RegTech – Regulatory/Risk Data Management, AML, and KYC Analytics
Over the past seven years, we’ve seen a massive regulatory overhaul and an industry-wide push to enhance trust and confidence and encourage investor participation in the financial system.
To roadmap Wall Street regtech priorities, we have been having ongoing meetings with MDs and leading architects in global banks and investment services firms. RegTech (e.g., regulation as a service) is a subset of FinTech. Companies include
- Fintellix offers a data analytics platform allowing banks to convert internal data into regulatory reporting formats
- Suade offers banks “regulation as a service” interpreting real time regulatory knowledge so that banks can better manage and respond to regulation
- Sybenetix combines machine learning with behavioral science to create a compliance and performance tool for traders
No longer business as usual. It is clear that banks are devoting more resources to Know Your Customers (KYC), Anti-Money Laundering (AML), fraud detection and prevention, Office of Foreign Assets Control (OFAC) compliance. FINRA is at the beginning stages of the process for building the Consolidated Audit Trail, or CAT for trading surveillance.
To enable compliance with variety of Risk/Regulatory initiatives, AML and KYC initiatives…the big RegTech related investments are:
- Strengthening the Golden Sources – Security Master, Account Master and Customer Master.
- Standardized, common global business processes, data, systems and quantitative solutions that can be leveraged and executed across geographies, products, and markets to manage delinquency exposures, and efficiently meet Regulatory requirements for Comprehensive Capital Analysis and Review (CCAR), FDIC Reporting, Basel, and Stress Loss Testing.
- Various enterprise data management initiatives – Data Quality, Data Lineage, Data Lifecycle Management, Data Maturity and Enterprise Architecture procedures.
Regulatory reporting improvements via next generation Enterprise Datawarehouses (EDW) (using Oracle, IBM, NoSQL or Hadoop)– Reporting on top of EDW addresses the core problems faced by Finance, Risk and Compliance when these functions extract their own feeds of data from the product systems through which the business is conducted and use differing platforms of associated reference data in support of their reporting processes.
Lot of current investments are in the areas of Finance EDW which delivers common pool of contracts, positions and balances, organized on an enterprise wide basis and completed by anointed “gold” sources of reference data which ensure consistency and integration of information.
Crawl, walk, Run seems to be the execution game-plan as the data complexity is pretty horrendous. Take for instance, Citi alone….has approximately 200 million accounts and business in 160+ countries and jurisdictions. All risk management is made incredibly complex by the numerous banking mergers that took place over the past 3-4 decades.
The type of data challenges global banks like Citigroup, Goldman, Wells Fargo, Bank of America and JP MorganChase are wrestling with include:
- Instrument Identification: All financial instruments, derivatives and loans need to be precisely and uniquely identified. This is one of the basic building blocks of data management and business analysis.
- Product Hierarchies – how to handle product dimensions /hierarchies effectively
- Entity Identification: All business entities need to be precisely and uniquely identified so that links and relationships about the business structures underlying the financial industry can be evaluated. This ‘legal entity identifier’ (LEI) standard is another one of the building blocks of data management and business analysis. (click on figure to understand complexity)
- Business Ontology: The financial industry is based on legal and contractual precision. All financial instruments and all business relationships are defined by the terms of the underlying contract. The language of the contract must be both precise and comparable in order for financial institutions, investors and regulators to fully understand rights, obligations, constraints, interconnections and relationships.
- Classification Schemes: Development of classification schemes that allow for aggregation of granular data into analytical categories. Classification according to underlying attributes enable analysts and regulators to look at operations and investment strategies from a variety of perspectives (i.e. the flow of money, the structure of the instrument/business deal; concentration of liquidity or exposure; role performed, how one component relates to another, etc.).
This focus on data management fundamentals is contrary to the hype around analytics. To hear some people talk about it, banks are using sophisticated online and offline techniques to intelligently assess who their customers are, what their customers need, in order to present upsell-and cross-sell opportunities that have a greater chance of success. They are said to be mimicking the savvy process of the likes of retailers like Target and online retailers like Amazon to usher in a new era of marketing savvy.
That’s what the media hype is telling us, but the reality is that the financial services industry especially big banks are far from that utopia. Analytics adoption (even customer analytics) in most financial institutions is still in the early days. Research by American Banker has validated this. A recent survey found that “to our surprise, most (71%) of the 170 bankers in the weighted survey do not [use any analytics], but within a year that might not be true. Among those non-users, the plans to buy analytics are not impressive. Only 2% plan to buy customer analytics in the next six months, 4% in the six to 12 months and 14% in more than a year from now.”
What’s holding back the analytics wave in financial institutions?
“Cost [and competency] was the biggest barrier, noted by 36%. Another issue is other, more pressing IT issues taking precedence – about 32% of bankers surveyed said a focus on other initiatives was the primary obstacle to using customer analytics at their institution. The third primary reason for not using customer analytics, given by 23% of these bankers, was skepticism about the ability of the software to provide business value or a return on investment,” according to BTN.
However, for some financial institutions the priorities are evolving, and as the operating environment improves, we’ll see increasing investments in areas like “Anti-Money Laundering” and “Know Your Customer (KYC)”. The ROI is clearly there but the first step is better enterprise data management and MDM.
Before jumping onto the analytics bandwagon, financial institutions are spending emerging on the basics – enterprise data management and master data management (MDM) – both necessary for maintaining data quality, consistency, and integrity. Achieving trust and confidence in data is a challenge in today’s business environment due to independent business silos, inflexible IT environments, a lack of standards for data content and obstacles associated with gaining stakeholder alignment across the organization.
EDM and MDM become absolutely critical in the complex regulatory regime facing financial institutions.
Anti-Money Laundering – AML Analytics
The key to survival in today’s financial services market can be summed up as: “Better Know your customer.” In December 2012, U.S. authorities announced a $1.9 billion fine against British bank HSBC Holdings PLC Tuesday for failed anti money-laundering controls they said allowed drug proceeds and transactions from sanctioned nations to flow through the U.S. financial system.
The HSBC case is part of a sweeping investigation into the movement of tainted money through the American financial system. The inquiry — led by the Justice Department, the Treasury and the Manhattan prosecutors — has ensnared six foreign banks in recent years, including Credit Suisse and Barclays. In June, ING Bank reached a $619 million settlement to resolve claims that it had transferred billions of dollars in the United States for countries like Cuba and Iran that are under United States sanctions.
Also in December 2012, U.S federal and state authorities also won a $327 million settlement from Standard Chartered. The bank agreed to a larger settlement with New York’s banking regulator, admitted processing thousands of transactions for Iranian and Sudanese clients through its American subsidiaries. To avoid having Iranian transactions detected by U.S Treasury Department computer filters, Standard Chartered deliberately removed names and other identifying information, according to the authorities.
Clearly, banks have to invest in analytics that address the Anti-Money Laundering laws.
Know Your Customer – KYC Analytics
Banks in retail and capital markets are being buffeted on many fronts. They face expanded and increasingly stringent regulatory requirements that are driving up compliance costs, and in many cases restricting fee-based revenue. Advances in technology enable competitors to launch competing offers in a shorter timeframe, thereby curtailing product differentiation and eroding many institutions’ competitive edge.
At the same time, banks face competition from new and non-bank players, with alternate products, especially in the payments sector. The cost of doing business, and acquiring customers, is also escalating, spurring a renewed focus on customer relationship management (CRM) and retention; especially for the “right” customers.
The challenge for many institutions is identifying those very customers.
To address this challenge, banks are focusing on achieving a new 360-degree view of their customers from a CRM perspective. Typically this involved gaining visibility into the customer across various product slios. This “know your customer” understanding is required in order to deliver:
- Engagement across channels and lines of business
- Profitability based on multiple dimensions, such as by product, industry, geography and other segmentations
- Expense management
- Risk across many dimensions
Despite an amplified focus on the customer, many financial services organizations are struggling to extend customer insight. In most cases, it is not for a lack of data. Organizations are collecting more data than ever before. What they seem to lack is the ability to deal with this data deluge. Most business executives will give their organization a failing grade in their ability to manage the data deluge.
Risk and Regulatory Analytics – The Use Cases
Use cases in Risk are centered around connecting all business and financial information systems to enable Regulatory and other reporting to enable better risk decision making. With real-time data and analytics, the goal is to gain:
- Risk insight and control in real time.
- A centrally managed repository of financial risk data.
- Risk and finance processes for business modeling and strategy execution.
- Risk scenarios that can be tested in a safe environment (Comprehensive Capital Analysis and Review (CCAR), FDIC Reporting, Basel, and Stress Loss Testing)
Use Case Category #1: Financial Crimes Surveillance, Detection and Prevention
Identify fraudulent activity before it happens with proactive monitoring and investigation tools. When you implement an integrated fraud detection and prevention platform, you can monitor different types of transactions (ATM, remote banking, and wire transfers) across multiple channels.
- Streamline auditing and reporting processes.
- Market activity surveillance – Report suspicious transactions in compliance with OFAC, PEP, AML, the Banking Security Act, and Know Your Customer.
- Reduce costs with automated fraud prevention.
Use Case Category #2:Operational and IT Risk
Improve operational risk management by implementing early warning systems, crisis management processes, and business recovery planning. Increase visibility into IT operational indicators with real-time monitoring and analysis.
- Manage access to business-critical applications.
- Automate policy-based user roles, identities, and access rights.
- Enforce process standards and controls across organizations.
- Manage workflows with auditable approvals and escalations.
Source: Adapted from Palantir at Spark Summit 2015
Use Case Category #3:Governance and Compliance
Having a foundational structure for meeting regulatory compliance requirements helps banks reduce costs and better manage ever-changing regulations. Improve your financial reporting with trusted data.
- Provide a sustainable and traceable complaints resolution system.
- Identify market conduct breaches and prevent recurrence.
- Ensure the safety of depositors’ funds with compliance.
- Use compliance frameworks to stay up to date with regulations.
The challenge in financial services still is getting good digitized data not by function but across the organization.
After the financial crisis there have been so many mergers and acquisitions (such as JP Morgan buying WAMU, Bear Stearns etc.); Wells Fargo buying Wachoiva etc. ). Integrating these various mega-banks while meeting various regulatory requirements is a non-trivial exercise that is consuming a lot of resources.
I anticipate that despite the billions spent on data warehouses we will continue to see a lot of foundational efforts to get the data platforms right.
Moving to AML or KYC Analytics – A Simple Roadmap
Six typical challenges need to be overcome first.
Who is in charge?
To sustain “single version of the truth” you need to document, understand, and actively manage the flow of (master) data across your organization and its systems. To enable this many organizations are setting up new teams, others are re-fashioning existing teams. Either way, new roles, responsibilities and structures are still required. Identifying key resources, aligning them to a strategy, and evolving critical roles over time will enable long term success with enterprise data management. Why do people-related issues become the biggest challenges in data management and analytics? What key roles must be formalized and how do they inter-relate? Which stakeholder management tactics are most effective? The behavioral and political issues around data require special attention.
Data Silos still proliferate
The industry has been battling siloed data for decades and the problem persists. In some cases, siloed environments preclude the creation of even a foundational aggregate customer view. The issue continues to proliferate with the emergence of new channels, as well as growth in cross-channel experiences. Just as vexing, disparate datasets can lead to multiple versions of the truth, depending on which department (finance, risk, line of business (product/marketing), etc.) is looking at the data and via which system.
For example, the view of a customer from the CRM system would not typically incorporate a risk profile, performance history or regulatory data associated with Know Your Customer (KYC) requirements – yielding an incomplete, and possibly inaccurate view, of a customer. In such an environment, organizations cannot accurately assess and understand a customer and their relationship and/or potential for the institution, leading to suboptimal decision-making.
Data is inconsistent
Expanding on the point of multiple versions of the truth, metrics across today’s financial institutions are rarely uniform. We frequently find that behaviors and performance are not always tracked across all channels, let alone tracked consistently across the enterprise – a situation that limits accurate insight.
Disparate data sets that exist within the bank might not all be refreshed at the same frequency or using data from the same source systems. Some may completely ignore a few data sources leading to inconsistency at a given point in time. For example, finance may have an accurate cost of fund projections on a daily basis while the sales system refreshes this information every month. The front office might be making decision based on stale data between the two refreshes, while the finance team is looking at these same decisions through a difference lens.
Business processes remain disconnected from analytical insight
Institutional and experiential knowledge – much like the data in today’s FSIs – is siloed in departments, such as finance, risk or the front-office. For example, many front-office business processes continue to be based on “old knowledge,” which refers back to the previous example in which the finance department is reviewing the same project as sales but with different data. We see little to no integration to front-office and middle-office systems to provide the most recent knowledge to support credit, pricing and offer decisions at the point of customer interaction.
Business effects are not timely
Many FSIs are focused on capturing customer interactions in a timely manner. The real hurdle lies in making these customer interactions quickly known and understood across the enterprise, so they can be leveraged in operational decisions. For example, during the financial downturn in which conditions changed rapidly, managers in the front-office were often left to make critical decisions based on sheer experience and their gut instead of on insight based on science and data.
The ability to translate timely insight into action within the enterprise could have yielded, in many cases, more informed, and arguably more effective, decisions around pricing, risk, products, marketing and other areas of the business. In many areas, this deficiency continues today. At the most basic level, transactional behavior and impact are not rapidly and widely disseminated to all decision points in most institutions today.
Lack of Execution Talent
The lack of project management and business analyst manpower and limited deployment of tools that put insight directly in the hands of those who need it are not the only reasons that financial institutions cannot glean timely insight. Maintenance in the analytical environment can also present challenges – rules around scoring and modeling are hard to maintain and usually people dependent and predictive models are not continually refreshed.
Data Management – Move, Manage, Access
The concept of data management as an essential component of business operations is getting traction in the wake of the 2008 credit crisis and supports the transparency and systemic risk objectives contained within the Dodd–Frank Wall Street Reform Act and similar international directives such as the European Market Infrastructure Regulation, Solvency II directives and the Basel Accords. All of these legislative initiatives require companies to comply with standards and are dependent on the availability of accurate and comparable data from many diverse sources.
One of the outcomes of the financial crisis is a strong and growing recognition by both financial institutions and regulators of the importance of being able to monitor risk via access to accurate, comprehensive and aligned data—and share it across functions without the need for manual reconciliation or imprecise cross-referencing.
While the need for effective data management is clear, a comprehensive and standardized mechanism for guiding firms does not yet exist. New frameworks from EDM Council like the DMM model are aimed at filling this gap. They provide a framework and assessment methodology for evaluating the effectiveness of data management practices and a clear evolutionary path to establish a data management culture.
Banks are devoting more resources to Risk, Regulatory, Anti-Money Laundering (AML) and Office of Foreign Assets Control (OFAC) compliance. The uptick in budgets and board involvement has gone hand-in-hand with an increase in staff devoted to AML and OFAC compliance.
Run-the-business vs. Change-the-Business….the spend in major banks is on industrialization of business process. Take for instance, Goldman Sachs which is doing a considerably amount of back-office re-engineering around process industrialization. I would think other banks are going to follow rapidly as they try to catchup.
Despite all this attention, we have a long ways to go. The role of Analytics in AML and KYC is still early pioneer type initiatives. If you were to believe the hype, every industry is on the verge of an analytical revolution. This is especially the case in financial services (and retail banking). As we move from “the brink of financial Armageddon” to some form of health, banks are getting savvy with their data, especially customer data. Hopefully that’s what the Big Data revolution will be all about.
1) the article in BTN – American Banker
2) Enterprise Data Management Council www.edmcouncil.org. New regulations including Basel III, MiFiD II, and Dodd Frank all depend on having comprehensive, accurate, and trustworthy counterparty/legal entity data.
3) “From Overload to Impact: An Industry Scorecard on Big Data Challenges, Oracle, July 2012. http://www.oracle.com/us/industries/industry-scorecard-1683398.html
4) Experts who contributed to this article – Christine Pallone, Managing Director, LiquidHub
6) Top Four Reasons Why Financial Services Companies Need Solid Data Governance — interesting and relevant blog post by an industry insider
7) FINRA has proposed a new concept called CARDs, which calls for the development of a new system to collect, on a regular basis, sensitive information regarding retail customer brokerage accounts, including customer profile information, account activity, and account balances and holdings.