Transforming Compliance & Supervision: Role of RegTech and SupTech in Financial System

Background

The headline on June 8, 2021 reads — “Bank of India slips after RBI imposes a monetary penalty for non-compliance”. Bank of India, a large Public Sector Bank’s share price fell 1.36% after the news rolled out that it is being fined ₹4 crores for non-compliance with KYC/Anti-Money laundering circulars of the central bank.

In the recent past, such instances have become more common. India’s leading banks, NBFCs have paid their share of penalties ranging from a few lakhs to ₹10 crores for non-compliance in the recent past. The nation’s regulatory body has not shied away from penalizing the financial institutions for failing to comply with the regulations. Between FY 2014–21, India’s Financial Institutions(FI) have paid over ₹400 Crores in penalties imposed by the central bank.

Monetary Penalties imposed on SCBs for regulatory non-compliances (FY 2014–2022*, till Jun 2021), Source: RBI

This situation is not just specific to India, central banks across the world have strengthened their grip post-2008 by introducing new regulations and strict enforcement through penalties. Globally, it is estimated that over $46.6 billion fines have been levied on FIs since 2008 for regulatory non-compliance regarding Anti-Money Laundering/ KYC norms. The absolute number of regulations are also on the rise and are becoming increasingly costly to comply with. FIs are estimated to spend $180 billion for compliance, despite this they are being penalized repeatedly which is increasing the cost and putting their reputation at stake.

The question arises — are these regulations too overbearing? Central Banks think otherwise, money laundering for illegal activities has become complex with severe consequences. It is estimated that over $2.45 trillion of illicit cash flows occur through the current global financial ecosystem annually, with many of them linked to the drug trade, human trafficking, and terrorism. The cost of compliance and penalties appear minuscule when looked at in perspective. Indian Banks have another looming problem in the form of loan fraud. Over the last few years, with increased supervision from the central bank, the value of bank frauds declared has grown exponentially, from ₹10 thousand crores in 2014 to a staggering ₹1.8 Lakh crore in 2020. What’s more concerning than this is the lag for detection which is 2 years on average, and 5 years for frauds greater than ₹100 crores.

Value of Bank Frauds declared (Source: RBI)

Challenges and Opportunities

It is imperative to understand the challenges faced by FIs in regulatory compliance before looking at the solution. FIs navigate through a complex and dynamic ecosystem of multiple stakeholders with varied motives. This poses a severe challenge in balancing the expectations. While overwhelming regulations and processes can hamper the customer experience and growth, sub-standard regulations can pose long-term issues like depleting asset quality.

For FIs, the inherited system has several structural issues in itself. The siloed nature of front and back offices led to increased communication and information flow barriers. Being a human-intensive job, compliance has been a pure cost function that adds no direct value to the business. This has led to a check-box attitude among banks with compliance at least cost motive. On the external front, increasing regulations, new forms of financial partners like wallets, neo-banks, and new forms of regulations like data privacy and cybersecurity are posing a severe challenge for the legacy systems.

On the other hand, supervision is becoming a herculean task for the regulators. Grassroots level issues like non-standard reporting procedures, paper-based (non-machine readable) practices, awareness, the complexity of regulations are hindering quality data collection and readability. Novel ways of financial interactions like UPI, wallets, app-based lending are generated massive volumes of sensitive data, whose collection and analysis is a burden on the legacy systems. FIs walk on a fine line while supervising their customers without impeding privacy and maintaining customer satisfaction. Lack of integration of systems, human-reliant detection systems, skill deficiency in data analysis is some of the challenges plaguing the industry.

Technology at core

Technology has seemingly transformed our way of life and disrupted every known element. Can it be used to solve this problem? Maybe.

Regulation Technology (RegTech) and Supervision Technology (SupTech) are the branches of FinTech that aim to bring disruption in the Compliance and Regulations field. Broadly, RegTech is defined as the applications which automate the compliance processes, lowering the cost of compliance and thereby improving the efficiency and effectiveness of the system. SupTech is defined as the applications which streamline data handling, monitoring, and surveillance. A version of these applications, while existed for a long-time, have gained prominence once again with the emergence of new possibilities unlocked by Artificial Intelligence/Machine Learning, Big Data Analytics, and Cloud computing. Advancements in Natural Language Processing (NLP) have made reading and converting information machine-readable much easier. The rapid increase in computing efficiency during the past decade has enabled us to analyze large data sets and identify non-conforming patterns. These patterns highlight potential illicit activities which can be further investigated. Overall, the purpose of these technology solutions is to build an inclusive, cost-effective, and resilient financial system. Several established firms like TCS, IBM, Accenture, and startups like compliance.ai, aidatech.io, etc., are working in this space with different models and approaches. Some notable cases are

Transformation of Unicredit, a European financial services firm tasked with the objective of reducing losses by improving processes and control flows. Compliance process flow typically involves gathering information from multiple sources, usually on spreadsheets, and perform risk assessment, this transformation involved automation of these reporting practices and simplifying the tracking through dashboards. This resulted in a 33% reduction in staff resources, improved data quality, and accuracy of reporting.

On the other hand, central banks are improving the infrastructure for regulated entities to adopt newer technologies gracefully. One example is the modernization of reporting practices at the National Bank of Rwanda. The regulator has developed a nationwide reporting platform and standardized data collection practices. Financial institutions are required to report necessary data in the specified format every 24 hours, which is securely stored in a data lake. The regulator can pull the data as per the need basis for further analysis. This transformation resulted in a higher quality of compliance which ultimately impacted policymaking for the country.

The potential for such systems is immense. Real-time monitoring and advanced pattern analysis mean fewer financial crimes go undetected. These technologies also cut the time to detect which results in institutions saving face and loss.

Risks and Challenges

Financial institutions are the backbone of any economy, handling the most critical information, processes and data flow. Disrupting such an important ecosystem has severe consequences. In addition to being incredibly expensive, the adoption of RegTech and SupTech poses several fundamental risks and challenges.

Challenges that are currently faced by the industry are — Data reporting practices vary widely among the financial institutions and getting all of them on standard format is long-haul. Several of them are wary of the security and confidentiality of the cloud strategy and are reluctant to adopt such practices.

Increased dependency on cloud services providers will pose a concentration risk to sensitive customer data. Adoption of technology to automate processes will result in the redeployment of certain staff positions. It is expensive and sometimes not possible to reskill all the affected individuals. The skill gap in data analysis might lead to a talent crunch and delaying the transformation. Institutions with deeper pockets are at an advantage in adopting technology, which might lead to regulatory arbitrage exploitation. These practices will further increase the entry barriers and create a digital divide among the financial institutions. Moreover, increased findings and reporting of illicit transactions will have a severe impact on the reputation of the institution, so is it really beneficial to dig up the skeletons?

Conclusion

As financial institutions are mingled in such deliberations, central banks are taking charge to adopt SupTech in their ecosystems. Several of the European regulators are at different stages of developing technologies for several of their functions like reporting, monitoring, validation, visualization, AML tracking, fraud monitoring, etc. Reserve Bank of India was recently commissioned to develop Centralised Information and Management System (CIMS) which functions as a platform for collecting, monitoring, and analyzing data from its regulated entities. It has also deployed and operating Import/Export Data Processing and Monitoring System (IEDPMS/ EDPMS), Central Repository of Information on Large Credits (CRILC) applications in their respective fields.

It is interesting to see how this space develops shapes the future of banking. Will this put an end to financial frauds and save billions of taxpayers’ money or financial crimes become far more sophisticated? A bit of this, and a bit of that!

(Disclaimer: The author is a Business Consultant in Banking, Financial Services, and Insurance domain at Tata Consultancy Services Ltd.)

References

1. Title image is licensed under CC. (https://www.piqsels.com/)
2. Business Standard, July 8, 2021. (https://www.business-standard.com/article/news-cm/bank-of-india-slips-after-rbi-imposes-monetary-penalty-for-non-compliance-121060800234_1.html)
3. Reserve Bank of India Annual Reports FY2014–19
4. Fines Report 2020, Fenergo. (https://www.fenergo.com/fines-report-2020/)
5. Global Cost of Compliance, LexisNexis Risk Solutions. (https://risk.lexisnexis.com/global/en/insights-resources/research/true-cost-of-financial-crime-compliance-study-global-report)
6. Case Study: HypoVereinsbank, Member of UniCredit (https://www.ibm.com/case-studies/hypovereinsbank)
7. FSI Insights 2018 (https://www.bis.org/fsi/publ/insights8.htm)