Regulatory technology (regtech) supports compliance staff in the daily performance of their work. Essential to the proper functioning of regtech is the input of high-quality data. Financial institutions therefore benefit from a "data driven" approach. Rhodé Betting, a consultant with consulting firm Charco & Dique, explains what data-driven compliance means and how financial institutions can make their compliance departments operate that way.
'Data-driven compliance' is an increasingly common term. With good reason, because data-driven compliance has a lot to offer financial institutions. In practice, compliance mainly comes down to managing compliance risks in the broadest sense of the word. Data driven refers to the use of large amounts of data to monitor, demonstrate and control (non-)compliance within an organization.
Data-driven compliance aims to take a data-centric and overarching approach to compliance. The crux of data-driven compliance is to avoid the well-known silo work and use aggregated data at the organizational level, providing organization-wide insights. Much of the complexity and effort it takes to test compliance with laws and regulations arises because of working in silos.
When financial institutions allow data to lead, complexity can be reduced and the institution will be better "in control. The advantage is that compliance departments then no longer have to operate from different themes, such as AML, GDPR or private transactions, and from different silos. Instead, they act based on insight and oversight. These are created by data analysis from different perspectives. In short, (combined) data as a driving force to be continuously "in control. Linking data sources and analyzing that combined data creates more focus on new and hitherto unforeseen risks.
When we talk about data-driven compliance, what exactly do we mean by data? Data is information in binary form that can be processed or moved digitally. The transfer or processing of data is done through digital technologies. These technologies, combined with data analytics, can be used to profile, track and mitigate related risks to malicious prospects or customers. For example, consider fraud, money laundering or terrorist financing. Data has the potential to efficiently ensure the entire level of compliance of a financial institution.
Data-driven testing and monitoring of such things as transactions, processes and communications is central to data-driven compliance. 'Risk-based' monitoring thus becomes more objective, taking compliance to a higher level. Integration is incredibly important here. For the time being, data analysis is seen as an extra task in addition to regular work, whereas it should form the basis of risk management within an organization.
By using data analytics, different data sources can be linked in an inventive way. Compliance data, security incidents, news reports and the effectiveness of management measures can be linked together, revealing important strategic insights and integrated visions.
Data-driven compliance can provide the shift from a "detecting" compliance function to a "predictive" compliance function. The compliance function will then increasingly act on predicted activities, rather than reacting to past events. Such an efficient and focused approach will also create more focus on "infrequent future compliance risk scenarios with potentially high impact.
Financial institutions often focus only on the known risks, leaving insufficient attention and time for the unknown important risks. The focus should be on the tails of a normal distribution. The risks with the highest probability - the middle of the normal distribution - are known and existing controls are set up accordingly. In the tails (on both sides) lies the danger.
The risks on the left tail of the normal distribution have a potentially low impact. Here, data can optimize the identification of existing low risks, leading to cost savings. The right tail - the risks that are infrequent but with potentially infinite impact - should receive more attention. Using lots of data can help reveal the unknown.
There are a number of prerequisites for financial institutions to transform the compliance function to a data-driven attitude and approach:
Financial institutions should develop an overarching control framework with integral approach from a data perspective.
The gap between IT and compliance needs to narrow. In practice, this chasm is currently growing, as IT generally evolves faster than the IT expertise of compliance employees themselves.
Breaking the silo or island culture within the compliance function. Data analysis should include the entire context and not the "tunnel vision" of specific compliance topics.
Sufficient and adequately trained and experienced personnel. A broad set of skills is needed to properly secure, scan, index, search, store, organize, distribute and edit data, and to clearly visualize and communicate the findings of data analysis. Multidisciplinary teams are the key word, as all these skills often cannot be found in one person. So as a compliance officer, it is advisable to educate yourself on the necessary techniques available to make your job as a compliance officer more efficient and effective.
Decisions about data and especially its quantity. After all, more data does not necessarily mean better data. In fact, not infrequently it blurs the picture. At some point, more data leads to noise that ends in worse data.
View the use of technology not as an "add on," but as a linchpin within the overall organizational strategy.
Finally, related risks must be properly managed. Both the use of data itself and the transition from a "normal" compliance function to a "data-driven" compliance function can involve various risks. Incorrect interpretation or analysis can have major consequences. A poorly managed transition process to a data-driven compliance function can cause staff or systems to fall short of expectations.
