RiskTech meets RegTech: How regulatory technology can enrich risk management frameworks
Forward-thinking organisations are considering the next wave of operational risk management.
This involves exploring how breakthrough technologies, as part of RegTech (regulatory technology) solutions, can help banks and financial institutions manage every facet of regulatory change, reporting, compliance and risk management more strategically.
Technologies such as AI cannot replace professional expertise. They can, however, handle time-consuming and complex processes to ramp up operational efficiency, close data gaps and – above all – help firms build a richer understanding of risk.
Operational risk is no longer a silo, as firms make great strides in aligning all parts of risk management with each other and the rest of the business. As a consequence, the risk framework is gaining an increasingly integral role in cross-functional decision-making.
Organisations are also embracing advanced and emerging technologies; and exploring how these can power next-generation risk management programmes. When well-chosen technologies are employed in a strategic and responsible manner, it’s possible to achieve more targeted and efficient risk management, improve compliance, avoid fines and enhance business outcomes.
What’s driving innovation?
RegTech is not a new concept, but it’s becoming a more strategic solution with the inclusion of advancing automation and artificial intelligence capabilities. At the same time, there’s a greater need for technology to cut through regulatory complexity and alleviate the administrative burdens associated with regulatory change and risk management.
Technologies such as robotic process automation, natural language processing and machine learning can work alongside compliance and risk professionals to help them extract meaningful value from data and accomplish routine tasks with increased accuracy and efficiency.
How AI impacts risk management
In the financial services world, automation and AI can be applied to the operational risk framework to enable the correct and prompt recording of incidents, events, losses and near misses. With easy access to data on controls that failed, processes for which the risk was not identified and so forth – firms have rich context during risk assessment and scenario measurement.
Similarly, the efficient, accurate and consistent collection of issues and actions information allows the business to drive audits on risk controls and adopt a proactive approach to risk management. AI can be applied to help predict future losses based on control failures, and perhaps trends. This helps to support more efficient oversight of risk and compliance going forward – allowing for swift reactions to changes in the business environment.
RegTech for regulatory change
Regulatory change management is another key area where RegTech solutions can help to enrich and advance the capabilities of risk management technologies. In this context, automation and AI can help to:
- Acquire regulatory data
- Pull out key pieces of information
- Identify the regulation that underpins pieces of change
- Layer that data into the risk and control framework
There is a formidable amount of information to sift through, across all business lines and jurisdictions. Given the staggering number of regulatory developments that happen around the world, it is not uncommon for firms managing this process manually, to focus their monitoring activity on the larger jurisdictions, the key regulatory bodies and the hottest topics. The upshot? News with a substantial impact on the business and/or its customers can easily fly under the radar.
Ultimately, regulatory content management involves many process components that organisations can teach machines to handle, aided by the ongoing supervision and assistance of human experts.
Leveraging technology during data acquisition allows organisations to monitor and review a much wider pool of information, overcoming language barriers and other hurdles, to gain a fuller, richer picture of the regulatory activity.
This allows professionals to redirect their time towards ensuring the firm is effectively managing each regulatory change, identifying the key operational risks and implementing adequate controls.
Beyond the acquisition process, advanced technologies can help a firm to effectively layer regulation into the risk framework and consider the impacts of changing regulations on the risk environment.
Managing accountability
As technology advances, there is a clear focus on making sure the people responsible for conducting the business are still accountable. The European Central Bank (ECB), for example, has high expectations of banking supervisory boards and senior managers – viewing internal governance and risk management as key supervisory responsibilities. Failings in these areas drive the highest scores in the review and evaluation of banks.
In this context, organisations need to be confident that their people are comfortable with the systems in place that support the processes for which they are accountable. The use of technology should not impact the concept nor diminish the culture of individual accountability in an organisation.
The view of the Information Commissioners Office in the UK is as follows:
“Individuals should not lose accountability when a decision is made with the help of, or by, an AI system, rather than solely by a human. Where an individual would expect an explanation from a human, they should instead expect an explanation from those accountable for an AI system.”
When regulatory compliance and operational risk programs are reliant on predictions, recommendations, classifications or activities delivered by advanced technologies, organisations and individuals must still be held responsible for these actions and decisions.
Additionally, firms must be able to explain how the technology works, where processes rely on that technology, how it informs decision making and how it impacts customer outcomes. They may also face questions around why they have – or haven’t – used certain technologies.
RegTech does not alter the foundations of risk management
While the use of technologies can support and enrich the operational risk framework, this should not alter the fundamentals that are already in place.
RegTech with advanced technology capabilities adds value above and beyond by giving organisations a full understanding of their regulatory obligations as well as the requirements that exist within those obligations. Importantly, it helps to enhance the contextual information that impacts an organisation’s risk profile – for truly strategic risk oversight and compliance.
In closing
Technical innovation can provide the insights, contextual decision-making and advanced analytics that lead to better outcomes for businesses, customers and society.
RegTech is no longer a future. With the regulatory and risk supervisory landscape becoming more complex, firms that have a comprehensive operational risk framework supported by RegTech will be well prepared for the changes and challenges that lie ahead.
This article was first published on Wolters Kluwer.