How technology will increasingly manage regulation and compliance

Enacting regulation and compliance obligations is vital to businesses. Stephane Niango, Managing Partner, Arqitek talks to MEA Finance Magazine about the increasingly important role technology will play in helping financial institutions manage this important aspect of their activities.

“We help enterprises transform through the practical application of digital-era best practices. We believe that the digital enterprise must architect to be successful.” - Stephane Niango, Managing Partner, Arqitek

Given the increasing adoption of technology in the wake of the COVID-19 pandemic outbreak, where is technology playing a significant role in compliance risk management currently?

It is widely recognised that COVID-19 has accelerated the move towards digital.  Projects concerned with digital onboarding in particular are in abundance across the financial sector.  However, the true meaning of digital remains poorly understood. 

At a deeper level we are all witnesses to the emergence of the digital economy.  The digital economy is driven by lower transaction costs and increased agility.  In this context digital enterprises must look beyond front-end services transformation.  The digital enterprise must transform across multiple domains to retain competitiveness.  Governance / Risk and Compliance (GRC) is one of several critical domains to transform.  It is critical because i) most financial institutions expend more 20% of resources in oversight of some form and ii) GRC is a certainly a major source of friction within the enterprise.

The role of technology is therefore to automate compliance to such a level that the inefficiencies and the friction are taken out of the equation.  This is entirely achievable today to the extent that regulatory requirements can now be electronically associated all the way through to operational implementation.  Changes in regulations can be immediately traced to the operational level and non-compliances can be automatically highlighted.

This is all increasingly critical because markets and regulations will continue to evolve.  Open Banking is taking form across the region.  We also have Big Tech to consider and meanwhile cloud is helping everyone move faster.  All these trends bring their own opportunities and challenges and imply regulatory evolution.  So, compliance must move away from the traditional, paper-based approach to enable evolution.

As an organization, what are some of the most advanced innovative approaches to compliance risk management you have implemented?

We are performing work where we are driving automation all the way from compliance planning into operational platforms, including cloud platforms such as Azure.  Imagine a scenario where regulatory requirements are immediately traceable through to the implementation of rules within operational systems.  A change in a regulatory requirement can be immediately translated into changes to underlying platform configurations.

This concept is becoming increasingly viable as cloud platforms enable the configuration of rules in accordance with compliance requirements.  Using this and similar approaches changes can be promulgated across the enterprise to impact both manual and automated processes.  The concept of the written standard operating procedures document is soon to be banished to the archive.

What trends do you see among financial institutions in the MENA region and how do you compare them to other parts of the world? 

The challenges for the MENA region and other regions are in many ways similar.  Digital transformation is an imperative for any financial institution anywhere on the globe.  However, not all are responding to the true meaning of digital.  Digital window dressing is taking place with new front-end services – but that is all.  This is true in MENA but the same can be said elsewhere. 

Regulators are recognising this and are encouraging the transition towards digital.  Its important because global competitiveness depends on financial industry becoming digital.  They are therefore placing a greater emphasis on Digital IT and IT modernization.  This is being reflected in new regulatory requirements being directed towards the management of IT itself.

Other significant trends include the move towards Open Banking.  MENA is some steps behind.  However, central banks recognize the economic imperative behind Open Banking.  Hackathons are already taking place under the sponsorship of regional banks.  The standards and regulations to enable this new community are being formed. 

Overall, we can expect to see an acceleration of the change already taking place.  Truly Digital financial institutions should be pushing the envelope rather than being on the back foot.  We suggest a firm drive towards Open Banking, cloud adoption and Digital IT Governance.  Even if initial steps are incremental it is critical that the enterprise is actively exploring the digital future.

What type of ongoing monitoring and auditing processes have you put in place to assess the effectiveness of your compliance programs?  

At this stage we are advocating a focus on compliance automation.  If this is done correctly then monitoring becomes a lot less effort intensive.  This is because the linkages are there, and reports can be automatically generated to expose gaps.

Once this is achieved then the financial institution can take a more forward-looking stance.  Where are regulatory trends taking us and how do we get ahead of the market?  The aim is really to establish the front-foot position.  Control regulatory requirements before they control you!  From there you are equipped to venture forwards to take on the new paradigms with greater confidence and awareness.

What do you see as the greatest challenges for the financial services industry in enforcing compliance? And framing these challenges would you do things differently?  

The greatest challenge is around handling the complexity and doing so quickly.  Manually translating multiple regulatory requirements (the ‘Why’) into process and controls (the ‘What’) and implementing them (the ‘How’) takes significant effort.  Many banks are investing more than 20% of resources in oversight in some form or other.  A holistic approach is required that is driven by data and that links to the underlying architecture.

The figure illustrates how a holistic approach can be realised that enables a systematic linkage from the regulatory requirements ultimately through to people, applications and other architectural elements.  Proven platforms are available to enable the end-end level of automation.  The challenge is the correct introduction of these platforms within the specific context of the financial institution.

How do you envision financial regulation and compliance in the future? 

Market changes are only going to accelerate as new paradigms come into effect.  The benefits of cloud are only now being materialized in the MENA region.  Open Banking will generate a whole new plethora of market changes and evolutions.  The pace will increase and so will the complexity.  Financial institutions will be interacting digitally with an increasing diversity of actors.  Service complexity will increase, and the implications of regulatory requirements will be increasingly complex to resolve.

So, in many respects the future of compliance is about enabling agility.  Regulation and compliance must move from the traditional, paper-based approaches to automated approaches that reach all the way through to operational platforms.

Ultimately, we see the emergence of the enterprise control tower where the enterprise architecture, internal and external data are brought together to help the enterprise see new opportunities and to respond rapidly to those opportunities through agile projects and initiatives.  A key input to the control tower is of course the regulatory requirements.  We use the term Transformation Management Platform (TMP) to embody this concept.  Here we are referring to the automation of transformation itself.  Transformation on a continuous and automated basis.