McKinsey in its latest compliance benchmarking survey found that compliance function at financial institutions has reached “an inflection point” and current compliance standards are in an “inchoate state”. The firm has suggested five critical actions to be undertaken by banks to make their compliance risk management more efficient and effective at this time of intensified regulatory pressures, heightened competition and squeezed costs. They are: getting the fundamentals (such as controls, key risk indicators (KRIs), integration with enterprise risk management (ERM) and regulatory applicability) right, strengthening risk ownership in the first line, streamlining compliance processes, adopting a dynamic tech-enabled approach to risk management and building compliance talent. Here, we would like to focus on the fourth point – applying tech to manage compliance risk – and then provide insights into how modern technologies such as artificial intelligence and machine learning can help banks reach their compliance goals.
Survey Findings
McKinsey launched compliance benchmarking effort in 2017, with 22 leading institutions across the globe. It surveyed 24 leading institutions, including both global systemically important banks (G-SIBs) and non-G-SIBs, in 2018. Based on the findings, it released a report that also included insights from its discussions with executives at the banks. Key findings of the survey are:
- Slow growth in compliance spending: Compliance spend growth seems to have peaked now. For the 2015-17 period, only 25% of the sample size saw an increase in spends. Three-quarters of the banks surveyed expect compliance costs either to stay still or fall in the coming year.
- Size and effectiveness of compliance functions are not yet in balance: McKinsey says that compliance has yet to establish a recognized, sustainable balance between size and effectiveness as the proportional size and budgets of compliance functions are found to vary significantly from bank to bank.
- Assessment of compliance maturity: Banks were asked to assess compliance maturity in five areas: foundational capabilities, core policies and oversight, critical business and management processes, personnel, and control systems. Most banks scored low in areas relating to control systems, including automation, monitoring and assessment, reporting and management information systems and analytics.
- Automation and analytics remain a challenge: Banks were found to have a sense of frustration that much of the investment in technology was going into end-user tools that required constant attention or quickly became obsolete. The absence of a technology strategy or perspective on how to drive digital change in compliance was another source of frustration.
- Spending more on technology does not guarantee maturity: “The scale of a bank’s spending on technology is not a reliable indicator of the level of maturity attained in the application of technology in compliance,” says the report.
The Role of Tech in Compliance
Rising compliance demands have forced banks to expand their compliance functions significantly. Now, banks are seeking greater efficiency and effectiveness out of their compliance functions. McKinsey says that “compliance functions are in need of a technological overhaul to enhance systems and tools in management information, reporting, monitoring, and assessment. Adopting next-generation governance, risk, and control solutions is one option.” It added that banks have already adopted advanced analytics in areas such as transaction monitoring, trade and communications surveillance, and monitoring and testing. It also pointed out other key success factors such as a two-tier IT structure, a dedicated data lake, and a cross-functional and agile way of working for a next-gen solution to be helpful.
How can machine learning help build an effective compliance program?
Machine learning is a modern technology which can alter the operational status-quo of many industries, especially the BFSI sector. With machine learning, we can create machines that can keep improving its performance without human intervention to do the desired tasks. Compliance analysts’ decision-making abilities cannot be replaced by systems as such decisions involve significant operational, financial and reputational risk. However, machine learning can help them make their jobs easier by pointing out what is good (compliant) and what is bad (non-compliant) behaviour based on prior examples fed into the system while eliminating low-level, repeatable, manual processes. The technology can also help detect anomalies or aberrations from normal behaviour, and increase the detection rate of the compliance system. In a typical non-machine learning environment, compliance staff look into previous alerts for anomalies and trends. They also look for emerging suspicious patterns and make adjustments (often minor) based on their expertise in an effort to reduce false alerts while ensuring they are well within their risk tolerance threshold. This approach is cumbersome, time-consuming and prone to misses. In contrast, a machine learning environment has supervised algorithms that can be trained on prior alerted activity to fine-tune rules to reduce the number of false alerts. Supervised algorithms are modelled to compare existing rules and investigatory results to make the required changes to the compliance framework. In addition, some machine learning models use unsupervised algorithms that can identify new patterns and typologies unbiased by existing rules. For example, an unsupervised model can identify a number of transactions between two parties which were done in amounts and frequencies of unusual nature, even if no existing rule would have identified the same.
The main benefits of employing machine learning in compliance are given below:
- Automated compliance: With machine learning, compliance teams can build fully machine-executable functions that will take most of the manual processing responsibilities away from the team. At present, the compliance personnel are spending more than 60% of their valuable working hours on these manual processes. With automation in place, compliance staff can dedicate most of their time to solve issues that require greater attention.
- Better communication tools: Internal and external auditing and reporting become easier with machine learning as it provides tools to produce reports catering to management and regulatory demands.
- Detection of suspicious behaviour: Self-learning algorithms can better detect aberrations in the normal course of flow such as fraudulent activities and financial irregularities.
- A holistic view of the compliance function: Chief compliance officers can exert greater control over the compliance function with the support of machine learning. This can indirectly help in business intelligence, behaviour pattern scrutiny and strategic decision support.
In a nutshell, machine learning can provide compliance officers with ‘superpowers’ and significant operational and financial benefits to organisations that make use of the technology. Even if at a nascent stage, with lots of research and testing going on, the technology has the potential to reshape the entire compliance landscape for the better.
Anti-Financial Crime Compliance with Tookitaki?