The deployment of new applications and the migration of core systems onto the cloud is in full swing, and financial institutions (FIs) could arguably soon be free of the legacy shackles that prevent them from moving forward into the age of digitalisation.
However, before this can happen, FIs must identify the operational risks involved with deployment or migration to cloud computing for the regulator, who will determine whether the FI fully understands how to manage these obstacles.
The coupling of regulation and technology, better known as RegTech, has also been used by FIs to reduce inefficiencies in regulatory reporting, with a focus on easing the burden of compliance in automation.
Further to this, it could be said that RegTech is encouraging a cloud revolution focused on a potential restructuring of regulatory architecture to augment the role of the regulator as technology-friendly entities, reducing complexity and improving oversight for FIs.
Modernising existing concepts
In a data-driven world, RegTech can improve integration and agility with cloud-based solutions; FIs gather regulatory data from a range of systems into data lakes on the cloud and leverage the analytics and surveillance services that the cloud also offers.
Traditional players can then become viable competitors against those that are more digital-centric. Mike Zehetmayr, UK head of RegTech for EY, tells Finextra that “use of cloud solutions, managed services or industry utilities is not a new concept, either by RegTech firms, suppliers providing services to multiple FIs, or by the industry coming together and forming consortiums.
“Use of cloud computing, or utilities, would provide opportunity for FIs to use cutting-edge technology to manage compliance while driving down the costs related to purchasing, installing and managing the solution, including upskilling or even recruiting the resources with the relevant competence.
Zehetmayr continues to explain that the transferal of activities to a utility wall will reshape the current ecosystem from a siloed infrastructure to an integrated one. However, it could also raise liability concerns in the event something goes wrong, which would make FIs reluctant to choose this option, being accustomed to retaining risk in-house and in turn, making it difficult for third party solutions to gain momentum.
“The regulators are also adopting cloud technology to provide a scalable solution to manage large data volumes requested from financial organisations. The regulators and the Bank of England are adopting the cloud at scale, to build platforms that will enable the use of artificial intelligence and machine learning, which will help to drive operational improvements, and provide real-time insights,” Zehetmayr reveals.
The data privacy backdrop
Sonal Rattan, co-founder and chief technology officer of data privacy solution provider Exate, also highlights to Finextra that there has been “a big push from the FCA and other regulators for banks to do more around sharing data in central clearing houses for AML purposes.”
However, Rattan adds that the “intent is definitely there, but we are not seeing as much adoption in the RegTech space as you would think. The clear reason which is slowing the adoption of the cloud revolution is the protection of sensitive data.”
She explains that the fear of placing sensitive data on the cloud still permeates and with the introduction of GDPR and the British Airways and Marriott fines dominating headlines, “the risk of having data lost or stolen from the cloud is too high.
Technically, firms can easily use the cloud, but regulation is the constraint. This is a prime area where RegTech and data privacy firms can jump in to help.”
Alongside data privacy concerns, Adrian Black, CEO of risk solution provider Northrow, believes that cost is a major factor preventing FIs from removing traditional IT constraints. Black explains that while banks spend 80% of their budget on legacy technology, new entrants like Starling and Oaknorth are at an advantage having originated in the cloud, with no legacy system costs to contend with.
“This competitive dynamic is driving incumbent older banks to up their game, so they should be embracing the cloud revolution. Taking a cost-cutting approach to deal with the growing price tag for maintaining legacy systems appears attractive,” Black points out.
Black continues: “One factor is that their internal cost base and development times hold them back. The solution here is that they look for external RegTech solutions, but many FIs still struggle with working with fintech and RegTech scaleups with procurement processes and requirements that have not adapted for the cloud revolution.”
He also explores how the recent renewed interest in APIs has encouraged FIs to modernise legacy technology and migrate more of their services to the cloud. “APIs offer a means to do this, by connecting legacy systems and cloud applications without laborious and costly development work. More businesses are already running their APIs in the cloud as it provides the flexibility to cope with changing regulations, increasing demand and allows efficient connections to be forged, enabling them to adapt and innovate faster than their competitors.”
Dilip Krishna, chief technology officer and managing director, regulatory & operational risk practice at Deloitte & Touche LLP, tells Finextra that while the advent of AI is currently in its early stages, the most widely used technique today has to do with extracting data from documents.
“This includes both basic optical character recognition, but also the ability to extract data and concepts from complex natural language documents. Once in structured form, this data can be processed using traditional techniques. For example, loan documents or notices are being processed in this manner. Other forms of data extraction are also being used, such as image extraction for brand compliance and voice extraction to review customer calls for compliance purposes,” Krishna says.
With regulators already adopting the cloud at scale with artificial intelligence and machine learning to drive operational improvements and provide real-time insights, this combination of technology has the potential to ease the burden of compliance.
Zehetmayr clarifies how this process would work: “Platforms that provide automated interpretation of regulations and monitoring of regulatory changes allow financial institutions to react to changes of regulations in a more timely manner and, hence, ensure compliance. Automation also includes routine monitoring and control of processes in financial institutions. It allows the institutions to respond to risks in a more timely manner and increases the reliability of the controls.”
Black also explains that there is “exponential growth in datasets globally, and as businesses increasingly operate globally there is a need to collate, combine and analyse that data efficiently. The collections process can be automated, and AI or machine learning can be utilised to draw conclusions, match records intelligently and fill in gaps in data.
“This greatly reduces the work required by compliance teams when verifying clients, enabling them to focus on specific cases, rather than having to review everything, every day.”
RegTech promises an evolution, rather than a revolution. For this to happen, architecture will need to be redesigned to meet the expectations of both digital customers and regulators, while also encouraging innovation and stimulating competition. However, Zehetmayr points out that despite open banking helping FIs to share data and the welcomed development of new applications and services, data should also be open for regulators in order for them to recognised as a participant.
“Payment and transaction messages should enable regulatory data to be included, which would enable the regulators to ping the information they are requesting through APIs rather than through formal channels to senior management in the FIs.
“Integrated systems would increase the resilience in payments as it would allow for another market participant to take over in case one payment service is not working. By letting the regulators be a part of it as well, there will be increased transparency in the market as requests by the regulators can be responded to immediately.”