Regulatory adherence in financial institutions

Is it really too hard to handle?

Regulatory adherence is an always-returning phantom in every financial institution’s board room. The symptoms are well-recognized; regulatory change projects with huge overruns, challenging remediation projects, painful supervisory investigations — all causing the headache of huge operating costs and substantial reputational damage, diverting the firm’s attention away from its real goals. With an ever-growing regulatory pressure, the question stands: where will this end?

From many years of working in the domain of financial regulations — from the perspective of regulator, advisor, and auditor — we learned that there is a strong demand to be able to better handle rules and regulations. Thus, Fimantic was conceived, with the goal of providing institutions a structurally different, more digital, approach towards handling regulations.

Why are regulations such a big challenge in the financial services industry?

Providing products and services in a highly regulated market like the financial services industry means having to deal with a serious complicating factor. Over the last decades, the industry has become more and more shackled by regulations. Those regulations are made, no doubt, with good intentions for improving the stability and fairness of the financial system, and the wider economy. However, for financial institutions (FI), shouldering the burden of achieving and maintaining regulatory adherence is becoming more and more problematic. The result is a growth in non-adherence and an increase in operating costs.

Nowadays, regulatory processes take up a significant part of an institution’s operations, where regulatory change and adherence topics have become a central topic in day-to-day business. This regulatory adherence challenge is mostly caused by the complexity and scale of the trio of (1) rules and regulations against (2) the complexity and scale involved in financial products, and (3) the services and the large number of complex systems and processes that institutions utilize.

As an example, the set of MIFID 2 regulations already contains about 5 million paragraphs of rules which, in any FI, will need to be applied to numerous products and services across multiple business lines, through several systems and processes.

Making sure your firm is compliant with all those rules and regulations is therefore a tedious task, as rules, products or business lines can easily be overlooked. With all this scale and complexity, how can institutions organize themselves for effectively staying up-to-date — processing changes in rules and regulations, interpreting and translating rules to their business, designing and implementing product changes, policies and processes — in order to adhere? Note that all these challenges do not relate to the ongoing operation of compliance or regulatory processes, such as client monitoring, transaction reporting and transaction monitoring.

On a frequent basis, internal and external parties request information on how the institution adheres to a certain regulation. It brings up the question of how to make sure that the firm is complying to the rules and regulations that apply to the products and services that are being offered.

Information challenge, not a processing challenge

Our first attempt to tackle the challenge involved looking at how to further automate the regulatory change and control processes. Better alignment between stakeholders and a smoother regulatory implementation process seemed to be the best starting point.

We started to define the steps in the process. However, while designing that process, we realized that many systems were putting their focus on streamlining the process, and we questioned ourselves why we would be better fit to design the right process. Then, while analyzing the typical process, we found that a more fundamental element was missing.

When designing the process steps, we learned that the core of the challenge could not be resolved by more powerful or better-defined computer processing alone. We realized that even the best technology would only ensure that poor processes would be done with greater efficiency.  

Instead, we felt that the problem starts with an information challenge. We needed to better define what is the end-state set of information needed to evidence regulatory adherence. So, we decided that our actual challenge at hand revolved around what information needed to be captured, how that information needed to be structured, and how it could be explored for analyses. We needed to focus on the data model. Only then would we bring in the processes that facilitate the gathering and handling of that information.

Rules and regulations are semantic graphs

We studied the complexity of legislative content in the financial domain, and found that the best way to encode the information was in a graph structure. This is not unlike the data models used in social networks and large knowledge retrieval products such as Google’s Knowledge Graph (aptly named). The ability to reason and infer new information from an interconnected web of linked data gives a knowledge graph certain “semantic” artificial intelligence (AI) capabilities, based on a structured way of capturing the connections (or meaning) between different domain concepts.

Of course, we had to devise a unified model along with a methodology, that would work in harmony with all the features necessary for regulatory adherence and compliance management. We needed to find away to connect rules to products and implementations, in such a way as to enable easy recording and exploration of the information. We wanted to find an equilibrium without being bogged down by even more technology. Together with linked open data (LOD), the result is Fimantic’s regulatory knowledge graph (RKG) application.

The Fimantic methodology

By intensively analyzing the process of regulatory implementations and adherence testing, we have come up with a regulatory adherence knowledge model that is applicable to any financial regulation.

With our regulatory data model as a foundation, Fimantic offers a software-as-a-service (SaaS) application through which institutions can document, in a structured manner, (1) how rules have been interpreted and translated to each product and service in their business, (2) what is done to adhere to the rules, and (3) what checks and balances have been put in place. All this involves capturing the relevant connections in a knowledge base, which our logical reasoning engine exploits to pose critical questions of adherence or compliance.

Once it is clear what information is required, the process steps can be logically derived from the (information that is needed in the) data model. The process of building the necessary knowledge involves three main steps. 

Firstly, we pick the rules that are applicable based on your business and the activities. We do so by listing the facts that determine whether a rule is applicable. Secondly, for each applicable rule we express what the regulation is expecting. We ask to document the evidence. And as a third step, we point out what is needed to make sure the implementation is matching the scope. Now Fimantic can process the information and reason how regulatory adherence is achieved.

Fimantic makes regulatory compliance manageable

With Fimantic, institutions are provided with a structured framework to support them in the collection and analyses of all information needed to evidence regulatory adherence. We also provide the infrastructure to populate that framework with information as well as explore the information in the framework for analyses. Users only provide data they have at a granularity level they are comfortable with, and the system does its best.

Fimantic provides a modern, cloud-native web application through which institutions can coordinate their regulatory projects, by distributing specific actions and consolidating the information into a single overview. They can generate a report to describe whether and how they adhere, and where there are gaps. Answering regulatory questions becomes easy, because all the information is available in one place.

Now, institutions can be assured that they will be able to explain how all their products and services are adhering to all rules and regulations. And where there are gaps, they can distribute clear (and specific) actions throughout their organization to directly interpret, implement and control.

Want to know more? Contact us to discuss how we can help you structure your regulatory adherence knowledge