Governance - A-Team https://a-teaminsight.com/category/governance/ Tue, 09 Jul 2024 12:50:26 +0000 en-GB hourly 1 https://wordpress.org/?v=6.5.5 https://a-teaminsight.com/app/uploads/2018/08/favicon.png Governance - A-Team https://a-teaminsight.com/category/governance/ 32 32 Managing Cognitive Dissonance in Regulatory Compliance with Corlytics https://a-teaminsight.com/blog/managing-cognitive-dissonance-in-regulatory-compliance-with-corlytics/?brand=rti Tue, 09 Jul 2024 12:50:26 +0000 https://a-teaminsight.com/?p=69165 This past 18 months has been a time of significant growth for RegTech consolidator Corlytics. RegTech Insight recently spoke with founder and CEO John Byrne to delve into the Corlytics backstory and learn more about the company’s development. Corlytics is Byrne’s fourth company. He describes how, after the 2018 financial crisis, experiences at his prior...

The post Managing Cognitive Dissonance in Regulatory Compliance with Corlytics appeared first on A-Team.

]]>
This past 18 months has been a time of significant growth for RegTech consolidator Corlytics. RegTech Insight recently spoke with founder and CEO John Byrne to delve into the Corlytics backstory and learn more about the company’s development.

Corlytics is Byrne’s fourth company. He describes how, after the 2018 financial crisis, experiences at his prior company shaped the insights and innovation that would become Corlytics.

“If you look back at the early 2000s, banking was about the P&L but after 2008, banking and the capital markets became about the balance sheet and risk. Compliance and operations practitioners were seeing risk in lots of different places that they’d never seen before.”

This shift in the perception of critical success factors revealed the importance of understanding and managing the settlement risks of complex financial instruments. Regulators globally began looking deeper into the activities of banks and financial service companies, particularly those considered to be systemically important financial institutions (SIFIs).

With an extensive background in fund accounting and post-trade operations, Byrne recognised a growing gap between the understanding of how regulations should be interpreted versus their operational implementation, and a new venture was conceived.

Corlytics launched in late 2013 and Byrne’s aim was to bridge that gap by treating regulation as a class of risk requiring careful management. By risk-ranking regulations and updates into a clear set of obligations, firms could use this to shape and maintain policies that reflect the latest regulatory expectations.

Cognitive Dissonance

Byrne describes the emergence of a “cognitive dissonance” in the financial sector, where “the lawyers could understand the regulation but couldn’t implement them, and the people implementing the regulations didn’t fully understand them and the resulting exposures.”

To address this, Corlytics adopted an alternative approach to regulatory compliance. As Byrne explains “I wanted to look at regulation as a class of risk, rather than just something that had to be done. In many parts of banking and post trade, people take a risk-based approach to credit risk, market risk and counterparty risk. And I felt we should take a risk-based approach to legal and regulatory risk, hence the name Corlytics (compliance risk analytics).”

Corlytics’ foundation was also rooted in Byrne’s desire to combine expertise from different fields, and, like his previous company, he chose to start Corlytics in a university setting, as a campus-based company. This setting fostered an interdisciplinary collaboration with PhDs in law and data science, aimed at building a robust business capable of tackling the complexities of modern regulatory compliance.

Byrne’s previous experience in operationalizing various aspects of banking and post-trade processes, such as fund accounting and corporate actions, provided a strong basis for Corlytics’ mission. In his words, “I wanted to bridge the knowing-doing loop, ensuring that regulations weren’t just understood but effectively implemented.”

Growth Strategy

Last year the company acquired regulatory lifecycle platform ING Sparq and policy management platform Clausematch. Earlier this year, specialist growth investor Verdane took a majority equity stake in the company and has committed to accelerating both organic growth and M&A.

In May the company acquired a RegTech platform from Deloitte UK adding considerable breadth and domain expertise to further Corlytics’ capabilities, from interpreting regulatory change, to mapping and validating policies and implementing controls.,

Corlytics has established strong relationships with 12 of the top 50 SIFIs. Corlytics has also established a strong presence with non-bank payment processors. Byrne points out that “most of the top 10 payment companies in the world are not banks, but technology companies.” These include giants like PayPal, Amazon, and Google. Corlytics has secured about 50% of the market share in this space.

Regulatory Coverage

In line with the global growth in financial markets and the evolution of novel asset classes, the numbers of regulators and regulatory authorities global firms have to deal with has grown substantially. According to Byrne, “a typical Corlytics client might have 900 regulators and regulatory authorities to deal with,” underlining the scale and complexity of the current regulatory environment.

At the same time, the scope and depth of regulatory scrutiny continues to increase. In the UK, the Financial Conduct Authority (FCA) has introduced the Senior Managers and Certification Regime (SMCR) that requires senior managers to have statements that clearly outline their regulatory responsibilities. These managers are permitted to delegate certain responsibilities to other individuals within the firm, provided they ensure that these delegations are appropriate and properly overseen?.

This is having organizational impacts as Byrne has observed, “if you look at the senior persons regime, it’s very typical now within an enterprise, not just to organize regulations by business units, but actually to start organizing regulations, policies and controls by ‘accountable executive’.”

This has huge implications on the technology, since accountable executives must now be able to demonstrate that the controls they supervise reflect the latest version of the regulations and that these are clearly defined in the latest version of their policies.

Data Science

Corlytics keeps an open mind on the adoption of new technologies but the primary criteria for selecting the latest AI and ML techniques is model accuracy. “We try to work to a level of accuracy of 99% or greater because if a firm is going to automate compliance, it needs very high levels of accuracy. Human error is about 98%, so, by setting a target above the level of human error, ensures you’re automating to a high standard” explains Byrne.

Corlytics combines extensive backtesting on historical data with regulatory subject matter expertise to validate model accuracy.

One consequence of prioritising high accuracy is the need for detailed examination of use cases, in particular when considering advanced AI techniques – GenAI and LLMs. Corlytics approach is to use Gen AI in combination with other techniques rather than just on its own. Byrne sees the value-add of these techniques as a new search technology, particularly for the higher volume, lower risk use cases e.g. ‘can I accept that gift?’, or ‘does this comply with the expense policy?’

Byrne continues “but for a more complex, high-risk use case – e.g., a swaps trader asking, ‘can I put on this trade?’ – we might use something else”

GenAI and LLMs become extremely expensive in compute and storage cost compared the traditional AI when deployed at scale. Also, there’s a growing awareness of the carbon footprint these technologies generate, and Byrne cautions to not fall into the trap of “using a sledgehammer to crack a nut.”

Regulatory Convergence

The convergence of events on the regulatory calendar and regulators adopting a big-bang approach across multiple jurisdictions is creating severe stress on global firms governance risk and compliance (GRC). In some cases, firms are being forced to consider whether it makes economic sense to remain in certain markets.

The impact of MiFID II in 2018 put the kiss of death on the stock broking business for all but the biggest players and as Byrne notes “there are no mid-sized institutional brokers anymore in London. I would say that this (regulatory convergence) is favouring the bigger incumbents, and the regulators need to be careful about creating barriers to entry which is what’s currently happening.”

Regulatory harmonization is a worthy goal but it’s hard enough getting alignment across the regulators within a single jurisdiction, let alone globally. In the meantime, it will be up to the RegTech sector to take the lead as Corlytics has demonstrated with two significant projects.

One of Corlytics’ early projects, making the FCA Handbook machine-readable, was a major step in bridging the gap between text based regulatory content and implementation by the covered entities. Corlytics created the taxonomy (a mechanism for classifying and categorising information) which is structured into sourcebooks and manuals and covering the various sectors and compliance aspects including conduct standards, prudential standards, and reporting requirements.

Byrne’s recounts his experience in creating a regulated subsidiary at his previous firm and being confronted by the original version of the handbook. “If you were to print it out on double-sided paper, it would stand about seven feet tall.”

Each section is methodically organized into modules, sub-modules, and chapters for easy navigation. The handbook’s machine-readable features include XML and JSON formats, enabling automated compliance checks and integrations with RegTech solutions. Byrne recalls, “the FCA CEO at the time describing the initiative as the democratisation of the handbook.” The project went live in 2017.

Corlytics completed a similar project at the Financial Industry Regulatory Authority (FINRA) on the FIRST Rulebook that went live in 2022. With many small firms among its members, FINRA wanted to make sure these smaller players could get value from the website recalls Bryne. “So, we created the taxonomy and redesigned all of the documents making them easy to tag and search. Both FINRA and the FCA have a competition mandate so creating a level playing field for both large and smaller firms is important.”

There are indications that other regulatory authorities are starting to embrace the idea of making their regulations machine readable, but for now, the FCA and FINRA are the thought leaders in this space and Corlytics innovation helped make that happen.

The post Managing Cognitive Dissonance in Regulatory Compliance with Corlytics appeared first on A-Team.

]]>
n-Tier – Bringing Order to Regulatory Data Chaos https://a-teaminsight.com/blog/n-tier-bringing-order-to-regulatory-data-chaos/?brand=rti Tue, 25 Jun 2024 13:04:29 +0000 https://a-teaminsight.com/?p=69023 Navigating the complex world of regulatory data management is no easy task. But the challenges posed by the need to meet the concurrent demands of many new regulations and updates to existing ones should come as no surprise. Certainly, the regulators’ stance is clear: Firms are expected to comply; no excuses. According to Peter Gargone,...

The post n-Tier – Bringing Order to Regulatory Data Chaos appeared first on A-Team.

]]>
Navigating the complex world of regulatory data management is no easy task. But the challenges posed by the need to meet the concurrent demands of many new regulations and updates to existing ones should come as no surprise. Certainly, the regulators’ stance is clear: Firms are expected to comply; no excuses.

According to Peter Gargone, Founder and CEO of n-Tier, “This situation has been coming for a really long time, and if you go back and look at the older regs from around 2008 and the Flash Crash, you will see that regulators have been ramping this up for years.”

Gargone argues that compliance with newer regulations will be challenging for firms if they don’t have in place people who truly understand the data requirements and business flows. And the concurrency of regulatory updates becomes a massive time and resource constraint for firms across the board, he says.

“The concurrency of the requirements is challenging for firms because each regulation demands very specialised skills – interpreting the regulations, sourcing and validating the data, and the technology to comply efficiently. You can’t just rely on your operational groups like T+1, which was inherently operational in nature.”

Getting Governance Right

Gargone acknowledges that regulators’ expectations are high, especially when it comes to governance processes around reporting. “There’s an ingrained expectation from regulators around what you do to ensure your reporting is correct,” says.

As a result, the checking processes and the controls firm must now have in place are no longer optional: “If you put in a reporting framework in the US and your annual exam reveals that you have failed to put controls and checks around it, you will get into trouble. Regulators expect you to demonstrate these controls and checks.”

From n-Tier’s perspective, a control framework and a comprehensive set of checks on regulatory data are fundamental requirements for delivering a complete regulatory reporting service.

“We’re not just spitting out reports,” says Gargone. “We’re focused on a holistic process that encompasses data controls and governance because it’s what the regulators now expect to see. This is lot harder than the reporting itself because you need a lot more data – 2x more in many cases. In the US, for Consolidated Audit Trail (CAT) and Customer Account Information System (CAIS), for example, you’re looking at trillions of data points a day. That’s way beyond what most firms can handle as a platform or service.”

Workflow

The complexity of regulatory requirements demands seamless workflows that can handle large volumes of data efficiently. Automated workflows integrated with regulatory reporting systems help minimise manual intervention, reduce the risk of errors, and ensure timely submissions. Gargone continues:

“We’re seeing the way firms are planning for these changes coming this December and January of next year. This has created an environment where they’re flat out; the book of work is fully booked up, and for anything new, it’s like trying to get a reservation in a three- or four-star Michelin restaurant. You might as well call back in a year.”

The n-Tier platform is designed to operate across regulatory jurisdictions and markets but “that’s not the norm” according to Gargone.

“The norm is either a specialised vendor for each segment and each reg individually or custom-built frameworks and toolkits for each reg, where everything’s a little bit different. But we’re seeing a lot of pushbacks against that.”

Gargone continues, “When you look at this from a global perspective, those variations add complexity and cost firms more money. So, we see a move to centralising data governance and reg reporting within our platform, across regs and around the world because of the flexibility we have by default. This is part of our core design and one of our strengths.”

The company has built strong regulatory team from people with deep experience at major firms. These are former practitioners that understand regulations across the different jurisdictions and markets.

Gargone continues, “This team has been very instrumental in designing enhanced frameworks for making sure the data and accuracy of the reporting are correct. Anybody could spit out a report – many of these firms can say, ‘You know, you look at this from the outside, the numbers are correct,’ and you might assume, ‘Okay, that’s going to meet this regulatory requirement’. But what exactly does that mean?

You spit a report out and send it to the regulator but that doesn’t make it right. It doesn’t mean it’s accurate. It doesn’t mean it’s complete.

Then it becomes a ‘game’ of how long it takes the regulators to figure out you haven’t fulfilled the requirement. And then how much risk has your firm acquired following a process you haven’t designed properly?

So, we see a divergence in the market between firms that say they ‘do reporting’ and firms like n-Tier that actually offer a comprehensive suite of functionality and expertise where we actually care about the data quality.”

n-Tier’s regulatory reporting and trade surveillance platforms provide comprehensive visibility and searchability across all regulatory reporting requirements, helping firms manage and monitor trade data effectively.

Regulatory Data

Data management is crucial in this environment. Firms need the ability to aggregate, validate, and reconcile data from multiple sources. Advanced data management solutions like those offered by n-Tier integrate disparate data sets, perform continuous validation, and provide comprehensive exception management capabilities. These solutions are designed to aggregate regulatory reporting data from different sources while meeting reporting obligations for validation and research, supporting reporting for regulations such as CAT, CAIS, TRACE/MSRB, and more.

“Complexity doesn’t come just from the fact that there are new and overlapping regs” continues Gargone, it also comes from the fact that the data sets the regulators are asking for today don’t normally sit together in a regulatory model in the banks.

If you look back at a brokerage workflow and the reporting from 10 years ago, it used to be much more normal that the data would come from one system and have one owner. It belonged in a business function, or a line function, and data was isolated for that line function. So, when doing some kind of risk for a line of business, they basically had all the data.”

Gargone goes on to describe what regulators are expecting to see in this new environment. “They include looking for nuances from the data where much of that data is now coming from different parts of the organisation which don’t normally talk to each other and aren’t necessarily in sync in a timely manner or what that data represents.

If you look at CAIS, regulators are looking at reference data en masse and have turned that reference data into a regulatory reporting requirement. Previously, correction processes were based on a three-day or four-day correction cycle where you could correct it when you got to it. But now it must be corrected immediately.

“If you don’t have a process around this, where data is sourced from multiple systems in inconsistent formats along with versions of it coming off the master copy, it creates a huge workflow challenge that’s even more difficult than just generating the data. It’s mind-boggling, and that’s why we built our software.”

The company started in 2000 with the core of the n-Tier platform being built as a data platform, not a regulatory platform. Today, n-Tier is a large-scale, high-volume, completely configurable engine with a no-code interface for regulatory data management.

According to Gargone, some of the most critical work, is figuring out if the data feeding the regulatory report is right or wrong in the first place – “To do that, you have to be able to compare against different sources of that data to figure out what’s right or wrong. And, even within a single record, your data points may not map directly versus another related data point coming from a different source. And you may have to compare that against three or four different sources to figure out if it’s right or wrong.”

But that’s not quite the whole story as Gargone continues “This is where human assistance is important, because once you get to the point of figuring out within the guardrail framework, is it right or wrong – it then becomes a different question – ‘What is right in this context? Are they the same? If they’re not the same, are they the right values? Where did it break down?’ The exciting part about this is having the data at scale to do the integrity checking in one place, along with a tech stack that can actually get through that volume of data. This framework is very hard to build out, and that’s where we’re at now.”

Emerging Technologies

Solutions such as advanced analytics, machine learning, and AI can help identify patterns, predict compliance risks, and automate regulatory reporting processes. n-Tier’s platform, with its no-code environment, allows practitioners to configure datasets and data controls easily, ensuring that processes remain adaptable to evolving requirements. This flexibility and scalability are vital for maintaining compliance in a dynamic regulatory environment.

Gargone is cautiously optimistic about emerging technologies like Generative AI (GenAI) making a difference in regulatory data and reporting. For example, on regulatory horizon scanning, “That’s great if you can get the regulations machine-readable, but how far will that get you? I know some firms do the aggregation, but the terminology for risk data is vastly different.”

Gargone stresses the importance of context throughout the validation process where things that sound the same aften mean different things across markets. “You need everything to be taken in context, and that insight is something our staff have built up over their careers in this industry.”

n-Tier is beginning to leverage these technologies in correction frameworks and similar repetitive tasks. “I think as we progress through this and get more into next-gen stuff, which we’re looking at different variations of, I think the value prop for that becomes better and better.”

Closing Takeaways

Given the current state of the industry and n-Tier’s depth of experience, we asked Gargone for his top three messages for the Compliance community:

“Top of the house is don’t underestimate the regulator’s ability to focus on and find problems in your systems and processes. Moreover, they’re going to continue getting better at this. Because if you take a lackadaisical approach to it and you think, ‘They’re not going to know if your data reporting is inaccurate,’ you’re just playing with fire.”

Gargone reminds us that regulators are focussing heavily on internal controls and come with expertise and tools and they will uncover discrepancies in data and in process – “So, that’s our top line. If I were looking at it from the practitioner side, I wouldn’t feel comfortable until that was taken care of.”

The next consideration are the controls themselves and the need for a holistic approach across the jurisdictions with different structures in place to make sure there’s some independence in the software and the processes (e.g. maker/checker) around those controls versus where the actual data flow processes live. Gargone makes clear that “a single framework with some built-in checks from the same people that did the reporting is not a good idea.”

Gargone’s final take-way is “You have to pick a good partner. We see a lot of ‘try and build yourself’ at this point, but it’s very hard. There’s a stack of functionality, which has taken us a very long time to build.

You should look for a good partner and you should look for something that’s flexible enough where you’re not going to have 50 solutions. The fewer solutions and the more common processes you can have as a firm, the better you’re going to be at implementing standards and controls to make sure you don’t make mistakes.

You really need a solid partner – someone who fully understands the requirements, knows the regs. And that’s where we sit.”

The post n-Tier – Bringing Order to Regulatory Data Chaos appeared first on A-Team.

]]>
ESMA Good Practices Statement Hides a Warning on Pre-Close Calls https://a-teaminsight.com/blog/esma-good-practices-statement-hides-a-warning-on-pre-close-calls/?brand=rti Mon, 10 Jun 2024 20:35:38 +0000 https://a-teaminsight.com/?p=68802 ESMA recently published a statement titled Good practices in relation to pre-close calls. The statement was prompted by media reports and verification by National Competent Authorities (NCAs) of a link between pre-close calls between issuers and analysts and subsequent volatility, in some cases raising suspicion about possible unlawful disclosure of inside information. It should be...

The post ESMA Good Practices Statement Hides a Warning on Pre-Close Calls appeared first on A-Team.

]]>
ESMA recently published a statement titled Good practices in relation to pre-close calls. The statement was prompted by media reports and verification by National Competent Authorities (NCAs) of a link between pre-close calls between issuers and analysts and subsequent volatility, in some cases raising suspicion about possible unlawful disclosure of inside information.

It should be noted that subsequent investigations of these apparent links didn’t reveal any violation of the Market Abuse Regulation (MAR).

“Pre-close calls” are communication sessions between an issuer and an analyst or group of analysts who generate research, forecasts, and recommendations related to the issuer’s financial instruments for their clients.

These “pre-close calls” usually take place immediately before the black-out periods preceding an interim or a year-end financial report during which issuers refrain from providing any additional information or updates.

The purpose of the ESMA statement is to remind issuers of the legislative framework applicable to pre-close calls and to identify good practices to which issuers should pay particular attention when engaging in such calls.

Pre-close calls should only provide non-inside information and, whenever inside information is accidentally disclosed during a pre-close call, MAR requires restoration of information parity by making the disclosed information public immediately.

The statement also includes a collection of best practices observed by National Competent Authorities (NCAs):

  • Assessment of Disclosed Information: Prior to calls, issuers should thoroughly assess the information to ensure it is non-inside information.
  • Public Disclosure: Announce upcoming pre-close calls with details, date, place, topics, and participants via the issuer’s website.
  • Simultaneous Material Availability: Make the materials used in calls (e.g., slides, notes) available on the issuer’s website.
  • Recording Calls: Record the calls and provide recordings to NCAs upon request.
  • Keeping Records: Maintain and publish records of disclosed information on the issuer’s website for public access.

ESMA and the NCAs consider that following these good practices could reduce the risk of unlawful disclosure of inside information.

Reactions to the Statement

Responses from the Trade and e-Comms surveillance vendors emphasise the need for transparency and fairness in maintaining orderly markets that can be trusted.

Matt Smith, CEO at surveillance solutions provider SteelEye, is well positioned to comment on transparency gaps in the surveillance ecosystem. “ESMA’s statement is a stark reminder that without an emphasis on transparency during pre-close calls, a watchdog crackdown could well be on the horizon. Markets need to remain inclusive and democratic, ensuring everyone has the right to participate with equal knowledge and to make informed decisions. When a select few have unfair access to sensitive information, this of course influences the market – something regulators are evidently keeping a closer eye on.”

Smith’s concerns are well founded given the recent enforcement actions for shortfalls in e-Comms surveillance monitoring.

Oliver Blower, CEO of VoxSmart takes a more pragmatic view calling for regulatory clarity and rules instead of the grey areas surrounding issuer pre-close calls. “It is all very well ESMA trying to keep everyone honest, but these are guidelines, not legislation. Clear rules and transparency are key to keeping our markets trustworthy and fair – and this is what most market participants want as well.

The grey area is when exactly does activity of this nature become a disclosable event to the wider market? At the end of the day, if there is a suspiciously high share price immediately after an analyst call, any regulator is going to need to dig into not only the intricate details behind the trades, but also whether the bank in question provided the full and proper disclosures in a timely manner.”

Both Smith and Blower emphasize the importance of transparency and clarity in the management of pre-close calls to maintain market integrity and fairness. They share a concern for preventing unlawful disclosures and ensuring that all market participants have equal access to information. Both agree that well-defined practices and guidelines are crucial for fostering trust and inclusivity in the financial markets, aligning with the overarching goal of regulatory bodies to uphold a fair and transparent trading environment.

The post ESMA Good Practices Statement Hides a Warning on Pre-Close Calls appeared first on A-Team.

]]>
Adopting a Principles-Based Framework for AI Governance https://a-teaminsight.com/blog/adopting-a-principles-based-framework-for-ai-governance/?brand=rti Mon, 13 May 2024 10:07:19 +0000 https://a-teaminsight.com/?p=68450 Governance in IT is a well-established discipline underpinned by multiple standards from international and national organisations like ISO, IEC and AICPA. What these standards share is a principles-based approach to the implementation of standards within the organisation. A new governance framework to cover emerging AI technologies is not just a necessity but an urgent need....

The post Adopting a Principles-Based Framework for AI Governance appeared first on A-Team.

]]>
Governance in IT is a well-established discipline underpinned by multiple standards from international and national organisations like ISO, IEC and AICPA. What these standards share is a principles-based approach to the implementation of standards within the organisation.

A new governance framework to cover emerging AI technologies is not just a necessity but an urgent need. The significant potential for productivity gains and increased risk profiles for firms that deploy them in critical business functions demand swift action. It’s reasonable to expect AI governance certifications to be added to service contracts requiring SOC 2 and ISO 27001/27701 certifications, and the time to prepare for this is now.

AI has been widely adopted across capital markets for over two decades, including algorithmic trading, wealth management, risk management, and compliance. But in October 2022, a highly disruptive AI technology was released that took the market by storm, leaving regulators, compliance teams, and governments alike wondering how to respond. Within two months of its launch, ChatGPT from OpenAI had already gained over 100 million monthly users. The ease of access to new, powerful technology was met with excitement and apprehension as people began to understand that beyond the potential for good, there was also potential for harm if left unchecked.

This article examines the common principles that underpin current and emerging best practices for AI governance.

The Bletchley Declaration

Back in November, representatives of governments and international organisations representing 28 countries came together at a UK government-sponsored AI Safety Summit to consider the need for a global commitment to AI’s safe, trustworthy, and responsible development.

Bletchley Park’s historical significance as the venue for this summit is symbolic. As the cryptography hub and home of the codebreakers who significantly contributed to the Allied victory in World War II, it is also where Alan Turing laid the foundational work and detailed procedure known as the Turing Test, forming the basis for artificial intelligence. This historical nexus of innovation and strategic significance makes it a fitting backdrop for advancing AI safety and governance.

The output from this summit is an international commitment to the responsible development of AI and provides a helpful backdrop for considering a principles-based approach to AI Governance.

The Bletchley Declaration, the summit’s output, highlights critical principles for developing and governing Artificial Intelligence (AI), emphasising AI’s potential to significantly enhance global well-being. The declaration advocates for AI systems to be developed and utilised in a manner that ensures safety, centres on human needs, and maintains trustworthiness and responsibility. It underscores the importance of inclusive AI that promotes public trust and contributes to economic growth, sustainability, and the protection of human rights.

Additionally, the declaration stresses the need for international collaboration to manage AI’s global challenges effectively. It calls for a unified approach to AI governance that fosters innovation while upholding rigorous safety and ethical standards.

The declaration also recognises the necessity for vigilance and adaptability in AI governance to address emerging risks and unforeseen consequences, especially from advanced AI technologies that may have significant impacts. This requires a governance framework that is flexible enough to evolve as new information and technologies emerge.

Lastly, the declaration advocates for a proactive, principle-based approach to AI governance. This approach aims to harness AI’s transformative potential while ensuring its development is aligned with human values and global standards. It emphasises safety, ethical responsibility, and inclusiveness through sustained international efforts and continuous evaluation.

SR 117 – Model Risk Management

All AI systems are based on an underlying model, trained using supervised or unsupervised methodology.

Issued on April 4, 2011, by the Board of Governors of the Federal Reserve and the Office of the Comptroller of the Currency, SR-117 sets forth comprehensive principles and practices for managing the risks associated with analytical models. While initially designed for banking institutions, these principles can be readily adapted for general AI Governance across capital markets, including Generative AI (GenAI) and large language models (LLMs).

Banks and financial institutions rely on quantitative models in decision-making processes for activities ranging from credit underwriting to risk measurement, capital adequacy assessments and compliance. SR 117 emphasises the necessity of robust model risk management due to increased reliance on these models, mainly as they are applied to more complex products in broader, dynamic cross-border conditions.

The guidance establishes a comprehensive framework for effective model risk management, with rigorous validation as a central feature. This section underscores the importance of sound development, implementation, and utilisation within comprehensive governance and control mechanisms. It points out that while some firms may already possess robust practices, all must ensure their policies and procedures align with these risk management principles and supervisory expectations, tailored to their specific risk exposures and business activities.

Model risk arises from potential errors in models or their incorrect application, which can lead to significant adverse outcomes. This section delineates the core components of a model—input data, processing, and reporting—and the necessity for each to be well-designed to mitigate risks. Principles of effective model risk management are laid out, emphasising the importance of comprehensive validation practices, active management, and fostering an organisational culture that supports robust risk assessment.

SR117’s Model Development, Implementation and Use?section highlights best practices in model development, emphasising the importance of a development process that aligns with the firm’s objectives and policies. It stresses the critical nature of selecting appropriate data and methodologies, thorough testing, and continuous monitoring to ensure models perform as intended under varying conditions. These principles also include the importance of a representative incorporating business, technical and data science expertise. Understanding the limitations and assumptions embedded in models is critical to their safe deployment.

Model validation is an essential process that ensures models perform as expected and highlights potential limitations and assumptions. Best practices include conducting validation activities independently from model development and use, employing personnel with appropriate expertise, and ensuring that validation processes are thorough and lead to actionable insights. Validation should be an ongoing process that adapts as new information becomes available and market conditions evolve.

Effective governance requires clear policies and procedures that define risk management roles and responsibilities across the organisation. This section stresses the need for a robust governance framework that supports rigorous practices in model development, implementation, use, and validation. It also highlights senior management’s and board oversight’s importance in establishing and maintaining a culture that prioritises sound model risk management.

SR117’s conclusion reiterates that firms must ensure their model risk management practices are robust, comprehensive, and consistent with any supervisory guidance provided. It calls for firms to review and adjust their practices continually to keep pace with market and business operations changes, emphasising the dynamic nature of model risk management.

SOC 2 – AICPA

The core principles of SOC 2, defined as Trust Service Criteria, encompass five main areas essential for managing and protecting customer data, particularly in service organisations. These principles are:

Security is fundamental for protecting systems and data from unauthorised access, disclosure, and damage. It includes implementing safeguards, including firewalls, encryption, and access controls, to maintain data confidentiality and integrity.
Availability ensures that the systems and data are available for operation, typically documented in a service level agreement (SLA). This involves having redundant systems, disaster recovery plans, and performance monitoring to minimise downtime.

Processing Integrity ensures system processing is complete, valid, accurate, timely, and authorised. Organisations must use process monitoring and quality assurance to maintain data processing integrity and avoid errors or unauthorised alterations.

Confidentiality protects sensitive or confidential information from unauthorised access and disclosure throughout its lifecycle. Measures include encryption, secure data storage, and regular updates to security protocols to address emerging threats.

Privacy addresses the proper handling of personal information in accordance with applicable data protection regulations. This includes minimising data duplication, consent management, and implementing robust access controls to safeguard personal information.

Achieving SOC 2 compliance involves a rigorous process that starts with a readiness assessment to evaluate current practices against these principles, identifying gaps, and implementing necessary controls. Continuous monitoring and regular audits are required to maintain compliance and ensure the organisation adapts to new security challenges and regulatory requirements.

ISO/IEC 42001

ISO/IEC 42001:2023 is a standard specifying requirements and guidance for establishing, implementing, maintaining, and continually improving an organisation’s artificial intelligence (AI) management system. Published in December 2023, it provides a comprehensive set of governance principles for managing AI and follows the same structure as ISO 27001, which covers security, and ISO 27701, which covers privacy.

Firms already adopting these standards will find incorporating ISO 42001 in an overall governance framework relatively straightforward. It should be noted that achieving ISO certification requires a top-down commitment from the board to C-suite. All ISO standards follow the same structure, beginning with a Management System outlined in Clauses 4 through 10, followed by 9 principles in Annex A and 38 implementation guidelines in Annex B.

The ISO standards emphasise the importance of ownership at the organisation’s highest levels to help establish a culture of compliance and adoption of best practices.

Steering Towards a Unified Future in AI Governance

Adopting a principles-based framework for AI governance is a standard best practice. The core principles highlighted in the Bletchley Declaration, SR 117 SOC 2, and ISO 4200 provide a robust foundation for organisations navigating the complexities of AI development and implementation.

These principles emphasise the importance of safety and security, a human-centric approach, ethical responsibility, international cooperation, ownership by the highest levels of the organisation and comprehensive risk management.

Looking to the future, the path is challenging, but the outlook is promising. Initiatives like the Bletchley AI Safety Summit help to foster essential global dialogue and cooperation. These and similar efforts are critical in shaping a future where AI governance allows AI to deliver sustainable growth and meet compliance requirements.

The journey towards effective AI governance is challenging. However, the concerted efforts of global stakeholders to adopt and adapt to principles-based frameworks signal a proactive commitment to shaping a future where technology serves the industry with minimal risks. For senior executives and leaders in RegTech, compliance, and capital markets firms, this evolving landscape offers a unique opportunity to lead with innovation, enabling their organisations to comply with and shape the standards that will define the future of AI governance.

The post Adopting a Principles-Based Framework for AI Governance appeared first on A-Team.

]]>
SteelEye Survey Finds Compliance Investment Falling while Regulatory Demands Continue to Rise https://a-teaminsight.com/blog/steeleye-survey-finds-compliance-investment-falling-while-regulatory-demands-continue-to-rise/?brand=rti Mon, 22 Apr 2024 16:02:11 +0000 https://a-teaminsight.com/?p=68109 Compliance teams are facing escalating pressures driven by greater regulatory scrutiny and macroeconomic challenges, according to the 2024 Annual Compliance Health Check Report from SteelEye’. This is the third Annual Compliance Health Check report which surveyed over 400 senior compliance decision makers at financial institutions across major financial centres in the US, UK, APAC, and...

The post SteelEye Survey Finds Compliance Investment Falling while Regulatory Demands Continue to Rise appeared first on A-Team.

]]>
Compliance teams are facing escalating pressures driven by greater regulatory scrutiny and macroeconomic challenges, according to the 2024 Annual Compliance Health Check Report from SteelEye’. This is the third Annual Compliance Health Check report which surveyed over 400 senior compliance decision makers at financial institutions across major financial centres in the US, UK, APAC, and Europe. 

The survey found that only 56% of firms are investing in communications surveillance, and despite the continued rise in regulatory expectations, expenditure on compliance operations has decreased compared to 2023. This data suggests that compliance investment has been de-prioritized amid other cost pressures linked to geopolitical and economic pressures, such as ongoing global conflicts and persistent inflation. 

Between 2023 and 2024, persistent macroeconomic challenges, compounded by the Middle East conflict, continued to shape the compliance landscape, impacting budgets and technology projects. Large-scale banking failures forced compliance teams to tighten controls. Regulatory dynamics also shifted, with fewer firms finding regulatory interactions easy and an anticipation of increased fines for record-keeping breaches. Regulatory scrutiny over off-channel communications also remained intense, prompting firms to introduce monitoring of new channels, albeit with only 37% currently monitoring platforms like WhatsApp. Moreover, despite technological advancements, approximately a fifth of compliance officers’ time is still consumed by manual or repetitive tasks. These trends collectively signal a challenging compliance outlook marked by ongoing macroeconomic uncertainties, heightened regulatory scrutiny, and evolving enforcement priorities. 

Despite financial firms expressing intentions to allocate more resources to compliance, the present reality reflects the opposite, with over a third (36%) of tech projects related to compliance being scrapped amid persistent macroeconomic challenges. There is also evidence of the potential for employee burnout, with on average a fifth (21%) of in-house compliance teams burdened by manual and repetitive tasks. 

In addition, the data found that the majority (63%) of financial institutions are not currently monitoring platforms like WhatsApp for compliance. This comes amid heightened regulatory scrutiny around the use of electronic communications platforms, as demonstrated by SteelEye’s 2023 fine tracker. Last year alone, fines totaling $549 million were levied across Wall Street for failures to maintain records of electronic communications by staff on messaging apps. 

Whilst the report indicates that 69% of firms expect the value of fines doled out by regulators to rise, and 63% expect the volume of fines to rise, budgetary priorities at financial institutions are not matching the needs of compliance teams. Regardless of the optimism from compliance officers to intensify their efforts, the reduction in compliance expenditure will have severe regulatory and burnout repercussions if not prioritised by senior leadership.  

Commenting on the findings, Matt Smith, CEO of SteelEye said, “As regulatory scrutiny intensifies and macroeconomic challenges persist, it’s no secret that the ‘unsung hero’ compliance teams are under unprecedented pressure to meet increasing regulatory demands. With investment in technology solutions not keeping pace with the need for compliance support, senior leadership should be on the lookout for evidence of burnout in their ranks. There’s also a very real possibility that compliance teams will be unable to fulfill their responsibilities as the regulatory burden becomes unmanageable for compliance functions. 

“Embracing smarter, more efficient approaches to compliance is essential for navigating the evolving regulatory environment effectively. We now have evidence that those attempting shortcuts have a target on their back that the regulators are not afraid to aim for, meaning compliance teams require the adequate tools to effectively comply before they run out of steam to do so.” 

SteelEye, winners of the A-Team RegTech Insight Best e-Comms Surveillance Solution award in 2023, offers comprehensive compliance solutions for the financial industry, including integrated trade and communications surveillance, trade surveillance and supervision, communications monitoring and surveillance, archiving and trade reconstruction, MiFIR transaction reporting, and best execution and transaction cost analysis (TCA). It’s designed to provide financial firms with holistic oversight of all trading and communications activity, enabling them to comply with confidence.

The post SteelEye Survey Finds Compliance Investment Falling while Regulatory Demands Continue to Rise appeared first on A-Team.

]]>
Dow Jones Risk & Compliance Deploys Generative AI to Transform Due Diligence https://a-teaminsight.com/blog/dow-jones-risk-compliance-deploys-generative-ai-to-transform-due-diligence/?brand=rti Tue, 16 Apr 2024 10:55:15 +0000 https://a-teaminsight.com/?p=67990 Dow Jones Risk & Compliance has launched an AI-powered research platform to help clients reduce the time and effort in building investigative due diligence reports from multiple sources. The new offering aims to reshape compliance workflows, creating an additional layer of investigation that can be deployed at scale. Dow Jones Integrity Check is an automated...

The post Dow Jones Risk & Compliance Deploys Generative AI to Transform Due Diligence appeared first on A-Team.

]]>
Dow Jones Risk & Compliance has launched an AI-powered research platform to help clients reduce the time and effort in building investigative due diligence reports from multiple sources. The new offering aims to reshape compliance workflows, creating an additional layer of investigation that can be deployed at scale.

Dow Jones Integrity Check is an automated screening solution that identifies risks and red flags from thousands of data sources including, accessing millions of registries and screening data sources and trillions of web pages across the indexed Internet.

Harnessing generative AI (GenAI), natural language processing (NLP), and entity resolution technologies from Xapien (formerly Digital Insights), Dow Jones Integrity Check extracts and summarizes vast volumes of information into intuitive reports that are quick and easy to digest in as little as five minutes. The solution promises to significantly reduce false positives, saving compliance professionals valuable time and resources.

Designed with regulatory guidance in mind, the new solution incorporates proactive safeguards against hallucinations and continuous review to ensure trustworthy, unbiased results. The outputs are fully sourced and auditable, with links to the original articles and records for further interrogation.

“Reducing the amount of time needed to run a background check from days to minutes will transform the way compliance teams approach due diligence, ultimately providing greater transparency and assurance on who they are doing business with,” says Joel Lange, EVP and GM, of Dow Jones Risk & Research. “Together with Xapien, we are pioneering the future of risk mitigation, harnessing GenAI and other emerging technologies responsibly to facilitate smarter, faster decision-making.”

Dow Jones Integrity Check is the latest in a suite of AI-powered risk management tools that Dow Jones Risk & Compliance is rolling out as it invests in advanced AI and automation for the compliance sector. As part of Dow Jones’ commitment to the responsible use of AI, sources are appropriately licensed for generative AI models, ensuring customers are basing decisions on reliable content that is copyright compliant.

Dow Jones Risk & Compliance is a subscription-only service that provides information curated exclusively from publicly available sources. Risk & Compliance collects and processes this information, which includes personal data available in the source material such as newspaper articles, government and other official websites, government directories, and other publicly available information, to assist subscribers in performing due diligence and other screening activities in accordance with their legal or regulatory obligations and risk management procedures. The information is only made available to subscribers who require it to mitigate risks and meet regulatory requirements relating to, for example, money laundering, bribery and corruption, sanctions, due diligence, and commercial risk operations.

The solution includes customer due diligence (CDD) and onboarding processes comprising extensive checks over beneficial ownership, screenings for politically exposed persons (PEPs), sanctioned entities, and adverse media. Ongoing monitoring ensures that existing customer profiles do not evolve in ways that increase risk exposure. A range of managed services is available supporting the full spectrum of compliance activity, from initial setups and reviews to continuous monitoring and support. These offerings are supported by a comprehensive risk database, cutting-edge research tools, and educational resources.

Dow Jones Risk & Compliance was voted Best Sanctions and PEPs Solution in the A-Team Group RegTech Insight Awards for 2023.

The post Dow Jones Risk & Compliance Deploys Generative AI to Transform Due Diligence appeared first on A-Team.

]]>
Verdane Takes Majority Stake in Regulatory Intelligence Specialist Corlytics https://a-teaminsight.com/blog/verdane-takes-majority-stake-in-regulatory-intelligence-specialist-corlytics/?brand=rti Fri, 12 Apr 2024 15:54:20 +0000 https://a-teaminsight.com/?p=67972 Specialist growth investor Verdane has taken a majority equity stake in regulatory intelligence provider, and has committed to accelerating organic growth and M&A, building on Corlytics’ client base of 40% of the top 30 Systemically Important Financial Institutions (SIFIs). The transaction, which was managed by investment bank Baird, is a cornerstone investment from Verdane’s newly...

The post Verdane Takes Majority Stake in Regulatory Intelligence Specialist Corlytics appeared first on A-Team.

]]>
Specialist growth investor Verdane has taken a majority equity stake in regulatory intelligence provider, and has committed to accelerating organic growth and M&A, building on Corlytics’ client base of 40% of the top 30 Systemically Important Financial Institutions (SIFIs).

The transaction, which was managed by investment bank Baird, is a cornerstone investment from Verdane’s newly raised €1.1 billion Edda III Fund and seeks to ride a wave of growing risk and compliance expenditure by financial services firms – estimated by Corlytics at €163 billion for 2023 – spanning GRC, financial risk and capital management, cyber and IT security, and financial crime.  

Founded in 2013 and headquartered in Dublin, Corlytics helps customers to keep track of regulatory changes, offering regulatory horizon scanning, policy management and attestation. The company has seen growth of 60% per year since 2020, driven by its core regulatory compliance products. The number of Corlytics customers has roughly doubled during this period. 

Earlier investors include Enterprise Ireland, Kernel Capital, and Intercept Ventures. 

Last year, the company made two significant acquisitions – ING SparQ in January and Clausematch in July – boosting the appeal of its offerings for Tier 1 organisations including ING, BNY Mellon, Scotiabank and Swiss Re.  

According to John Byrne, Corlytics’ founder and CEO, “As well as investing significantly in our ‘intelligent content’ offering, combining data, software, and AI, we will continue to lead the RegTech sector consolidation with more complementary acquisitions, following our recent transactions with Clausematch and ING SparQ.” 

Says Nils Vold, Partner at Verdane: “We are an active and experienced investor in the RegTech sector, and we identified Corlytics as the global category leader in its field, helping banks and financial services companies manage their compliance obligations in a complex and fast-changing environment.”  

As part of the deal, Simon Russell joins Corlytics as chairman. Russell has spent his career leading technology investment banking at firms including Nomura and Dresdner Kleinwort and has served on banking management committees. He now works as a chair and non-executive director at various international software companies. 

Financial terms of the deal were not disclosed. 

The post Verdane Takes Majority Stake in Regulatory Intelligence Specialist Corlytics appeared first on A-Team.

]]>
ValidMind Secures $8.1 Million for Model Risk Management and AI Governance Solutions Development https://a-teaminsight.com/blog/validmind-secures-8-1-million-for-model-risk-management-and-ai-governance-solutions-development/?brand=rti Tue, 02 Apr 2024 10:58:18 +0000 https://a-teaminsight.com/?p=67843 ValidMind has secured $8.1 million in a seed funding round. The investment will focus on developing model risk management and AI governance within the banking and financial services sectors. The company says the seed round was over-subscribed, demonstrating support from investors in its long-term vision to be the certifying authority for all AI solutions, starting...

The post ValidMind Secures $8.1 Million for Model Risk Management and AI Governance Solutions Development appeared first on A-Team.

]]>
ValidMind has secured $8.1 million in a seed funding round. The investment will focus on developing model risk management and AI governance within the banking and financial services sectors. The company says the seed round was over-subscribed, demonstrating support from investors in its long-term vision to be the certifying authority for all AI solutions, starting with optimisation of financial institutions’ model risk management processes and enabling efficient and responsible AI governance.

The funding round was led by Point72 Ventures and backed by investors including Third Prime, AI Fund, FJ Labs, New York Life Ventures, Notion Capital, Angel Invest Ventures, and Gaingels. Tripp Shriner, partner at Point72, has joined the ValidMind board of directors.

The company offers an AI risk management solution that allows organisations to automate testing, documentation, and model risk governance for AI and statistical models. By automating model documentation, ValidMind is designed to help increase developer productivity, reduce time to market for models, and improve model risk management outcomes, enabling organisations to deploy AI-backed solutions with integrity, transparency and trust.

The solution is also geared to ensuring compliance with global AI and model risk regulations, such as the EU’s AI Act and the recently announced AI Bill of Rights from the US administration.

“Model risk management teams at financial institutions are struggling to keep up amid increased pressure from the business to deploy more AI solutions faster and from regulators to ensure compliance,” says Jonas Jacobi, CEO and co-founder of ValidMind. “This seed funding round strengthens our commitment to help customers increase the speed and efficiency of model risk management processes, reduce time-to-market for new AI solutions and ensure compliance with global AI and model risk regulations.”

The $8.1 million funding brings ValidMind’s total funds raised to $11.1 million.

The post ValidMind Secures $8.1 Million for Model Risk Management and AI Governance Solutions Development appeared first on A-Team.

]]>
NICE Actimize ARCHIVE-X Offers Single Source Regulatory Record Keeping https://a-teaminsight.com/blog/nice-actimize-archive-x-offers-single-source-regulatory-record-keeping/?brand=rti Tue, 02 Apr 2024 10:49:58 +0000 https://a-teaminsight.com/?p=67840 NICE Actimize has released ARCHIVE-X, a cloud-based, all communications archiving and records management solution that provides buy-side, sell-side and online trading platforms with one solution to support regulatory requirements for communications archiving and records management. The aim is to help financial institutions achieve more robust records lifecycle management and reduce compliance risk by archiving all...

The post NICE Actimize ARCHIVE-X Offers Single Source Regulatory Record Keeping appeared first on A-Team.

]]>
NICE Actimize has released ARCHIVE-X, a cloud-based, all communications archiving and records management solution that provides buy-side, sell-side and online trading platforms with one solution to support regulatory requirements for communications archiving and records management. The aim is to help financial institutions achieve more robust records lifecycle management and reduce compliance risk by archiving all communications securely in the NICE Compliance Cloud.

ARCHIVE-X is open and agnostic, allowing it to capture any communications and related data a financial institution needs to store for regulatory or other purposes. It can ingest captured communications from NICE’s NTR-X compliance recording solution and other data sources. It can store and manage more than 100 different regulated employee communication types, eliminates data silos and supports many existing communication platforms. The solution works directly with NICE Actimize’s SURVEIL-X surveillance solution and integrates with third-party solutions.

“Communication archiving and retention remains a serious challenge,” says Chris Wooten, executive vice president at NICE. “Global regulators have issued massive fines at record levels for failures by financial firms and their employees to maintain and preserve required communication records. ARCHIVE-X can assist in managing this data securely and effectively while protecting both the institution and investors from recordkeeping lapses.”

ARCHIVE-X provides high levels of security using advanced data encryption, WORM-compliant archiving, SOC-audited data centers and 24/7 monitoring for security threats. As a cloud-based SaaS solution, it offers flexibility, scalability and cost effectiveness, and can scale to support archiving of 6+ terabytes of data on a daily basis.

The post NICE Actimize ARCHIVE-X Offers Single Source Regulatory Record Keeping appeared first on A-Team.

]]>
EU Parliament Approves Landmark Artificial Intelligence Act https://a-teaminsight.com/blog/eu-parliament-approves-landmark-artificial-intelligence-act/?brand=rti Tue, 19 Mar 2024 10:47:51 +0000 https://a-teaminsight.com/?p=67693 The EU Parliament has approved the Artificial Intelligence Act, marking the world’s first regulation of AI. The regulation establishes obligations for AI based on its potential risks and level of impact and is designed to ensure safety and compliance with fundamental rights, democracy, the rule of law and environmental sustainability, while boosting innovation. The act...

The post EU Parliament Approves Landmark Artificial Intelligence Act appeared first on A-Team.

]]>
The EU Parliament has approved the Artificial Intelligence Act, marking the world’s first regulation of AI. The regulation establishes obligations for AI based on its potential risks and level of impact and is designed to ensure safety and compliance with fundamental rights, democracy, the rule of law and environmental sustainability, while boosting innovation.

The act needs to be formally endorsed by the European Council and will come into force 20 days after its publication in the Official Journal. It will be applicable 24 months later except for  bans on prohibited practices, which will apply six months after the regulation comes into force; codes of practice that will come in after nine months; general-purpose AI rules including governance that will come in after a year; and obligations for high-risk systems that will follow in three years.

The regulation covers all types of AI including generative AI and is, no doubt, being scrutinised by capital markets participants as they continue to extend their use of the technology – more on this coming soon.

The act sets out key measures including:

  • Safeguards on general purpose artificial intelligence
  • Limits on the use of biometric identification systems by law enforcement
  • Bans on social scoring and AI used to manipulate or exploit user vulnerabilities
  • Right of consumers to launch complaints and receive meaningful explanations

It also covers high-risk AI systems that are not specifically identified but are likely to include those used in capital markets. These systems must assess and reduce risks, maintain use logs, be transparent and accurate, and ensure human oversight. Citizens will have a right to submit complaints about AI systems and receive explanations about decisions based on high-risk AI systems that affect their rights.

To encourage innovation across the board, regulatory sandboxes and real-world testing will have to be established at the national level and made accessible to SMEs and start-ups to develop and train innovative AI before it goes to market.

The post EU Parliament Approves Landmark Artificial Intelligence Act appeared first on A-Team.

]]>