On August 25th, IdentityMind. in conjunction with the Lending Times, hosted a panel discussion in San Francisco, California. The panel was focused on the adoption of RegTech and how it can help companies as they scale. Here’s a look into what was discussed.

Automating The Right Things

An important rule of technology is that automation applied to efficient operations magnifies efficiency and automation applied to inefficient operations magnifies inefficiency. Thus, it is important to choose the right processes to automate. Within the compliance aspect of automation your next steps will certainly include data and risk management. While addressing these, consider the following:

  • Business engagement and buy-in. It must happen at all levels, not just C-level. Collaborative processes should involve all stakeholders including customer facing, sales people, and internal auditors. Business lines should articulate business case and use cases.
  • Strong data architecture. Centralized IT infrastructure to normalize data interfaces and safeguard data from misuse and prevent internal data leaks.
  • Committed data governance program. A strong data governance program includes policies and procedures for incident management, technology vendor risk assessment and privacy policy. A culture of compliance begins at the top.

Deployment cannot be done in a vacuum. It requires collaboration. Institutions that establish digital enterprise data risk management from the beginning will be better users of technology.

Working Beyond Silos

As you grow, and your departments grow, silos begin to form. Silos lead to problems as they tend to implement and adopt technology and procedures that are limited in scope. Removing the blinders that silos create requires:

  • A common definition of the problem. Getting agreement on what the issue is an important step. To do that you’ll need all the stakeholders involved.
  • Understanding that legacy systems can change. Knowing that there are no untouchable systems leads to a stronger approach.
  • A common language to describe the project. This allows you to bring in stakeholders who aren’t directly involved in solving the problem, but who will benefit from the solution.

Common standards start with defining the problem and speaking to stakeholder expectations about what you’re trying to build. Once established you can bring technology, compliance, legal and the fraud groups to the table so everyone can own a piece of the problem. Granular understanding is one of the keys to success.

Handling Large Amounts of Data

There is a lot of data that results from your business operations. The data can be used for multiple things, including improving your compliance efforts. Without that data, you are essentially blind to key aspects of risk, and increasing your chance of non-compliance and the potential resulting fines.

  • Big data analysis techniques can uncover complex scenarios that would be difficult or time consuming to identify.
  • Know what data to store. The amount of data can be overwhelming and cause operational challenges. Consider storing statistics and summaries about the data that can tell the story, achieve a balance between requirements, storage and security (see below “Securing Your Data”.

Data science and predictive analytics aspects of RegTech are all about insights. Combined with the high volumes of data that an organization generate, it turns data overload into actionable information for business lines and business users.

Regulators and Unproven Technology

Regulators can be skeptical of solutions that don’t have a long track record. RegTech can fit into that bucket. How do you convince them that a RegTech solution meets the regulatory requirements? Cover these three things to reduce regulator worries:

  • Consumer protection. The addition of data along with the automated compliance processes facilitate compliance without risking consumer’s data privacy.
  • Security of financial infrastructure. Regulators can be concerned about consumer information on a cloud. Present a sound security practice – keep what you need.
  • About the vendors. Have a well-documented vendor management process in place. Vendors must be financially stable, meet the required certifications and understand regulatory risks.

There is a very real gap between FinTech and bank understanding of regulatory risk. It is much more attractive to regulators if you can communicate understanding from a vendor perspective.

Securing Your Data

Suppose you want to store as much data as possible, but this view isn’t shared throughout your organization. How do you get around this? It is hard to please everyone. For instance, you want more transparency, but others may want less dues to privacy concerns. The answer is effectively navigating the gray areas:

  • Strong digital risk management. Strong digital risk management starts with understanding and operationalizing applicable regulatory requirements.
  • Open dialogs with regulators and customers. You’ll need to be transparent about what you’re going to build and accomplish. Be honest and transparent with customers. Most of enforcement actions from CFPB have to do with info safeguards, privacy, misstatements about how they’re using customer risk. Be candid about privacy policies.
  • Have controls in place. No company will be invulnerable to data breaches and attacks, and regulators don’t expect you to prevent every data breach. However, they expect you to have controls in place to minimize the impact if it happened.

One of RegTech’s biggest benefits is pulling information together and out of legacy systems. You need compliance and regulatory technologies to be agile and efficient in how you collect and interpret data. Whether the move to RegTech is done by FinTech firms or banks, it has the potential to bring more efficiency and effectiveness to regulatory programs.

We Can Help

IdentityMind provides an on demand platform that enables companies to automate their risk management and compliance processes across fraud prevention, merchant account application evaluation, account onboarding, identity verification, and money laundering prevention.

The IdentityMind platform provides automation that is:

  • Effective at any scale. Whereas manual processes can be effective, scaling up requires additional headcount and additional cost. Automation, on the other hand, can scale by focusing existing resources on the most important situations, saving manpower and providing economies of scale.
  • Consistent and precise. Automated processes follow the rules written into the system. There is no change depending on agent, transaction or time of day. It applies the rules consistently, every time. As a result, automated monitoring only flags issues, leading to fewer reviews.
  • Faster and better. Automated systems process 24/7 and at a faster rate than purely manual systems. Not only does automation reduce errors, but it also can see trends or patterns across transactions that may go unnoticed with manual transaction monitoring.
  • More manageable. Changing the rules in a manual process requires training and reduced speeds as the new processes become routine. With automated processes, switching to new rules does not slow down the process.
  • Regulator-preferred. Regulators like to see a well-defined automated process is in place. If you have a purely manual process they will ask for documentation and other items that are simply assumed when you have an automated system.

Contact us at [email protected] to learn more about how IdentityMind can help you automate.