Managing emerging regulatory risks with data

Regulatory risks have greatly increased since the 2008 financial crash, but data analytics can help firms spot emerging issues

The collapse of Lehman Brothers was the spark that ignited the biggest economic firestorm in living memory. But the fuel for the financial meltdown that hit the world in late-​2008 was irresponsible lending and excessive risk-​taking by banks.

Once the threat of a complete collapse of the global financial system had been contained, stringent new rules and regulations rose from the ashes of the financial industry: the US Dodd-​Frank Act, EU Markets in Financial Instruments Directive II, Basel III and International Financial Reporting Standards, for instance. In broad terms, they are all designed to ensure that banks cannot behave in ways that might lead to a repeat of the crash. And they’re just the tip of the regulatory iceberg.

Data analytics has the potential to enable compliance professionals to become more proactive in the way they can identify risk and manage breaches

Dr Daniel Gozman, University of Sydney Business School

In May 2018, for example, the General Data Protection Regulation came into force in Europe, giving firms just 72 hours to notify the Information Commissioner’s Office of certain data security breaches. Staying on top of all these regulations and providing regulatory bodies with the detailed data they need for proof of compliance can give financial firms a serious headache, which can quickly turn into full-​blown regulatory fatigue. But when it comes to regulatory compliance, simply ignoring any issues or emerging risks will ultimately lead to big fines and bad headlines.

The UK division of Santander, for instance, recently suffered a £33-​million penalty from the Financial Conduct Authority for failing to process the accounts and investments of deceased customers properly, and a further £58-​million penalty for compliance issues relating to credit cards. U.S. Bancorp was also fined $613 million last year for failing to put together proper anti-​money laundering control programmes and violations of the US Bank Secrecy Act. But even that financial penalty pales in comparison with the $1‑billion fine Wells Fargo received in 2018 for forcing customers to buy unnecessary auto insurance and other misdeeds.

These big fines warrant a big question: could better data have helped these banks spot emerging risks before they got out of hand?

The International Risk Governance Council defines emerging risks as “new risks or familiar risks that become apparent in new or unfamiliar conditions”. They can include new technologies such as artificial intelligence, as well as economic, societal, environmental, regulatory or political change. Some develop slowly, others fast. And identifying them should be a top priority for the director of compliance.

“Data analytics has the potential to enable compliance professionals to become more proactive in the way they can identify risk and manage breaches,” says Dr Daniel Gozman, senior lecturer at University of Sydney Business School. “The traditional model is very reactive: when breaches are retrospectively identified, regulators often respond by requiring firms to provide maximum data after the event.”

Many business analytics processes originate from a human asking a question, for example what is the credit score of this individual? “In other words, they are inherently biased and to a degree mechanistic,” says Mark Perrett, head of financial services consulting at Teradata International. “What we’re seeing emerging is the ability to use analytics to alert humans to patterns that look different, without the human having to specify what ‘different’ might mean.” As the ability to execute increasingly complex analytical processes on large datasets accelerates, it could even reveal anomalies that may not previously have been perceived as anomalous, he adds.

Modern analytics platforms can integrate huge volumes of data from multiple sources, for example reference data, transactional data, operational data and security data, and analyse it in real time to help firms spot emerging risks before they can do serious harm. However, more data doesn’t automatically equal more intelligence. “Companies consume and create more data than ever,” says Sergiu Cernautan, senior director of product strategy at ACL, “but not all of it is relevant. Regulations continue to grow and evolve, but not all of them are applicable. New risks emerge every minute, but not all of them are significant.”

Remaining on top of emerging trends and topics within financial analytics, including the regulators’ quarterly reports, can provide further insight into the likely manner in which regulatory requirements will evolve in future and help to focus a firm’s analytical efforts. “To spot emerging risks, you must follow the regulator and your regulatory data, be attuned to patterns, outliers and newly emerging trends,” says Wesley Cooper, data architect at AQMetrics. It might feel like a burden sometimes, but as Wells Fargo and other banks have unfortunately demonstrated, the cost of not doing so can be astronomical.

To find out more about the risk management technology ecosystem of the future, download Rethinking Risk Data Management.