The implicated firms admitted to the facts outlined in the SEC orders, acknowledging that their conduct breached record-keeping provisions under federal securities laws. Collectively, the firms have agreed to pay $392.75 million in civil penalties and are in the process of implementing measures to enhance their compliance policies. Three firms that voluntarily self-reported their infractions will face significantly reduced penalties.

“As today’s enforcement actions against more than two dozen firms reflect, we remain committed to ensuring compliance with the books and records requirements of the federal securities laws, which are essential to investor protection and well-functioning markets,” said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “Among this group of firms, there are several that differentiated themselves by self-reporting prior to the staff’s investigation, demonstrating once again the real benefits of proactive cooperation.”

The SEC’s investigations revealed pervasive use of unapproved communication methods, referred to as off-channel communications, across the firms. These off-channel communications included records that should have been preserved under securities laws but were not, impeding the SEC’s ability to conduct effective investigations. The violations were found to involve personnel at various levels, from senior managers to supervisors.

The firms were charged with breaches of record-keeping provisions under the Securities Exchange Act and the Investment Advisers Act, in addition to failures in supervising their personnel to prevent such violations. Alongside financial penalties, the firms were ordered to cease and desist from further breaches and received formal censures.

Reacting to the announcement, Matt Smith, CEO of integrated surveillance solutions provider SteelEye, commented: “The SEC’s recent hefty fines dispel any notion of a softer stance on off-channel communications breaches. Its crackdown remains in full force. The SEC is clearly expanding its focus beyond large tier-one banks, continuing to target investment advisers and broker-dealers. With fines posing a growing threat to firms of all sizes, it’s crucial they invest in the necessary measures, embracing smarter, more efficient approaches to supervision to navigate the evolving regulatory environment more effectively. Only then will they be able to keep pace with the SEC’s unforgiving scrutiny.”

Oliver Blower, CEO of London-based communications surveillance specialist VoxSmart, added: “It has been eerily quiet on the watchdog front of late, particularly when it comes to instant messaging record-keeping penalties. But this barrage of fines offers a stark reminder that the regulator will continue waging its battle on off-channel communications for the foreseeable. While this will alarm US firms ill-equipped to monitor staff use of platforms like WhatsApp, financial institutions operating beyond the SEC’s reach should also pay close attention. Overseas regulators certainly will be, and we expect a domino effect as watchdogs worldwide follow suit.”

The post SEC Charges 26 Financial Firms for Record-Keeping Failures, Resulting in $392.75 Million in Penalties appeared first on A-Team.

The Crowdstrike incident offers a timely case-study for firms as they upgrade and evaluate their operational resilience frameworks for the new obligations required by DORA and other regulatory updates.

Regulatory oversight of disaster recovery planning (DR) and business continuity planning (BCP) has been in place for decades. But as markets have become increasingly digital and interconnected, new sources of operational risk have emerged in the form of cyber security threats and in turn, regulators have been updating their compliance obligations.

DORA is the most comprehensive and prescriptive (rules-based) set of operational resilience obligations yet to come into force. Other jurisdictions have tended to be more principles-based rather than rules-based, offering recommendations defining rules in terms of standards and best practices.

DORA is based on five pillars, each of which is covered to some extent by existing or emerging regulations in the other jurisdictions.

Information, Communications and Technology Services (ICT) Risk Management

ICT risk management is a cornerstone of operational resilience, focusing on identifying, assessing, and mitigating risks associated with critical IT functions. The FCA has published Operational resilience: insights and observations for firms that lays out feedback and advice on the obligations firms under its jurisdiction must meet by the end of March 2025.

Incident Management and Reporting

Effective incident management is crucial for minimizing the impact of disruptions on financial entities. The UK’s Prudential Regulation Authority (PRA) outlines requirements for firms to develop and maintain incident management frameworks that enable rapid identification, classification, and resolution of ICT-related incidents. This includes establishing clear communication channels and reporting mechanisms to ensure timely response and recovery.

Under the EU, DORA mandates that financial entities implement robust incident management processes. Firms must classify incidents based on their severity, report significant incidents to the relevant authorities, and conduct post-incident reviews to improve their resilience frameworks. This proactive approach helps mitigate the impact of disruptions and enhances the overall stability of the financial system.

Resilience Testing

Digital resilience testing involves evaluating the robustness of ICT systems through regular assessments and simulations. The CBEST guiding framework from the PRA is a targeted assessment that allows regulators and firms to better understand weaknesses and vulnerabilities and take remedial actions, thereby improving the resilience of systemically important firms and by extension, the wider financial system.

In line with the growth of threat-led penetration testing frameworks around the world, CBEST remains a highly effective regulatory assessment tool that can be conducted on a cross-jurisdictional basis with other international regulators and frameworks.

In the EU, DORA introduces requirements for digital resilience testing, including advanced testing methodologies like Threat-Led Penetration Testing (TLPT). Financial entities are required to conduct these tests periodically (at least every three years) to identify and address weaknesses in their ICT infrastructure and ensure they can withstand and quickly recover from cyber incidents and other operational disruptions.

Managing Third Party Risk

The FCA and PRA have set out guidelines for firms to assess and manage risks associated with third-party relationships, including contractual obligations, performance monitoring, and contingency planning.

DORA places significant emphasis on third-party risk management, requiring financial entities to ensure that their ICT service providers meet resilience standards. This includes conducting due diligence before engaging third-party services, establishing clear contractual terms, and maintaining oversight throughout the relationship. Firms must also have exit strategies in place to mitigate risks associated with the sudden loss of critical third-party services.

Information and Intelligence Sharing

Information sharing is a critical component of operational resilience, enabling financial entities to stay informed about emerging threats and best practices. The Financial Stability Board (FSB) encourages cross-border cooperation and information exchange to enhance global financial stability. This involves sharing threat intelligence, incident reports, and resilience strategies among financial institutions and regulatory bodies.

In the EU, DORA promotes information sharing as a means to enhance the collective resilience of the financial sector. Financial entities are encouraged to participate in information-sharing arrangements to gain insights into cyber threats and operational risks. This collaborative approach helps firms improve their resilience frameworks and better protect against systemic disruptions.

Under DORA, the CrowdStrike event would be a reportable incident. Details of exactly what went wrong are still emerging. It serves as a valuable case-study against which firms can scenario-test their ICT risk management frameworks against this type of systemic event.

The post CrowdStrike Incident Tests Operational Resilience appeared first on A-Team.

The venture saw Gresham Technologies delist from the public market to create the new company, which will be known as Gresham. The deal has resulted in a company that combines Gresham Technologies’ transaction control and reconciliations, data aggregation, connectivity solutions and regulatory reporting capabilities with Alveo’s enterprise data management for market, reference and ESG data.

Backed by Alveo’s majority investor STG, a technology-focused private equity firm, the combined business has got to work promoting what it calls its enterprise data automation offering.

Data Management Insight spoke to chief executive Ian Manocha, formerly head of Gresham Technologies, and chair Mark Hepsworth, who held the leadership role at Alveo, about the genesis of the merger and their plans for the future.

“We think it’s a big thing, and I hope the industry recognises that too,” says Hepsworth.

Data Management Insight: What was the rationale behind this merger?

Ian Manocha: Mark and I have known each other and for quite a few years and have always seen the strategic value of working together.

Mark Hepsworth: We’re complementary businesses. We at Alveo focus on enterprise data management, market data, reference data and ESG data and Gresham has built a business around reconciliation, investment management data and connectivity services through to regulatory reporting. The common thread is that we’re both solving data management problems for customers in financial services.

DMI: Where do you see complementarity?

MH: There’s a lot of overlap in terms of some of our customers but also the type of customers that we both sell to, the parts of those customers that we sell to both on the sell side and the buy side, and in areas like exchanges. Also, often at a senior level the same person is responsible for what their firm is doing around market data, as well as reconciliations data for example, and data management..

DMI: What triggered the eventual decision to merge?

IM: A number of things really came together at the right time. There was STG’s interest in us and the board’s view that our shareholders would be open to an exit at the right price. And from a Gresham perspective, we had a sense that, at this stage of the company’s development, we were going to be better served coming off the public markets and having the backing of a large firm like STG to accelerate our journey to take on the opportunities that we were seeing in the market. Mark and I started having the ‘we are finally going to make this happen’, conversation.

DMI: What are those opportunities?

IM: Between us we’ve got the landscape well covered so the question is now, having got all that data and now having the capability to manage it and ensure the quality of it, and of course, the reconciliation capabilities, a part of that question is, ‘what more can we do with it – how can we convert that into a business opportunity for our clients’? That’s the exciting area. So we see an opportunity now to invest more in areas like AI and to invest more in other players in the market.

DMI: What are your plans for growth?

IM: Gresham built a business organically and with some M&A work – we’ve acquired four firms in my nine years at the company. But that’s become more difficult for us on the public markets. It’s well known that there are challenges around liquidity particularly for small caps. We now have the financial backing of STG to look at those opportunities, whether we go after other firms or through organic investment, to fill out that vision of being the leading player in the data automation space for capital markets.

DMI: What will the new company offer its customers?

MH: What we’re really looking to do is create a significant new player in data management for financial services. We now have a broader range of capabilities and data management solutions that stretches further across the enterprise than they did before so we can solve more problems for clients.

Clients have a real focus on data both operationally and in terms of efficiently processing that data and delivering to business users, and doing that with the right level of governance control and transparency. All our customers are regulated and ensuring that they’re using high-quality data in their downstream processes is very important.

IM: Our customers are looking for a real heavyweight player in the data automation and data management space. They want a single heavyweight, well-funded, global company with strong technology capabilities and deep domain expertise to be their partner in their digital transformation because they’re fed up working with people that don’t understand the detail of capital markets data, and they’re fed up with having too many parties to work with.

DMI: What factors are driving the demand you want to meet?

MH: What I’ve seen over the years is that clients effectively feel data management could be easier than it is, that there’s more manual process than then they’d like. Both our companies have really focused their roadmaps in recent years around how we make that easier for customers. We moved to the cloud and both adopted open-source technologies that facilitates easy data management, as well as focused on improving business user self service. We really want to make data management easier for customers and that’s really where we’re going with the automation piece in our new tag line

IM: I’ve long felt that customers are looking to simplify their operating models. It’s not just about having the technical software, it’s also the skills and the capacity to deliver the change that’s needed. That’s particularly true in the mid-sized and smaller firms. There’s no way they can possibly build all that capability in house so we want to be the partner that they seek to deliver that end to-end-capability as a service.

DMI: Are there any practical technical issues you have had to overcome in your integration?

IM: Both firms have got modern development shops, cloud-native tech stacks and we use modern tools, so the kind of legacy stuff that’s harder to move forward is not an issue for us. And at the product level, things like APIs and cloud solutions, you don’t necessarily need to have the deep level of integration you did in the past. So for customers that won’t be visible.

DMI: What products and services will you be offering initially and what do you have in the pipeline?

MH: We will continue to offer those solutions we’re famous for: data automation and control, reconciliations and exceptions management, market data EDM, investment management data aggregation and regulatory reporting. But we’re also excited to get going on new initiatives.

IM: First out of the gates will be offerings for investment managers leveraging the greater richness of data that we now manage on their behalf. Let me give you a practical example, in Alveo market data pricing projects we are readily able to source pricing data for liquid assets but often struggle to obtain pricing for illiquid assets. Whereas in many Gresham NAV reconciliation projects were are pulling latest available pricing for some illiquid assets. So together we can fill a price visibility gap for our customers.

There are many other examples where we can now inject valuable insights into core processes without firms having to invest in costly, risky, data lake projects.  And thinking more strategically, leveraging the Alveo data management technology will help business users with self-service and distribution of these combined data sets. It’s super exciting for us and the customers we’ve spoken to are also enthusiastic which it the acid test.

The post Meeting New Capital Markets Challenges: Gresham and Alveo Leaders Discuss Merger and Future Plans appeared first on A-Team.

The session was presented by Jefferies’ executives Sudhakar Paladugu, SVP Corporate Technology, and Manish Mohite, SVP Global Head Public Cloud.

Despite the best efforts of the International Swaps Dealers Association (ISDA) the middle office OTC derivatives confirmations (confirm) process has remained largely manual due to variations in templates across counterparties. Under the original process, middle office staff had to read through each third party confirm and manually check the details against the internal trade records.

Every counterparty would have a slightly different format and presentation, some were scanned photocopies of screenshots. With email attachments being the dominant communications platform, completing the confirm process manually was cumbersome and the prospect of automating received an enthusiastic response from the middle-office team.

Jefferies’ journey with AWS began in 2022 with the goal of modernizing the firm’s infrastructure by migrating to the cloud. A CRM platform, data-driven investment advice and applications across front, middle and back offices have followed.

The part of the trade lifecycle in focus for this case study begins after the trade, when trading desk and counterparty have agreed the terms and the middle office receives the counterparty’s trade confirmation. The manual step of reading, deciphering and checking has been automated through an orchestrated set of AWS tools.

Process Overview

This process begins when a user or an application uploads a confirmation image or PDF file to an Amazon S3 bucket. This initial upload action sets off a series of automated processes designed to analyse and extract data from the document accurately.

Once the document is uploaded to the S3 bucket, an Amazon S3 event notification is configured to trigger on detecting this action. This notification sends a message to an Amazon SQS (Simple Queue Service) queue. SQS acts as a decoupling agent that ensures the uploaded document is processed asynchronously. By placing the event notification in the queue, SQS helps manage the workload and ensures that the processing service is not overwhelmed by sudden spikes in uploads.

Upon receiving the S3 event notification from the SQS queue, an application or an AWS Lambda function invokes Amazon Textract’s StartDocumentAnalysis API. This API call initiates the process of extracting text, tables, and forms from the uploaded document. Textract uses advanced machine learning powered OCR to accurately analyse and extract structured data from the document for later matching.

After initiating the document analysis with Textract, the system saves the job ID and the S3 document key into an Amazon DynamoDB table. When Amazon Textract completes the document analysis, it sends a notification via an Amazon SNS (Simple Notification Service) topic. SNS ensures that the notification is delivered reliably and can trigger further actions in the processing pipeline.

Additionally, the extracted results from Textract are placed back into the designated S3 bucket. This structured data is now ready for further downstream processing.

An AWS Lambda function is triggered by the SNS notification to perform a fuzzy Sørensen-Dice match. This function compares the extracted data from Textract with pre-configured mappings stored in DynamoDB. The Sørensen-Dice coefficient, a statistical measure of similarity, helps in identifying and matching the relevant data fields even if there are slight variations or errors in the extracted text. This step returns a confidence interval for all extracted fields to facilitate the human-in-the-loop process.

After performing the fuzzy match, the Lambda function reads the merged JSON data from DynamoDB, which includes the mappings and matches identified in the previous step. It also accesses the original uploaded documents from Amazon S3 to cross-verify and ensure consistency. This integrated approach ensures that all data points are correctly aligned, and any discrepancies are resolved before the data is used in subsequent steps.

AWS API Gateway facilitates secure and efficient interactions between the web UI and the backend processes, allowing users to interact with the document processing pipeline seamlessly.

The final step involves a human-in-the-loop (HITL) interface where users can review the document processing results. This UI allows human operators to analyse the output, verify accuracy, and make any necessary adjustments to the mappings in DynamoDB. This step ensures that the system continuously improves and adapts to new document formats and variations, maintaining high accuracy and reliability in data extraction and processing.

Impact and Next Steps

The AWS powered process passed the T+1 test and is delivering and 80-90% reduction in processing time with further performance improvements expected as the solution is expanded to include additional asset classes. The goal is to convert the current build into a robust generic product API.

The Jefferies AWS roadmap includes leveraging AWS Bedrock to build an Operations Assistant with AI/ML and Generative AI (GenAI) as well as leveraging GenAI to boost efficiencies and performance across post-trade operations generally.

The post Jefferies Streamlines OTC Derivatives Clearing with AWS for T+1 and More appeared first on A-Team.

By David Turmaine, Head of International at Broadridge Consulting Services, and Maria Siano, Head of International Strategy at Broadridge.

Today’s digital world is increasingly complex, characterised by interconnected systems and data that is stored, and widely shared, online. Looking through a financial services lens, cyber threats and incidents are becoming more sophisticated, posing significant risks to financial stability and security.

The number of attack vectors has multiplied in line with the growing reliance on technology and associated spike in remote and decentralised working since the pandemic. A recent survey by the BCI, the global body for resilience professionals, revealed three-quarters of respondents had seen a rise in attempted breaches over the last year, with nearly 40% the victim of a successful cyber-attack.

The system modernisation and digitalisation journey that firms around the world are now undertaking, often to align with market developments such as the shortening of the settlement cycle to T+1, is filled with risks – which has led to a heightened regulatory focus on cybersecurity and operational resilience.

Against this backdrop, the EU’s Digital Operational Resilience Act (DORA) has come into force and in-scope firms – such as banks, investment firms, and designated fintechs – must be compliant from January 17, 2025.

DORA seeks to establish a clearer foundation for security and operational resilience in the financial services sector, while also aligning with other EU measures on cybersecurity and data. It is the most comprehensive resilience regulation currently yet seen in this space, but the thinking is reflected by other jurisdictions around the world, with regulators increasingly demanding that financial institutions bolster their operational resilience.

Japan, for example, has introduced the Economic Security Promotion Act (ESPA), whilst the Australian Prudential Regulation Authority (APRA) has published a new Prudential Standard (CPS 230 Operational Risk Management) that will direct how regulated entities manage operational risks, resilience, and business continuity. In July 2023, the US Securities and Exchange Commission (SEC) adopted rules requiring registrants to disclose material cybersecurity incidents.

What are the main components of DORA?

DORA is the most in-depth regulation to date aimed at strengthening cybersecurity amongst financial institutions.

It is seen as a means of compelling more firms to work internally, and with their third-party information and communications technology (ICT) service providers, to improve their threat assessments, cyber incident management, and overall resilience. It is also a positive step towards a more harmonised EU framework that will enhance the digital operational resilience of financial services across the region whilst preventing widespread contagion that could undermine the financial stability of the bloc.

DORA is structured around five pillars, which cover governance, resiliency, incident management, and reporting. A common thread is the protection of data as it passes through both a financial institution and then the ecosystem around it, such as vendors.

The first pillar is ICT risk management, which mandates firms to implement robust risk management practices for their systems to prevent cyber-attacks and disruptions. They must also develop and maintain effective recovery and continuity plans to ensure the uninterrupted provision of critical financial services in the event of a cyber incident.

The second pillar is incident management, with DORA requiring entities to establish and maintain robust mechanisms for identifying, classifying, and recording incidents. Additionally, financial institutions will be required to report significant incidents to regulators within a tight timeframe to ensure timely responses and coordination.

The third pillar is digital operational resilience testing, and here we see some of the newer demands that firms must now quickly familiarise themselves with. Firms must conduct regular resilience testing to verify the effectiveness of their digital resilience strategies, and this includes advanced threat-led penetration testing at least every three years to address higher levels of risk exposure. Test results will need to be sent to the regulator for validation and approval.

The fourth pillar relates to third party risk management and oversight. Recognising that the digital operations of many organisations are closely intertwined with third party providers, DORA puts an emphasis on managing the risks associated with these external partners. Firms will be expected to conduct enhanced due diligence on their providers and include provisions in their contracts to ensure they also comply with strict digital resilience standards.

The final pillar outlines the importance of sharing information and intelligence about cyber threats and vulnerabilities amongst organisations. By creating a more collaborative environment, the hope is firms can tap into a wealth of knowledge and experiences, building their capacity to predict and address challenges. This collective understanding can foster the creation of effective policies and proactive strategies, ultimately improving the digital resilience of individual organisations and the financial industry as a whole.

The key steps to building operational resilience

DORA will place further pressure on firms to implement better cybersecurity measures and bolster their operational resilience in the coming years, but it is already front of mind for many in the financial services industry.

Broadridge’s 2024 Digital Transformation & Next-Gen Technology Study highlighted that in the next two years, financial firms will boost their investments in cybersecurity by nearly a third (28%). Furthermore, cybersecurity is the top capability that executives expect from their technology vendors, outpacing their ability to deliver projects on time and on budget.

As we look towards the DORA compliance date next January, what steps should firms be taking to build up their operational resilience?

It is crucial to assess existing business practices and processes, and identify the gaps, when it comes to meeting the DORA requirements. This will enable firms to create a robust roadmap for compliance whilst implementing stronger ICT risk management practices.

The first thing for firms to do is to ensure they fully digest and understand the regulation, and how it impacts their business model. They can then correlate that against what is already in place for their operational resiliency. Firms then need to identify their risk factors and map them against DORA, as well as their existing enterprise risk framework.

These steps will allow firms to effectively carry out their remediation planning. Resiliency in the past has typically been quite inward looking, with a focus on ensuring their own house is in order. DORA shifts the dial and will mandate them to now extend this externally across third party vendors and strategic partners, analysing the critical paths for the critical functions, whether that is trade data, settlement data, or any other element.

Firms will need a complete line of sight so they can take an informed risk decision on each of their current resiliency stances and provisions in order to make sure they are compliant with DORA.

For larger firms, their size will make it more difficult to locate the risks. They will often have hundreds of internal applications and platforms they will need to dissect to understand the interdependencies and find the critical paths that hold the data. They will also need to ascertain the risks across their vendor community.

For smaller firms, the challenge will be finding the right people to guide this, who can do it alongside their day job. They may struggle to get this project shaped and delivered on time. And they should not underestimate the resources needed to do a thorough analysis and then implement the changes DORA requires. They will also need to effectively ensure ongoing regulatory compliance, which can be costly.

Continuous improvement is an objective of DORA. Some elements of the regulation are prescriptive in terms of duration and frequency – such as annual testing of all critical ICT systems, and the advanced threat-led penetration testing every three years. But it will also be important for firms to make sure they refer back to the regulation and remain compliant whenever they change their IT footprint by acquiring new technology, which potentially introduces new vulnerabilities.

Unlocking new benefits

Whilst the journey towards DORA compliance is complex, it is also one that can unlock significant benefits for ambitious financial services firms.

This includes improved cyber defences; DORA will help financial institutions to enhance their cybersecurity measures and protect their critical systems and data from increasingly sophisticated cyber threats.

By improving long-term operational resilience, DORA can also help to reduce the financial impact of cyber incidents and other disruptions, ultimately saving organisations from costly recovery efforts.

Financial firms can instil greater confidence amongst their customers and stakeholders by demonstrating their ongoing commitment to safeguarding digital assets and services. And, perhaps most importantly, given the increased interconnectivity of firms, DORA can drive greater resiliency across financial markets as a whole. It can help to safeguard the stability of the whole, as well as its parts.

The post DORA: Preparing the Pathway to Enhanced Operational Resilience appeared first on A-Team.

The Adaptive Intelligent Document Processing product will enable financial institutions to automate the extraction of unstructured data for ingestion into their systems. The London-based company said this will let market participants automate a choke-point that is often solved through error-prone manual processes.

Duco’s AI can be trained on clients’ specific documents, learning how to interpret layout and text in order to replicate data gathering procedures with ever-greater accuracy. It will work within Duco’s SaaS-based, no-code platform.

The company won the award for Best Transaction Reporting Solution in A-Team Group’s RegTech Insight Awards Europe 2024 in May.

Managing unstructured data has become a key goal of capital markets participants as they take on new use cases, such as private market access and sustainability reporting. These domains are largely built on datasets that lack the order of reference, pricing and other data formats with which it must be amalgamated in their systems.

“Our integrated platform strategy will unlock significant value for our clients,” said Duco chief executive Michael Chin. “We’re solving a huge problem for the industry, one that clients have repeatedly told us lacks a robust and efficient solution on the market. They can now ingest, transform, normalise, enrich and reconcile structured and unstructured data in Duco, automating data processing throughout its lifecycle.”

The post Duco Unveils AI-Powered Reconciliation Product for Unstructured Data appeared first on A-Team.

By Osvaldo Berrios, SME, Compliance, NICE Actimize.

The financial services industry is undergoing a transformative shift, with artificial intelligence (AI) playing a central role. Investment firms are starting to explore the potential of Generative AI (GenAI) to enhance their business dealings, particularly in the areas of monitoring, surveillance and regulatory compliance.

Monitoring and Surveillance

One of the primary areas that GenAI provides value to investment firms is detecting anomalies. GenAI can be trained on historical data to identify patterns of normal advisor activity which can then detect aberrant activity. This allows firms to detect potential red flags, such as unusual trading patterns or suspicious communication with clients, much faster than traditional methods.

By generating realistic hypothetical scenarios, GenAI can help firms test and refine their surveillance processes. This can be particularly valuable in areas like fraud detection and market manipulation. GenAI can automate the creation of reports on advisor activity and potential compliance issues. This frees up human compliance staff to focus on more complex investigations.

The effectiveness of GenAI models is highly dependent on the quality and quantity of data used for training. Biased datasets can lead to biased AI models, potentially amplifying existing inequalities in the financial system

Compliance with Regulations

Regulatory Document Generation is another key role played by GenAI techniques. GenAI can be used to generate regulatory reports and other compliance documents, saving firms significant time and resources. And since regulatory landscapes are constantly evolving GenAI can be trained to stay updated on new regulations and identify potential compliance risks associated with new investment products or strategies.

GenAI can also personalize compliance training for advisors based on their specific risk profiles and areas of expertise.

Challenges and Considerations

While GenAI offers exciting possibilities, implementing it effectively requires addressing some key challenges. The effectiveness of GenAI models is highly dependent on the quality and quantity of data used for training. Biased datasets can lead to biased AI models, potentially amplifying existing inequalities in the financial system. Understanding how GenAI models arrive at their conclusions is crucial. Firms need to ensure these models are transparent and explainable to maintain trust and mitigate potential regulatory concerns.

GenAI is a powerful tool, but it should not replace human expertise. Firms still need experienced compliance professionals to interpret AI outputs and make informed decisions.

Negative Aspects

Is job displacement an issue today? Automation through GenAI may lead to job losses in compliance departments. This necessitates retraining and upskilling existing staff to adapt to new workflows. There may also be a potential for misuse. Like any powerful technology, GenAI could be used for malicious purposes such as generating fraudulent documents or manipulating markets. Robust security measures are crucial to mitigate these risks.

The Road Ahead

GenAI holds immense potential for investment firms to enhance their monitoring, surveillance, and compliance capabilities. However, successful implementation requires careful consideration of data quality, bias, explain ability, and the role of human oversight. As technology matures and regulatory frameworks adapt, GenAI is poised to revolutionize how investment firms manage their business dealings and navigate the ever-changing regulatory landscape.

For more information on NICE Actimize’s applications for capital markets, see: https://www.niceactimize.com/financial-markets-compliance/.

The post Investment Firms Embrace Generative AI: A Boon for Monitoring and Compliance appeared first on A-Team.

The RegTech Insight Awards recognise established providers and innovative newcomers that offer solutions that are successfully improving firms’ ability to respond effectively to evolving and ever more complex regulatory requirements across the global financial services industry. Winners are selected by A-Team Group’s independent, expert advisory board in collaboration with its editorial team.

Chris Dingley, chief executive of Single Rulebook, spoke to RegTech Insight about the importance of winning this award and explained why and how Single Rulebook was developed and outlined the benefits it can deliver.

A-Team: What does winning A-Team Group’s 2024 RegTech Insight Europe award for Best Solution for Regulatory Change Management mean to Kaizen?

Chris: We are delighted. It’s recognition for all the hard work and effort that our team has made over the last year to develop the platform further and it also recognises the unique Law Compare solution that we have developed with Linklaters, which makes it easier for firms to manage not only regulatory change but also differences in regulation across jurisdictions.

A-Team: What types of capital markets clients does Single Rulebook work with?

Chris: Single Rulebook is a software solution that enables clients to search, share and manage regulatory rules on one digital platform. It was established with the aim of making regulation manageable and easy.

Through powerful and dynamic rule maps, Single Rulebook’s user interface promotes collaboration, and information sharing.

It is especially helpful to banks, asset management companies and law firms – enabling them to work more efficiently with changes and updated to financial regulation. More than just a search tool, the platform also integrates with a client’s own systems and delivers an audit trail of regulatory change and decision making, saving time and cost.

A-Team: What challenges are these clients facing?

Chris: There are three main challenges:

• Ever-changing and new regulations: Global regulation is continually evolving. Not only are new rules introduced but existing rules are continually tweaked and updated. It can be time consuming trying to locate a specific piece of regulation and ensuring it’s the most recent version.
• Sharing and collaborating effectively on regulation: Legal interpretations of regulatory rules need to be kept up to date, shared and communicated across large organisations which can become unmanageable and a company’s view of regulation can change over time.
• Keeping an audit trail of regulatory interpretations and implementation: Firms must demonstrate compliance with each applicable rule and their pathway to regulatory compliance. Some leeway is provided in the initial period after a new piece of regulation is introduced, however regulators’ expectations become more stringent over time and it’s important to be able to demonstrate immediate compliance to auditors and regulators. Spreadsheets and email chains are not effective tools for showcasing a firm’s regulatory interpretations and the implementation of rules. It’s important to demonstrate operational change and regulatory compliance efficiently and Single Rulebook can do this digitally and in real-time.

A-Team: How does Kaizen help customers address these challenges?

Chris: Single Rulebook provides one digital source for regulatory research, making life much easier for legal and compliance teams, with employees able to retrieve regulatory text and rules quickly and efficiently.

Single Rulebook uses natural-language processing to improve many workflows and processes so that regulatory opinion and interpretations can be shared and accessed digitally on one common platform. It provides the functionality to annotate regulation so that the company’s approved stance can be accessed by all team members.

In 2023, we developed Law Compare in conjunction with Linklaters to support their in-house teams and provide their clients with quick and easy access to regulatory comparisons and guidance on the differences and changes brought about by diverging EU and UK MiFID II regimes.

The online Law Compare tool provides a single authoritative source of the most up-to-date regulation and guidance, and offers full coverage of EU and UK MiFID II regimes, from Directives, Regulations, Regulatory Technical Standards to Level 3 guidance, with the potential to extend to other areas of regulation. The legislation hosted on the Single Rulebook platform is complemented by Linklaters’ guidance which provides an invaluable record of the firm’s legal views, interpretation and comments relating to specific provisions and areas of EU-UK divergence.

A-Team: How will you develop the solution over the next year?

Chris: The year ahead will see further regulatory change across many global regulations, particularly in the UK and Europe, with the EMIR Refit and upcoming amendments to MiFID II.

It’s essential that firms can not only keep abreast of these changes but also compare versions. We’re looking forward to continuing to help our clients manage regulation and make it easier for them to navigate the changes ahead. We also have lots of exciting developments and new projects in the pipeline for Single Rulebook, which we will be sharing over the course of the coming months.

The post Kaizen’s Single Rulebook Wins Award for Best Solution for Regulatory Change Management in A-Team Group RegTech Insight Awards Europe 2024 appeared first on A-Team.

“It has been a humbling period for many firms, dealing with the isolating challenges of adapting to the EMIR Refit” says Paul Rennison, Director, Corporate Strategy at deltaconX, and a panelist on A-Team’s upcoming Best Practices in Regulatory Reporting webinar on July 16.

According to Rennison, deltaconX has its origins in a post-trade project that led its founders to conclude that the back office should be built around data rather than around process. The developers decided to build a regulatory reporting tool from the bottom up that was based on data and configuration rather than coding and adding regulation after regulation.

Fast forward to today, and the company boasts a diverse client base of primarily sell-side firms as well as buy-side institutions, energy companies, and large corporates with a core focus on OTC derivatives markets. The company has a strong presence in Europe and is expanding in Asia-Pacific with plans for the US and Canada next year.

“On the financial side, we’re very strong in the debt asset class DAC area,” says Rennison, “because that’s where we’re born out of – Switzerland. We develop and support the product from Vienna, Austria. The only deviation we’ve had from our core focus is on money management reporting (MMSR). Some of our German, Austrian and Danish banks want us to do this reporting into their central banks. So, we’ve extended the model to become a one stop shop for their reporting within that data set.”

The company has grown organically reaching what Rennison describes as a “tipping point” in 2023, with the addition of global energy giants BP and Shell along with regional banks Helaba, Raiffeisen and Nykredit and banking groups like SDC and BEC in the Nordic region. The company doubled in size last year.

The company also white-labels its services through two major solution providers, Simcorp and Finastra. “Reg reporting is a low margin business relative to risk management or treasury management systems,” says Rennison, “so this makes economic sense to them and its good business for us and some clients never see deltaconX, it’s a pure white label service.”

Blended Skillsets

Compliance and regulatory data systems are complex, and their work often considered unglamorous. Yet the expectation is that their systems will function flawlessly at all times. Failure in controls not only escalates costs and stretches resources but also attracts the attention of regulators, leading to significantly higher operational costs and potential fines.

Rennison describes the typical scenario, “When the controls fail and things begin to unravel, your costs spiral, your resources are already stretched, and you appear on the radar of the regulator, and next you’re in the spotlight of the regulator. And once you’re in that spotlight, your costs become multiple times the costs to operate in compliance. And that’s before the fines kick-in.”’

Understanding the urgency of their clients’ needs in markets operating on T+1 and T+0 schedules, deltaconX ensures direct access to knowledgeable professionals without offshoring triage or using scripts. This approach guarantees that clients reach the right person immediately, facilitating swift issue resolution.

For the core team, deltaconX recruits individuals from banks and other reporting firms, leveraging their deep regulatory reporting experience. The team, characterized by empathy and deep domain knowledge, handles the interpretation of regulatory changes and their integration into deltaconX’s data schema. They also possess strong technology skills, enabling a blend of technical and regulatory expertise that becomes crucial in high-pressure environments.

This blended role, which integrates deep technical, compliance and regulatory skills, is unusual in the regulatory reporting industry. Rennison underscores this as a key differentiator – “The difference is one of those things that’s almost intangible until you need it, and then it becomes very tangible, and very addictive. Our ability to resolve issues swiftly in a T+1 environment through a single point of contact crystalises our value and makes our service incredibly sticky.”

Foundational Technology

Built from the outset on a cloud-native architecture, the deltaconX platform offers scalability, cost control, and continuous updates, which are essential for managing complex regulatory requirements.

“It’s not a lift-and-shift ported into Kubernetes on a hope and a prayer” says Rennison, “This gives us the elasticity to scale and control cost and be in a continuous release cycle. We do six planned releases a year.”

This cloud-native approach allows deltaconX to stay ahead of regulatory changes, whether initiated by regulators or required by Trade Repositories (TRs) or other agencies, without being constrained by clients’ operational cycles.

Data Lineage and Audit

deltaconX has decided to partner with a specialist data provider to handle the new unique product identifier (UPI) requirements. Rennison described the process to RegTech Insight.

“Layered within this wave of refits is the OTC reference data chain including the unique product identifier (UPI). We partnered with RegTech DataHub for this. They take data from Anna DSB and capture and other sources of public domain data. They’ve built a highly performant and referenceable repository of that data.”

Rennison continues, “We send an excerpt of the data on every trade, and they qualify the ISIN and the UPI and enrich where necessary. It’s the first time we we’ve had to move outside of the core data schema and partnering with a specialist solution provider made sense.”

deltaconX goal is to achieve near-full validation on schema and Regulatory Technology Standards (RTS) for supervisory authorities, ensuring the accuracy of all data elements, including counterparty data. deltaconX captures data at the field level and tracks changes, maintaining a fully auditable lineage for each trade. This includes reconciliation and records of every file returned by the TR.

Every record returned, including reconciliations, is identified, allowing clients to compare their submissions with those of their counterparties, even when different TRs are involved. The data remains permanently on the system, fully auditable, which is another advantage of being cloud-native, eliminating the need for facilities like Iron Mountain.

Staying Focused

DeltaconX’s concentration on regulatory transaction reporting over the past decade, with no diversification into other products, ensures focused expertise and uninterrupted development investment. As an owner-managed company with no external investment or debt, deltaconX maintains significant freedom to navigate financial challenges and align closely with customer needs.

The post Addressing the Global Refit with deltaconX appeared first on A-Team.

While these requirements are well-understood, they are hard to implement. But emerging AI-powered solutions are beginning to show efficiency gains in compliance use-cases, with the promise of making the regulatory data management and reporting process more efficient.

To explore the current landscape of regulatory reporting, identifying key challenges and practical solutions, A-Team is hosting its Best Practices in Regulatory Reporting webinar on July 16.

In this webinar, we’ll delve into next-generation best practices and innovative technologies, including domain trade data, AI, and machine learning. Our experts will discuss actionable insights on implementation, ensuring you walk away with practical strategies.

You’ll hear from Jehangir Abdulla, Head of Back Office Development at Schonfeld Strategic Advisors LLC.  

Jehangir will be joined by Unmesh Bhide, Director, Securitized Products Valuations at LSEG Data & Analytics and Joshua Beaton Head of Non-Financial Regulatory Reporting (NFRR) at Wells Fargo. 

Finally, Paul Rennison, Director, Corporate Strategy at deltaconX, will be on hand to share his 25 years of experience working for the likes of the London Stock Exchange, Trayport, FIS and now with the Swiss regulatory transaction reporting specialists, deltaconX. Speaking with RegTech Insight Rennison had this message for prospective attendees:

“I think being able to report and manage and track internally up to executive level has been really, really difficult. And I think if you’ve done this alone, i.e. you’ve not used a technology provider who has multiple other clients and experiences, the current low levels of transparency have created unease and uncertainty about whether you are complying. Regardless that this is a market-wide problem not being able to get shared validation of your experiences has made the whole experience far more damaging, I think it is important for people to know that what they are experiencing isn’t unique and it will get better but the experience has been worse for some and that is not a great outcome.”

Don’t miss out on this opportunity to hear about best practices for regulatory reporting and opportunities to unlock significant operational and business benefits.

Register now to discover:

• The current state of regulatory reporting
• The necessity of adopting new approaches
• The latest technologies, services, and solutions
• Practical guidance for seamless implementation
• The operational and business advantages of modernized regulatory reporting

The post Regulatory Reporting: Best Practices in 2024 and Beyond appeared first on A-Team.