With so many changes in compliance for financial firms, it’s difficult to know how to manage it all. CBInsights estimates that there are more than 750 regulators around the world issuing an average of 201 regulatory alerts per day. Financial firms are caught in a balancing act, with cybersecurity threats on one side and the compliance demands of regulatory bodies (and potential penalties for failing to comply) on the other. RegTech has the potential to help firms meet financial data security standards, but which solution is best?
To determine the right RegTech solution, firms would do well to consider the latest changes in regulatory compliance, the relationship between RegTech and regulatory bodies, and how firms are leveraging RegTech to simplify compliance, including working with reputable third-party compliance experts such as DataComm.
The Latest Changes in Regulatory Compliance
Although the current administration has made changes to remove regulations, such as the repeal of the Dodd-Frank Act, state regulations have been passed to bolster customer data privacy and security. Other regulatory bodies in the U.S. and abroad have also enacted changes to increase financial data security. Regulatory changes to be aware of include:
- FINRA—The Financial Industry Regulatory Authority (FINRA) amended Rule 3310, which is FINRA’s Anti-Money Laundering (AML) Compliance Program. The amendments require financial firms to implement risk-based procedures for developing a customer risk profile, monitoring and reporting suspicious activity, and for maintaining and updating customer information.
- California Consumer Privacy Act—The CCPA was passed in June and amended in September in an attempt to clarify potential conflicts with the Gramm-Leach-Biley Act (GLBA). The CCPA requires businesses to update privacy notices regarding consumer information and observe restrictions on data monetization. The amendment may exempt institutions that fall under the GLBA, but many California organizations are seeking clarification, including the California Better Business Bureau and the California Credit Union League. Many expect this act to be a model for other states in terms of protecting consumer data.
- New York Department of Financial Services—The NYDFS released strict cybersecurity regulations, impacting 1,500 financial institutions. Institutions must have a robust cybersecurity program that implements controls as determined by a risk assessment.
- Presidential Executive Order 13772— This executive order, titled “Core Principles for Regulating the United States Financial System,” was passed in February 2017, but the Treasury Department released a report earlier this year outlining 80 recommendations. Their recommendations include:
- Accommodating end-to-end digital mortgages
- Rescinding the Bureau of Consumer Financial Protection’s Payday Rule
- Updating the IRS income verification system
- Modernizing payment services
- Developing a regulatory sandbox
The potential development of adopting regulatory sandbox could help U.S. regulators keep pace with the rapid changes in cybersecurity.
Regulators and RegTech
Regulatory sandboxes, as suggested by the Treasury Department, can help close that gap. The Bureau of Consumer Financial Protection and the Commodity Futures Trading Commission have both implemented sandbox-type programs.
The National Credit Union Administration (NCUA) has recently issued guidance regarding pilot programs. They, along with other financial trade groups, are encouraging financial institutions to test innovative AML programs without fear of potential penalties. This gives firms more room to try RegTech and tailor it to the needs of their organizations. Testing new technology that exposes compliance gaps will not automatically result in a penalty.
The ever-changing landscape of regulatory compliance makes RegTech a critical tool, and the new guidance around pilot programs simplifies the process of testing those tools. Which tools should financial institutions use, though? Here are a few of the most promising possibilities:
- Security Information and Event Management (SIEM)—SIEM solutions collect data from across your institution, providing valuable insights into potential cybersecurity threats and simplifying regulatory reporting. SIEM systems can correlate and analyze data, allowing firms to detect threats that would otherwise go undetected.
- Blockchain—Blockchain, with its distributed ledgers, creates a clear audit trail that is updated in real time. Firms can easily share data with regulators without a lot of time-consuming manual reporting. Since customer information is updated in real-time, financial firms can easily meet the AML compliance requirements for documentation and proof of identity.
- Artificial intelligence (AI) and machine learning—AI offers firms enhanced cybersecurity through complex pattern matching. Firms are using AI to create more accurate risk models and financial forecast models. AI and machine learning can uncover anomalies that may indicate money-laundering and other fraudulent activities as well as lower the number of false positives.
In the face of constant regulatory changes, many financial firms are looking at RegTech solutions. Choosing the right solutions for your firm can be daunting, though, which is why many financial firms are turning to DataComm.
At DataComm, we have a wealth of experience in the financial industry. We know the challenges you face in compliance and cybersecurity. Our experts are ready to provide your firm with compliance and consulting services to aid in implementing the latest and most effective technology. Contact us today to learn more about implementing RegTech solutions in your firm.