In the face of the regulatory onslaught discussed in our previous post, most financial services firms have engaged teams of lawyers to read and interpret what any given piece of regulation means for that firm, when conducting their global business operations. The output from this work is then written by the firms’ compliance teams into policies, which then in turn need to be procedurally deployed within the firms’ various functions.
Two important strategic challenges arise from this context;
• The need to monitor changes in various regulations to detect differences between what a firm does today and what regulators will expect tomorrow, has created the need for regulatory change management capability to be embedded alongside data management, and for the two to work in concert.
• The existing complex and manual operational processes in firms leaves Heads of compliance with little or no control over the subsequent implementation of new / revised policies into BAU, and subsequently no view of the extent to which the firm is demonstrably compliant.
In this environment, the ability to cost effectively and efficiently create the organisational and governance capabilities expected by the regulators, combined with the ability to demonstrate active deployment, monitoring and oversight of a given control function, is now absolutely essential.
Keeping in mind the issues and regulatory pressures, the next important part of the ecosystem to understand is the type and nature of the help firms may draw upon from the vendor marketplace.
Data, Service and Platform Providers:
Financial institutions now require a plethora of client and counterparty data that needs to be collected, consumed, aggregated and utilised; both for the conduct of business and for the purposes of remaining compliant with the many regulations that now govern their activities. Serving this content requirement, the marketplace is filling with an ever-evolving ecosystem of data vendors, service providers and content utilities. Broadly but certainly not exclusively these include:
1. Entity Data Providers:
Entity data providers match, enrich and maintain legal entity reference data including; corporate hierarchies, registered address information, industry sector codes and various company identifiers. Firms that offer these “data” services include:
• Dun & Bradstreet
• GMEI Portal
• Bureau van Dijk
• Kingland Systems
2. KYC Utilities / Compliance Services:
A number of firms including Barclays, BNY Mellon, Credit Suisse, Goldman Sachs, JPMorgan Chase, State Street, Deutsche Bank, HSBC, ING, Bank of America Merrill Lynch, Citi, Standard Chartered and Société Générale have invested in one or more of a number of “utilities” in this space.
The utilities, with variations on the theme, aim to act as central “hubs” for investment managers, hedge funds and corporates to upload, securely store, maintain, and permission end-user use of legal entity information, relevant documentation and corporate hierarchy information. The utilities integrate technology and operational expertise to provide increased control, standardisation, data quality and see-through transparency during client on-boarding and ongoing client lifecycle activities. The aim of the utilities is to reduce the operational complexity of entity management, while also significantly addressing regulatory requirements across Know Your Customer (KYC) and the overabundance of other regulations we have noted earlier.
Currently “utility” offerings include:
• DTCC Clarient Entity Hub
• SWIFT KYC Registry
• Markit | Genpact kyc.com
• Thomson Reuters’ Accelus Org ID KYC Managed Service
• Bloomberg Entity Exchange
• KYC Exchange Net
• Alacra Compliance
3. Anti-Money Laundering (AML) Services:
In the AML space, the focus of the services (as opposed to AML software platforms) is largely focussed on ID verification, sanctions screening, Politically Exposed Persons (PEPs), enforcements, adverse media and enhanced due diligence.
For context, these firms usually advertise their capabilities with statements along the lines of, “Our service monitors 340 countries, over 500 sanctions, watch and regulatory lists, and 120,000 media sources to identify high-risk individuals,” indicating the breadth and depth of their coverage, and therefore the suitability for use by financial services firms who operate globally.
Leading AML service providers include:
• Nice Actimize
• Lexis Nexis (Bridger)
• Thomson Reuters World Check
4. Other Data and Related Services
In the client domain, other information including Standing Settlement Instructions (SSI’s) and trading entity classifications / master agreement versions are of related importance.
Additionally, in the service space specifically, there are emerging capabilities that focus on expertise in regulatory change management. These firms deploy teams of independent analysts to help the industry both interpret large quantities of regulatory reform and create intelligent implementation plans. The benefit of this type of “brains trust” service is that they offer the specific expertise and bandwidth to analyse and interpret new regulations, spot the deltas and changes in existing regulations, assess and know their impact quickly with the aim of implementing the right response / enhancement rapidly and at a low cost.
A small cherry pick of services in this space:
• DTCC Omgeo ALERT
• Markit ISDA Amend
• JWG RegTech
5. Customer Lifecycle Management (CLM) Platforms
As we have previously written, and in the context of the challenges noted earlier in this piece, an enterprise CLM platform should be a modular case management workflow platform that, combined with a rules engine, is able to deliver robust regulatory compliance and active operational process management. This is a complex space where the need to streamline client onboarding, account opening and client data management activities, is coupled with a requirement for automated enforcement of compliance across standard client due diligence processes, and industry tax and trading regulations, across product lines, business silos and geographical jurisdictions.
Build or Buy:
It is also imperative to understand, from a strategic point of view, custom development to achieve this sort of capability will be exceedingly hard work. Build will require large amounts of diverse but exacting specifications, delivered by teams with both specialised architecture design and programming skill sets. Build will need years of development time with significant expense to the firm, combined with the risks associated with the ongoing maintenance of custom code over a 10 year lifespan period; during which time staff will turnover and code can become outdated. Firms need to seriously consider all these elements, especially the timeframes involved, when making the crucial build or buy decision.
In our final post we will reflect on things that need to be taken into consideration for the future…