The Global Banking industry has undergone a metamorphosis of sorts in the last decade rising to the challenges thrown by various events from financial crisis to the most recent pandemic. Time and again the resiliency of the banking industry has been tested which has made it to adopt and innovate. It is no surprise that recent years have seen increased global demand and interest in Regulatory Technology or Reg Tech (as it is popularly known) space by banking and financial institutions. RegTech solutions employ innovation in technology to ensure effective and efficient fulfillment on Regulatory obligations.

Over the last few years, the cost of non-compliance has had a financial bearing on many Banking and Financial institutions through penalties and fines. A huge proportion of these relate to operational risk. Over the last decade many Banks and Financial Institutions have focused more on Credit and Market Risk Management, however in the recent past there has been increased buzz in the Operational Risk area too and with the onset of pandemic growing instances of risks relating to Conduct, Data security and cyber security has bought the spotlight back on operational risk management.

In order to move ahead of the curve organizations are endeavoring to augment their operational resilience and embrace and adopt digital transformation in their regulatory compliance journey. As organizations are embracing RegTech solutions to combat regulatory pressures, they are surmounted with challenges galore. Below are some of the challenges that are currently plaguing the existing Operational Risk Management set up in adopting RegTech Solutions effectively.

1. Legacy Systems – Most Organizations use legacy architecture and infrastructure which is not conducive to latest technology and most often require migration to new platform. This time-consuming process makes the organization defer reg tech adoption

2. Investment in Infrastructure and Technology – Although organizations are investing in disruptive technologies, budget limitations on Regtech spends, cumbersome procurement process and customized solution delay investment and implementation.

3. Data Requirements and cyber threats – Regtech solutions host sensitive data in their applications which requires the organization to exercise utmost care and best practices to protect their data against cyber-attacks.  Sharing such sensitive data sets with reg tech solution providers can also be an inhibitor in reg tech adoption. Also, organizations have to upgrade their data infrastructure to provide for multi-faceted data points in different formats and standards required by the reg tech solutions.

4. Regulatory reporting and compliance – Constantly changing regulations, guidelines and compliance timelines call for frequent updates to existing systems and solutions and creates a barrier for reg tech adoption. Multiple standards and regulatory templates prescribed by different supervisors at a global level, is perceived as an obstacle to scale up across different geographies.

In terms of RegTech Adoption in Operational Risk Management, listed below  are some of the Key areas which are seeing increased traction

1. Monitoring Emerging risks

New risks like risks arising out of Climate change, Cyber threats, natural calamities, political riots, etc have increased the operational risk of institutions. Climate risk has a direct impact on the Operational risk of an organization. For example, extreme weather conditions like snowstorm or hurricane can impact the functioning of physical workplaces or damage critical infrastructure like data centers.  Similarly cyber risk is an operational risk to the IT assets of an organization. Outdated surveillance systems and inadequate monitoring of IT infrastructure can lead to data and information security incidents thereby causing business disruption and reputational risk.

This has necessitated the need for organizations to have more stringent vigilance systems and solutions to proactively predict and detect risks.

The Covid outbreak itself is a classic example. Firms have to be watchful and identify potential risks emerging in a particular market or geography and scale up to monitor and avoid or mitigate those risks before it spreads or causes damage to other markets.

Reg Tech Solutions that use biometric technologies can augment an organization’s security solutions and help prevent cyber-attacks by facilitating automated authentication and verification process. Similarly intuitive and cognitive solutions, using predictive analytics can detect both physical and transitional climate risks by issuing early warning signals and help the banks in controlling their concentration risk by reducing their exposure to sectors that are vulnerable to climate risks.

2. Vulnerability Assessment:

Vulnerability assessment includes infrastructure Risk assessment, information/network security assessment, and assessment of business-critical IT assets. Reg Tech solutions facilitate in determining key risk indicators and early warning signals to detect vulnerabilities, assigning severity levels to those vulnerabilities and recommending mitigation plan for remediation.

Global Stability Assessments triggered by the pandemic situation, called for a detailed oversight and vigilance of both financial and non-financial stability of organizations. The Covid outbreak, which caused a phenomenal impact on the financial system of all the countries, became a real-time stress test scenario for regulators to assess the resilience of financial institutions, markets, and other participants and agencies therein. Organizations have to increase their investments in exploring all stress scenarios and proactively detecting their non-financial vulnerabilities in order to avoid any threat to their stability and continuity of their operations.

Many RegTech Stress Testing solutions provide a comprehensive stress testing suite to meet regulatory expectations.

3. Regulatory Reporting and Audit Management 

Both supervisory reporting and a firm’s audit management department rely heavily on the organizations’ s data infrastructure. This makes it imperative for the firms to adopt cognitive automation and intelligent solutions that will provide reports and dashboards in regulator prescribed formats.

Regulatory reporting and compliance in the context of RegTech adoption, refers to solutions that help a bank to gather regulatory intelligence, automate policy mapping and sharing of reporting data back with the supervisors. This involves regulatory inventory management, automated alert management, content parsing, predictive regulatory interpretation, policy mapping and impact classification, etc.

Reg tech solutions also help in enhancing the data and audit management capabilities. They focus on automating data sharing and reporting through the use of API, cloud computing, big data analytics, etc.

For example, the Audit Management RegTech solution, provides features like intuitive dashboards, alerts and notifications to guide auditors and senior management on action planning and decision making. Solutions that use Blockchain technologies can speed up the transaction lifecycle by enabling transaction verification on a network without any supervisory intervention and at the same time without losing the audit trail required for regulatory compliance purpose.

4. Vendor Risk Management 

Vendor Risk Management or Third-Party Risk Management is another area which is rising as a critical risk for organizations which are heavily dependent on external third-party contractors and suppliers for their products and services.  There are numerous regulations to be complied with when dealing with third party suppliers to protect the interest of customers, employees and other stakeholders. Conducting appropriate due diligence while evaluating and employing third party contractors, and having strong internal controls, can help to avoid data breaches and resultant penalties, legal action, and reputational damage to the organization

Many Vendor Governance RegTech solutions enable to automate and streamline vendor due diligence, relationship management and compliance monitoring.

5. Identity Management and Fraud Control

Identity and Access management is the key to digital identity management and is a crucial element of operational risk, which if not managed effectively, leads to frauds and causes reputational damage to the organization. It involves identity validation through customer due diligence/KYC at the time of onboarding, and identity controls as an ongoing process through user access management, transaction monitoring and data security management.

Phishing, vishing, credit card scams, etc are some newer forms of online/digital frauds that have emanated with the growth of disruptive technologies. A sound Identity and access management framework that facilitates use of technology (biometrics, user data analytics) for user access and control, and fraud management is the need of the hour.

RegTech solutions that use biometric technologies can support identity control and prevent identify theft and related frauds through fingerprint scanning and facial recognition. Intelligent solutions with Machine learning capabilities can be developed around existing customer database to preempt and detect fraudsters based on behavioral or transactional patterns.

Effective operational risk management approaches enable organizations to be more resilient and emerge from a crisis with success and grace. The global pandemic situation has awakened the need for organizations to enhance their crisis management practices and vigilance measures by leveraging digital technology to the maximum extent possible for seamless business operations. Notwithstanding the crisis, Risk management, as a second line of defense, is responsible to not only support and monitor compliance, but also to challenge the business on risk related matters on a regular basis. This can be achieved by implementing efficient and robust RegTech solutions in business-critical processes and functions. The last few years has seen advent of many RegTech solutions which have been a result of emerging and increasing regulatory complexities, while these solutions are driven by disruptive technologies, most of them are point based solutions solving specific problems. Given the Regulatory complexities, stringent timelines and existing legacy systems, financial institutions must rely on multiple RegTech solutions. Hence it becomes very essential that they formulate RegTech Adoption frameworks which enable them to leverage RegTech as a digital transformation lever, helping them mitigate existing challenges and achieve faster and a cost-effective compliance to Regulatory obligations.

The views and opinions expressed in this article belong solely to the authors and do not represent those of the authors’ employer organization.

About the Authors 

• Gita Srinivasan

Gita Srinivasan is a BFSI Risk and Compliance consultant at Tata Consultancy Services. She has over 20 years of experience as a functional consultant in Business Analysis & Consulting, Risk and Regulatory Compliance, Data Management, and Audit & Reporting. She has managed and delivered large transformation programmes for global clients across Credit Risk, GRC, and Basel Regulatory Reporting domains.

• Ajay Katara 

Ajay Katara is a Domain Consultant in Banking Risk Management area at Tata Consultancy Services (TCS). He has extensive experience of more than 15 years in Consulting & Solution design space cutting across CCAR Consulting, AML, Basel II implementation and Credit risk, and has worked with several financial enterprises across geographies. He has significantly contributed to the conceptualization of strategic offerings in the risk management space and has been instrumental in successfully driving various consulting engagements. He has also authored many editorials, details of which can be found in his linked in Profile. (https://www.linkedin.com/in/ajaykatara/)