Andrew Quinn – Director, PAT Fintech
December 6th 2022
In this digital age of financial services, in an environment of almost constant Fintech innovation, the Central Bank will play an increasingly active role in the evolving European framework of regulation and supervision, and technology will become ever more important in managing the challenges inherent in the contemporary compliance function.
In this context, at PAT Fintech we are committed to creating ‘awareness’ regarding the potential of RegTech solutions, and are fortunate to be able to bring various RegTech vendors in our classes. This engagement benefits both our learners, the vendors, and the broader Irish financial services ecosystem.
This blog examines a specific example of how regulatory technology (RegTech) solutions can be utilised to meet these evolving challenges, and empower the contemporary risk/compliance professionals, with respect to the core elements of AML/CFT compliance.
First of all, a definition:
RegTech can be thought of as an inter-section where the horizontals of underlying technologies and innovations meet the verticals of financial services compliance. In its simplest forms, RegTech is the application of technology to improve the efficiency of regulatory compliance.
Focusing on KYC and AML, RegTech solutions can typically be applied to across the following stages of the compliance cycle:
- Business/Customer Risk Assessment
- Client Onboarding (KYC)
- Transition Monitoring
- Suspicious Transaction Reports (STR)
For RegTech vendors – the providers of ‘solutions’ to the AML compliance function within financial service providers – the critical question they must address is what is the business (compliance) problem they are solving?
Is it providing a product/service that reduces the so-called ‘burden’ of AML compliance and regulatory reporting, or is it building a product/service that actually prevents financial crime?
Is it constructing/implementing systems and processes that improve a financial institution’s knowledge of its existing and new clients, or is it putting in place systems and processes that effectively identify money laundering and fraud?
Are they (the RegTech vendors) working on their own, or are they working in collaboration (building consortiums) with other vendors, financial institutions, and government agencies to build a better overall solution?
The easiest way to address this business problem from a technology perspective is to distil it down to the two key business challenges that RegTech is trying to address: knowing your customer (KYC) and implementing the appropriate anti- money laundering (AML) framework.
Related to this is another critical question: are KYC and AML separate or linked?
In truth, like much else in the provision of basic financial services, for example payments, neither KYC or AML are new concepts. Criminals, and the proceeds of crime and money laundering, have existed since the beginnings of anything resembling a banking system if not before.
The issue is that whilst from a conceptual definition perspective the two concepts are undoubtedly linked – did you really perform accurate KYC processes if it turns out that the client is subsequently identified as a money launderer? – from a technology perspective there are important differences between the two.
For example:
KYC can be viewed as a static entity – the information on a form (digitised or not) is accurate at a certain fixed point in time.
AML on the other hand is dynamic, and therefore, in many ways, much more elusive to control – money laundering cannot be identified on a digitised form at a point in time – it is a process flow.
To clarify this, as with all the best technology solutions, RegTech solutions must have as their basis a clearly defined business (compliance) problem that needs addressing, and, identifying this business (compliance) problem should lead to a high-level systems’ requirements specification from which engineers then build the solution.
From a technology perspective, it is one thing to digitise and update the up to the minute details on anyone engaging in financial transactions, the real challenge is how do you deploy technology to identify and potentially stop something that is happening in ‘real-time’? This is a formidable challenge and the solutions are only just becoming potentially viable.
One could argue that while significant progress has been made in KYC over the last number of years, real AML is still in its infancy, and considerable work needs to be done if RegTech solutions can materially impact the effectiveness of AML/CFT detection and enforcement.
To create an environment where RegTech solutions can effectively manage the compliance and regulatory risks in an age of digital finance, the ecosystem of stakeholders in the Irish (EU) financial services industry must come together to address the serious barriers remaining in the evolution of the AML/CFT framework.
For example:
- Addressing the concerns of civil liberty groups and harmonising data privacy laws.
- Establishing cross-jurisdictional data exchanges and the legal standards.
- Increasing the transparency of offshore tax havens.
- Incentivising the sharing of data by banks and other repositories of customer data.
We are now unequivocally living in the digital age of financial services, and regulation – protecting consumers and ensuring the safety and soundness of the financial system – will always remain core to the provision of financial services.
At PAT Fintech we strongly believe deploying technological solutions – fostering our indigenous RegTech sector – is essential to maintaining, and enhancing, Ireland’s (the EU’s) reputation as a well-regulated financial centre capable of attracting further investment in this exciting new age of digital finance.