The evolution of RegTech has brought a wave of new providers and systems to market to help financial institutions deal with the wide-ranging new regulations they face, such as MiFID II. In this article, Mike O’Hara and Joel Clark of The Realization Group hear from Mark Tantam of Deloitte, Adrian Shedden of Burges Salmon, Geraldine Gibson of AQMetrics, Furio Pietribiasi of Mediolanum Asset Management and Sam Tyfield of Vedder Price. They agree that RegTech has a role to play in helping firms instil the right culture internally and ensuring employees don’t stray from the stringent conduct standards demanded by regulators and management.
Analysing and implementing the thousands of pages of new regulation that have been written since 2008 has been the one of the great challenges facing banks in the post-crisis era. The impact of regulation stretches far and wide, from ramping up holdings of capital and liquid assets to introducing complex risk-mitigating systems and processes to particular businesses.
Following revelations of systemic market manipulation – starting with the Libor scandal in 2012 and extending quickly to foreign exchange in 2013 – an additional stream of regulation has developed around culture and conduct. The Financial Stability Board committed last year to consider reforms that would improve market structure and reduce the likelihood of misconduct in future, while the UK Financial Conduct Authority (FCA) has set culture and governance as one of its seven priorities for 2016/17.
“The difficulty everybody in the industry is wrestling with is whether there is such a thing as an ideal culture for a financial institution. There is no doubt that incentive-based selling structures without equal incentives for regulatory adherence could leave a bank vulnerable, but it does not necessarily follow that it always would do. Moreover, the culture that a bank instils in its organisation may be undermined by a stronger culture from elsewhere, such as an industry peer group.,” says Mark Tantam, head of Deloitte Forensic in the UK.
“Incentive-based selling structures without equal incentives for regulatory adherence could leave a bank vulnerable.”
Mark Tantam, Deloitte
Technology could certainly play a role in helping banks to instil and maintain a more consistent culture in the future, and the proliferation of ‘RegTech’ – technology specifically designed to meet the requirements of new regulation – could be instrumental in achieving this.
One of the challenges, however, is that cultural requirements are not always well-defined, making it harder to apply technology for culture and conduct than for more conventional disciplines such as capital management. The hallmarks of a poor culture, for example, may be fairly easy to identify, but setting requirements to ensure reputable and honest behaviour across an organisation is less straightforward.
“There is a lot of work being done on behavioural analytics to flag up changes in staff behaviour that may indicate suspicious behaviour, but this is still at a very early stage and it is not yet as reliable as human intervention. Banks might be willing to invest in systems that can make a real difference to culture, but nobody has yet proved that they can make that difference,” says Tantam.
The evolution of technology in this sphere will depend to some extent on how far regulators push the industry, and how granular their requirements on culture and conduct become. The FCA has been more prescriptive than most agencies, but its language is still less concrete than might be expected.
In its business plan for 2016/17, the FCA describes culture as “a set of shared values and norms that characterise a particular organisation”, adding that firms “need to own and manage their cultures at all levels and understand the drivers that will help or hinder them to achieve the cultures they aspire to”.
The FCA’s Senior Managers and Certification Regime, which came into force in March 2016, is designed to increase the accountability of individuals at a senior level and provide greater clarity about expected roles and responsibilities. The regulator is also considering other supervisory tools to ensure high standards of conduct are maintained.
Exactly where such objectives might lead remains to be seen, but there is mounting pressure on financial institutions to make sure internal culture is moving in the right direction. Adrian Shedden, Head of Fintech and Regulated Lending at UK law firm Burges Salmon, sees compliance itself as the big cultural change that regulators have sought to instil in financial institutions over the past five years.
“Compliance is now expected to be at the heart of a regulated business… that is driving a change in attitude to the way compliance is perceived.”
Adrian Shedden, Burges Salmon
“Compliance is now expected to be at the heart of a regulated business,” Shedden explains. “Prior to the crisis, we had generally light-touch, principles-based regulation, whereas now there are increasingly specific and burdensome obligations coming in over time. That requires a lot of resources to be compliant and is driving a change in attitude to the way compliance is perceived.”
The development of RegTech, Shedden believes, has the potential to bridge the gap between the culture of the past, in which compliance was often a small, neglected, back-office function, to the culture of the future, where it will pervade almost every aspect of a financial institution’s operations.
Given the large volume of resources often required to meet the requirements of regulations – from calculations and modelling to fulfilling new operational processes – technology can be used to do the heavy lifting in what Shedden describes as the “low intellect but high volume tasks”, so that human resources can be dedicated to making more informed and intelligent decisions.
“RegTech should really provide a way to make compliance easier in spite of its rising complexity. Some of the largest firms have compliance staff struggling to keep their head above water to deliver on regulations using legacy systems. Regulators, authorised firms and the RegTech community need to come together to show how technology can play a role in enhancing compliance,” says Shedden.
Automating processes, driving greater accountability and freeing up staff resources to concentrate on tasks that require human intellect rather than machine-based intellect all constitute good business practice, but they are also mechanisms by which the culture of financial institutions will shift gradually in the direction requested by regulators.
As an example, when responsibilities and restrictions are not clearly defined, or when dataintensive processes are left in the hands of humans rather than machines, there is a greater propensity for a poor culture to grow; a culture in which mistakes are more easily made, and opportunities for malpractice are allowed to develop. The deployment of robust RegTech offerings may have the potential to correct such loopholes.
“The RegTech wave should bring good conduct and culture into organisations, because regulators are ultimately looking for the risks that were taken prior to 2008 to no longer prevail. The way to do that is to remove ‘key man risk’ and to ensure that individuals do not have the means to stray outside of due process,” says Geraldine Gibson, CEO of technology provider AQMetrics.
Without intuitive technology to define and maintain the boundaries of acceptable practice and enforce personal accountability, firms are responsible for upholding a robust culture on their own and ensuring that staff do not stray from the rules to put the broader institution at risk. That is by no means impossible, but it may rely as much on good fortune and the absence of bad apples from the workforce as it does on sound and principled management.
Taking the FCA’s Senior Managers and Certification Regime as an example, complying with the regime’s demands without the help of a RegTech offering or similarly customised solution may be a tall order. When the incumbents of senior positions change or when roles and management responsibilities change, there is a clear case to be made for technology that can manage that transition electronically and ensure key obligations continue to be fulfilled throughout the transition.
“Technology should remove uncertainty for senior managers and reduce the risk that they could, even unwittingly, be acting in an inappropriate manner.”
Geraldine Gibson, AQMetrics
“Technology should remove uncertainty for senior managers and reduce the risk that they could, even unwittingly, be acting in an inappropriate manner. Having a system in place that adapts to emerging regulations and alerts senior managers when they have a new obligation makes very good sense,” says Gibson.
Beyond the allocation of roles and responsibilities to key personnel, the use of technology can go a step further by providing a clear audit trail for risks that are identified and allocated to particular members of staff. This should prevent senior managers from being able to deny responsibility or claim ignorance at a later date if there is written evidence that they were informed, further solidifying the culture of the organisation around compliance, auditability and personal responsibility.
“RegTech enables board managers and senior managers to actively consider and act on all of the risks they face, so that total transparency becomes the norm across the organisation. The industry is still some way from this ideal at the moment, however, and such seamless flow of information and visibility of risk tends to be the exception rather than the norm,” says Gibson.
For many institutions that are still struggling to instil the kind of culture and conduct framework set out by regulators, the biggest challenge may be in identifying a logical place to start. While there are obvious merits in having a more transparent infrastructure in which records of roles and responsibilities are centrally maintained and emerging and existing risks are carefully documented, few institutions will be in a position to remove existing systems altogether and build such an infrastructure from scratch.
In reality, the only viable option is to take a gradual approach, layering new systems and processes on top of what already exists. As many firms still keep risk information in disparate logs and registers that may not always match up, there is plenty of work to be done to standardise and contextualise risk data in pursuit of a more transparent infrastructure. It’s a necessity that is recognised as much on the buy side as on the sell side.
“Every institution needs to deploy new technologies to enable increased scalability and efficiency as well as better insight, but organisations also need to change their processes if they are to realise this vision. We have been through a huge infrastructure change in recent years and redesigned our operating models to bring specific knowledge and expertise to our business,” says Furio Pietribiasi, Managing Director at Mediolanum Asset Management.
“Every institution needs to deploy new technologies to enable increased scalability and efficiency as well as better insight, but organisations also need to change their processes if they are to realise this vision.”
Furio Pietribiasi, Mediolanum Asset Management
That journey has led Mediolanum to a number of technology providers, including AQMetrics and Misys Fusion Invest, as the firm has sought best-of-breed solutions to various internal processes that required attention. Looking back on the choices the firm has made, Pietribiasi believes the engagement with external technology vendors has been particularly productive.
“A lot of technology vendors have the skills and competences from a technology perspective to build innovative solutions but they may be short of the data or information from the business side that is needed to advance their product. It sometimes becomes a co-investment relationship, where they invest the time and money to develop the technology and we invest by sharing our knowledge and competences,” Pietribiasi explains.
This kind of engagement clearly benefits both the technology provider looking to build a business as well as the more established end user, but such models are not necessarily widespread. While there is no shortage of RegTech providers seeking business in the financial services sector, some face an uphill battle to sign new clients, especially among larger institutions.
The difficulty is not necessarily that start-ups lack innovative ideas, robust technology or costefficient solutions, but rather that large financial institutions are often unable to commit to using new providers that have not been properly tried and tested, due to their own conservative procurement policies. That may mean they end up having to use more established providers with less nimble or innovative products.
“FinTech should be an industry with low barriers to entry that rewards innovation, but in financial services the barriers are a lot higher than they should be and are often unseen. There are new players out there with fantastic products that struggle to get contracts with major players because they don’t have a recognised name behind them,” says Sam Tyfield, London-based Partner at international law firm Vedder Price.
Lowering these barriers to entry will take time and may remain difficult for the largest financial institutions that struggle to gain approval to tap small, little-known technology suppliers. That could mean the largest banks that need strong technology to address culture and conduct issues have to rely on their own internal expertise or the larger vendors with whom they have existing relationships.
It is not only that banks sometimes struggle to get approval to use the wares of a start-up, but also that the largest institutions often prefer to use a small number of providers rather than having to coordinate coding and connectivity with many external systems and portals.
“The ideal situation for a large investment bank is to have one outsourced vendor rather than having to deal with a large number of systems and connectivity issues. Start-ups often struggle because they don’t have the scale to provide turnkey solutions for big processes such as regulatory reporting, so they provide a small proportion of one function and clients have to look to others to provide the rest,” says Tyfield.
The difficulty of bridging the gap between small, innovative start-ups and top-tier financial institutions is a point echoed by Shedden of Burges Salmon. Dealing with legacy technology and keeping a large-scale infrastructure running in the face of an overwhelming volume of new regulatory requirements is a huge undertaking and means some of the largest firms stand to miss out on the best technology.
“ The concept of accreditation for technology providers may not be universally popular, but larger firms would find it easier to on-board start-up vendors if there was a third-party vouching that the product does what it is s upposed to do and does it well.”
Sam Tyfield, Vedder Price
“Large firms are used to spending significant amounts of money on technology projects to deal with legacy issues that take longer, cost more and are often out-dated by the time they are delivered. There is a cultural issue here in that large firms are often not willing to go through a number of smaller proofs of concept with a smaller ‘riskier’ providers, even if it leads to a more viable solution with a lower overall risk profile than some large ‘turnkey’ projects,” says Shedden.
At this stage, the spectrum of RegTech offerings is still fairly diverse, catering in different ways to the specific requirements of multiple regulations, but Tyfield expects the next stage in the evolution of this sector to be the commoditisation of products, making it easier for firms to access the technology at reduced costs. Some kind of industry standard endorsement of certain products or providers could boost uptake further, he adds.
“The concept of accreditation for technology providers may not be universally popular, but larger firms would find it easier to on-board start-up vendors if there was a third-party vouching that the product does what it is supposed to do and does it well,” says Tyfield.
Looking forward, it is clear that the evolution of RegTech still has some way to go, but as financial institutions continue to address culture and conduct requirements, technology will play a vital role in their success. For large firms that have started by layering tools onto existing infrastructure, they may gradually find that certain components of the underlying framework become obsolete in the future.
“Overhauling processes to replace them with a cloud-based RegTech solution in one big bang would create havoc, so layering new functionality is often the only option initially. But ultimately new processes will filter down and people will have confidence in using their new toolsets rather than legacy systems,” concludes Gibson of AQMetrics.