This has now been woven into Delta Capita’s AI-powered Karbon suite, which aims to streamline client onboarding, KYC, AML and regulatory compliance processes. LSEG remains a customer, and in May Daiwa Capital Markets Europe chose the solution to help streamline access to Asian markets for non-domestic customers.

RegTech Insight recently spoke with Karan Kapoor, Global Head of Regulatory and Post-Trade Consulting, and Niamh Kingsley, Head of Product Innovation and AI, to hear more about these developments and Delta Capita’s approach to guiding capital markets firms through their regulatory challenges and overall digital journey.

Regulatory and Post Trade Consulting

Kapoor’s global consulting group includes a core SME team of regulatory compliance experts with deep industry expertise that’s tasked with scanning for regulatory changes and assessing impacts on the industry and client’s obligations. The team has partnerships with a number of horizon-scanning firms that provide data feeds and client focused impact assessments from non-core jurisdictions and a law firm for guidance on the specific legalities of a regulatory change.

In addition to providing advisory services, the SME team curates and publishes thought leadership bulletins for clients and the public.

The consulting team has been busy helping firms with post-trade challenges resulting from the CSDR refit and T+1 initiatives. In Europe they are actively involved in the Association of Financial Markets in Europe (AFME) T+1 working group.

Kapoor’s team has been helping clients navigate the transaction reporting challenges ushered in by the various refits. “The Q&As for the UK EMIR [regulation] that’s supposed to go live end of September have only just been released in July, so there’s a lot of work still going on around testing, and our teams are deeply involved with these initiatives.”

Third-party risk management and control frameworks driven by the upcoming Digital Operations Resilience Act (DORA) and Prudential Regulation Authority (PRA) supervisory statements issued earlier this year are another high-demand area along with assistance with ESG data acquisition.

Remediation programs and assurance work around data quality are underway at a number of clients around MIFID – identifying data-quality issues, where they’re non-compliant or at-risk, and helping with remediation efforts.

In one of the latest advisory projects, they have been asked by a client to create a mock regulatory examination to prepare for the types of questions they’ll be asked, and the levels of evidence regulators will be expecting to see. This is being run by SMEs who have “lived through multiple examinations in the past.”

Delta Capita is seeing a lot of demand for expertise and advisory services around AI regulation and best practices. For example, a firm might want to understand how regulators in Hong Kong and Singapore are responding to the EU AI act.

Kingsley notes that in addition to regulatory and technology debt, there is a significant skills debt that the regulators are starting pick up on. She continues, “when we look at things like the FCA sandboxes, the SS123 model risk management principles from PRA, the EU AI act 2024, regulators are taking a more collaborative approach. But they’re also starting to mandate a level of institutional education as part of that regulation. For example, it’s a requirement in the EU AI act that if you’re deploying AI, you must have a level of enterprise education, and I think that’s really significant.”

Innovation and AI

At the core of Delta Capita’s strategy is a commitment to leveraging advanced technologies in its mission to ‘Reinvent the Investment Banking Value Chain’.

Kingsley explains how they differentiate with a ‘post-digital, post-trade’ point of view. “I think what makes us different at ‘DC’ is that while we have this retrospective view of ‘okay you need to become compliant and you need to need to remediate and problem solve, we also have a proactive forward-looking view.”

Kingsley continues, “so, we talk about the post-digital space, and we have a lot of thought leadership published for ‘post-digital post-trade’, and soon we’re doing a similar series for CLM. For us it’s about taking new technologies like AI, distributed ledger technology (DLT), robotics, extended reality (AR/VR), mutualization and then cloud and Quantum computing as well.”

Some of the latest innovations from Delta Capita include the Karbon CLM solution and MACH, a suite of six DLT-based solutions for post-trade processes. Karbon is a CLM platform designed to automate and streamline KYC and AML processes. It uses AI and machine learning to reduce the time and costs associated with these compliance tasks by up to 40%. Karbon automates data sourcing, profile enrichment, identity management, and screening, significantly enhancing operational efficiency and regulatory compliance. The platform’s modular components can be integrated via API or used as standalone tools, allowing flexibility in deployment.

Launched in October 2023, MACH is a suite of DLT solutions aimed at enhancing transaction processing in capital markets. It supports the design, implementation, and execution of complex transactions, offering improved efficiency and transparency. MACH stands out for its use of blockchain technology to streamline post-trade processes, reduce operational risks, and increase the security and integrity of transaction data.

Future Focus and Strategic Recommendations

So what are the top three actions that compliance practitioners should be considering today.

Kingsley: “I would encourage every institution to benchmark their AI strategy against institutional standards. We work with AFME where we run the forum on GenAI risk and a benchmarking standards.”

“Secondly, institutions need to start thinking now about their post-digital strategy. Some things like DLT, robotics, AI and Quantum, I don’t believe that those are a 10-year problem. I think that’s a three-year problem and that we’re going to see real cyber security challenges in quantum in the next three years.”

“And then the third thing is the digital upskilling. You know AI is not going to replace your job, but you could be replaced by someone that can use AI effectively.”

Kapoor’s three takeaways include advising organizations to adopt a strategic approach to regulatory compliance, to ensure long-term alignment with evolving regulations and lastly, the need for robust governance frameworks.

“It’s around governance and getting the right frameworks in place. This exercise to try and consolidate the compliance landscape in one place seems like a very tedious task which involves lots of policy reviews and policy architecture questions.”

“But having done that once, you have a clear understanding of how you’re compliant as a business. Whether you’re running a trading business or running a lending business, all the regulations that you’re supposed to be compliant with are clearly defined in one place, and you have visibility into your compliance status. Having the right controls in place and having a clear understanding of how they connect policy to regulation makes regulatory changes easier to manage in the future.”

The post Delta Capita’s Kapoor and Kingsley Outline Compliance Tech Strategy appeared first on A-Team.

According to MCO CEO Brian Fahey, “Pythagoras fills key gaps in our compliance offerings, enhancing and complementing our existing solutions – particularly our KYTP/KYC suite. We believe this strategic move will enable us to introduce a wider range of integrated, best-of-breed solutions to the market.”

Continuous monitoring ensures that any changes in the risk profile or compliance status of third parties are swiftly identified and addressed. To support organizations in meeting global regulatory requirements, KYTP is designed to comply with anti-bribery and corruption (ABC) laws, AML regulations, and other relevant standards. The platform also includes automated alerts and notifications, enabling immediate action when significant changes occur in a third party’s risk profile.

Robust audit trails and customizable reporting tools, essential for maintaining transparency and accountability in third-party risk management can be tailored to specific regulatory requirements. The platform’s integration capabilities allow it to interoperate seamlessly with other compliance management systems and databases. Despite its advanced features, KYTP is designed with a user-friendly interface, making it accessible to compliance teams and other stakeholders, even those without extensive technical expertise.

Complimentary features of Pythagoras’ Know Your Partner business screening module include a multilingual user interface and screening for non-Latin characters including Chinese, Japanese, Arabic, Cyrillic and 30 other languages with a wide range of reference data sources for reconciliation. The Know Your Supply Chain module, meanwhile, includes configurable parameter weighting for automatic risk scoring and supports ad hoc workflow integration. The KYS module is ESG-oriented and ready to support the many sustainability directives coming onstream over the next year.

The post MCO Extends KYC/KYTP Reach with Pythagoras Acquisition appeared first on A-Team.

The Crowdstrike incident offers a timely case-study for firms as they upgrade and evaluate their operational resilience frameworks for the new obligations required by DORA and other regulatory updates.

Regulatory oversight of disaster recovery planning (DR) and business continuity planning (BCP) has been in place for decades. But as markets have become increasingly digital and interconnected, new sources of operational risk have emerged in the form of cyber security threats and in turn, regulators have been updating their compliance obligations.

DORA is the most comprehensive and prescriptive (rules-based) set of operational resilience obligations yet to come into force. Other jurisdictions have tended to be more principles-based rather than rules-based, offering recommendations defining rules in terms of standards and best practices.

DORA is based on five pillars, each of which is covered to some extent by existing or emerging regulations in the other jurisdictions.

Information, Communications and Technology Services (ICT) Risk Management

ICT risk management is a cornerstone of operational resilience, focusing on identifying, assessing, and mitigating risks associated with critical IT functions. The FCA has published Operational resilience: insights and observations for firms that lays out feedback and advice on the obligations firms under its jurisdiction must meet by the end of March 2025.

Incident Management and Reporting

Effective incident management is crucial for minimizing the impact of disruptions on financial entities. The UK’s Prudential Regulation Authority (PRA) outlines requirements for firms to develop and maintain incident management frameworks that enable rapid identification, classification, and resolution of ICT-related incidents. This includes establishing clear communication channels and reporting mechanisms to ensure timely response and recovery.

Under the EU, DORA mandates that financial entities implement robust incident management processes. Firms must classify incidents based on their severity, report significant incidents to the relevant authorities, and conduct post-incident reviews to improve their resilience frameworks. This proactive approach helps mitigate the impact of disruptions and enhances the overall stability of the financial system.

Resilience Testing

Digital resilience testing involves evaluating the robustness of ICT systems through regular assessments and simulations. The CBEST guiding framework from the PRA is a targeted assessment that allows regulators and firms to better understand weaknesses and vulnerabilities and take remedial actions, thereby improving the resilience of systemically important firms and by extension, the wider financial system.

In line with the growth of threat-led penetration testing frameworks around the world, CBEST remains a highly effective regulatory assessment tool that can be conducted on a cross-jurisdictional basis with other international regulators and frameworks.

In the EU, DORA introduces requirements for digital resilience testing, including advanced testing methodologies like Threat-Led Penetration Testing (TLPT). Financial entities are required to conduct these tests periodically (at least every three years) to identify and address weaknesses in their ICT infrastructure and ensure they can withstand and quickly recover from cyber incidents and other operational disruptions.

Managing Third Party Risk

The FCA and PRA have set out guidelines for firms to assess and manage risks associated with third-party relationships, including contractual obligations, performance monitoring, and contingency planning.

DORA places significant emphasis on third-party risk management, requiring financial entities to ensure that their ICT service providers meet resilience standards. This includes conducting due diligence before engaging third-party services, establishing clear contractual terms, and maintaining oversight throughout the relationship. Firms must also have exit strategies in place to mitigate risks associated with the sudden loss of critical third-party services.

Information and Intelligence Sharing

Information sharing is a critical component of operational resilience, enabling financial entities to stay informed about emerging threats and best practices. The Financial Stability Board (FSB) encourages cross-border cooperation and information exchange to enhance global financial stability. This involves sharing threat intelligence, incident reports, and resilience strategies among financial institutions and regulatory bodies.

In the EU, DORA promotes information sharing as a means to enhance the collective resilience of the financial sector. Financial entities are encouraged to participate in information-sharing arrangements to gain insights into cyber threats and operational risks. This collaborative approach helps firms improve their resilience frameworks and better protect against systemic disruptions.

Under DORA, the CrowdStrike event would be a reportable incident. Details of exactly what went wrong are still emerging. It serves as a valuable case-study against which firms can scenario-test their ICT risk management frameworks against this type of systemic event.

The post CrowdStrike Incident Tests Operational Resilience appeared first on A-Team.

The United Nations estimates that between 2-5% of the global GDP, approximately $800 billion to $2 trillion, is laundered annually. Additionally, fraud alone is projected to cost companies worldwide over $5 trillion each year.

Artificial intelligence (AI) and increasingly Generative AI (GenAI) is being integrated into FinCrime solutions for enhanced performance and to keep pace in the cat-and-mouse game with increasingly sophisticated financial criminals.

AML Partners

RegTechONE is a no-code platform designed to streamline compliance and regulatory processes for financial institutions. It enables users to create custom workflows, archive data, and integrate compliance tools without the need for extensive coding expertise.

The platform supports Directed Intelligence, allowing institutions to train AI models using their specific compliance data, ensuring that the AI tools are aligned with internal risk management strategies. RegTechONE is fully scalable, making it adaptable to the evolving needs of institutions and regulatory landscapes. The implementation of Directed Intelligence involves a step-by-step approach that integrates AI into existing compliance workflows. This process allows for customization to fit the specific compliance needs and risk profiles of different institutions. By integrating Directed Intelligence into current systems, institutions can enhance their decision-making processes and ensure ongoing regulatory compliance.

Directed Intelligence is a method that captures the decision-making processes of Compliance and GRC professionals as an event log which is then used to train AI models. This approach ensures that models are tailored to the specific compliance strategies and requirements of an institution, providing a level of customization that out-of-the-box AI solutions cannot match.

Traditional pre-trained AI models often operate as “black boxes,” lacking transparency and potentially misaligning with an institution’s AML needs. Directed Intelligence addresses this by allowing institutions to train AI in-house, directly informed by their unique data and risk assessments. This not only enhances transparency but also ensures that the AI models are fully aligned with internal compliance strategies and risk tolerances.

The in-house training process offered by Directed Intelligence provides institutions with control over the AI’s development, ensuring that it accurately reflects their compliance strategies. By capturing compliance decisions and using them to train AI models, institutions can train models that are better aligned with their specific compliance functions. enhancing the overall effectiveness of the compliance processes.

https://amlpartners.com/

Chainalysis

Chainalysis offers several key features for mitigating financial crime through its blockchain data platform. Their solutions are designed to help financial institutions, law enforcement, and centralized exchanges detect, disrupt, and deter illicit activities involving cryptocurrencies.

For financial institutions, Chainalysis provides tools to conduct due diligence, monitor transactions, and assess risk associated with digital assets. These tools allow institutions to safely onboard clients, generate new revenue opportunities, and maintain compliance with regulatory standards. Their solutions include real-time transaction monitoring, customizable alerts for suspicious activities, and advanced due diligence capabilities to trace the origins and destinations of crypto transactions????.

Centralized exchanges benefit from Chainalysis through comprehensive transaction monitoring and enhanced due diligence on suspicious activities. By leveraging on-chain data, exchanges can ensure transparency, mitigate risks, and comply with evolving regulatory standards. Additionally, Chainalysis offers tools for assessing on-chain entity risks and generating actionable insights to enhance user engagement and retention strategies??.

Overall, Chainalysis uses its extensive blockchain data and advanced analytics to support a secure and compliant crypto ecosystem, enabling various stakeholders to effectively manage and counteract financial crimes in the digital asset space????.

https://chainalysis.com

ComplyAdvantage

ComplyAdvantage provides a robust suite of features aimed at helping banks and financial institutions combat financial crime. Their core offering is an AI-powered financial crime database, encompassing sanctions, watchlists, politically exposed persons (PEPs), and adverse media data, which is continuously updated and verified for accuracy. This AI-driven system enhances risk identification and mitigation.

Their Know Your Business (KYB) solution automates business customer verification, incorporating dynamic risk scoring to monitor changes in a business’s risk profile, thereby streamlining onboarding processes and improving adaptability to risk status changes.

ComplyAdvantage also offers comprehensive sanctions screening, AI-driven transaction monitoring for real-time detection of suspicious activities, and adverse media monitoring using natural language processing to track global news sources. Their Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) tools streamline risk assessments, while their fraud detection capabilities analyse transaction patterns and customer behaviours to flag anomalies. Together, these features help financial institutions stay compliant and effectively combat financial crimes with advanced technology and data-driven insights.

https://complyadvantage.com

ComplyCube

ComplyCube offers a range of solutions to mitigate financial crime, focusing on comprehensive KYC and AML functionalities. Their customer screening includes sanctions and PEP screening, adverse media checks, watchlist screening, and continuous monitoring to ensure real-time updates. They provide robust identity assurance through document verification, biometric checks, and multi-bureau checks to authenticate customer identities. For due diligence and compliance, ComplyCube offers smart KYC checks, AML solutions, risk scoring, and customer due diligence processes. These features help financial institutions streamline compliance and effectively deter fraud and other financial crimes.

https://complycube.com

Delta Capita

Using artificial intelligence and machine learning, Karbon provides a rules-based workflow engine, along with data sourcing, profile enrichment, digital outreach, identity management, screening, KYC risk scores, policy controls and MI reporting.

Karbon, the expert-led digital client lifecycle management (CLM) platform empowers financial institutions to automate time-consuming processes and reduce costs. The Karbon Portal supports our Managed Service with clear case and entity management, integrated with our client outreach and ID&V offerings and full API integration capability.

Digitising the customer outreach journey, Karbon Outreach enables operational efficiencies and accelerates onboarding whilst facilitating a frictionless experience for end-customers.

Karbon outreach and Identity Verification (ID&V) are available as modular offerings, allowing their platform components to be seamlessly integrated into an existing client platform via an API or, if preferred, as a standalone tool to enhance a client’s existing experience.

The most important asset of the financial institution or any other entity is the customer, making a customer-centric approach vital, even after the onboarding process is complete. Your organisation needs to manage the identity of the customer throughout their lifecycle in the organisation, managing customers’ lists and data seamlessly and without error. Delta Capita’s Karbon ID&V platform is a state-of-the-art tool providing identity management across business units and service channels, both at scale and in real time.

https://www.deltacapita.com/insights/clm-karbon

Ekata

Ekata, a Mastercard company, offers a suite of solutions aimed at combating financial crime in the banking and capital markets industries, focusing on identity verification and fraud prevention. Their key offerings include the Identity Engine, which integrates the Ekata Identity Graph and Ekata Identity Network. This system uses data science and machine learning to link digital interactions to real individuals, assessing transaction risk in real-time by analysing behavioural patterns and transaction histories.

Ekata places a strong emphasis on combating synthetic identity fraud by cross-referencing data points and using dynamic identity attributes to detect fraudulent identities created with a mix of real and fabricated information. This approach makes it harder for fraudsters to evade detection.

To prevent account takeover (ATO) fraud, where cybercriminals gain unauthorized access to user accounts, Ekata uses identity verification APIs, behavioural analytics, and risk scoring systems to detect suspicious activities. These measures provide an additional layer of security against cyber threats by identifying unusual login patterns or changes in account settings.

By integrating these advanced technologies, Ekata helps financial institutions enhance their security measures against a wide range of financial crimes while ensuring a positive customer experience.

https://ekata.com

Feedzai

Feedzai’s core offering, the RiskOps platform, integrates various financial crime prevention functions into a unified system. This platform streamlines customer risk processes by providing a consistent view of data, profiles, and customer activities across multiple channels, covering areas such as account opening, transaction fraud detection, Anti-Money Laundering (AML) transaction monitoring, Know Your Customer (KYC) / Customer Due Diligence, and watchlist screening. By consolidating these processes, Feedzai aims to reduce data redundancy, cut costs, and simplify business operations.

AI and machine learning are fundamental to Feedzai’s approach, enabling frictionless workflows for data scientists and rapid model deployment. The platform provides real-time customer trust by continuously updating profiles with behavioural and transactional data, enhancing the detection and prevention of suspicious activities. Visual link analysis and transparent ‘whitebox’ explanations improve decision-making, helping analysts understand and act on insights efficiently.

Addressing emerging threats such as generative AI-powered fraud, Feedzai tackles advanced techniques used to create synthetic identities and automate fraud processes, including fraud-as-a-service models.

https://feedzai.com

Fenergo

Fenergo client lifecycle management (CLM) digitally orchestrates client journeys through every point in the client lifecycle – from initial prospecting to digital account opening through maintenance and refresh, ongoing due diligence and client off-boarding. Multi-channel by design and powered by API integrations, Fenergo creates a smooth orchestration process for all client data and documentation, minimizing time to revenue.

The process of transferring information from documents to systems continues to require manual input and review, resulting in inefficient processes, increased operational costs and slower customer service.

The introduction of AI to Fenergo’s CLM, powered by Amazon Bedrock, will enable firms to more accurately identify and mitigate financial crime risk and seamlessly meet regulatory obligations for KYC, AML and sanctions measures. Fenergo’s AI-powered offering will empower firms to safely deliver more efficient, frictionless onboarding and lifecycle management journeys while accelerating time to revenue.

Fenergo’s global policy rules engine houses comprehensive business rules as well as KYC, AML, and other regulatory rules for over 120 jurisdictions globally. These include Data, Document and Ownership & Control rules. The policy rules engine works in tandem with Fenergo’s powerful workflow engine to trigger the correct policy requirements at the correct point in time, based on a number of dynamic client and related party parameters.

Fenergo’s Risk Engine enables financial institutions to automate on-demand financial crime risk assessment of clients and their related parties. Enterprise-wide, it provides your organization with a single, centralized source of risk model management to support and represent the granularity of multiple, complex financial crime risk models.

https://www.fenergo.com/

Finscan

FinScan offers a robust suite of tools to assist financial institutions in combating financial crime through advanced Anti-Money Laundering (AML) and Know Your Customer (KYC) solutions. Their platform centralizes KYC and AML operations, featuring customer and entity screening capabilities to check against sanctions, politically exposed persons (PEP), and adverse media databases. Real-time screening during onboarding and continuous monitoring ensures prompt identification of changes in political status or affiliations, thereby enhancing compliance efforts.

FinScan further enhances screening accuracy with tools for data preparation, ultimate beneficial owner (UBO) due diligence, and ID document validation. A risk scoring module assesses potential customer risk, while an enhanced due diligence module facilitates thorough investigations for high-risk customers.

FinScan Securities addresses AML and countering financing of terrorism (CFT) compliance for securities transactions, leveraging advanced technology to detect potential violations within trading books and inventories. This solution consolidates results into an aggregated list with a transparent audit trail, streamlining the risk identification and review process. Overall, FinScan’s integrated solutions enhance financial crime compliance programs’ efficiency and effectiveness, enabling institutions to meet regulatory requirements and mitigate financial crime risks comprehensively.

https://finscan.com

FourthLine

Fourthline’s identity verification offers a comprehensive analysis of ID authenticity, biometrics, and security features. Client authentication verifies the person behind the account, particularly when logging in from new devices. Their AML screening and monitoring continuously check clients against real-time watchlists, PEP, and sanction lists. Re-KYC and remediation provide automated solutions for updating KYC files efficiently. The case reviewing and auditing tool offers a complete overview of client profiles and compliance documentation. Fourthline’s investigations and reporting enhance operational efficiency with conclusive reports. Additionally, they offer qualified electronic signatures, bank account verification, proof of address, and anti-financial crime solutions with augmented analytics and expert teams.

https://fourthline.com

Hummingbird

Hummingbird is a compliance and risk platform that empowers financial institutions to conduct fast, accurate financial crime investigations. Reimagining compliance workflows from the ground up, Hummingbird’s modern suite of investigative tools enables financial institutions to drive efficiency and lower costs without sacrificing quality or compromising on risk.

Hummingbird’s automation solutions streamline compliance processes by automating repetitive tasks, enforcing controls, and improving oversight. Key features include customizable triggers for automations, powerful actions to manage cases and update information, and complete auditability with detailed activity logs. The platform enhances due diligence by tracking and monitoring high-risk customers, ensures quality control through random case sampling, and accelerates case preparation by pre-populating information. Additionally, it offers a library of pre-built templates to quickly automate common compliance tasks, and AI tools to simplify complex compliance work.

https://hummingbird.co

ID-Pal

ID-Pal’s platform is 100% AI-powered, utilizing biometric, document, and database checks to ensure real-time, accurate verification. This automation reduces the risk of data breaches, false positives, and increases correct classification of identity documents and users????. The AI system enhances fraud prevention by performing multi-layered verification, which includes biometric analysis, document verification, and database checks. This layered approach makes it difficult for fraudsters to bypass the system, as multiple verification methods must be satisfied simultaneously??.

AI is employed to ensure compliance with AML and KYC regulations. The system automates AML screening checks against global watchlists, PEP databases, and sanctions lists, which are continuously updated to adhere to the latest regulatory standards. This reduces the reliance on manual processes and helps businesses mitigate the risk of non-compliance??. The AI-driven approach allows ID-Pal to handle large volumes of verification requests efficiently, making it scalable for businesses as they grow. The platform’s real-time decision-making capabilities ensure a seamless and efficient onboarding process??.

https://www.id-pal.com/

LSEG Risk Intelligence

LSEG Risk Intelligence World-Check is a comprehensive risk intelligence database designed to help organizations across the globe meet regulatory obligations, make informed decisions, and avoid involvement in financial crime and corrupt practices. It serves the KYC (Know Your Customer) and third-party risk screening needs of major banks, financial institutions, corporates, law enforcement bodies, and government and intelligence agencies. World-Check simplifies customer onboarding and monitoring by providing tools necessary for due diligence under various regulations, including AML (Anti-Money Laundering), counterterrorist financing, and anti-bribery and corruption.

One of the standout features is the AI-powered negative media search tool, Media Check, which canvasses global media to find relevant news for regulatory screening. This tool enhances screening efficiency and helps organizations stay compliant by providing comprehensive data for KYC and AML policies. World-Check also offers additional features like dynamic download, customized data files, and integration with platforms like Salesforce, enabling automated screening within existing workflows.

The database covers a wide range of crimes, including bribery, corruption, human trafficking, organized crime, cybercrime, and many others. The database includes both official list data and extensive information on individuals and entities connected to financial crimes or negative media reports.

https://www.lseg.com/en/risk-intelligence

Moody’s

Moody’s Intelligent Risk and Compliance Screening harnesses the power of AI and machine learning to automate risk and compliance screening. Process alerts with consistency and accuracy. And get more precise results and a significant reduction in false positives. Identify risks in the firm’s counterparty network using screening and mitigate issues before they become a problem.

Moody’s advanced screening technology, AI Review, can help reduce false positives when name matching by as much as 80%. True alerts can be prioritized to reduce the time-to-decision during risk assessments. Leveraging its machine-learning model built on over 20 years of experience and millions of analyst decisions, an alert confidence score can be produced for each inquiry and used as a first-level screening solution to mimic a human analyst.

Smarter due diligence – mitigate the risk of financial crime, meet regulatory obligations, and harness the industry-leading technology.

https://www.moodys.com/web/en/us/kyc.html

Napier

Napier AI offers a comprehensive suite of solutions for financial crime compliance. The Transaction Monitoring system uses machine learning to significantly reduce false positives and detect suspicious activities, designed for non-technical business users in various organizations. The Transaction Screening feature allows real-time searches against multiple watchlists to assess payment risks swiftly. Client Screening employs advanced fuzzy matching algorithms to screen clients against sanction lists, minimizing false positives. The Client Activity Review provides continuous, automated monitoring of customer data against expected behaviour for deeper insights. The Client Risk Assessment generates risk levels for each client, optimizing screening and monitoring processes. Finally, the Regulatory Reporting Manager streamlines the filing of Suspicious Transaction Reports (STRs) with automated form completion and robust data security, ensuring compliance with global regulations.

https://napier.ai

NICE Actimize

The X-Sight Entity Risk solution provides a holistic view of entity relationships and risk profiles, leveraging advanced analytics to detect hidden risks. Trade-Based Money Laundering solutions monitor trade activities for suspicious patterns, while the Suspicious Transaction Activity Reporting (STAR) and Currency Transaction Reporting (CTR) solutions automate regulatory reporting, reducing administrative burden and ensuring compliance. Lastly, AML Essentials offers an integrated platform combining these tools, enhancing overall efficiency and regulatory adherence.

The AI & Analytics page offers experience-based thought leadership on AI in autonomous financial crime management and instructional articles on data science building blocks.

https://www.niceactimize.com/

Saifr

SaifrScreen is an AI-powered solution designed to enhance AML (Anti-Money Laundering) and KYC (Know Your Customer) programs. It offers comprehensive risk coverage by utilizing extensive sources across the internet, including government records, court documents, news articles, and social media. This enables SaifrScreen to identify potential threats and risks more effectively than traditional systems that rely solely on structured data like sanctions lists. The platform uses advanced AI models, including natural language processing (NLP) and large language models (LLMs), to filter data and minimize false positives, thereby streamlining the identification of true bad actors. The system continuously monitors customer and vendor populations, providing real-time alerts for emerging risks, and ensures scalability for large financial institutions????.

Key features of SaifrScreen include bulk adverse media screening and continuous monitoring of customer and vendor populations. The solution leverages unstructured data to capture threats as soon as they are associated with wrongdoing, offering a more timely and comprehensive risk assessment. The AI models prioritize the highest probability risks, reducing the burden of false positives and enhancing the efficiency of compliance teams. Customization options allow financial institutions to tailor the AI models to specific crime types and date ranges relevant to their needs, and feedback mechanisms enable continuous improvement of the system based on user input????.

Overall, SaifrScreen aims to help financial institutions maintain a robust defence against financial crimes by providing precise, actionable risk management solutions that integrate seamlessly into existing compliance workflows. For more information on SaifrScreen and its capabilities, you can visit the Saifr website.

https://saifr.ai

SEON

SEON offers a comprehensive suite of tools to combat financial crime in banking and capital markets. The platform uses advanced digital footprinting and device intelligence to secure onboarding processes, ensuring fraudulent accounts are blocked from the start. Real-time activity monitoring accelerates transaction validations, enhancing user experience while preventing fraud. AI-driven insights allow for the creation of custom rules to improve fraud detection and reduce manual reviews. Additionally, SEON integrates AML screening and monitoring, consolidating compliance efforts into a single platform to streamline operations and improve efficiency.

https://seon.io

Socure

Socure’s Sigma Identity Fraud solution offers an integrated approach to identity fraud prevention by leveraging predictive signals across personal identifiable information (PII), digital, and behavioural risk dimensions. It auto-approves over 95% of applicants, reduces manual reviews to less than 5%, and delivers near 100% accurate identity fraud decisions. The solution includes advanced machine learning models, a comprehensive 360-degree Identity Atlas view, and entity profiling that incorporates digital footprints for a dynamic assessment. Additionally, Sigma Identity Fraud boasts a 20x return on investment by minimizing ID fraud losses and false positives.

https://socure.com/

Sumsub

Sumsub provides a comprehensive identity verification platform designed to combat financial crime in banking and capital markets. The platform offers user verification, including ID verification, liveness checks, and document-free verification, ensuring compliance and fraud prevention. It supports AML screening, checking against PEP, sanctions lists, and adverse media. Sumsub also monitors transactions to detect suspicious activity, employs behavioural fraud detection, and ensures secure customer onboarding. Additionally, the platform integrates with various systems for seamless implementation and provides customizable workflows to meet specific regulatory requirements.

https://sumsub.com

SymphonyAI

SymphonyAI offers a suite of AI-driven financial crime prevention solutions tailored for the banking and capital markets industries. Their NetReveal Customer Due Diligence solution streamlines the onboarding process and enhances risk assessment through automated decision-making and compliance features. The SensaAI for AML provides robust transaction monitoring capabilities that adapt and scale, ensuring efficient detection and investigation of suspicious activities. NetReveal Sanctions Screening offers high accuracy in name and transaction screening while reducing false positives. Additionally, the Sensa Investigation Hub centralizes data and accelerates investigations by 70% using generative AI to support and streamline investigative processes.

https://www.symphonyai.com/financial-services/

Unit21.ai

Unit21 provides several key solutions for combating financial crime. Their Transaction Monitoring tool leverages diverse data sources to create a comprehensive view of customer behaviour, allowing for the configuration and testing of scenarios to enhance detection and reduce false positives. Real-Time Monitoring enables instant risk assessment and transaction blocking to prevent fraud losses. The Case Management system offers a single pane view for efficient case management, with customizable workflows to adapt to evolving risks. The Fraud Consortium provides secure, de-identified insights during onboarding and transaction monitoring, ensuring privacy and security.

https://unit21.ai

Workfusion

WorkFusion’s AI Digital-Workers provide advanced solutions for various aspects of financial crime prevention and management in banking using digital personas. Evelyn, the Sanctions and Adverse Media Screening Analyst, excels at eliminating false-positive alerts by over 95%. Tara, the Transaction Screening Analyst, helps quickly manage payment alerts to ensure compliance. Kendrick, the Customer Identity Program Analyst, streamlines the KYC process, reducing it from days to minutes. Isaac, the Transaction Monitoring Investigator, automates the closure of low-risk alerts and escalates those requiring deeper investigation. Darryl, the Customer Due Diligence Program Analyst, processes ownership structure documents four times faster than manual methods. Kayla, the pKYC Review Analyst, efficiently monitors customers across various systems and sources to ensure compliance. Each of these Digital Workers enhances operational efficiency, mitigates risks, and supports regulatory compliance.

https://www.workfusion.com/digital-workers

So, there you have it, 22 to watch out for in AI-Powered FinCrime developments this year.

If you feel your firm should be included in this list, let us know at pr@a-teamgroup.com.

The post AI in FinCrime Prevention – 23 Thought Leaders to Watch in 2024 appeared first on A-Team.

RTI: Can you describe the decision-making process within the DSB, particularly in terms of setting strategic priorities and responding to regulatory changes?

ROC is a group of more than 65 G20 financial markets regulators and other public authorities from more than 50 countries).

Briefly, the key principles the DSB follows are:

• Cost recovery: The numbering agency services for OTC ISINs and UPIs are provided on a cost-recovery basis with costs are allocated fairly among stakeholders
• Unrestricted data: OTC ISINs, UPIs and their associated reference data have no licensing restrictions on usage and distribution for any purpose
• Open access: Access to the DSB archive for consumption of OTC ISINs, UPIs and associated reference data is available to all stakeholders
• Economic sustainability: The DSB funding model must be sustainable – lean, efficient, and reliable
• Equal treatment: The DSB ensures parity and efficiency in delivery of services. following standardised processes and procedures with exceptions to terms are only introduced on the basis that they can be consistently applied across all users without imposing a risk on the DSB services.
• Separate service provision: Access to the UPI and ISIN services are not tied or bundled with any other service offered by the DSB

These principles guide, and are threaded through, all DSB decisions which are taken by the DSB’s Board of Directors with three Industry Representation Groups (see Q2 below) acting in an advisory capacity to the Board and providing industry stewardship.

In terms of responding to regulatory changes, the current reforms in progress in the EU provide a good ‘case study’.

The European Commission recently issued draft rules in June 2023 for consultation which propose modifications to the OTC derivatives ISIN to facilitate price transparency. The DSB has assisted with technical and explanatory clarifications as required for both industry and regulators. During the European Commission’s consultation, the DSB hosted two webinars for industry providing an overview of the draft rules and how the DSB can support implementation, with the Commission speaking at one webinar and regulators attending to observe. The Commission will issue its final rules later in 2024 and the DSB will implement the changes through collaboration with its industry representation groups.

RTI: How do you balance the needs and feedback from a diverse group of stakeholders, including regulators, market participants, and internal teams?

Kalliomaki: Collaboration is at the core of the DSB’s approach, and it operates three industry representation groups which each cover both the UPI and OTC derivatives ISIN. These committees comprise representatives from DSB’s user organisations, independent experts and regulatory observers – members, minutes, agendas are all published on the DSB website for transparency:

• The Product Committee (‘PC’) supports the evolution of the DSB’s product definitions. (Product Committee (PC) – DSB (anna-dsb.com)
• The Technology Advisory Committee (‘TAC’) guides the evolution of the DSB’s technology and operations. Technology Advisory Committee (TAC) – DSB (anna-dsb.com)
• The Governance Advisory Committee (‘GAC’) advises on governance matters, including the subscription terms and policies, control frameworks such as threshold monitoring and considerations to the structure of the DSB’s cost recovery fee model. Governance Advisory Committee (GAC) – DSB (anna-dsb.com)

These committees are forums for industry to put forward their views on how to evolve the services and how to best implement changes with regulators present to enable dialogue. The DSB also issues an annual industry consultation on aspects of the DSB’s services that users have highlighted for development consideration and optimisation, or to address evolving market practices and technological advances.

RTI: Can you talk about how DSB is planning to leverage newer technologies generative AI (GenAI), LLMs and Distributed Ledger Technology?

Kalliomaki: The DSB is considering how it can use GenAI and open source LLM’s to assess data quality and define quality metrics in the reference data managed by the DSB with the objective of enhancing DSB’s understanding of how clients use the service and how it can improve data quality and the service in general.

AI tools are actively used by the DSB: from co-pilots supporting generation of code to minute writing are used in delivery of the service.

The DSB’s Technology Advisory Committee (TAC) is discussing the topic of DLT technologies towards the end of this year as part of its remit to monitor evolving technologies.

RTI: UPI having been live since January, what challenges, if any, do you see firms struggling with?

Kalliomaki: The UPI Service went live on 16 October 2023 with the first UPI reporting mandate coming into force in the US on 29 January 2024. This meant firms which had to meet the US deadline of 29 January had 3 months to integrate the UPI services including search for and create UPIs in readiness. Moreover, the DSB launched its UAT (user acceptance test environment) in April 2023 which allows prospective users to test connectivity and access options free of charge for 6 months from the date of entering it. We saw firms using the test and live environments from day one which was great

So far in 2024, two jurisdictions have gone live with their UPI reporting – the US In January and the EU in April. In advance of each start date, the DSB looked at its onboarding data and found that in the main, organisations were prepared

• Data shows number of firms prepared for UPI regulatory reporting in the US is in line with DSB expectations – DSB (anna-dsb.com)
• DSB releases details of industry readiness for UPI Reporting in the EU – DSB (anna-dsb.com)

Following the regulatory compliance dates coming into effect and having experience that the practical adoption and implementation of standards is a journey, the DSB tracks support cases and ensures queries are referred and discussed in the relevant industry representation groups.

For example, the Product Committee is instrumental in discussing product related queries and publishing Best Practice FAQs to assist the broader user community. This ensures that users that are yet to onboard can learn from the experiences of those who have gone before them. The DSB’s collaborative forums of public and private sector participants assists in solutions being deliberated and developed in cooperation.

RegTech Insight is grateful to Emma Kalliomaki for taking the time to share some of the key DSB operating principles that have underpinned the successful rollout of the UPI and the ongoing support for industry-wide standards adoption. Emma also participated in the recent Data Management Insight webinar that addressed “How to maximise the use of data standards and identifiers beyond compliance and in the interests of the business.”

The post RegTech Insight Q&A: UPI Rollout for OTC Derivatives by DSB appeared first on A-Team.

This webinar brought together experts from the practitioner and RegTech communities; Jehangir Abdulla, Head of Back Office Development at Schonfeld Strategic Advisors LLC., and Joshua Beaton, Head of Non-Financial Regulatory Reporting (NFRR) at Wells Fargo.

The RegTech sector was represented by Paul Rennison, Director Corporate Strategy at deltaconX, and Fausto Marseglia, Head of Product Management, FRTB and Regulatory Propositions, LSEG Data & Analytics.

The first webinar topic kicked off with an audience poll asking, “What is the state of play on regulatory reporting at your organisation?”

The poll results (‘Good, a number of improvements required’ at 64% and ‘Okay, lots of improvements required’ at 27%) were largely aligned with panellists’ observations where financial institutions are facing regulatory challenges on multiple fronts.

The state of regulatory data and reporting has been characterized by continuous change and increasing complexity. Financial institutions face a relentless flow of new regulations and rewrites of existing ones, creating a constant state of flux. This situation is compounded by frequent regulatory exams and inquiries, making this “the new normal” for the industry.

The 2007-2009 financial crisis and the following recovery period led to a global surge in financial regulations aimed at ensuring market stability and consumer protection. The resulting changes in policy, processes and new internal controls created a significant increase in the volume of data that global financial institutions must process.

These changes are happening whilst compliance teams are operating with finite resources, and the challenge is balancing mandatory regulatory changes with other critical business improvements. These global regulatory rewrites stretch the industry’s capacity to comply within tight timelines.

The lack of consistency across the regulatory jurisdictions adds significantly to the complexity of an already fragmented process. In one case, a lack of clarity on precisely what’s being asked is creating stress on the system.

“Regulators themselves are trying to figure out what this means for them in certain cases. Case in point, the MAS in Singapore is going live with the rewrite in October, and we’re three months away, and they’re still releasing new specs of what they want, which is a challenge, because you’re chasing a moving target at that point.”

The EMIR Refit introduced enhancements and simplifications in regulatory requirements, focusing on data quality and promoting data standards like ISO 20022. It also emphasizes the principles of simplification and proportionality, making compliance more manageable for smaller entities.

However, the implementation has been challenging, expensive, and time-consuming, with persistent data quality and testing issues. Despite its best efforts, the industry has not significantly improved its ability to handle these changes efficiently. The process has exposed the need for readiness and proper control mechanisms to handle regulatory updates.

New Approaches

Jehangir Abdulla describes the importance and advantage of focussing on data quality and standards as a business value driver and more than a compliance requirement.

“One of the challenges that we see with data quality is that we are collecting data specifically for regulatory reporting. The approach that we want to take is having multiple eyes inside the organisation looking at the same data.”

“So, when you have your backtesting algos looking at the same data that is being reported, because ultimately the compliance data of today is the backtesting data for tomorrow. When you’re using the same historical prices for your research, when your portfolio management systems are looking at the same data that is being used for regulatory reporting.”

“And lastly, when your risk management systems are al looking at the same data, you kind of have several iterations where people are going to tell you when ‘this data looks incorrect’. So, as you iterate, you start to improve the quality of the data that’s being reported to the regulators. I believe that’s the new approach.”

“And ultimately, looking at compliance and regulatory reporting, not as a cost centre, but as a means of generating alpha, generating revenue by using this for research and using this for backtesting, etc.”

One of the upsides from the regulatory rewrites is emerging data standards across the jurisdictions. This opens up opportunities for firms to accelerate their data quality and standardisation efforts. Paul Rennison notes that “there are a lot of institutions that have multiple different suppliers on multiple different processes and controls for what is now becoming a very similar data set, because we’ve got the common data elements, and we’ve got the harmonization and standardization across the rewrites.

Deployment Choices

A second audience poll asked, “What types of technologies and solutions is your organisation implementing or considering as a means to improve regulatory reporting? (Multiple choices)”

Poll results were varied but two clusters emerged with 36% preferring a single internal digital platform for automation with 27% considering outsourcing some or all of the regulatory reporting workload.

Implementing RegTech solutions should be done cautiously, involving compliance teams from the start and maintaining open communication with regulators. Failures of communication between implementation teams and business stakeholders are frequently observed omissions in projects that run into trouble.

Fausto Marseglia stresses the importance of maintaining an open dialogue with regulators. “It’s important to maintain open communication with regulators to make sure that you understand; sometimes there are issues in terms of interpretation of the rules. And it’s important that you get feedback from the regulators, you maintain this open communication with them.”

A phased approach is recommended, starting with lower-risk regulations and expanding gradually. Continuous monitoring and feedback collection from all stakeholders are crucial to ensure solutions meet compliance requirements.

Regular compliance audits and maintaining alignment with regulatory expectations are also important. Institutions should plan strategically and engage external experts when necessary to support the implementation process.

Business Benefits

Modernizing regulatory reporting offers several benefits, including reduced complexity, lower costs, improved agility and decreased risks. Improved data quality enhances confidence in reported data. Standardizing data definitions and workflows across different jurisdictions reduces complexity and the potential for errors and omissions to creep in.

The modernization process, though challenging and ongoing, ultimately supports better operational efficiency and operational business agility. Upgrading data management infrastructure should be evaluated through the wider lens of enhanced business value.

A third audience poll asked, “What extent of business and operational benefits does your organisation gain, or expect to gain, from modernising regulatory reporting?”

Poll results indicated a lot of potential for improvement with significant operational benefits at 64%, some business benefits at 55%, significant business benefits at 27% and some operational benefits at 27%.

Key Takeaways

Practitioners working on regulatory data and reporting should focus on several key strategies to ensure effective compliance and operational efficiency. First, it is crucial to thoroughly understand and continually improve the control framework. This involves identifying and addressing gaps in the system and maintaining a process of continual improvement. By doing so, organizations can enhance their compliance processes and better manage regulatory requirements.

Developing strong relationships with business stakeholders is another critical aspect. Ensuring that these stakeholders understand the risks associated with compliance is essential for securing their support. Effective communication and collaboration with business units can help in aligning compliance efforts with broader organizational goals, thus fostering a more cohesive approach to regulatory challenges.

Lastly, the principle of “always be remediating” should be a guiding mantra. Identified issues should be addressed promptly to prevent backlogs and ensure timely resolution of compliance problems. Regulators don’t expect perfection, but they do expect a proactive approach to managing and correcting issues as they arise.

The post A-Team Webinar: Best Practices in Regulatory Reporting – Data Quality, Standards and Stakeholder Communications appeared first on A-Team.

The facilities are aimed at helping firms address the post-trade implications of a Securities and Exchange Commission (SEC) July 2023 rulemaking that mandated central clearing for a wide range of U.S. Treasury (UST) securities transactions including cash, repurchase agreements (repos) and reverse repos.

The UST market sees daily transactions averaging over $700 billion in cash and $4.5 trillion in financing, making it vital for U.S. government funding, monetary policy, and as a safe haven for global investors. The market has grown rapidly and disproportionately where currently, 87% of this trading activity is cleared bilaterally.

Several liquidity events over the past decade highlighted vulnerabilities in the treasury market where the systemic risk of a non-participant failing required mitigating. The SEC’s final rule, adopted in December 2023, aims to expand central clearing to mitigate such counterparty and systemic risks.

The new rule seeks to transition a substantial portion of the daily US $4.9 trillion treasury market activity to central clearing through a central counterparty (CCP). Currently, the only authorised CCP for the UST market is FICC. However, other CCPs have expressed interest, among them London Clearing House (LCH).

Tools of the Trade

The first of the new FICC tools, a Capped Contingency Liquidity Facility (CCLF) Calculator, is designed to increase the transparency into the financial obligations associated with membership in the FICC Government Securities Division (GSD).

The CCLF is a critical risk management facility designed to provide FICC with additional liquidity resources to meet cash settlement obligations in the event of a default by the largest netting members (see DTCC Risk Management Tools). By allowing firms to estimate their potential CCLF obligations, the calculator aids in better liquidity planning and risk management. This can make FICC membership more attractive and manageable for a broader range of market participants, including smaller institutions and buy-side firms.

The calculator helps firms anticipate and plan for the liquidity commitments required under the new SEC clearing mandates. By providing upfront attestations regarding their ability to meet CCLF obligations, firms can ensure they are prepared to comply with the expanded central clearing requirements for U.S. Treasury securities.

Tim Hulse, Managing Director of Financial Risk & Governance at DTCC, emphasized that VaR is a key risk management concept and a primary component of GSD’s Clearing Fund requirements. The calculator uses historical data, volatility, and confidence levels to estimate VaR, thus enhancing market transparency. It allows market participants to calculate potential margin obligations for given positions and market values using FICC’s VaR methodology.

Hulse highlighted the urgency of evaluating firms’ risk exposure with the expansion of U.S. Treasury Clearing, noting that the VaR calculator offers increased transparency into these obligations.

These tools are public and not restricted to member firms This means that as firms consider their optimal approach to access central clearing for compliance with the the new clearing rules, these risk tools can provide the necessary transparency and support as firms evaluate the different types of membership and models with GSD.

The SEC has introduced several measures to make FICC access more inclusive. FICC offers multiple membership models, including Netting Membership, Agented Clearing, Sponsored Membership, and Centrally Cleared Institutional Triparty (CCIT) Membership, catering to a wide range of market participants from large banks to hedge funds. The SEC has provided temporary regulatory relief to address custody and diversification concerns for registered funds.

CCIT membership primarily benefits institutional cash lenders such as corporations, asset managers, insurance companies, sovereign wealth funds, pension funds, municipalities, and State treasuries. It allows these entities to engage in tri-party repo transactions with enhanced risk management and operational efficiency provided by FICC. The central clearing of these transactions helps reduce counterparty risk, ensure the completion of trades, and potentially offer balance sheet netting and capital relief for participants.

The Securities Industry and Financial Markets Association (SIFMA) is actively coordinating multiple work streams that involve both buy-side and sell-side members. These efforts aim to accelerate the necessary transitions for the clearing mandates. Key aspects include engaging with the SEC and other regulatory agencies to address market access issues, particularly for registered funds and margin transfers, which are crucial for ensuring a smooth transition to central clearing.

Developing an operations timeline with key milestones is another critical task. This timeline will guide the transition to full central clearing by June 2026 for repos. Addressing issues related to market plumbing and connectivity is also vital to support the increase from 13% to 100% clearing. This involves ensuring that all participants can effectively connect to and use the central clearing infrastructure.

Regular communication with market participants is planned to keep them informed about progress and strategies for meeting the clearing deadlines. This will include updates on the status of various strategies and the overall progress towards the deadlines. SIFMA will also engage in regular discussions with the SEC and other agencies to ensure they are aware of the progress and any potential needs for timeline adjustments or phased rollouts.

Legal and enforceability issues will be addressed by obtaining netting enforceability opinions in relevant jurisdictions to support large-scale clearing. This step is closely tied to the development of market standard documentation. Additionally, new documentation approaches that leverage modern communication methods will be evaluated to increase efficiency.

Stakeholder engagement is essential to confirm the status of various strategies and ensure alignment with the clearing deadlines. SIFMA plans to reach out to market participants regularly to keep them informed and engaged. This will help ensure that all participants are on track to meet the clearing mandates.

Lastly, future planning includes preparing for additional publications and podcasts to keep the membership and broader public informed about ongoing efforts around Treasury clearing. This will ensure that everyone remains updated on the progress and any developments related to the central clearing mandate.

The post DTCC FICC Releases Tools to Help Firms Address Incoming SEC Central Clearing Mandate appeared first on A-Team.

By David Turmaine, Head of International at Broadridge Consulting Services, and Maria Siano, Head of International Strategy at Broadridge.

Today’s digital world is increasingly complex, characterised by interconnected systems and data that is stored, and widely shared, online. Looking through a financial services lens, cyber threats and incidents are becoming more sophisticated, posing significant risks to financial stability and security.

The number of attack vectors has multiplied in line with the growing reliance on technology and associated spike in remote and decentralised working since the pandemic. A recent survey by the BCI, the global body for resilience professionals, revealed three-quarters of respondents had seen a rise in attempted breaches over the last year, with nearly 40% the victim of a successful cyber-attack.

The system modernisation and digitalisation journey that firms around the world are now undertaking, often to align with market developments such as the shortening of the settlement cycle to T+1, is filled with risks – which has led to a heightened regulatory focus on cybersecurity and operational resilience.

Against this backdrop, the EU’s Digital Operational Resilience Act (DORA) has come into force and in-scope firms – such as banks, investment firms, and designated fintechs – must be compliant from January 17, 2025.

DORA seeks to establish a clearer foundation for security and operational resilience in the financial services sector, while also aligning with other EU measures on cybersecurity and data. It is the most comprehensive resilience regulation currently yet seen in this space, but the thinking is reflected by other jurisdictions around the world, with regulators increasingly demanding that financial institutions bolster their operational resilience.

Japan, for example, has introduced the Economic Security Promotion Act (ESPA), whilst the Australian Prudential Regulation Authority (APRA) has published a new Prudential Standard (CPS 230 Operational Risk Management) that will direct how regulated entities manage operational risks, resilience, and business continuity. In July 2023, the US Securities and Exchange Commission (SEC) adopted rules requiring registrants to disclose material cybersecurity incidents.

What are the main components of DORA?

DORA is the most in-depth regulation to date aimed at strengthening cybersecurity amongst financial institutions.

It is seen as a means of compelling more firms to work internally, and with their third-party information and communications technology (ICT) service providers, to improve their threat assessments, cyber incident management, and overall resilience. It is also a positive step towards a more harmonised EU framework that will enhance the digital operational resilience of financial services across the region whilst preventing widespread contagion that could undermine the financial stability of the bloc.

DORA is structured around five pillars, which cover governance, resiliency, incident management, and reporting. A common thread is the protection of data as it passes through both a financial institution and then the ecosystem around it, such as vendors.

The first pillar is ICT risk management, which mandates firms to implement robust risk management practices for their systems to prevent cyber-attacks and disruptions. They must also develop and maintain effective recovery and continuity plans to ensure the uninterrupted provision of critical financial services in the event of a cyber incident.

The second pillar is incident management, with DORA requiring entities to establish and maintain robust mechanisms for identifying, classifying, and recording incidents. Additionally, financial institutions will be required to report significant incidents to regulators within a tight timeframe to ensure timely responses and coordination.

The third pillar is digital operational resilience testing, and here we see some of the newer demands that firms must now quickly familiarise themselves with. Firms must conduct regular resilience testing to verify the effectiveness of their digital resilience strategies, and this includes advanced threat-led penetration testing at least every three years to address higher levels of risk exposure. Test results will need to be sent to the regulator for validation and approval.

The fourth pillar relates to third party risk management and oversight. Recognising that the digital operations of many organisations are closely intertwined with third party providers, DORA puts an emphasis on managing the risks associated with these external partners. Firms will be expected to conduct enhanced due diligence on their providers and include provisions in their contracts to ensure they also comply with strict digital resilience standards.

The final pillar outlines the importance of sharing information and intelligence about cyber threats and vulnerabilities amongst organisations. By creating a more collaborative environment, the hope is firms can tap into a wealth of knowledge and experiences, building their capacity to predict and address challenges. This collective understanding can foster the creation of effective policies and proactive strategies, ultimately improving the digital resilience of individual organisations and the financial industry as a whole.

The key steps to building operational resilience

DORA will place further pressure on firms to implement better cybersecurity measures and bolster their operational resilience in the coming years, but it is already front of mind for many in the financial services industry.

Broadridge’s 2024 Digital Transformation & Next-Gen Technology Study highlighted that in the next two years, financial firms will boost their investments in cybersecurity by nearly a third (28%). Furthermore, cybersecurity is the top capability that executives expect from their technology vendors, outpacing their ability to deliver projects on time and on budget.

As we look towards the DORA compliance date next January, what steps should firms be taking to build up their operational resilience?

It is crucial to assess existing business practices and processes, and identify the gaps, when it comes to meeting the DORA requirements. This will enable firms to create a robust roadmap for compliance whilst implementing stronger ICT risk management practices.

The first thing for firms to do is to ensure they fully digest and understand the regulation, and how it impacts their business model. They can then correlate that against what is already in place for their operational resiliency. Firms then need to identify their risk factors and map them against DORA, as well as their existing enterprise risk framework.

These steps will allow firms to effectively carry out their remediation planning. Resiliency in the past has typically been quite inward looking, with a focus on ensuring their own house is in order. DORA shifts the dial and will mandate them to now extend this externally across third party vendors and strategic partners, analysing the critical paths for the critical functions, whether that is trade data, settlement data, or any other element.

Firms will need a complete line of sight so they can take an informed risk decision on each of their current resiliency stances and provisions in order to make sure they are compliant with DORA.

For larger firms, their size will make it more difficult to locate the risks. They will often have hundreds of internal applications and platforms they will need to dissect to understand the interdependencies and find the critical paths that hold the data. They will also need to ascertain the risks across their vendor community.

For smaller firms, the challenge will be finding the right people to guide this, who can do it alongside their day job. They may struggle to get this project shaped and delivered on time. And they should not underestimate the resources needed to do a thorough analysis and then implement the changes DORA requires. They will also need to effectively ensure ongoing regulatory compliance, which can be costly.

Continuous improvement is an objective of DORA. Some elements of the regulation are prescriptive in terms of duration and frequency – such as annual testing of all critical ICT systems, and the advanced threat-led penetration testing every three years. But it will also be important for firms to make sure they refer back to the regulation and remain compliant whenever they change their IT footprint by acquiring new technology, which potentially introduces new vulnerabilities.

Unlocking new benefits

Whilst the journey towards DORA compliance is complex, it is also one that can unlock significant benefits for ambitious financial services firms.

This includes improved cyber defences; DORA will help financial institutions to enhance their cybersecurity measures and protect their critical systems and data from increasingly sophisticated cyber threats.

By improving long-term operational resilience, DORA can also help to reduce the financial impact of cyber incidents and other disruptions, ultimately saving organisations from costly recovery efforts.

Financial firms can instil greater confidence amongst their customers and stakeholders by demonstrating their ongoing commitment to safeguarding digital assets and services. And, perhaps most importantly, given the increased interconnectivity of firms, DORA can drive greater resiliency across financial markets as a whole. It can help to safeguard the stability of the whole, as well as its parts.

The post DORA: Preparing the Pathway to Enhanced Operational Resilience appeared first on A-Team.

Corlytics is Byrne’s fourth company. He describes how, after the 2018 financial crisis, experiences at his prior company shaped the insights and innovation that would become Corlytics.

“If you look back at the early 2000s, banking was about the P&L but after 2008, banking and the capital markets became about the balance sheet and risk. Compliance and operations practitioners were seeing risk in lots of different places that they’d never seen before.”

This shift in the perception of critical success factors revealed the importance of understanding and managing the settlement risks of complex financial instruments. Regulators globally began looking deeper into the activities of banks and financial service companies, particularly those considered to be systemically important financial institutions (SIFIs).

With an extensive background in fund accounting and post-trade operations, Byrne recognised a growing gap between the understanding of how regulations should be interpreted versus their operational implementation, and a new venture was conceived.

Corlytics launched in late 2013 and Byrne’s aim was to bridge that gap by treating regulation as a class of risk requiring careful management. By risk-ranking regulations and updates into a clear set of obligations, firms could use this to shape and maintain policies that reflect the latest regulatory expectations.

Cognitive Dissonance

Byrne describes the emergence of a “cognitive dissonance” in the financial sector, where “the lawyers could understand the regulation but couldn’t implement them, and the people implementing the regulations didn’t fully understand them and the resulting exposures.”

To address this, Corlytics adopted an alternative approach to regulatory compliance. As Byrne explains “I wanted to look at regulation as a class of risk, rather than just something that had to be done. In many parts of banking and post trade, people take a risk-based approach to credit risk, market risk and counterparty risk. And I felt we should take a risk-based approach to legal and regulatory risk, hence the name Corlytics (compliance risk analytics).”

Corlytics’ foundation was also rooted in Byrne’s desire to combine expertise from different fields, and, like his previous company, he chose to start Corlytics in a university setting, as a campus-based company. This setting fostered an interdisciplinary collaboration with PhDs in law and data science, aimed at building a robust business capable of tackling the complexities of modern regulatory compliance.

Byrne’s previous experience in operationalizing various aspects of banking and post-trade processes, such as fund accounting and corporate actions, provided a strong basis for Corlytics’ mission. In his words, “I wanted to bridge the knowing-doing loop, ensuring that regulations weren’t just understood but effectively implemented.”

Growth Strategy

Last year the company acquired regulatory lifecycle platform ING Sparq and policy management platform Clausematch. Earlier this year, specialist growth investor Verdane took a majority equity stake in the company and has committed to accelerating both organic growth and M&A.

In May the company acquired a RegTech platform from Deloitte UK adding considerable breadth and domain expertise to further Corlytics’ capabilities, from interpreting regulatory change, to mapping and validating policies and implementing controls.,

Corlytics has established strong relationships with 12 of the top 50 SIFIs. Corlytics has also established a strong presence with non-bank payment processors. Byrne points out that “most of the top 10 payment companies in the world are not banks, but technology companies.” These include giants like PayPal, Amazon, and Google. Corlytics has secured about 50% of the market share in this space.

Regulatory Coverage

At the same time, the scope and depth of regulatory scrutiny continues to increase. In the UK, the Financial Conduct Authority (FCA) has introduced the Senior Managers and Certification Regime (SMCR) that requires senior managers to have statements that clearly outline their regulatory responsibilities. These managers are permitted to delegate certain responsibilities to other individuals within the firm, provided they ensure that these delegations are appropriate and properly overseen?.

This is having organizational impacts as Byrne has observed, “if you look at the senior persons regime, it’s very typical now within an enterprise, not just to organize regulations by business units, but actually to start organizing regulations, policies and controls by ‘accountable executive’.”

This has huge implications on the technology, since accountable executives must now be able to demonstrate that the controls they supervise reflect the latest version of the regulations and that these are clearly defined in the latest version of their policies.

Data Science

Corlytics keeps an open mind on the adoption of new technologies but the primary criteria for selecting the latest AI and ML techniques is model accuracy. “We try to work to a level of accuracy of 99% or greater because if a firm is going to automate compliance, it needs very high levels of accuracy. Human error is about 98%, so, by setting a target above the level of human error, ensures you’re automating to a high standard” explains Byrne.

Corlytics combines extensive backtesting on historical data with regulatory subject matter expertise to validate model accuracy.

One consequence of prioritising high accuracy is the need for detailed examination of use cases, in particular when considering advanced AI techniques – GenAI and LLMs. Corlytics approach is to use Gen AI in combination with other techniques rather than just on its own. Byrne sees the value-add of these techniques as a new search technology, particularly for the higher volume, lower risk use cases e.g. ‘can I accept that gift?’, or ‘does this comply with the expense policy?’

Byrne continues “but for a more complex, high-risk use case – e.g., a swaps trader asking, ‘can I put on this trade?’ – we might use something else”

GenAI and LLMs become extremely expensive in compute and storage cost compared the traditional AI when deployed at scale. Also, there’s a growing awareness of the carbon footprint these technologies generate, and Byrne cautions to not fall into the trap of “using a sledgehammer to crack a nut.”

Regulatory Convergence

The convergence of events on the regulatory calendar and regulators adopting a big-bang approach across multiple jurisdictions is creating severe stress on global firms governance risk and compliance (GRC). In some cases, firms are being forced to consider whether it makes economic sense to remain in certain markets.

Regulatory harmonization is a worthy goal but it’s hard enough getting alignment across the regulators within a single jurisdiction, let alone globally. In the meantime, it will be up to the RegTech sector to take the lead as Corlytics has demonstrated with two significant projects.

One of Corlytics’ early projects, making the FCA Handbook machine-readable, was a major step in bridging the gap between text based regulatory content and implementation by the covered entities. Corlytics created the taxonomy (a mechanism for classifying and categorising information) which is structured into sourcebooks and manuals and covering the various sectors and compliance aspects including conduct standards, prudential standards, and reporting requirements.

Byrne’s recounts his experience in creating a regulated subsidiary at his previous firm and being confronted by the original version of the handbook. “If you were to print it out on double-sided paper, it would stand about seven feet tall.”

Each section is methodically organized into modules, sub-modules, and chapters for easy navigation. The handbook’s machine-readable features include XML and JSON formats, enabling automated compliance checks and integrations with RegTech solutions. Byrne recalls, “the FCA CEO at the time describing the initiative as the democratisation of the handbook.” The project went live in 2017.

Corlytics completed a similar project at the Financial Industry Regulatory Authority (FINRA) on the FIRST Rulebook that went live in 2022. With many small firms among its members, FINRA wanted to make sure these smaller players could get value from the website recalls Bryne. “So, we created the taxonomy and redesigned all of the documents making them easy to tag and search. Both FINRA and the FCA have a competition mandate so creating a level playing field for both large and smaller firms is important.”

There are indications that other regulatory authorities are starting to embrace the idea of making their regulations machine readable, but for now, the FCA and FINRA are the thought leaders in this space and Corlytics innovation helped make that happen.

The post Managing Cognitive Dissonance in Regulatory Compliance with Corlytics appeared first on A-Team.

The RegTech Insight Awards recognise established providers and innovative newcomers that offer solutions that are successfully improving firms’ ability to respond effectively to evolving and ever more complex regulatory requirements across the global financial services industry. Winners are selected by A-Team Group’s independent, expert advisory board in collaboration with its editorial team.

Chris Dingley, chief executive of Single Rulebook, spoke to RegTech Insight about the importance of winning this award and explained why and how Single Rulebook was developed and outlined the benefits it can deliver.

A-Team: What does winning A-Team Group’s 2024 RegTech Insight Europe award for Best Solution for Regulatory Change Management mean to Kaizen?

Chris: We are delighted. It’s recognition for all the hard work and effort that our team has made over the last year to develop the platform further and it also recognises the unique Law Compare solution that we have developed with Linklaters, which makes it easier for firms to manage not only regulatory change but also differences in regulation across jurisdictions.

A-Team: What types of capital markets clients does Single Rulebook work with?

Chris: Single Rulebook is a software solution that enables clients to search, share and manage regulatory rules on one digital platform. It was established with the aim of making regulation manageable and easy.

Through powerful and dynamic rule maps, Single Rulebook’s user interface promotes collaboration, and information sharing.

It is especially helpful to banks, asset management companies and law firms – enabling them to work more efficiently with changes and updated to financial regulation. More than just a search tool, the platform also integrates with a client’s own systems and delivers an audit trail of regulatory change and decision making, saving time and cost.

A-Team: What challenges are these clients facing?

Chris: There are three main challenges:

• Ever-changing and new regulations: Global regulation is continually evolving. Not only are new rules introduced but existing rules are continually tweaked and updated. It can be time consuming trying to locate a specific piece of regulation and ensuring it’s the most recent version.
• Sharing and collaborating effectively on regulation: Legal interpretations of regulatory rules need to be kept up to date, shared and communicated across large organisations which can become unmanageable and a company’s view of regulation can change over time.
• Keeping an audit trail of regulatory interpretations and implementation: Firms must demonstrate compliance with each applicable rule and their pathway to regulatory compliance. Some leeway is provided in the initial period after a new piece of regulation is introduced, however regulators’ expectations become more stringent over time and it’s important to be able to demonstrate immediate compliance to auditors and regulators. Spreadsheets and email chains are not effective tools for showcasing a firm’s regulatory interpretations and the implementation of rules. It’s important to demonstrate operational change and regulatory compliance efficiently and Single Rulebook can do this digitally and in real-time.

A-Team: How does Kaizen help customers address these challenges?

Chris: Single Rulebook provides one digital source for regulatory research, making life much easier for legal and compliance teams, with employees able to retrieve regulatory text and rules quickly and efficiently.

Single Rulebook uses natural-language processing to improve many workflows and processes so that regulatory opinion and interpretations can be shared and accessed digitally on one common platform. It provides the functionality to annotate regulation so that the company’s approved stance can be accessed by all team members.

In 2023, we developed Law Compare in conjunction with Linklaters to support their in-house teams and provide their clients with quick and easy access to regulatory comparisons and guidance on the differences and changes brought about by diverging EU and UK MiFID II regimes.

The online Law Compare tool provides a single authoritative source of the most up-to-date regulation and guidance, and offers full coverage of EU and UK MiFID II regimes, from Directives, Regulations, Regulatory Technical Standards to Level 3 guidance, with the potential to extend to other areas of regulation. The legislation hosted on the Single Rulebook platform is complemented by Linklaters’ guidance which provides an invaluable record of the firm’s legal views, interpretation and comments relating to specific provisions and areas of EU-UK divergence.

A-Team: How will you develop the solution over the next year?

Chris: The year ahead will see further regulatory change across many global regulations, particularly in the UK and Europe, with the EMIR Refit and upcoming amendments to MiFID II.

It’s essential that firms can not only keep abreast of these changes but also compare versions. We’re looking forward to continuing to help our clients manage regulation and make it easier for them to navigate the changes ahead. We also have lots of exciting developments and new projects in the pipeline for Single Rulebook, which we will be sharing over the course of the coming months.

The post Kaizen’s Single Rulebook Wins Award for Best Solution for Regulatory Change Management in A-Team Group RegTech Insight Awards Europe 2024 appeared first on A-Team.