Technology generates more and more data, regulators need to exercise more and more control, digital transformation is advancing, and traditional firms are changing and need to respond quickly to the new demands of regulators – not only to avoid sanctions but also to guard their processes and avoid security breaches and inconsistencies in their information assets.
RegTech is the term used in the financial services industry to identify the management of regulatory processes through technology. RegTech encompasses the regulatory domains of surveillance (anti-fraud, anti-money laundering, counter-terrorism), risk analysis and control, regulatory reporting, and identity management – all areas where data is at the heart of control.
Data fabric is a design concept defined as “an enabler of frictionless information access and exchange in a distributed, heterogeneous data environment” (Gartner) or “a distributed information network at scale across physical and virtual boundaries: focusing on the data aspect of cloud computing as a unifying factor” (Forbes). A summary of these two definitions could be: “Absolute control of the entire data chain with the ability to monitor every resource and every process at all times.”
The data fabric approach can enhance traditional Data Management models and replace them with a more responsive approach. It offers D&A managers the ability to reduce the variety of integrated Data Management platforms and provide cross-enterprise data flows and integration opportunities. That is why it is necessary to have an end-to-end approach, i.e., a platform that can work across the entire data process, from data ingestion to data mining and visualization. All of this is very effective for proactive management of the regulatory environment, which is why data fabric is a primary avenue for RegTech and beyond. It’s not just about integrating the data – it’s about finding the intrinsic value that this data represents to the organization.
RegTech for Bank Supervision
With the use of Big Data and machine learning techniques, technology can help a company meet the regulatory requirements of its industry. In the specific case of a bank, data on money laundering activities can be monitored virtually automatically. A traditional compliance team may not be able to perform the appropriate checks due to the sheer volume of data involved. Therefore, it is necessary to have tools, or better yet, a Data Architecture that can check all the information managed in the data pipeline, establishing “sentinels” that can intercept critical cases and alert and require human intervention within the control and data processing processes.
Any anomalies are transmitted to the financial institution for analysis to determine whether fraudulent activity has occurred. Institutions that identify potential financial security threats at an early stage minimize the risks of penalties, loss of funds, and data breaches.
A bank handling increasing volumes of relationship, transaction, and event data will find it increasingly complex, costly, and time-consuming to manage an anomalous or suspicious case interception process without adequate automated support. A regulatory technology solution based on the principles and components of a data fabric can create structured processes for regulatory compliance, capable, for example, of analyzing the bank’s historical data on suspicious/critical cases, identifying areas of potential risk, inferring rules, and applying them to current data, maintaining increasingly effective supervisory models capable of meeting regulatory requirements.
But that’s not all. The presence of a structured architecture to support regulatory compliance mitigates the risk of sanctions while increasing responsiveness to increasingly frequent and mandatory requirements from supervisory agencies. Being prepared for new regulatory changes and not having to suffer through them in the future with “patchwork” solutions ensures more aware, designed, and dynamic governance of the entire application system to support compliance.
RegTech for Regulatory Reporting
A Data Hub architectural model, capable of quickly identifying and organizing heterogeneous and distributed data sets, focusing on the appropriate extraction, transformation, control, delivery, orchestration, and governance capabilities, can also be used in RegTech key to quickly generate regulatory reports.
In this sense, a proactive approach to regulation is always better than a reactive one. If all our data sets are mapped and controlled through an appropriate set of metadata with respect to their relevant characteristics (ownership, business and vertical lineage, quality rules), a bank or insurance company can be ready for any new reporting requirement by having all the information needed to quickly implement what is required by the regulator.
RegTech: Not Just Finance
A RegTech solution addresses a variety of compliance needs. Some of the application areas are, for example, data protection, regulatory compliant Data Management, fraud prevention, and audit trail capabilities.
It is clear that the more regulated sectors, such as banking and insurance, have dedicated resources to manage specific compliance processes, but what about other sectors? The European community will continue to try to harmonize the supervisory models of other sectors; it is part of its core mission. Gradually, other industries will also have to adapt to some kind of European standard. A concrete example is the pharmaceutical industry with its IDMP (Identification of Medicinal Products) standards, but it is very likely that other sectors, such as automotive, aviation, and tourism, will move in the coming years from voluntary, self-referential “quality standards” to actual regulatory guidance … The GDPR is just the tip of the iceberg with respect to what is about to happen. And what will happen in the U.S.? Surely regulating the market and industry is essential for future competitiveness.
The data fabric concept is presented by many vendors, but perhaps the importance of the experience that these vendors may have in a regulated environment is more important. In the case of our company, we are an active part of the BIRD processes at ECB and the Bank of Italy. Our team of consultants actively participates in the work tables of European regulators; our functional experience in the financial sector is amply demonstrated by the projects developed for the most important companies subject to regulatory restrictions.
Virtualized approaches may not be sufficient, as the regulator may ask you not only for the data and lineage at a certain point in time but also for the process that generated a certain rule and needs to be able to prove it. This is practically impossible with a fully virtualized approach.
If you are passionate about the data fabric concept, we suggest you follow Michele’s monthly LinkedIn newsletter, Data Fabric’s Chronicle, which features the most interesting articles about this new architectural concept.