In a challenging environment where regulatory re- quirements have become more stringent and controls performance are even more burdensome, automation is becoming a priority for financial institutions. This paper aims at providing a practical guide through the controls automation journey. What is at stake? THE PATH TO ACHIEVING SUCCESSFUL CONTROLS AUTOMATION: TECHNOLOGY ON ITS OWN WILL NOT GET YOU THERE
8
Embed
TECHNOLOGY ON ITS OWN WILL NOT GET YOU THERE · The business should be involved in the project from the start Why is it important? Lines of Business (LOBs) are the entry point of
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
In a challenging environment where regulatory re-
quirements have become more stringent and controls
performance are even more burdensome, automation
is becoming a priority for financial institutions. This
paper aims at providing a practical guide through the
controls automation journey.
What
is at
stake?
THE PATH TO ACHIEVING
SUCCESSFUL CONTROLS
AUTOMATION:
TECHNOLOGY ON ITS OWN
WILL NOT GET YOU THERE
2
The context
O ver the last decade, the Compliance function within fi-
nancial institutions has seen its importance grow expo-
nentially as regulators have significantly strengthened
the regulatory framework globally. The Great Reces-
sion resulted in a heighted regulatory environment and along with
new regulations, financial institutions around the world have
been subject to record fines of more than $320B since the
2007/2008 crisis1 driven mainly by regulators’ mandate to not on-
ly fight financial crimes but also reduce operational and conduct
risks.
This complex regulatory environment has considerably increased
the need for controls within banks across the world, leading them
to conduct numerous and fragmented controls implementation in
order to meet new controls requirements, ensure compliance with
new regulations and attest to this compliance to regulators.
At first, most banks tackled these new regulatory requirements through tacti-
cal approaches based on short term and specific remediation plans, which
were aimed at responding to or avoiding regulatory sanctions. Those plans
were driven by the need to comply with newly implemented regulations with-
in tight mandatory deadlines. As a result, due to the absence of a long term
strategy, new controls frameworks were mostly characterized by a reliance on
manual processes with controls implemented separately from one another
and risk assessments performed silos.
This approach is no longer sustainable as the requirements have become
more stringent, leading banks to reshape the manner in which controls are
designed, implemented and performed, in order to mitigate greater reputa-
tional and financial risks in case of failure.
The context
A shift in the way banks address
controls requirements
Strategic approach
Tactical approach Shift from the need
in implementation
towards the need in
rationalization
1figures as of end of 2016, MarketWatch article: “Fed’s Dudley suggests bank execs should be on hook for regulatory fines” (March, 26 2018)
3
Lately, a new trend of relying on technology based solutions has been observed
among the leading players in the banking industry, with a shift from a need for
controls implementation towards a need to rationalize controls processes that
have been implemented. This shift gives prominence to a more holistic ap-
proach with the objective of achieving greater scalability and sustainability of
improved controls while increasing the overall risk coverage. This approach
will allow banks to:
understand and optimize the existing controls performance processes in or-
der to reduce manual workload;
define a global organization and structure for controls performance in order
to ensure additional controls can seamlessly be absorbed.
In a challenging and more regulated environment, this new approach has been
enabled by the increasing maturity of technical solutions, particularly recent
developments and improvements in digital technologies have generated new
digital transformation opportunities and can be a solution to the exponential
increase in control requirements. These improvements have enabled a more
accurate digitization of physical data leading to enhanced data collection and
processing, which are key for any controls process, making it possible to
achieve controls automation.
Although technology is at the
foundation of controls automa-
tion and the ability to accurately
digitize data is essential, it can
be viewed more so as an enabler
rather than a driver; technology
alone cannot lead to successful
and exhaustive controls auto-
mation if it is not embedded
within a broader framework. A
clearly defined organization and
governance structure for con-
trols are also critical in order to
address the challenges of con-
trols rationalization in a consoli-
dated way. To that end, a controls automation framework can be approached
through the following three pillars:
1) Organization
The automation should be driven by the implementation of a Target Operating
Model that relies on a structure dedicated exclusively to controls performance
and adapted to the bank’s specificities (e.g.: centralized centers of excellence at
How to successfully conduct
controls automation
4
group or division level, taskforces per business line,…) and where correspond-
ing Roles & Responsibilities have to be well established.
2) Process
The automation also requires the review and optimization of existing controls
performance processes and the corresponding data workflow (from data collec-
tion to hit management) within and in accordance with the framework provid-
ed by this new organization. Apart from the controls performance itself, con-
trols substantiating, audit trail and reporting should also be taken into account
in the design phase, as being able to prove the performance of the controls to
the regulator has become as critical as the controls performance itself.
3) Technology
This process optimization can then be carried out with and supported by tech-
nology, with digitization to automate the data processing while the use of AI
can facilitate the process of decision making post performance of the controls.
The development and the deployment of a fully integrated tool for each type of
controls, based on a single platform and user interface leveraging different
technologies or systems will further support controls automation.
In summary, the success of controls automation will lie in the ability to identify
and achieve the right balance between the organization defined with the in-
volved teams (from Front Office to Back Office, but also centralized teams and
Compliance) and the following steps of any controls performance process:
Once organization and processes have been clearly defined, technical solutions
can be leveraged to optimize and automate the various steps of the controls
process. Greater impact and efficiencies can be realized by applying the appro-
priate technical solutions to each phase of the controls process, such as:
Data collection
OCR (Optical Character Recognition): extraction and conversion of text
from scanned documents and images into electronically editable and
searchable text
VSR (Voice/Speech Recognition): identification and conversion of spoken
language into electronically editable and searchable text
NER (Name Entity Recognition): identification and extraction of named
entities from text and classification into pre-defined categories (persons,
organizations, locations, etc.)
Databases’ feed
RPA (Robotic Process Automation): automation technology based on
“software robots”, which replicate the actions of a human being on a specific
task, through the use of static rules
5
Control performance Alerts Hits management
Screening and filtering tools connected to relevant databases:
system comparing sets of internal static (screening) or transactional
(filtering) data and lists issued by regulators in order to identify matches
between both sources, raise alerts and support case management
Controls systems’ integrated workflow to generate and allocate alerts
Rule based expert systems: decision making system based on human-
crafted rules sets and decision trees to mimic the reasoning and decision of
a human operator in a predefined way
Case based systems: system analyzing a data set composed of existing
cases to understand and solve new problems by adapting previous solutions
Data mining: automatic analysis of large quantity of data based on statis-
tical methods to extract patterns, unusual records or dependencies
Audit trail, substantiating & reporting:
Controls systems’ integrated workflow to record audit trail and pro-
vide modular reporting
While this form of controls automation can apply to various types of controls,
it is particularly suited for Compliance controls focusing on data produced and
collected externally:
Anti-fraud Policy: prevent and investigate any involvement of customers
in bribery, corruption or fraud;
Sanctions & Embargoes: ensure all parties involved in a deal are not on
sanctions and embargoes lists from local or global regulators;
Combating the Financing of Terrorism: ensure the funds are not used
to finance terrorist groups;
Anti-Money Laundering: verify that funding sources have not come
from illegal activities.
It can be adapted to various types of controls; however, close attention should
be paid to deploying the appropriate technology solution for each type of con-
trols:
2
2Know Your Customer, also valid for Supplier, Intermediaries,...
6
The business should be involved in the project from the start
Why is it important?
Lines of Business (LOBs) are the entry point of external data that needs to be
controlled, therefore their role is critical. However, as controls oriented initia-
tives lead to reluctance, obtaining buy-in from the LoBs is often a challenge.
How can close partnership with the LOBs be achieved?
Leverage strong project management and clear governance through senior
stakeholder sponsorship to drive the LOBs towards a collaborative mindset;
Implement an effective communication plan within a change management
program to emphasize the need for controls processes rationalization
(highlighting the benefits for the LOBs from a workload perspective) and to
ease the adoption process.
The project should be conducted through a strong partnership with
Compliance
Why is it important?
Strong decision making from Compliance is recommended in order to provide
clear guidelines regarding regulatory requirements, as they determine the
needs in controls and their design.
How can close partnership with Compliance be achieved?
Involve Compliance in the design phase in order to implement regular vali-
dation steps and ensure that solutions proposed are an appropriate answer
to regulatory requirements;
Facilitate the communication between Compliance and the various stake-
holders of the project in order to spread the knowledge related to regulatory
requirements and maintain a regular feedback from the project managers
regarding the various ongoing initiatives.
Roles and responsibilities regarding the controls performance
should be identified from the start
Why is it important?
As controls performance is often shared among various operators, the under-
standing of the existing processes relies on the correct identification of the rel-
evant stakeholders with the necessary knowledge.
How can this identification be achieved?
Perform a preliminary deep dive analysis across various stakeholders
(central management, operational teams) to determine the different teams
What is important to keep in mind?
Before launching a controls automation
project, some key success factors should
be considered
7
involved in the controls performance processes;
Identify potential gaps of “business” knowledge between front office teams
and centralized teams, to mitigate operational risk associated to how con-
trols are performed and hits are analyzed.
Expectations related to technology should be managed through a
specific focus
Why is it important?
Technology might face potential limitations depending on the complexity of
the data to be processed and the controls to be performed.
How can expectations about technology be managed?
Perform a detailed gap assessment of what can be delivered by the selected
technologies versus the business requirements;
Leverage KPIs as a vehicle to raise awareness and communicate transpar-
ently to stakeholders at each step of the project regarding potential limita-
tions of technical solutions being implemented.
We advise our clients through evolving risk environments as well as strategic
transformation projects, notably within the compliance domain.
We can support and lead you through various compliance transformation initi-
atives, which include the use of advanced technical solutions, to design en-
hanced controls performance framework.
How Headlink can help
A controls automation program will require multiple steps in which we can support your thinking and effort:
Diagnosing your current controls governance framework and processes
Benchmarking your existing technology capabilities and identifying improved technologies and solutions to support controls automation
Designing a controls automation framework that is rightsized for your organization
Guiding you through the implementation and execution project phases
8
For more thought leadership, please visit: https://indeed.headlink-partners.com/