In financial institutions the use of models which can be interpreted and verified by auditors, examiners, and regulators is an absolute necessity. The application of this model in a black box manner would not reduce but rather increase the number of false positives or miss actual suspicious activities, false negatives.
Compliance and regulatory (CoRe) risk has become one of the greatest challenges for financial institution executives and boards of directors. There are a growing number of overarching risks in today’s financial services environment: globalization and its impact on political, economic and operations processes; financial practices with significant built-in risk, such as sophisticated, just-in-time treasury and cash management; online banking and the risk of exposing customer information and accounts to unauthorized parties; risks created by outsourcing selected functions and tasks to third and fourth parties; and more.
Looked at in isolation, a regulation is a relatively simple affair, a legal document containing text that describes what needs to be done, by whom, when, and (sometimes) how. With some understanding of the underlying topic, a compliance officer can read the document; understand what is mandated and where it will affect his or her part of the organization.Then he or she can determine what is required in order to ensure compliance, what is required and how to demonstrate that compliance is met, not only to his management but also to the regulator. Of course things just aren’t that simple, this approach doesn’t scale easily and yet the scale and scope both of regulations and of the businesses of firms themselves continues to grow apace. In the real world, firms struggle to understand what legal and regulatory requirements they face everywhere they do business. Inevitably, they struggle to ensure compliance everywhere and are unable to demonstrate it to management and regulators, resulting in compliance failures, regulatory fines and, increasingly, personal legal sanctions for their management.
The problem is that, for each legal or regulatory text, someone has to read it, analyze it, understand the impact on their organization, and then undertake and manage whatever actions are needed to ensure compliance. This task is multiplied for each regulation issued by each regulator, in each jurisdiction and for every line of business. As markets, and ultimately firms, are evolving, they can end up having to comply with thousands of regulations from dozens of regulators. Even if this mammoth task is achieved that is not the end of it: Regulations change, their interpretation changes, and of course the firm itself changes. Firms have to keep up with all of this change. A medium-sized firm may have to scan hundreds of updates every week, identifying which ones affect regulations that contain requirements that affect them and then deciding what, if any, action is required in order to ensure continuing compliance. And the broader the business and product offering, the more complex the regulatory landscape they have to adhere to, becomes.This is a process that cries out for automation but both the regulations and the updates to them are in the form of unstructured documents that have to be read, interpreted and contextualized by skilled and experienced staff.