Could reg-tech address the compliance woes of banks?
New regulation technologies can help lenders comply with rules for the sake of their own safety
is former chief general manager, Reserve Bank of India.
The compliance function in banks is the nerve-centre that performs a vital role in preserving organizational resilience and stability. Equate it to our cardiovascular system. Just as a weak heart can debilitate the body, even result in a sudden demise, so can inept and deficient compliance take a toll on a bank’s health, with serious implications for the entity as well as the financial sector. The case of Paytm Payments Bank is one such poignant reminder of this effect.
Robust compliance within banks is not only a must, it should cover nearly all aspects of operations. It is both multifaceted and increasingly demanding. Regulatory expectations of banks went up sharply after the 2008 Global Financial Crisis, the lessons of which inspired reforms spanning the entire spectrum of prudential guidelines, covering both idiosyncratic and systemic risks, with many new variables placed under watch, such as the liquidity coverage ratio, net stable funding ratio, non-risk-based backstop facility or leverage ratio, and too-big-to-fail criteria. The focus on governance, conduct, risk management and supervisory scrutiny has intensified in response to evolving financial dynamics and the disruptive impact of fintech on banking, payments and digital channels.. The ‘assurance’ function, encompassing risk management, compliance and internal audit/inspection, has gained in importance at banks.
For proper compliance, banks should (i) embrace regulatory technology (reg-tech) to streamline processes and improve compliance efficiency, (ii) foster collaboration on reg-tech and compliance models, and (iii) prioritize capacity building, education and awareness. The compliance function must adapt swiftly and in sync with changes in the financial sector to align itself with technological advancements.
Reg-tech addresses regulatory, compliance and supervisory aspects and a threeway interface for these is crucial for effective outcomes. Initiatives like regulatory sandboxes, innovation hubs and platforms such as CRILC (India) have aided reg-tech adoption globally. However, most banks must overhaul their reg-tech systems to make a meaningful switch to enterprise-wide compliance automation. These mechanisms need an end-to-end mapping of regulatory guidelines, while ensuring real-time communication and smooth information flow across all verticals and departments. Embedded within it should be functions like Know-Your-Customer and Anti-Money Laundering (KYC/AML) checks and due diligence, monitoring processes, deficiencyand-violation detection, timely alerts and prompt risk addressal.
Artificial intelligence (AI), machine learning (ML) and natural language processing (NLP), as well as cloud services and blockchain technologies, can play a pivotal role in preserving data quality through effective management and analytics. Smart systems can be integrated to efficiently compile, document and encode information and processes, while allowing userfriendly access for verifications, thereby ensuring accurate and timely regulatory reporting, as also robust internal oversight. Algorithms can set compliance goals, monitor results and adjust processes based on emerging data patterns. Reg-tech enabled cross -functional interaction and coordination can enhance the efficacy of the bank’s assurance function.
Reg-tech adoption must accompany safeguards against associated operational risks, such as privacy breaches, cyber vulnerabilities, data manipulation, frauds and scams. Reliable mitigation tools exist in this context as well.
Notably, reg-tech does not eliminate but instead reinforces the necessity for strong human oversight. Transitions to end-to -end digitized compliance and grievance redressal do not mean that machines can be blamed for failures.
As increasing regulatory density and technological complexity can raise compliance costs to prohibitive levels, the advantages of a collaborative reg-tech approach cannot be overemphasized, especially as it neither poses conflicts-of-interest nor causes competitive discomfort. On the contrary, collaboration on reg-tech and access to opensource compliance platforms, apps, API systems and best-practice repositories will help spread know-how across the sector and save research costs and efforts, especially for smaller banks, while also creating a pool of tech tools. Consistency and uniformity in compliance models and practices across the industry would ease supervisory burdens and bolster the regulator’s confidence in banks’ compliance standards. A stronger culture of rule-adherence also reduces potential damages from supervisory and enforcement actions.
Yet, the desired outcomes will remain elusive without a concerted effort to prioritize capacity building, training and education as a key component of a bank’s compliance culture. This is especially crucial for the technical and front-line staff and for risk managers. Relentless supervisory action by the regulators against banks for compliance, conduct and KYC/AML failures would suggest an unfinished agenda on this front.
Well trained and aware staff in a robust digitized compliance ecosystem, backed by the application of well-defined principles of accountability, would fortify compliance and organizational resilience, ensuring the safety of customers. This, in turn, will enhance the trust placed by customers and the regulator in these financial entities.
These are the author’s personal views.