For many large financial institutions, ever changing regulatory obligations, coupled with increasing customer demand for seamless user experiences, have brought about the need for a fully integrated and robust approach to compliance and business as a whole.
The increasing need to align customer and regulatory agendas is driving the demand for regulatory technology (RegTech). As a result, RegTech and more advanced tools, such as generative AI, are now at the forefront of business agendas and operations.
Organisations recognise that compliance must be integrated into business operations from the start and at every step, rather than being an add-on. This approach, also referred to as Embedded Compliance, enables businesses to know what to do in any situation, quickly and confidently.
Independent market intelligence company JWG, recently joined forces with Apiax and EY to release the research whitepaper: Embedded Compliance Unlocked: Leverage AI-enabled compliance tooling now to be ready for 2025.
An Embedded Compliance target state
The research looked at the business needs of different financial institutions, and how putting controls in the workflow from top to bottom brings about positive implications for the organisation:
- Digitised rule repository: Embedded Compliance aligns teams’ interpretation of rules and taxonomies for digital platforms, easing product suitability assessment and advice to customers for wealth management firms.
- Senior manager accountability: Embedded Compliance with its governance framework, controls and auditable workflows, meets senior management demand for greater accountability and auditability.
- Easily adjustable rules: Embedded Compliance gives flexibility to adapt to rapid market and business changes, such as Brexit-motivated shifts in how a financial institution is servicing clients in a specific market. For example, having clear cross-border sales and marketing restrictions easily available for client-facing staff simplifies compliance and ensures smooth customer interactions.
One challenge is that, especially in asset and wealth management, there are ever more complex clients with many ways of how they interact with different products and services, hence there is the need to align the language of controls across product lines, business units, regions, and systems.
But this can also go a step further. The whitepaper explores regulatory technology and how far—if even possible—it can go to understand business data, the compliance obligations and then make appropriate judgements without human oversight. It is therefore essential for firms to have in place API-enabled “kiosks”, industry RegTech standards and obligation libraries in order to have significant advantage in leveraging new technology.
With new customizable tools, firms can guarantee that rules align simultaneously with internal business taxonomies and market standards, and that new laws and standard obligations are being complied with, while also ensuring the accountability of senior management.
The AI Evolution
JWG highlighted how AI-enabled Embedded Compliance is a logical progression for firms that have established Rule Repositories. With AI based Embedded Compliance, the technology might be able to learn from itself, thereby opening up a future in which better ontologies, open source RegTech standards and datasets could help create and maintain these rule sets.
However, while generative AI holds great promise to extract accurate answers from a text-based Compliance policy, a review of AI-generated answers will remain a requirement for the time being, as no regulator would be satisfied with a black box system answering compliance requests in a financial institution autonomously.
Although, a good thing to note is that firms that have made the move toward Embedded Compliance understand that it is a journey and there are roadblocks to overcome. Based on the interviews conducted for the paper, the authors suggest that a risk-based approach to moving compliance rules to AI-enabled policy is the safest path forward.
This means, starting by creating and defining clear rules for high risk business processes to guarantee the highest level of compliance, but for lower-risk processes (such as employee trading restrictions), AI-generated policy or compliance answers, reviewed by compliance professionals, can create efficiencies with manageable compliance risks.
To ensure that the day we can trust AI’s interpretation comes sooner rather than later, it is therefore imperative for the industry to share more data on how it has interpreted regulatory obligations through open-source RegTech standards and utilities.
Embedded Compliance in action
As has been discussed, Embedded Compliance is a powerful tool that integrates compliance checks and controls into the business process itself, rather than as a separate step. This can help to streamline operations, reduce risk, and improve compliance outcomes. Here are some specific examples of how Embedded Compliance is being used to address common challenges:
Travel management
Client-facing staff must obtain supervisor approval and comply with travel and service offering restrictions (maintained in country-specific PDF handbooks) before travelling abroad. Embedding compliance in the travel management system automates compliance checks and adds all documentation to the CRM for audit trails.
Investment advisory
Wealth management employees had to manually review country-specific PDF handbooks to ensure compliance with product distribution restrictions, which was time-consuming and limited the impact of the check.
With Embedded Compliance, the ISIN level product check process is automated by integrating it into both investment advisory and trade execution processes, providing real-time feedback on compliance and suitability.
Marketing material creation
Asset managers had a manual document-by-document compliance review process for marketing materials, which was resource-intensive and delayed client experience. Embedded Compliance automates the review process by transforming marketing requirements into machine-executable rules, providing real-time guidance to staff and providing country specific requirements. And by embedding digitised rules into the company’s content management systems, disclaimers can be automatically added to client presentations.
Client onboarding
Financial institutions had a manual process for interpreting AML & CTF requirements for each new client, which was time-consuming and error-prone. By embedding compliance the process is automated by embedding client-specific requirements in the CRM/CLM and onboarding tool, reducing risk and improving the client experience.
Key discoveries and learnings
Overall, the research is a positive sign of the fact that while the regulatory landscape and customer needs are rapidly changing, financial services leaders are adapting their operating models and embedding compliance requirements to meet these changes.
This is a critical development, as compliance is not a siloed function that can be addressed after the fact and in addition, spreadsheets are simply not up to the task of managing the complex and ever-changing regulatory requirements that financial institutions face today.
By using new and enhanced AI enabled RegTech tools and by embedding compliance into every aspect of the business, financial institutions can reduce regulatory risk, improve efficiency, and enhance the customer experience.
Download the full whitepaper here to read more.