanced AI techniques – GenAI and LLMs. Corlytics approach is to use Gen AI in combination with other techniques rather than just on its own. Byrne sees the value-add of these techniques as a new search technology, particularly for the higher volume, lower risk use cases e.g. ‘can I accept that gift?’, or ‘does this comply with the expense policy?’

Byrne continues “but for a more complex, high-risk use case – e.g., a swaps trader asking, ‘can I put on this trade?’ – we might use something else”

GenAI and LLMs become extremely expensive in compute and storage cost compared the traditional AI when deployed at scale. Also, there’s a growing awareness of the carbon footprint these technologies generate, and Byrne cautions to not fall into the trap of “using a sledgehammer to crack a nut.”

Regulatory Convergence

The convergence of events on the regulatory calendar and regulators adopting a big-bang approach across multiple jurisdictions is creating severe stress on global firms governance risk and compliance (GRC). In some cases, firms are being forced to consider whether it makes economic sense to remain in certain markets.

The impact of MiFID II in 2018 put the kiss of death on the stock broking business for all but the biggest players and as Byrne notes “there are no mid-sized institutional brokers anymore in London. I would say that this (regulatory convergence) is favouring the bigger incumbents, and the regulators need to be careful about creating barriers to entry which is what’s currently happening.”

Regulatory harmonization is a worthy goal but it’s hard enough getting alignment across the regulators within a single jurisdiction, let alone globally. In the meantime, it will be up to the RegTech sector to take the lead as Corlytics has demonstrated with two significant projects.

One of Corlytics’ early projects, making the FCA Handbook machine-readable, was a major step in bridging the gap between text based regulatory content and implementation by the covered entities. Corlytics created the taxonomy (a mechanism for classifying and categorising information) which is structured into sourcebooks and manuals and covering the various sectors and compliance aspects including conduct standards, prudential standards, and reporting requirements.

Byrne’s recounts his experience in creating a regulated subsidiary at his previous firm and being confronted by the original version of the handbook. “If you were to print it out on double-sided paper, it would stand about seven feet tall.”

Each section is methodically organized into modules, sub-modules, and chapters for easy navigation. The handbook’s machine-readable features include XML and JSON formats, enabling automated compliance checks and integrations with RegTech solutions. Byrne recalls, “the FCA CEO at the time describing the initiative as the democratisation of the handbook.” The project went live in 2017.

Corlytics completed a similar project at the Financial Industry Regulatory Authority (FINRA) on the FIRST Rulebook that went live in 2022. With many small firms among its members, FINRA wanted to make sure these smaller players could get value from the website recalls Bryne. “So, we created the taxonomy and redesigned all of the documents making them easy to tag and search. Both FINRA and the FCA have a competition mandate so creating a level playing field for both large and smaller firms is important.”

There are indications that other regulatory authorities are starting to embrace the idea of making their regulations machine readable, but for now, the FCA and FINRA are the thought leaders in this space and Corlytics innovation helped make that happen.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Practical considerations for regulatory change management

Date: 18 September 2024 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Regulatory change management has become a norm across financial markets but a challenge for financial institutions that must monitor, manage and adapt to ensure compliance with both minor and major adjustments to obligations. This year is particularly troublesome, with...

BLOG

Archer Acquisition of Compliance.ai Drives AI-Powered Regulatory Compliance and Risk Management

Compliance.ai, a San Francisco, California-based provider of AI driven regulatory change management solutions, has been acquired by Kansas headquartered risk management specialist Archer. The acquisition will enable Archer to supplement its compliance line-up with cutting-edge AI technology to automate the monitoring, tracking, reporting, and response to changing regulations in real time. Archer integrates risk and...

EVENT

Data Management Summit New York City

Now in its 14th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

Entity Data Management Handbook – Sixth Edition

High-profile and punitive penalties handed out to large financial institutions for non-compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations have catapulted entity data management up the business agenda. So, too, have industry and government reports on the staggering sums of money laundered on a global basis. Less apparent, but equally important, are...