With regulators taking a tough stance on non-compliance, enforcement actions running into billions of dollars, and compliance departments under stress, how can financial institutions pull-back from the brink, improve control of compliance, and reduce regulatory risk? We caught up with John Byrne, CEO at Corlytics (and former CEO at Information Mosaic) to discuss how firms can improve compliance by employing regulatory risk intelligence and analytics.
Corlytics was founded in 2013 to provide regulatory risk intelligence to both financial institutions and regulators. A self-styled regtech, the company collects, normalises and analyse global enforcement data and other important regulatory information to give firms evidence-based intelligence that can be used to make better regulatory planning and execution decisions.
Byrne explains: “Post-trade activity is often seen as a cost, but most regulatory issues, such as fraud, often have a root cause in lack of controls in the middle and back office. Financial services firms invest in risk and compliance systems, many invest about 20% of IT spend here, but the outcome of regulation can still be horrific as middle and back office controls are starved of spend. Which is why we started Corlytics. People talk about regulatory risk, but we define and measure it on a risk weighted basis.”
Corlytics Controls Explorer gathers enforcement action, under licence, from regulators around the world. An action from the SEC, by way of example, could be about 200 pages of legal judgement. Corlytics categorises the information into 160 data attributes that are also used across UK Financial Conduct Authority (FCA) and Asian enforcement actions – to ensure it is making like-for-like comparisons. It then normalises the data before applying analytics to expose the root causes of enforcement actions.
This is no mean feat, with Corlytics employing a multidisciplinary team of legal analysts, risk professionals and data scientists to understand and analyse enforcement actions. The company uses a modicum of machine learning to match legal text and the 160 data attributes it uses in risk models developed in Python, and artificial intelligence bots to pick up any changes published by global regulators.
The software is usually procured by compliance, internal audit, heads of non-financial risk, or chief control officers, an emerging function in financial institutions’ front-line defence. Byrne says: “Banks model credit and market risk, but do little around the biggest risk in the bank, legal and regulatory risk. Balance sheets often show about 100 people working on credit impairments and only three on legal issues with regs.”
By using Corlytics Controls Explorer, financial institutions can understand their regulatory risks, implement controls to reduce them or, at least, gain early warnings of potential risk.
The company has more than 10 clients split pretty equally between regulators and banks, and expects the balance to endure as client numbers rise in response to the desire of both regulators and banks to achieve beneficial outcomes from regulation.
Corlytics’ recent projects include work with the FCA to produce an intelligent regulatory handbook. The project applied a central, common taxonomy to all regulations, allowing material in the handbook to be tagged and machine read, thus turning a legal document into a searchable database. The company is also involved in an FCA sandbox working on how to reduce the risk associated with compliance modelling for regulated firms.