RegTech is Only as Good as the Data it Uses, Summit Told

While technology has automated regulatory compliance for financial institutions, vendors and users must vigilantly stay on top of the data behind it to adjust to changes in the laws they seek to address.

New or different datasets and formats must be accommodated, and new data sources found as regulators redraw rules to protect participants in fast-changing marketplaces.

Setting out his philosophy that data should simply enable business strategies, not drive them, Rahim argued that simplicity is the best approach to adaptation.

Two Needs

Instead of focusing on tools that are finely tuned to meeting the requirements of specific laws, Rahim argued that it was more logical to seek off-the-shelf solutions that could be easily tweaked to suit different needs.

Substantial customisation, he said, could in fact be counterproductive. Highly individualised solutions are very good, but they become useless and very expensive when the regulation to which they are tailored is changed.

These “extreme customisations” are difficult to “reverse out of”, he said.

Rahim went on to explain how these and other pitfalls could be better managed if banks embarked on a regulatory-change programme, in which processes are put in place to provide automatically for the interpretation and response to changes in oversight rules. That would include establishing routes to embedding proposals into policy and engaging with regulators to communicate any compliance difficulties that the changes would create.

Local Rules

For international banks – such as Standard Chartered, which operates in 60 jurisdictions – a certain level of customisation of RegTech processes was nevertheless essential, Rahim said in the summit’s fireside conversation with Irene Liu, APAC board co-chair/managing director, strategy and consulting at EDM Council/Accenture.

They need to be sensitive to the local requirements and expectations of each market in which they operate. That could largely be managed agilely with minimal customisation, Rahim said.

For instance, by configuring all compliance processes to the requirements of the strictest authority within a region, banks can ensure they are almost universally compliant without the need for extensive retooling of their RegTech platforms.

Rahim recommended that organisations also maintain a dialogue with regulators to ensure they know what is expected of them and to engage with peers and competitors to see how others are managing compliance.

Local Laws

This process needs to be carefully applied where jurisdictions have data localisation rules, which usually prevent the transfer and use of data from one country to another.

In these cases, it’s useful to adopt a RegTech solution that manages the issue’s constituent challenges separately. These would usually amount to platforms that can document and understand the nuances across regulations; hold a local copy of the data; manage data-sharing exclusions, including the updating of vendor and third-party data contracts; and carefully configure access controls.

Here, too, Rahim’s two laws of RegTech apply, albeit with minor adaptation. The necessary data should be discovered and obtained in ways that makes it easy to integrate with other datasets, and that should then be mapped to the nuances found across the different jurisdictions.

He concluded by affirming the essential benefits of RegTech ­­– accuracy and automation of compliance – while also stressing the importance of ensuring that all members of a bank’s teams understood the need for maintaining the quality and relevance of data.