Finding the non-compliant needle in the fintech haystack

Steve Ponting at Software AG discusses the complexity of technologies and process within organisations, and explains how this can pose a compliance risk if not managed correctly

Tech complexity is causing serious headaches for banks and their compliance officers. The pandemic spurred tech acceleration and the near overnight adoption of new technologies and procedures, but it was only the harbinger of a web of tech-shaped opportunities and challenges to grasp.

Change has become a constant, bringing with it a need for ‘always on’ agility and an appetite to stay on the front foot. Despite all the platitudes and promises of tech advancement to drive productivity it seems sprawling tech stacks are choc-a-bloc full of potential compliance issues. In fact, 65% of businesses agree that a complex IT landscape creates issues when it comes to compliance.

So, considering regulation demands visibility of the IT estate, this tech sprawl, and all its associated risks can become unmanageable. And when you consider that careful compliance in the banking space is among the non-negotiables for building customer trust, tech sprawl runs the real risk of hurting not helping your business goals.   

One high profile fine in the banking industry and everyone leaps into action to find all of the non-compliant needles in the constantly changing haystack of processes and regulations. But instead of adopting a ‘that’s just how we do things’ mentality, a better approach involves compliance and operations executives working together to identify and address the processes that put them most at risk. Let’s dive into it.

Putting compliance front-of-mind

What we know from our customers is that compliance teams have an arduous task on their hands. Not only do compliance failures cause short-term financial damage, there’s also a longer-term reputational damage that’s as-yet hard to quantify. The pressure rests on the shoulders of a back-office team, with a somewhat intangible success metric: stay compliant.

Once a bank is labelled as unable to abide by industry rules, customers, shareholders and competitors will develop hard-to-shift, negative perceptions. In an industry predicated on trust, this could be hugely damaging. 

Financial services organisations should be worried about meeting compliance needs. But they don’t have to be kept up at night, if they have the right systems in place to manage their operations.

Painting a picture of your organisation

You can’t monitor what you can’t see. The first step in any journey to identify and address potentially non-compliant operations is to paint a picture of all processes within an organisation. This builds a strong foundation for the compliance team’s strategy.

There are many reasons to map processes. Firstly, and maybe obviously, identifying the least efficient processes shines a light on unnecessary costs such as bottlenecks and redundant exercises. Streamlining operations can be a key focus for process management activities – but that’s not what this article is about.

More relevant to compliance, it’s imperative to identify processes which have deviated from their approved [compliant] course. Processes can fall out of compliance for many different reasons: they might be antiquated, systems may stop working or employees may simply have more efficient ways of doing them. In most cases, employees may not be aware that their work-arounds have regulatory implications.

Setting parameters of acceptability through KPI thresholds helps to spot the most dangerous situations. In addition, having a view of processes that shows the degree of deviation, and the frequency of non-compliance not only paints the picture of ‘real-life’, it also identifies the scale of the compliance challenge, and therefore the urgency. 

Visualising all of this: process flows, levels of deviation and automation tools, in a single pane of glass, makes data analysis and insight infinitely easier. This level of process intelligence is something that many businesses don’t have – but they can with a commitment to full process transparency and management in their organisation. 

Wipe the slate clean and start now

It doesn’t matter where you are in your compliance journey, it matters what you do next. Even the most competent, can’t become complacent, as the next unforeseen challenge might be just around the corner.

Implementing standardised formats across the business helps with compliant process creation, monitoring and management. Applying a clear standardisation policy for processes at the start of operations means that as the organisation develops, it’s much easier to ensure new processes are created in the way that they should be. AI can be a powerful tool here – not only helping any employee build a new process, but if it’s trained correctly, an AI will only create compliant processes.

The next stage is educating those who are directly responsible for managing these processes. Understanding why processes have been created, how they’ve been designed with reporting and analysis at their core, and the business criticality of ensuring compliance, creates a culture of awareness and responsibility.

Taking this a step further, educating teams to be aware of these regulations and how their specific role can affect the business’s compliance with them can illustrate this point further. Once these steps have been taken, it shouldn’t be a flash in the pan, but a continuous process. Just because a problem has been addressed once, doesn’t mean it’s addressed forever. 

Introducing an audit into annual, quarterly, even monthly reports keep the issue top of mind for all employees. Furthermore, once these processes have been established, there is room for automation to take over. Instead of creating a new workload to distract already stretched teams, leaning on automation technologies which can flag the most at-risk processes would streamline the entire compliance journey.

Furthermore, organisations can use historical and market data to identify patterns in the sector, to anticipate changes to laws and get ahead of regulators by reporting on important, but not enforced, processes and operations.

The ever-changing regulatory landscape

Regulations seem to be changing everyday. Whether it’s new privacy directives being issued to combat tech-creep, new international law affecting data movement, or even new interpretations of established laws, companies have a lot to keep on top of. The constant that we all have to be reaching for is transparency. 

Bringing all processes to the fore, with a clear view of which are most at risk, and which are the most urgently out of compliance, can help organisations to build a strategy and assure stakeholders that they are compliant, proactively managing risk and ensuring a stable, positive future for the business.

Steve Ponting is a Director at Software AG

Main image courtesy of iStockPhoto.com and PeopleImages