4 ways to get ahead in 2017…. Embrace RegTech
2017 will be the year that financial services firms realize that spend on compliance can be a business enabler, not a necessary evil. Embrace RegTech now, to get ahead.
The expectation that financial services firms will continue to face more regulation — both volume and complexity — has become the norm for compliance teams. In 2015-16 an average of 200 international regulatory changes and announcements were recorded daily (source: Thomson Reuters Regulatory Intelligence). Compliance teams face a monumental task, tracking and analyzing these changes, and effecting change as required. It’s a necessary evil. And with budgets under pressure, the mandate to derive business benefit from spend on compliance has never been greater.
Three-quarters of financial firms also expect focus on regulatory risk management to rise in 2016, in light of news that harsher penalties are likely to be imposed. In the words of Sally Quillian Yates, deputy attorney general at the U.S. Department of Justice, “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”
So compliance just got personal. Senior management has responded by directing compliance and risk teams to increase their armory, and protect the firm, its customers and its staff, at all levels of the business.
Digital border control warrants its place, front and center of any risk mitigation strategy. Digital transformation projects have accelerated in recent years, triggered by the advent of the digitally native millennials, and increased client demand for anytime, anywhere self-service. Combined with internal usage of digital platforms that give access to client identifying data – and the inherent data leakage risks associated with that – financial firms must keep scrupulous records of all digital activity, and protect their digital frontiers, if they are to fully mitigate risk.
The requirements of the regulator are very clear. Financial institutions must be able to prove exactly what a customer saw and did via the firm’s digital channels (web, social and mobile). They must capture all digital activity and interactions, and retain them in easily accessible form, for up to 10 years (varies by regulation). This is especially can challenging in today’s dynamic digital world, where personalization is pervasive.
Can legacy systems deliver compliance?
From a technology standpoint, legacy systems built to track digital interactions were designed with customer experience analysis in mind, and are physically incapable of satisfying compliance or conduct risk requirements. With capture rates of 90% or below, these systems are useful only for monitoring anonymous usability trends, and performing e-commerce conversion analysis. They fall far short of satisfying compliance requirements.
In order to generate a view of digital activity, legacy systems rely on file-centric log file analysis, or so-called ‘man in the middle’ attacks, which intercept traffic between a customer’s device and your firm’s digital border. From a compliance and risk perspective, neither approach is effective; there is no certainty that all digital activity is captured, interpretation of log files is error-prone, time consuming and lacks context, and man-in-the-middle capture is often sabotaged by network security protocols that are necessary to protect your digital frontier from external threat. The only workaround – and even then not conclusive – is to lower security settings to a level that compromises other aspects of your business, increasing the risk of personal data loss and theft.
So, if your digital tracking systems cannot capture 100% of all digital activity, this begs the question: “Is 100% truly necessary for compliance?” Clearly so, unless your compliance and legal teams are willing to accept the substantial risk that the 5% or more digital activity that you are missing contains one or more indefensible acts of conduct, which could lead to a multi-million-dollar fine, loss of reputation, or even a jail sentence.
With the compliance and risk tide turning, financial firms must review their digital compliance status. You must think more creatively about how to meet changing regulatory expectations, with additional investment in compliance technology, often tagged ‘RegTech’.
Qumram is a forerunner in this RegTech space, delivering solutions that record every mouse movement, tab click, keystroke, screen rotation and finger swipe, to provide an exact rendition of a customer’s interaction, or an employee’s digital activity. Playback is in movie-like form, so the compliance team, a regulator, or a legal official can see exactly what a customer or employee saw, at any moment in time. Typically, records are retained in compressed and tagged form, providing client-oriented search and far greater accessibility.
And the icing on the cake? This new wave of RegTech solutions finally delivers broader business benefit from spend on digital compliance. User behavior can be monitored to alert the forensic team (in real time), when fraudulent acts are detected. The vast array of big data that is captured for compliance purposes can be used for customer behavior analytics, and day-to-day customer service and support.
Furthermore, due to the extended retention periods required for regulatory compliance, this data provides a product life-cycle perspective of behavior from the customer, leading to more accurate profiling, which marketers can use to encourage long-term customer satisfaction and retention.
With clever investment in RegTech, spend on compliance can truly become a business enabler, delivering measurable return on investment, rather than being viewed simply as a necessary evil insurance cost.
For further insights, get our free white paper Think you have digital compliance covered? Think again.