TECHNOLOGY ON ITS OWN WILL NOT GET YOU THERE · The business should be involved in the project from the start Why is it important? Lines of Business (LOBs) are the entry point of

In a challenging environment where regulatory re-

quirements have become more stringent and controls

performance are even more burdensome, automation

is becoming a priority for financial institutions. This

paper aims at providing a practical guide through the

controls automation journey.

What

is at

stake?

THE PATH TO ACHIEVING

SUCCESSFUL CONTROLS

AUTOMATION:

TECHNOLOGY ON ITS OWN

WILL NOT GET YOU THERE

2

The context

O ver the last decade, the Compliance function within fi-

nancial institutions has seen its importance grow expo-

nentially as regulators have significantly strengthened

the regulatory framework globally. The Great Reces-

sion resulted in a heighted regulatory environment and along with

new regulations, financial institutions around the world have

been subject to record fines of more than $320B since the

2007/2008 crisis1 driven mainly by regulators’ mandate to not on-

ly fight financial crimes but also reduce operational and conduct

risks.

This complex regulatory environment has considerably increased

the need for controls within banks across the world, leading them

to conduct numerous and fragmented controls implementation in

order to meet new controls requirements, ensure compliance with

new regulations and attest to this compliance to regulators.

At first, most banks tackled these new regulatory requirements through tacti-

cal approaches based on short term and specific remediation plans, which

were aimed at responding to or avoiding regulatory sanctions. Those plans

were driven by the need to comply with newly implemented regulations with-

in tight mandatory deadlines. As a result, due to the absence of a long term

strategy, new controls frameworks were mostly characterized by a reliance on

manual processes with controls implemented separately from one another

and risk assessments performed silos.

This approach is no longer sustainable as the requirements have become

more stringent, leading banks to reshape the manner in which controls are

designed, implemented and performed, in order to mitigate greater reputa-

tional and financial risks in case of failure.

The context

A shift in the way banks address

controls requirements

Strategic approach

Tactical approach Shift from the need

in implementation

towards the need in

rationalization

1figures as of end of 2016, MarketWatch article: “Fed’s Dudley suggests bank execs should be on hook for regulatory fines” (March, 26 2018)

3

Lately, a new trend of relying on technology based solutions has been observed

among the leading players in the banking industry, with a shift from a need for

controls implementation towards a need to rationalize controls processes that

have been implemented. This shift gives prominence to a more holistic ap-

proach with the objective of achieving greater scalability and sustainability of

improved controls while increasing the overall risk coverage. This approach

will allow banks to:

understand and optimize the existing controls performance processes in or-

der to reduce manual workload;

define a global organization and structure for controls performance in order

to ensure additional controls can seamlessly be absorbed.

In a challenging and more regulated environment, this new approach has been

enabled by the increasing maturity of technical solutions, particularly recent

developments and improvements in digital technologies have generated new

digital transformation opportunities and can be a solution to the exponential

increase in control requirements. These improvements have enabled a more

accurate digitization of physical data leading to enhanced data collection and

processing, which are key for any controls process, making it possible to

achieve controls automation.

Although technology is at the

foundation of controls automa-

tion and the ability to accurately

digitize data is essential, it can

be viewed more so as an enabler

rather than a driver; technology

alone cannot lead to successful

and exhaustive controls auto-

mation if it is not embedded

within a broader framework. A

clearly defined organization and

governance structure for con-

trols are also critical in order to

address the challenges of con-

trols rationalization in a consoli-

dated way. To that end, a controls automation framework can be approached

through the following three pillars:

1) Organization

The automation should be driven by the implementation of a Target Operating

Model that relies on a structure dedicated exclusively to controls performance

and adapted to the bank’s specificities (e.g.: centralized centers of excellence at

How to successfully conduct

controls automation

4

group or division level, taskforces per business line,…) and where correspond-

ing Roles & Responsibilities have to be well established.

2) Process

The automation also requires the review and optimization of existing controls

performance processes and the corresponding data workflow (from data collec-

tion to hit management) within and in accordance with the framework provid-

ed by this new organization. Apart from the controls performance itself, con-

trols substantiating, audit trail and reporting should also be taken into account

in the design phase, as being able to prove the performance of the controls to

the regulator has become as critical as the controls performance itself.

3) Technology

This process optimization can then be carried out with and supported by tech-

nology, with digitization to automate the data processing while the use of AI

can facilitate the process of decision making post performance of the controls.

The development and the deployment of a fully integrated tool for each type of

controls, based on a single platform and user interface leveraging different

technologies or systems will further support controls automation.

In summary, the success of controls automation will lie in the ability to identify

and achieve the right balance between the organization defined with the in-

volved teams (from Front Office to Back Office, but also centralized teams and

Compliance) and the following steps of any controls performance process:

Once organization and processes have been clearly defined, technical solutions

can be leveraged to optimize and automate the various steps of the controls

process. Greater impact and efficiencies can be realized by applying the appro-

priate technical solutions to each phase of the controls process, such as:

Data collection

OCR (Optical Character Recognition): extraction and conversion of text

from scanned documents and images into electronically editable and

searchable text

VSR (Voice/Speech Recognition): identification and conversion of spoken

language into electronically editable and searchable text

NER (Name Entity Recognition): identification and extraction of named

entities from text and classification into pre-defined categories (persons,

organizations, locations, etc.)

Databases’ feed

RPA (Robotic Process Automation): automation technology based on

“software robots”, which replicate the actions of a human being on a specific

task, through the use of static rules

5

Control performance Alerts Hits management

Screening and filtering tools connected to relevant databases:

system comparing sets of internal static (screening) or transactional

(filtering) data and lists issued by regulators in order to identify matches

between both sources, raise alerts and support case management

Controls systems’ integrated workflow to generate and allocate alerts

Rule based expert systems: decision making system based on human-

crafted rules sets and decision trees to mimic the reasoning and decision of

a human operator in a predefined way

Case based systems: system analyzing a data set composed of existing

cases to understand and solve new problems by adapting previous solutions

Data mining: automatic analysis of large quantity of data based on statis-

tical methods to extract patterns, unusual records or dependencies

Audit trail, substantiating & reporting:

Controls systems’ integrated workflow to record audit trail and pro-

vide modular reporting

While this form of controls automation can apply to various types of controls,

it is particularly suited for Compliance controls focusing on data produced and

collected externally:

Anti-fraud Policy: prevent and investigate any involvement of customers

in bribery, corruption or fraud;

Sanctions & Embargoes: ensure all parties involved in a deal are not on

sanctions and embargoes lists from local or global regulators;

Combating the Financing of Terrorism: ensure the funds are not used

to finance terrorist groups;

Anti-Money Laundering: verify that funding sources have not come

from illegal activities.

It can be adapted to various types of controls; however, close attention should

be paid to deploying the appropriate technology solution for each type of con-

trols:

2

2Know Your Customer, also valid for Supplier, Intermediaries,...

6

The business should be involved in the project from the start

Why is it important?

Lines of Business (LOBs) are the entry point of external data that needs to be

controlled, therefore their role is critical. However, as controls oriented initia-

tives lead to reluctance, obtaining buy-in from the LoBs is often a challenge.

How can close partnership with the LOBs be achieved?

Leverage strong project management and clear governance through senior

stakeholder sponsorship to drive the LOBs towards a collaborative mindset;

Implement an effective communication plan within a change management

program to emphasize the need for controls processes rationalization

(highlighting the benefits for the LOBs from a workload perspective) and to

ease the adoption process.

The project should be conducted through a strong partnership with

Compliance

Why is it important?

Strong decision making from Compliance is recommended in order to provide

clear guidelines regarding regulatory requirements, as they determine the

needs in controls and their design.

How can close partnership with Compliance be achieved?

Involve Compliance in the design phase in order to implement regular vali-

dation steps and ensure that solutions proposed are an appropriate answer

to regulatory requirements;

Facilitate the communication between Compliance and the various stake-

holders of the project in order to spread the knowledge related to regulatory

requirements and maintain a regular feedback from the project managers

regarding the various ongoing initiatives.

Roles and responsibilities regarding the controls performance

should be identified from the start

Why is it important?

As controls performance is often shared among various operators, the under-

standing of the existing processes relies on the correct identification of the rel-

evant stakeholders with the necessary knowledge.

How can this identification be achieved?

Perform a preliminary deep dive analysis across various stakeholders

(central management, operational teams) to determine the different teams

What is important to keep in mind?

Before launching a controls automation

project, some key success factors should

be considered

7

involved in the controls performance processes;

Identify potential gaps of “business” knowledge between front office teams

and centralized teams, to mitigate operational risk associated to how con-

trols are performed and hits are analyzed.

Expectations related to technology should be managed through a

specific focus

Why is it important?

Technology might face potential limitations depending on the complexity of

the data to be processed and the controls to be performed.

How can expectations about technology be managed?

Perform a detailed gap assessment of what can be delivered by the selected

technologies versus the business requirements;

Leverage KPIs as a vehicle to raise awareness and communicate transpar-

ently to stakeholders at each step of the project regarding potential limita-

tions of technical solutions being implemented.

We advise our clients through evolving risk environments as well as strategic

transformation projects, notably within the compliance domain.

We can support and lead you through various compliance transformation initi-

atives, which include the use of advanced technical solutions, to design en-

hanced controls performance framework.

How Headlink can help

A controls automation program will require multiple steps in which we can support your thinking and effort:

Diagnosing your current controls governance framework and processes

Benchmarking your existing technology capabilities and identifying improved technologies and solutions to support controls automation

Designing a controls automation framework that is rightsized for your organization

Guiding you through the implementation and execution project phases

8

For more thought leadership, please visit: https://indeed.headlink-partners.com/

For more information:

Samuel Desta Senior Manager

Cell: +1 917 215 1552 Office: +1 646 790 5862 [email protected]

Antoine Brajon Senior Consultant

Cell: +1 917 216 1267 [email protected]

For more information:

Matthieu Mercusot Partner

Cell: +33 6 25 60 59 32 [email protected]

Julie Bousquet Manager

Cell: +33 6 24 57 23 93 [email protected]