Latest Products

Tech-Based Compliance

Thursday 30 March 2017

Recently, the Australian Transaction Reports and Analysis Centre (AUSTRAC) publically announced its Fintel Alliance ‘reports and alerts’ collaboration with industry. This supervisory technology (suptech) could prove to be an important part in protecting the Australian financial system; however, from a compliance frameworks perspective, the initiative poses several, immediate questions:
  • What will the leveraging technology look like from other regulators?
  • Will it involve a joint collaborative approach with one another, or will each regulator do it differently?
  • What will regulators do in other jurisdictions?
  • How will suptech manifest itself in those jurisdictions?
  • What would be the increased cost of this regulatory risk for organisations—especially those financing or partnering with fintech start-ups to ensure they remain relevant in the age of rapid digital disruption?

Technology support for compliance professionals
Industry also has access to technology to bolster their compliance frameworks. At the 2017 ASIC Annual Forum, in a workshop session entitled RegTech—Rethinking Regulation and chaired by James Eyres, Senior Reporter at the Australian and The Financial Review, there was fundamental look at regtech and the way it impacts the risk and compliance management function of a business.

Dr Shonali Krishnaswamy, Chief Technology Officer, AIDA Technologies, spoke about the development of machine learning, which she said was a subfield of artificial intelligence. Krishnaswamy, who led the Agency for Science Technology and Research (ASTAR) data science lab for five years, said, “One of the things we did there was actually with banks. Some years ago, we worked with DBS, the largest bank in Singapore, and helped them set up an electronics lab. Together we did some very interesting work to bring machine learning and banking together, and when you look at the regulatory technology, the first kind of regulatory system you can build is something around rules. And that is just compliance. If you have a lot of things you want to check for, you can build rules, and then you can build an engine that can do that, but then AI and machine learning can really value-add.”

Krishnaswamy then challenged the audience by asking them to consider what happens once you’ve built those rule engines. “How do you set the threshold for the rules?” she asked. “When this rule is triggered by a finance application that looks risky, or when it looks at a trader doing something wrong or illicit in terms of transaction behaviour on the trading floor, what is the threshold where a certain number of cancelled deals becomes a matter of risk?”

Krishnaswamy proposed that is where machine learning can enhance compliance technology—and that is, by being able to make these calls based on previous data and patterns in that data. “I guess the excitement today centres around using this kind of technology for regulation and compliance, and then going beyond just compliance, going beyond just enforcing the rules. How can machines help the people doing this kind of work to do it more intelligently?”

Grace Brasington, Vice President Global Banking and Financial Markets, IBM, said that while machine learning can be a major facilitator for regulatory compliance, machines still have to be taught.

“You can’t turn those cognitive capabilities on and say ‘go figure it out’,” Brasington said. “In financial services, what we found was that many of our clients said to us, ‘We want to use this capability for our regulatory compliance.’” She continued that, by the end of 2020, those 300 million-odd pages of regulation will outline 20,000 to 30,000 very significant changes.

“If you think about the KYC space and how labour intensive it is and the amount of work it requires, you can use the unstructured data to inform process in terms of KYC,” Brasington said. She added that this was an important step, because, “[While] I was chief risk officer of a large bank, I needed people who could be risk managers. Instead, I found these people doing a lot of trivial tasks. But what I really needed was risk managers.”

Brasington then spoke about the IBM acquisition of Promontory and their role in helping to teach Watson, their regulatory AI technology. She said the idea was to move away from the siloed approach and be able monitor peoples’ behaviour in a holistic way.


Predictive impact
Krishnaswamy spoke about predictive audits, and gave the example of her team that worked on a predictive audit in a bank, helping to predict where audit risks were likely occur.

“This actually changes the paradigm,” she explained. “Auditing is no longer about finding what went wrong, it’s about being able to see what will go wrong and giving people a heads up and saying that we are seeing all these things and something is likely to break the coming few months.”

It is important, however, to have enough data for the machine to learn from. Unfortunately, when it comes to regulation, there are few examples from which to learn. The good thing is that in a space where a machine can’t predict, it can still help to predict change—to see ‘the weak signals’ or the ‘unknown unknowns’.


From a compliance professional
Rebecca Lim, Group General Counsel and Chief Compliance Officer at Westpac Group, looked at some of the benefits of using these machine learning principles within organisations.

“RegTech provides the ability to see more clearly across our business, to scale more significantly and to streamline the way we do things,” Lim told Forum attendees.
Technology helps to get across things and ensure compliance can be maintained sustainably throughout the business units.

Lim said the use of a sophisticated GRC application, coupled with artificial intelligence, will allow for regulation and legislation to be translated into plain English and allocated across the business units.

Technology is not a replacement for culture
In his opening speech, Australian Securities and Investments Commission (ASIC) chairman Greg Medcraft mentioned that technology and RegTech both have the potential to turn compliance into a predictive process.

Arguably, ultimately, in an ideal compliance program, one that takes into account the value proposition of compliance professionals, a predictive approach would not be required because that program would already be flexible and pervasive across the business.