Founded in 1991, India-headquartered HCL Technologies is a global technology company that helps enterprises reimagine their businesses for the digital age. The company specializes in key areas, including digital, IoT, cloud, automation, cybersecurity, and analytics, amongst others. With the company increasingly having a presence in the RegTech space, how does it see the sector changing?
How is RegTech changing compliance?
According to Daryl Wilkinson – Senior Executive, Strategic Initiatives, Financial Services UK&I at HCL Technologies, “I think you can look at this through two lenses. First, there appears to be a consensus that the global RegTech market is expected to achieve $30bn by 2027 – so that alone is changing the compliance market –new investment is disrupting incumbent models and is changing the way regulators engage with businesses.
The second lens is cost; financial services rely heavily on legacy technology – RegTech’s nature is to find that niche to solve those problems at a much lower cost than the banks and insurers might otherwise do themselves.”
Wilkinson noted that with a maturing RegTech market, there are increasing use cases across areas like onboarding, as well as the more traditional regulatory requirements of reporting and risk & compliance management. He added, “RegTech is, for want of a better phrase, a cheat code for some of these businesses to do things more efficiently and effectively because it is agile by nature.”
Real-time insights
Today’s regulators demand more stringent controls from enterprises to stay within tolerance levels to meet business deadlines and regulations. Balancing speed and risk to detect and remediate compliance violations proactively is vital.
Organizations need to identify and measure the key controls cutting across their entire geographical and functional landscape to understand the status of the business.
Ian Philips – Global Head of Business Development for HCL Technologies’ DRYiCE iControl – detailed, “Your business process defines the key steps in how your business operates. This can be quite complicated and has many interconnectivity points. Each business process step can be made up of several functional steps e.g., manual authorisation or automated checks which make up the delivery for an end product to the customer. These steps are delivered by people and technology, and multiple products can flow through various parts of the business process throughout the day. Typically, teams are aligned vertically, so they only have insights into their parts of the critical chain of events.
However, to be successful, you need to be able to see the complete end-to-end process so that you can prepare for risks and ensure seamless compliance.”
Philips summarised, “It is essential for organizations to understand in real-time if their business is working or not, so that they can understand the ripple effect across the different process steps or the effect on the chain of events to get ahead and solve the problems at the root cause before the client is affected.
For example, in banks, are trades completing or payments being made to clients in time, or are orders going out the door? Otherwise, not only will you be in breach of the regulation, but you will also lose clients or shareholder value. You need to view regulatory compliance as an ally to help protect your business and help protect the shareholder value.”
Challenges in joining technical and business operations
What are the biggest challenges firms face when trying to join technical and business operations together to understand control breaches? In the opinion of Philips, the key reason companies face challenges in this area is in the way organizations approach this problem.
“Companies generally get stuck in long and costly analysis phases, spending much time trying to figure out where to start and how best to attack the problem. Simplicity is the key. We should remember that within an organisation, there are quite a few different personas involved looking at the data through different lenses to make decisions. CXOs, to CEOs, and CTOs – they all have their own determining ways of success within their business areas. Typically, they will create custom-made dashboard for each of the different business areas.
These custom-made views are very expensive to maintain, and there is no straightforward way to ensure each area is translating the business compliance to the underlying IT data correctly or uniformly. It also does not help that your technical teams don’t understand the regulation, as they don’t interact with the end customer or the regulator. So, how can we expect them to just understand the translation – and a lot of the data that they need is not available in a single-point solution?
These different views with different data types coming in at various times lead to a lack of trust and understanding of the controls with the right context – this affects the ability of a business leader to mitigate the risks within a timely manner if there is a compliance violation.”
Philips added that he believes DRYiCE iControl provides the essential anchor, based on the business process flow with the associated controls. And allowing for the connectivity of the different custom views. iControl’s ‘control tower perspective’ enables users to see impacted controls linked in context to the respective business process flows.
Compliance trends
In an ever-increasing digital world, ensuring you have strong and stable compliance practices is becoming more important than ever. What are the key compliance trends to look out for going forward?
Wilkinson commented, “The first key trend is for businesses to evidence their ESG agenda in a more objective way – otherwise, this remains an aspirational activity within firms and could lead them to be accused of lip service. Being able to observe what is happening in your business and respond to events is going to be especially important when you relate that back to the ESG commitments that firm has made.”
He also cited that data privacy and data management –particularly around the areas of collection, storage, and use of data – has been a trend for many years, and we have not quite solved that yet. In addition, he explained that the industry has observations within firms’ processes to show when there might be breaches and which ones they need to respond to is a key trend.
Wilkinson continued, “We also have cloud resilience – particularly as it pertains to concentration risk. The FCA have recently gone on record to say that they are beginning to see cloud providers as critical third parties, and they may need to have oversight of such providers themselves.”
The final trend – but no less important – is the working from home shift and its impact on compliance. The working from home trend has led to new compliance challenges, Wilkinson claims, particularly in roles where client data and client funds are accessed and managed by third parties.
He added, “The controls and observability for those processes should not be taken for granted because what worked in an office is much harder to execute with the same robustness when you have a distributed workforce.”
On the micro level, there is also considerable focus on regulation. Wilkinson believes a focus will remain on operational resilience – in the sense of the ability for firms to evidence that they have plans in place to prevent, adapt, respond, recover, and learn from operational disruption. Secondly, cost and charges disclosure regulations are important due to MiFID II mandated requirements for disclosing costs and charges. He remarked, “Firms should have understood how they collect and consolidate that data for the products and services they sell and will need to have the observational tools and dashboards in place to ensure compliance.”
Role of AI/ML in RegTech
One of the biggest changemakers of recent decades has been the rise of technologies such as AI, machine learning, and natural language processing. Ripping across a vast plethora of industries, the technology is starting to completely take root. How are these technologies changing RegTech?
Philips said, “AI, ML, and NLP can all add to an improvement in the efficiency and regulatory compliance functions. People often interlink or confuse AI, ML, and NLP in several different instances, it is important to note that each technology have their own use case. We see huge potential in all these technologies; they can vastly improve optimal efficiency and prevent regulatory and compliance issues in complicated scenarios.”
If we just focus on AI – which is a big buzzword – Artificial Intelligence (AI) has the ability to reduce human effort and simplify the compliance process to increases productivity.
Philips, the Global Head of Business Development, gave an example of where AI assists within the AML regulation, which often requires huge teams within institutions to monitor and report on suspicious behaviour or suspicious transactions within set timeframes. Improvements realised from 30 minutes to < 3 seconds with decision accuracy ~ 99%.
He added, “We know that there are lots of point monitoring technologies being used to detect potential illicit behaviour. They all generate large volumes of alerts. However, each alert, as prescribed by the regulation, needs to be investigated and reviewed by a financial analyst. This is time-consuming and very costly.”
Organizations can only deploy a finite number of people. This is where AI can help. Philips said, “HCL works with companies that develop AI digital twins – these are replicable models of human experts – that can replicate the decisions of an AML analyst in all different circumstances. We now rely on AI to be able to understand and learn from the experts and then to be able to apply the same decision. This technology will continue to grow and can work 24 hours a day and 365 days a year. Today they are deployed as the first line of defence so that your workforce can concentrate on those complicated or major outlier issues.”
Pandemic impact
Prior to the pandemic, the RegTech industry was already coming on leaps and bounds. However, with the need to move online in a mass scale, the sector took on a whole new level of importance. How has the pandemic changed the industry?
In the opinion of Wilkinson, the pandemic has not changed the compliance industry in ways we wouldn’t already have expected. He said, “The need to execute the same controls and to demonstrate the same accountability – whether it is the process or your role – remains the same.
For RegTech, I think we will see many more solutions illuminated that may have been there for some time but will now be elucidated in the context of hybrid working and the need for those controls to be managed in the new environment. No one I speak to suggests we will go back to the way things used to be – working five days a week, on trains into major cities, etc. So, I think that is the change in the broadest sense everyone accepts.”
Wilkinson added that he believes the RegTech industry will see more consolidation and will also see some firms failing – with some of the large banks and insurers likely buying these firms to solve their problems.
A key feature of the pandemic was the inability for businesses the world over to operate as usual – with the restrictions on face-to-face interactions and the inability to work from the office, the topics such as automation started to become ever more necessary.
Philips remarked, “I think the pandemic has accelerated the need for automation on the RegTech control side. The days when you could sit in an office, and all get together for reconciliation at the end of the day is over – now you have got to do it over MS Teams. People are now just looking for every opportunity possible to be able to automate.
Working from home has also made people think about how compliance is deployed across an organization. There is a whole new bunch of rules you have got to put in place, as well as people now working on unsecure networks. So, I think the need for what we call the observable view of the world that can be shared dynamically across different teams is shooting through the roof at the moment.”
Way Forward
Going forward, Philips and Wilkinson claim, they are focused on helping clients observing ‘more of the unknown unknowns’ by joining up technology and business views using automation technologies.
Philips added, “We are building domain packs, which provide out of the box process flow with the associated control for different industry verticals. This accelerates the discover journey for customer to achieve the end-to-end view of the business processes.”
He added that, “HCL Technologies has many ‘strategic partnerships in place’ as an example with companies such as Google. iControl is leveraging the BigQuery product, allowing our clients to be able to combine key controls with large data sets in real-time, enabling faster decision making. We are continually evolving our DRYiCE products to align with the changing technologies to better serve our client’s businesses.”
Copyright © 2022 RegTech Analyst
Copyright © 2018 RegTech Analyst