The Federal Reserve and Office of the Comptroller of the Currency (OCC) jointly imposed the penalty on the international banking group after it was found to have put in place insufficient data management risk controls. Further, the group was told to hold quarterly checks to ensure it has safeguards in place.

The action has been seen a warning that regulators will take a tough stance against data management failings that could have a detrimental impact on banks’ clients and their business. Charlie Browne, head of market data, quant and risk solutions at data enterprise data management services provider GoldenSource, said the fine shows that there can be no hiding bad practices.

Greater Scrutiny

“Citigroup’s fine should be a warning to other banks and institutions who may have believed their insufficient data and risk controls could fly under the radar,” Browne told Data Management Insight. “It’s time to adapt, or be forced to pay up.”

Financial institution’s data management structures are likely to come under greater regulatory scrutiny to protect customers as more of their activities are digitalised, as artificial intelligence is incorporated into tech systems and amid growing acceptance of crypto finance.

As well as data privacy protection measures, organisations will be expected to tighten controls on many other data domains including trading information and ESG reporting. The fallout from the collapse of Silicon Valley Bank last year will also put pressure on lenders’ solvency requirements and crisis management, processes that are heavily data-dependent.

Data Care

Browne said the penalty imposed on Citigroup showed that institutions had to take greater care with their data and controls models because regulators are very aware of how important digital information is to the efficient running of all parts of an enterprise’s operations.

This fining of Citigroup demonstrates the very real costs associated with banks not being on top of their risk controls and data management,” he said.

“It’s a bold statement from the US rule makers that banks showing complacency about their data issues will be met with regulatory action. Regulators globally are now coming to the understanding that it’s fundamental that financial institutions have effective data management strategies.”

While breaches of Europe’s General Data Protection Regulation (GDPR) and anti-money laundering rules have already been at the root of fines imposed on banks and financial services firms, penalties related to operational use of data are expected to grow.

For example, institutions interviewed by A-Team Group have regularly said they are closely examining the data privacy and IP implications of using outputs from generative AI applications. The concern they have is that the content generated will be in beach of copywriter material on which the model has been trained.

Non-Negotiable

Browne’s comments were echoed by the found and chief executive of Monte Carlo Data Barr Moses, who said that as data needs become central to firms’ operations, “data quality becomes non-negotiable”.

“In 2024 data quality isn’t open for discussion — it’s a clear and present risk and it needs our attention,” Moses wrote on LinkedIn.

Browne said that ensuring compliance will require strenuous efforts by organisations to go deep into their data capabilities and processes.

“Data quality and accessibility are, rightly, front of mind, however, it’s also vital that banks consider concepts like data governance and data lineage when assessing the efficiency of their systems and adequately managing their risk. Being able to track data back to source is an important tool that rule makers are increasingly looking to demand of banks, visible in regulations like the ECB’s Risk Data Aggregation and Risk Reporting (RDARR) measures.”

The post Citigroup Fine Shows Importance of Having Robust Data Setup appeared first on A-Team.

This year’s RegTech Insight Awards Europe included more than 30 categories ranging from Best Solution for Sell-Side Regulatory Compliance to Best Transaction Reporting Solution, Best Trade Surveillance Solution, Best Client On-Boarding Solution, Best Cloud-Based Solution for Regulatory Compliance, Best Solution for Buy-Side Regulatory Compliance, Best Solution for Sanctions Management, Best Regulatory Data Solution, and more.

An editor’s recognition award for European RegTech Industry Professional of the Year was given to Dawd Haque, Global Lead Market Initiatives, Regulatory Transformation and Strategy at Deutsche Bank.

Andrew Delaney, President and Chief Content Officer at A-Team Group, said: “Congratulations to the award winners and thank you to all the vendors that entered A-Team Group’s RegTech Insight Awards Europe 2024, to our RegTech Insight community that voted for its preferred solutions, and to our independent, expert advisory board that worked in collaboration with our editorial team to select this year’s winners.”

A complete list of winners and their solutions can be found in the RegTech Insight Awards Europe 2024 report.

You can find out more about A-Team Group awards, which also cover data management, trading technology and ESG here.

The post A-Team Group Announces Winners of RegTech Insight Awards Europe 2024 appeared first on A-Team.

AI has been widely adopted across capital markets for over two decades, including algorithmic trading, wealth management, risk management, and compliance. But in October 2022, a highly disruptive AI technology was released that took the market by storm, leaving regulators, compliance teams, and governments alike wondering how to respond. Within two months of its launch, ChatGPT from OpenAI had already gained over 100 million monthly users. The ease of access to new, powerful technology was met with excitement and apprehension as people began to understand that beyond the potential for good, there was also potential for harm if left unchecked.

This article examines the common principles that underpin current and emerging best practices for AI governance.

The Bletchley Declaration

Back in November, representatives of governments and international organisations representing 28 countries came together at a UK government-sponsored AI Safety Summit to consider the need for a global commitment to AI’s safe, trustworthy, and responsible development.

Bletchley Park’s historical significance as the venue for this summit is symbolic. As the cryptography hub and home of the codebreakers who significantly contributed to the Allied victory in World War II, it is also where Alan Turing laid the foundational work and detailed procedure known as the Turing Test, forming the basis for artificial intelligence. This historical nexus of innovation and strategic significance makes it a fitting backdrop for advancing AI safety and governance.

The output from this summit is an international commitment to the responsible development of AI and provides a helpful backdrop for considering a principles-based approach to AI Governance.

The Bletchley Declaration, the summit’s output, highlights critical principles for developing and governing Artificial Intelligence (AI), emphasising AI’s potential to significantly enhance global well-being. The declaration advocates for AI systems to be developed and utilised in a manner that ensures safety, centres on human needs, and maintains trustworthiness and responsibility. It underscores the importance of inclusive AI that promotes public trust and contributes to economic growth, sustainability, and the protection of human rights.

Additionally, the declaration stresses the need for international collaboration to manage AI’s global challenges effectively. It calls for a unified approach to AI governance that fosters innovation while upholding rigorous safety and ethical standards.

The declaration also recognises the necessity for vigilance and adaptability in AI governance to address emerging risks and unforeseen consequences, especially from advanced AI technologies that may have significant impacts. This requires a governance framework that is flexible enough to evolve as new information and technologies emerge.

Lastly, the declaration advocates for a proactive, principle-based approach to AI governance. This approach aims to harness AI’s transformative potential while ensuring its development is aligned with human values and global standards. It emphasises safety, ethical responsibility, and inclusiveness through sustained international efforts and continuous evaluation.

SR 117 – Model Risk Management

All AI systems are based on an underlying model, trained using supervised or unsupervised methodology.

Issued on April 4, 2011, by the Board of Governors of the Federal Reserve and the Office of the Comptroller of the Currency, SR-117 sets forth comprehensive principles and practices for managing the risks associated with analytical models. While initially designed for banking institutions, these principles can be readily adapted for general AI Governance across capital markets, including Generative AI (GenAI) and large language models (LLMs).

Banks and financial institutions rely on quantitative models in decision-making processes for activities ranging from credit underwriting to risk measurement, capital adequacy assessments and compliance. SR 117 emphasises the necessity of robust model risk management due to increased reliance on these models, mainly as they are applied to more complex products in broader, dynamic cross-border conditions.

The guidance establishes a comprehensive framework for effective model risk management, with rigorous validation as a central feature. This section underscores the importance of sound development, implementation, and utilisation within comprehensive governance and control mechanisms. It points out that while some firms may already possess robust practices, all must ensure their policies and procedures align with these risk management principles and supervisory expectations, tailored to their specific risk exposures and business activities.

Model risk arises from potential errors in models or their incorrect application, which can lead to significant adverse outcomes. This section delineates the core components of a model—input data, processing, and reporting—and the necessity for each to be well-designed to mitigate risks. Principles of effective model risk management are laid out, emphasising the importance of comprehensive validation practices, active management, and fostering an organisational culture that supports robust risk assessment.

SR117’s Model Development, Implementation and Use?section highlights best practices in model development, emphasising the importance of a development process that aligns with the firm’s objectives and policies. It stresses the critical nature of selecting appropriate data and methodologies, thorough testing, and continuous monitoring to ensure models perform as intended under varying conditions. These principles also include the importance of a representative incorporating business, technical and data science expertise. Understanding the limitations and assumptions embedded in models is critical to their safe deployment.

Model validation is an essential process that ensures models perform as expected and highlights potential limitations and assumptions. Best practices include conducting validation activities independently from model development and use, employing personnel with appropriate expertise, and ensuring that validation processes are thorough and lead to actionable insights. Validation should be an ongoing process that adapts as new information becomes available and market conditions evolve.

Effective governance requires clear policies and procedures that define risk management roles and responsibilities across the organisation. This section stresses the need for a robust governance framework that supports rigorous practices in model development, implementation, use, and validation. It also highlights senior management’s and board oversight’s importance in establishing and maintaining a culture that prioritises sound model risk management.

SR117’s conclusion reiterates that firms must ensure their model risk management practices are robust, comprehensive, and consistent with any supervisory guidance provided. It calls for firms to review and adjust their practices continually to keep pace with market and business operations changes, emphasising the dynamic nature of model risk management.

SOC 2 – AICPA

The core principles of SOC 2, defined as Trust Service Criteria, encompass five main areas essential for managing and protecting customer data, particularly in service organisations. These principles are:

Security is fundamental for protecting systems and data from unauthorised access, disclosure, and damage. It includes implementing safeguards, including firewalls, encryption, and access controls, to maintain data confidentiality and integrity.
Availability ensures that the systems and data are available for operation, typically documented in a service level agreement (SLA). This involves having redundant systems, disaster recovery plans, and performance monitoring to minimise downtime.

Processing Integrity ensures system processing is complete, valid, accurate, timely, and authorised. Organisations must use process monitoring and quality assurance to maintain data processing integrity and avoid errors or unauthorised alterations.

Confidentiality protects sensitive or confidential information from unauthorised access and disclosure throughout its lifecycle. Measures include encryption, secure data storage, and regular updates to security protocols to address emerging threats.

Privacy addresses the proper handling of personal information in accordance with applicable data protection regulations. This includes minimising data duplication, consent management, and implementing robust access controls to safeguard personal information.

Achieving SOC 2 compliance involves a rigorous process that starts with a readiness assessment to evaluate current practices against these principles, identifying gaps, and implementing necessary controls. Continuous monitoring and regular audits are required to maintain compliance and ensure the organisation adapts to new security challenges and regulatory requirements.

ISO/IEC 42001

ISO/IEC 42001:2023 is a standard specifying requirements and guidance for establishing, implementing, maintaining, and continually improving an organisation’s artificial intelligence (AI) management system. Published in December 2023, it provides a comprehensive set of governance principles for managing AI and follows the same structure as ISO 27001, which covers security, and ISO 27701, which covers privacy.

Firms already adopting these standards will find incorporating ISO 42001 in an overall governance framework relatively straightforward. It should be noted that achieving ISO certification requires a top-down commitment from the board to C-suite. All ISO standards follow the same structure, beginning with a Management System outlined in Clauses 4 through 10, followed by 9 principles in Annex A and 38 implementation guidelines in Annex B.

The ISO standards emphasise the importance of ownership at the organisation’s highest levels to help establish a culture of compliance and adoption of best practices.

Steering Towards a Unified Future in AI Governance

Adopting a principles-based framework for AI governance is a standard best practice. The core principles highlighted in the Bletchley Declaration, SR 117 SOC 2, and ISO 4200 provide a robust foundation for organisations navigating the complexities of AI development and implementation.

These principles emphasise the importance of safety and security, a human-centric approach, ethical responsibility, international cooperation, ownership by the highest levels of the organisation and comprehensive risk management.

Looking to the future, the path is challenging, but the outlook is promising. Initiatives like the Bletchley AI Safety Summit help to foster essential global dialogue and cooperation. These and similar efforts are critical in shaping a future where AI governance allows AI to deliver sustainable growth and meet compliance requirements.

The journey towards effective AI governance is challenging. However, the concerted efforts of global stakeholders to adopt and adapt to principles-based frameworks signal a proactive commitment to shaping a future where technology serves the industry with minimal risks. For senior executives and leaders in RegTech, compliance, and capital markets firms, this evolving landscape offers a unique opportunity to lead with innovation, enabling their organisations to comply with and shape the standards that will define the future of AI governance.

The post Adopting a Principles-Based Framework for AI Governance appeared first on A-Team.

Dow Jones Integrity Check is an automated screening solution that identifies risks and red flags from thousands of data sources including, accessing millions of registries and screening data sources and trillions of web pages across the indexed Internet.

Designed with regulatory guidance in mind, the new solution incorporates proactive safeguards against hallucinations and continuous review to ensure trustworthy, unbiased results. The outputs are fully sourced and auditable, with links to the original articles and records for further interrogation.

“Reducing the amount of time needed to run a background check from days to minutes will transform the way compliance teams approach due diligence, ultimately providing greater transparency and assurance on who they are doing business with,” says Joel Lange, EVP and GM, of Dow Jones Risk & Research. “Together with Xapien, we are pioneering the future of risk mitigation, harnessing GenAI and other emerging technologies responsibly to facilitate smarter, faster decision-making.”

Dow Jones Risk & Compliance is a subscription-only service that provides information curated exclusively from publicly available sources. Risk & Compliance collects and processes this information, which includes personal data available in the source material such as newspaper articles, government and other official websites, government directories, and other publicly available information, to assist subscribers in performing due diligence and other screening activities in accordance with their legal or regulatory obligations and risk management procedures. The information is only made available to subscribers who require it to mitigate risks and meet regulatory requirements relating to, for example, money laundering, bribery and corruption, sanctions, due diligence, and commercial risk operations.

The solution includes customer due diligence (CDD) and onboarding processes comprising extensive checks over beneficial ownership, screenings for politically exposed persons (PEPs), sanctioned entities, and adverse media. Ongoing monitoring ensures that existing customer profiles do not evolve in ways that increase risk exposure. A range of managed services is available supporting the full spectrum of compliance activity, from initial setups and reviews to continuous monitoring and support. These offerings are supported by a comprehensive risk database, cutting-edge research tools, and educational resources.

Dow Jones Risk & Compliance was voted Best Sanctions and PEPs Solution in the A-Team Group RegTech Insight Awards for 2023.

The post Dow Jones Risk & Compliance Deploys Generative AI to Transform Due Diligence appeared first on A-Team.

The transaction, which was managed by investment bank Baird, is a cornerstone investment from Verdane’s newly raised €1.1 billion Edda III Fund and seeks to ride a wave of growing risk and compliance expenditure by financial services firms – estimated by Corlytics at €163 billion for 2023 – spanning GRC, financial risk and capital management, cyber and IT security, and financial crime.  

Founded in 2013 and headquartered in Dublin, Corlytics helps customers to keep track of regulatory changes, offering regulatory horizon scanning, policy management and attestation. The company has seen growth of 60% per year since 2020, driven by its core regulatory compliance products. The number of Corlytics customers has roughly doubled during this period. 

Earlier investors include Enterprise Ireland, Kernel Capital, and Intercept Ventures. 

Last year, the company made two significant acquisitions – ING SparQ in January and Clausematch in July – boosting the appeal of its offerings for Tier 1 organisations including ING, BNY Mellon, Scotiabank and Swiss Re.  

According to John Byrne, Corlytics’ founder and CEO, “As well as investing significantly in our ‘intelligent content’ offering, combining data, software, and AI, we will continue to lead the RegTech sector consolidation with more complementary acquisitions, following our recent transactions with Clausematch and ING SparQ.” 

Says Nils Vold, Partner at Verdane: “We are an active and experienced investor in the RegTech sector, and we identified Corlytics as the global category leader in its field, helping banks and financial services companies manage their compliance obligations in a complex and fast-changing environment.”  

As part of the deal, Simon Russell joins Corlytics as chairman. Russell has spent his career leading technology investment banking at firms including Nomura and Dresdner Kleinwort and has served on banking management committees. He now works as a chair and non-executive director at various international software companies. 

Financial terms of the deal were not disclosed. 

The post Verdane Takes Majority Stake in Regulatory Intelligence Specialist Corlytics appeared first on A-Team.

The funding round was led by Point72 Ventures and backed by investors including Third Prime, AI Fund, FJ Labs, New York Life Ventures, Notion Capital, Angel Invest Ventures, and Gaingels. Tripp Shriner, partner at Point72, has joined the ValidMind board of directors.

The company offers an AI risk management solution that allows organisations to automate testing, documentation, and model risk governance for AI and statistical models. By automating model documentation, ValidMind is designed to help increase developer productivity, reduce time to market for models, and improve model risk management outcomes, enabling organisations to deploy AI-backed solutions with integrity, transparency and trust.

The solution is also geared to ensuring compliance with global AI and model risk regulations, such as the EU’s AI Act and the recently announced AI Bill of Rights from the US administration.

“Model risk management teams at financial institutions are struggling to keep up amid increased pressure from the business to deploy more AI solutions faster and from regulators to ensure compliance,” says Jonas Jacobi, CEO and co-founder of ValidMind. “This seed funding round strengthens our commitment to help customers increase the speed and efficiency of model risk management processes, reduce time-to-market for new AI solutions and ensure compliance with global AI and model risk regulations.”

The $8.1 million funding brings ValidMind’s total funds raised to $11.1 million.

The post ValidMind Secures $8.1 Million for Model Risk Management and AI Governance Solutions Development appeared first on A-Team.

Originally incubated by AlixPartners, GSS tackles the complexity of sanctions with a platform that operates as a collaborative hub, bringing together financial institutions and industry partners to deliver efficient and effective transaction screening for sanctions.

AlixPartners is an existing investor in the company, along with Cynosure Group and financial institution MUFG. An addition in this funding round is Commonwealth Bank of Australia (CBA). The company will continue with its advisory board of more than 30 global financial institutions that has worked together since 2021 to create a common technology framework and agree standards for the financial sector.

Tom Scampion, CEO and co-founder of GSS, says: “GSS is well positioned to deliver improved regulatory compliance and an enhanced customer experience.”

As part of its investment in GSS, CBA will join the company’s main board as an observer. The bank will be represented by its executive general manager of financial crime compliance, John Fogarty. He says: “We’re excited about the potential of GSS with its global reach and look forward to seeing how CBA can potentially use the technology to continue to prevent sanctioned parties from accessing and moving money into or out of Australia.”

The post Global Screening Services Raises $47 Million, Moves into Operational Phase appeared first on A-Team.

Founded in 2011, SmartSearch offers solutions for AML compliance, customer due diligence, Know Your Customer (KYC) and Know Your Business (KYB). Its AML verification platform conducts individual and business searches across UK and international markets with automated sanction, PEP, UBO and adverse media screening, and ongoing monitoring.

Guy Harrison, CEO of SmartSearch, says: “Triple is a good match for SmartSearch. The business is looking forward to calling on its expertise in scaling mission critical, B2B risk and compliance software.”

Mads Hansen, head of investments and managing and founding partner at Triple, adds: “This is Triple Private Equity’s first investment in SmartSearch, a market leader in GRC in the UK, a key investment space for Triple. The company has shown consistent growth and profitability and provides a high-quality software platform for its clients. We look forward to partnering with the SmartSearch team to pursue the company’s next stage of growth.”

The post SmartSearch Sets Growth Plans Following Investment from Triple Private Equity appeared first on A-Team.

The regulation covers all types of AI including generative AI and is, no doubt, being scrutinised by capital markets participants as they continue to extend their use of the technology – more on this coming soon.

The act sets out key measures including:

• Safeguards on general purpose artificial intelligence
• Limits on the use of biometric identification systems by law enforcement
• Bans on social scoring and AI used to manipulate or exploit user vulnerabilities
• Right of consumers to launch complaints and receive meaningful explanations

It also covers high-risk AI systems that are not specifically identified but are likely to include those used in capital markets. These systems must assess and reduce risks, maintain use logs, be transparent and accurate, and ensure human oversight. Citizens will have a right to submit complaints about AI systems and receive explanations about decisions based on high-risk AI systems that affect their rights.

To encourage innovation across the board, regulatory sandboxes and real-world testing will have to be established at the national level and made accessible to SMEs and start-ups to develop and train innovative AI before it goes to market.

The post EU Parliament Approves Landmark Artificial Intelligence Act appeared first on A-Team.

EMIR Refit is geared towards enhancing transparency and stability in the OTC derivatives trading market and is set to take effect in April for Europe and September for the UK. A significant concern among market participants revolves around identifying unexpected data quality issues and navigating the complexities of reporting fields, particularly for commodity and energy derivatives.

The enhanced RDS solution will help financial institutions manage securities reference data to meet EMIR Refit requirements. Additional attributes are integrated into the RDS’s Listed Derivatives service and a standalone OTC Derivatives service to support the full spectrum of reference data needed for commodity transactions under the new EMIR regulation.

“The main challenges posed by this regulation include completing the numerous new reportable fields for commodity and energy derivatives. Also protecting firms from poor quality and inaccessible data, in addition to addressing regulators’ demands for increased complexity within certain commodity and energy contracts,” says Linda Coffman, executive vice president of SmartStream RDS. “My advice to all market participants is to be prepared and deploy the necessary technology to ensure the highest data quality to mitigate the risk of fines and reputational damage”.

SmartStream RDS delivers reference data as a managed service and will use its trade lifecycle expertise and skilled resources to provide accurate data and customised regulatory operations tailored to each financial institution, ensuring compliance with EMIR Refit standards.

The post SmartStream Reference Data Services Provides Derivatives Data for EMIR Refit appeared first on A-Team.