IBM RegTech Innovations

Taking a risk-based approach to compliance management

Share this post:

While deregulation has been a trend over the past few years, compliance monitoring and regulatory change management remains a top focus for financial institutions of all sizes. To explore this topic further, IBM is hosting a RegTalk panel discussion with industry experts from IBM, Promontory Financial Group and Thomson Reuters on May 16 at 10 AM ET. Our experts will bring viewpoints from compliance, technology, legal and industry perspectives in support of a solution that will provide leading expertise to manage the challenges associated with regulatory change. Some of the key themes our panelists discuss will focus on these main areas:

1. Volume of regulatory alerts

Financial institutions are faced with hundreds of potentially relevant regulatory alerts daily. It is often a manual and time-consuming process to read through this information to prioritize those alerts needing to be evaluated for applicability and impact. In a time when the trend is deregulation, what is driving this tsunami of information? The key driver is change. New regulatory requirements create change but so does deregulation. Greater availability of data, facilitated by real-time integrations makes it possible for compliance experts to monitor a wide variety of sources. Information relevant to the institution’s risk profile may take the form of proposed regulations, request for comment, final rules, guidelines, adoptions, authorizations & MOUs, decisions and orders, exemption orders, policies, notices, news release, amendments, sanctions, warnings, and bulletins among others.

Institutions receiving this information in the form of well-structured taxonomized data through an integrated regulatory change management system can focus their attention on the analysis of regulatory alerts as opposed to the monitoring of information. Prioritization of alerts by compliance theme, type, issuer and other key variables helps to reduce the “noise” routing irrelevant information from the daily workstream.

2. Distribution of information and effective coordination across the organization

Another challenge to managing the influx of regulatory alerts focuses on how to guarantee information reaches all the right stakeholders to ensure effective compliance. Regulatory change may potentially impact many different business units across several jurisdictions and geographies. To effectively perform assessments and impact analysis, it is critical that this information be disseminated to the right subject matter experts in a timely manner. As the stakeholders’ work through the review process and then the action plan, if needed, the institution needs a line of sight over progress to ensure compliance by the effective date. Often, this is a manual process dependent on e-mail notifications and independent review cycles pulling disparate status updates into reporting tools. The process needs to be repeated whenever a status update is required and is often prone to error due to the many sources of information that need to be coordinated.

Institutions initiating the regulatory alert review process within a capable GRC solution, like IBM OpenPages with Watson, can leverage configurable workflows to provide automated notifications of alerts to subject matter experts within each line of business tasked with triaging this information. Alerts can also be automatically routed to subscribers within the organization, like legal or first line of defense compliance experts who need to be aware of the information.

The distribution and review of alerts can be further optimized when the information is well-structured and taxonomized. Data feeds like Thomson Reuters Regulatory Intelligence provide information that maps to the client’s taxonomy configured within OpenPages with Watson. This provides advantages like automated linkages of different versions of proposed regulations so that the reviewer can easily see previous versions of the proposal, along with the history of any comments and research done in support of the review. This line of sight provides a clear history of impact assessments and analysis in progress or already completed, allowing the reviewer to focus their analysis on changes to the requirement.

3. Consistency

Disparate GRC systems within an organization create highly fragmented compliance views, making it difficult to obtain a holistic understanding of the organization’s readiness to comply with regulatory changes. Often, the approach taken within each business to identify and maintain obligations is done at different levels of granularity and housed in a combination of systems and as spreadsheets. The process to monitor and update obligations distributed in this manner is manual and requires a lot of coordination to understand the potential risks associated with a new regulatory alert. This makes it difficult to achieve consistency in reporting across the enterprise. Obligations managed in spreadsheets are also prone to error and do not provide the ability to audit user changes to new version in response to regulatory events.

Regulators expect financial institutions to clearly demonstrate their understanding of the obligations to meet a regulatory requirement, along with how they are complying with the requirement. IBM OpenPages with Watson optimizes obligation management, leveraging advanced technologies to automatically identify obligations, controls, policies and procedures potentially impacted by a regulatory alert. This capability is achieved by creating an inventory of consistent, well-formed obligations with the regulatory repository and by mapping associated controls, policies and procedures. The system’s taxonomy links Thomson Reuters alerts to objects within the regulatory library, highlighting the magnitude of the change to help with impact assessment.

Clients also have the option to subscribe to Promontory Financial Group obligation libraries which provides the advantage of starting with an industry standard inventory that is well curated and consistent. Compliance resources are then able to focus on obligation applicability within the business units and overall risk mitigation as opposed to extracting obligation definitions from regulations.

4. Regulatory interaction and ability to show provenance

According to Thomson Reuter’s industry research, there were 10 Matters of Understanding (MOUs) issued in 2016. In 2018, the number issued was up to 30. This helps to underscore the regulatory focus on the need for institutions not only to comply with regulatory requirements but to be able to clearly articulate provenance as to how compliance is achieved. Provenance within regulatory compliance efforts is difficult to articulate when the process depends on spreadsheets and manual updates with no audit trail. Adding to these challenges, systems cobbled together in this way are prone to version control problems and spreadsheet corruption errors. Advancements in cognitive technology provide automation advantages to regulatory change management and help financial institutions to efficiently navigate vast amounts of data available in both third-party data feeds as well as within their own regulatory libraries.

Regulators expect financial institutions to research and understand the most effective solutions to manage their compliance programs and regulatory risks. Today’s GRC solutions provide a scalable framework to support the consistency, transparency and audit capability needed to effectively manage regulatory change and to report on these efforts when requested by a regulator.

In summary, the expert panel discussion will focus and emphasize today’s pressing challenges the unique value proposition that the solution with Thomson Reuters, backed by the domain knowledge of Promontory, help to address. The combination of IBM OpenPages with Watson technology infused with Thomson Reuters Regulatory Intelligence data feed, coupled with industry standard obligation libraries curated by Promontory provides a complete best practice solution to mitigate the risks associated with regulatory change. We will continue to share more as we “Innovate in the Open” together with our clients to solve for emerging regulatory compliance challenges.

Register and join our in-depth conversation on May 16 at 10 AM, hosted by IBM Watson Financial Services General Manager, Alistair Rennie, as industry experts discuss:

  • The need for a framework that removes the manual administration of monitoring external regulation changes, determining the applicability and impact of those changes to the organization, and developing a plan to assess and remediate the risk
  • Challenges and solutions for end-to-end management of regulatory obligations and associated controls across the full range of business lines, products, entities, and geographies.
  • The need for tailored content and timely alerts of relevant regulatory changes
  • The strategies and practices to implement compliance obligations management enterprise-wide

Director of Regulatory Offerings, Watson Financial Services

More IBM RegTech Innovations stories

IBM in “Leaders” Quadrant of 2019 Gartner Magic Quadrant for IT Risk Management, fourth report in a row

Our goal has always been to provide our customers with the tools and insights that help them meet their governance, risk and compliance (GRC) needs, and we do so, by leveraging the innovation of IBM within a single ecosystem. It’s gratifying to see IBM once again positioned in the Leaders Quadrant of the 2019 Gartner […]

Continue reading

Survey shows that tools with strong user experience are key to better risk management across the enterprise

Today, risk-awareness and risk averse behavior is the responsibility of everyone in the firm, so staff need to be able to engage in the common goal of regulatory compliance. In the current complex regulatory environment (see Figure 1), and with growing costs associated with reporting, Know Your Customer (KYC), sanctions and the like, it is […]

Continue reading

What customer complaints can tell you about your experience (and your compliance)

Until recently, the words “customer experience” and “compliance” didn’t really come up in the same conversation – let alone exist in the same universe. The former was the domain of customer care professionals, contact center managers, marketing leaders and digital strategy teams with the goal of helping streamline and simplify products and services, as well […]

Continue reading