For financial institutions, especially global ones, the myriad of regulations that they must adhere to is staggering. The difficulty with that is not just the number of targets they need to hit, but that those regulatory requirements are moving targets, rarely static or black and white. Current regulations are updated, and guidance on existing ones can evolve, and new ones are enacted.  In the past couple years we have seen the new United States FinCEN CDD Rule, the 4th EU MLD, MiFID II, GDPR, just to name a few. And the hits just keep on coming. The 4th EU MLD is still being nationalized in several EU member states at the same time that the 5th EU MLD is being finalized by the European Commission. MiFID II, while in effect, has seen the parts of it related to dark pool trading pushed out for another 3 months, at minimum. There is mounting pressure in the United States by Congress and the banking industry to reexamine the AML regulations. The rise of digital currency, distributed ledger technology, robotics, and artificial intelligence is leading to the development of new regulations, and reexamination of existing ones to address these new technologies.

Change, What’s the Big Deal?

The truth is that with financial institutions we aren’t talking about sports cars that can turn on a dime. They are more like cruise ships – slow and difficult to change course. When a regulation changes or new ones are enacted it affects numerous processes, creating many questions that need to be worked through and answered.

• Does the new or changed regulation apply to our institution?
• What parts of the institution does it apply to?
• How does it apply?
• What policy and procedures changes does this require?
• What process changes need to be made to reflect those policy and procedure changes?
• Does it require changes or additions to the IT infrastructure to support those changes?
• Does it require organizational changes to support the change?
• Does it require training existing employees or hiring additional ones?

While these questions seem straight forward, they get exponentially harder to work through as you add in the relevant stakeholders. You have compliance, legal, business, operations, IT, the list goes on and on. Different interested parties make consensus difficult. Oftentimes, outside counsel or consulting firms need to be brought in as an objective third party to help identify the answers to the questions.

On top of the number of parties involved, the regulations themselves also create a lot of uncertainty. Many regulations are not black and white, requiring bank specific interpretation and risk based approaches. Anti-Money Laundering (AML) regulations are a notoriously grey set of regulations.   

How Does Technology Help or Hurt?

Once the bank has identified the changes that need to be made, technology is often used to actually make those changes. This is one of the areas in which technology can provide huge advantages or slow change down to a snail’s pace. Why is this? Well, there are certain practices that can lead to these issues:

Business and IT work separately

• Leads to business “making requests” and IT fulfilling them. This often leads to several iterations of changes to get it right
• Extensive back and forth creates lengthy periods of time to implement changes correctly

Use of hard-coded, black box technology

• Makes it difficult for business and IT to work closely together
• May require the need to use outside vendor resources, which may not always be available when needed

Use of non-scalable solutions

• Numerous siloed solutions across geographies and lines of business multiply the number of systems that must be updated, as well as create a complex set of dependencies that need to be maintained

What Can You Do to Better Meet These Changes?

Preparation is key and so is technology. But how can your technology choices help you prepare for the unknown regulatory changes will occur? One way to do that is to leverage scalable technology that you have control over and that you understand. With scalable technology, you will be able to simplify your technology landscape, remove silos, and simplify the number of system changes that need to be made. Use low-code or no-code software that your own IT folks are in charge of and that the business and compliance teams can become familiar with. When changes or new regulations occur, this will allow these teams to work closely together to make fast, accurate changes to meet the policy, procedure, and process changes that will occur.  

Technology choice matters. To be prepared for the unknown wilds of the regulatory landscape, you need to choose technology that solves your current problems but gives you the agility, scale, and openness to meet future changes.