Regulators need to improve how they handle the data they capture from license holders, according to a panel at the Global RegTech Summit.
Everyone is protective over their data, even before GDPR came in, firms and individuals would rather hoard information for themselves. For a business, it makes sense as the data they have is what sets them apart and helps them provide customers with better products than others could. Times are changing, and information sharing is becoming much more popular. Regulations like PSD2 Open Banking are showing the benefits collaboration can have. One area where data sharing is most important is when it helps to stop financial criminals.
The AML, Fraud and Financial Crime panel at the Summit discussed the challenges of sharing data and the implementation of RegTech solutions. The panel consisted of Notion Capital investment director Itxaso Del Palacio Aguirre, KYC Global Technologies executive chairman and CEO Stephen Platt, Santander UK head of financial crime prevention Shilpa Arora, The Wolfsberg Group co-chair John Cusack, and RDC CTO Jeff Sidell.
Firms need to extract as much necessary information from their customer relationships as they can and use it efficiently while not hindering customer experiences. This internal data can then be cross-referenced with external data sources to ensure interactions are not made with bad actors and the business being done is secure.
However, if firms were able to share more information between one another they could highlight further instances of financial foul play or be quicker at identifying criminal activities. Unfortunately, there is no collective in the financial services. Fraudsters do not keep money in one bank or one country, and while individual accounts might not be suspicious, as a collective they could, but without sharing this information banks would not know.
Wolfsberg Group co-chair John Cusack said, “I can’t share information with HSBC, and I’d like to do that. Not with everybody and not all our clients but around certain areas where we’ve seen suspicion either coming from them or they’ve seen suspicion coming from us. I’d like to do that, but I can’t do that. You can in the US, but not anywhere else in the world. So, we’ve been very clear that information sharing limited with safeguards will significantly help. We also want to get more information from government, we get not enough and there are issues around obviously releasing information that’s confidential around people/persons of interest subject to investigation.”
If the industry were to reimagine the fighting of financial crime in 2019, these are the two initiatives Cusack would like spearheaded. There are necessary restrictions in place for data sharing, and not banks would not need to open their doors to everyone and everything, but only in certain situations. With certain countries regulations, it is hard for firms to send some information internally across borders. It’s harder to fight fraud if banks cannot see the whole picture.
The issues of not sharing data goes all the way back to the regulators, KYC Global’s Stephen Platt stated. While a lot of the regulators have gathered a lot of information from their license holders and the organisations they are overseeing, they do nothing with this information.
Platt said, “if you go in and look at the way in which regulators are actually managing, are marshalling and utilising the data that they hold on their licence holders, the banks, the wealth management, etc, etc, it is as shambolic as the position within those licence holders, visa vie, their customer data.”
He added, “it’s fascinating to observe what regulators have actually done with that data. I tell you what they’ve done with it, sitting in cardboard boxes in dark rooms and so you’ve got to lead by example, and I think that we’re beginning to see attitude shift a little bit within regulators but certainly not fast enough.”
Information held by the regulators could go to a lot of use within the financial marketplace. If the data was made more accessible by players in the industry, it could help to find potential security threats or identify bad actors.
Replacing legacy systems
Data was not the only area the panel felt there should be more collaboration. It was discussed that if legacy systems are to become redundant, broader industry platforms need to be available to help the small and medium sized banks evolve, otherwise, they will struggle.
Legacy systems are often brought up as one of the biggest burdens and challenges for traditional financial institutions. Conversations about adopting new technology or making full use of data are often plagued with talk on these outdated systems holding them back from reaching their full potential.
RegTech has become a massive part of the FinTech sector, and while it may still be behind areas like payments, lending and banking, there is a lot of attention been put on to it. Just taking a look at the growth in venture capital can show you how quickly RegTech is becoming a priority for the financial market. Between 2014 and 2018, there has been a total of $9.5bn invested into the sector, spread across 755 deals, RegTech Analyst data shows. Of this capital, $4.4bn had been deployed in 2018, alone and represented a 240 per cent increase on 2017. Showing last year was not a fluke, the first three months of 2019 witnessed $1.3bn invested.
This just highlights how popular the space is and how many solutions there are for financial institutions to choose from. Notion Capital’s Itxaso Del Palacio Aguirre, who chaired the discussion, asked fellow speakers how they filter through the saturated market for the right technologies and companies to use.
Wolfsberg Group co-chair John Cusack referred to when he worked at Standard Chartered and had been given a task to enhance the legacy systems. The time to completion was two years late and too much money was spent on trying to achieve it. One thing that would have made life easier would be if there were industry platforms available for large banks and smaller ones. What Cusack would like to see is that instead of everyone focusing on what company is offering the best solution, there is an industry wide platform that can just be implemented to replace legacy systems.
Incorporating AI technology at a large financial institution encumbered with legacy systems is tough but can be done, with a lot of difficulty and cost. What Cusack is worried by is for smaller sized banks, as it’s much tougher on them. Implementing a generic industry platform would ease this. To achieve this, it would require banks come together and help build it. It might seem odd for a bank to use the same technology stack, but an example given was transaction screening. This is done around six times with everyone uses similar technology, standards and datasets, which is not efficient. So why not make it the same?
Cusack said, “We’ve got to build these things, rather than everybody trying to build their own and pretending they’re better than everybody else because they’re not. We’ve got to join together, work and build these platforms for the real activities – the bigger activities that we do. More bespoke solutions should absolutely be used still, but actually these need to be available more broadly. There is a growing sense of coming together, both from public and private sectors due to affordability challenges but also skill set challenges are scarce and getting more difficult. So, we’ve got to build some of these things, and I see the next five years as being part of that journey.”
This idea of collaboration was not met with support from all panellists. KYC Global’s Stephen Platt liked the idea but is sceptical of anything like that coming to fruition.
He said, “I think in a free market system all the players in that system recognise that the way in which they manage risk is a way of gaining competitive advantage. We only need to look at the fine levels that have been imposed on institutions, that have been getting this wrong despite the enormous investment that they’ve been making in systems, to see that it can have a material impact on the financial well-being of a business.
“Now, the idea that all of those market participants or many of those market participants may join together to adopt some sort of common approach through the utilisation of unified platforms, thereby removing what some would regard as a competitive advantage in getting this right, I’m a little bit sceptical about that. It’s because a lot of organisations do seek to gain an advantage through this arbitrage.”
While it could be a tough time trying to persuade banks to collaborate to create unified platforms, there are other ways banks could begin to work together. Regulations such as PSD2 are fostering this idea of a financial ecosystem that interacts with one another to provide better services for everyone. Although, the one thing a lot of players in the market would like to see, especially anti-fraud, AML, and cybersecurity teams, is the sharing of data.
GDPR has put a setback on the sharing of data, with a lot more parameters in place. Other countries around the world are exploring similar types of data protection regulations. Sharing data between banks could go a long way at improving financial institutions’ ability in fighting fraud as they can disclose types of attacks, bad actors or even identify suspicious trends across several bank types. Collaboration is going to be tough to foster and the regulators are a crucial aspect of making it happen.
RDC’s Jeff Sidell said, “I don’t have the silver bullet that will get every financial institution or even some of them, to collaborate immediately and openly. But what I do see happening is that we’re beginning to nip away at the edges with the help of regulators. The regulators want to know, not that you’re going to make your customers make their supervisory institutions compliant but that you are part of the conversation and that you’re facilitating a conversation among regulated entities. That goes a long way towards facilitating the collaboration, I wouldn’t say sharing information, it’s sharing the analytics that are based on a pool of information. If you start saying sharing information among banks it doesn’t go very far, controlled sharing of analytics however is a much more palatable saying.”
The onerous is not solely on the regulators, all players in the market need to be working towards building an environment where collaboration is not strange but a normal part of the market.
Santander UK’s Shilpa Arora said, “It’s not just the collaboration across banks, it’s collaboration with the law enforcement as well which kind of takes us that one step forward. I mean ultimately what are we trying to do here though all this, be it regulation or be it just the right thing to do. Then that is closing on criminals and how do we achieve that so better SAR reporting, and updated SAR regimes, that is the way forward right, irrespective of competitive advantage, that’s what each one of us is also trying to do.”
Copyright © 2018 RegTech Analyst