How RegTech Can Enhance Your Firm’s GRC Program: A 4-Step Approach

October 11, 2018 by Burt Esrig

Chief compliance officers (CCOs) and risk and compliance teams know they need regulatory technology to meet ever-increasing regulatory obligations as well as establish best practices for their firm’s governance, risk, and compliance (GRC) program that reduce operational risk and increase operational efficiencies. While the value added by a RegTech solution is clear, understanding the full scope of a GRC technology implementation can be a significant challenge.

Requirements vs. Best Practices

In a highly regulated business such as financial services, there are numerous regulatory imperatives that are specifically defined and non-negotiable. However, the “best practices” for performing your “supervisory responsibility” are not as well defined.

Many GRC technology solutions are available that address specific regulatory requirements (general compliance management, cybersecurity audit, code of ethics, trading surveillance, etc.). While these solutions can sufficiently address the regulatory rules in the “letter of the law,” a more robust solution can help your firm implement the best practices needed to efficiently and cost-effectively keep pace with ever-increasing regulatory demands.

Meeting regulatory obligations while implementing a technology solution that helps reduce risk and increase efficiencies can be done in several ways. There are four steps you can take to enhance the effectiveness of your firm’s GRC capabilities using technology. These include: 

  1. Increasing efficiency
  2. Accessing knowledge
  3. Revealing insights
  4. Recognizing patterns

Increasing Efficiency

Currently, compliance and risk processes are completed either manually, using spreadsheets and files warehoused on personal computers and company servers, or in single-focus systems that perform specific GRC tasks. Logging into and out of various platforms, using multiple interfaces for each system, and moving data and documents into and out of disparate systems are trademarks of an inefficient workflow.

Your RegTech platform should have all of the functionality needed in one place with all of the users within your organization participating with the defined roles, requirements, and data permissioning needed to efficiently execute their tasks. Task management, scheduling, alerts, reporting, and other features should be integrated to allow responsible compliance and risk managers to leverage their daily work and eliminate administrative overhead.

Accessing Knowledge

The amount of data we generate and receive each day is staggering. It is estimated that there are 156 million emails sent every minute of every day, and we are all overwhelmed by the amount of information we need to process and utilize effectively.

In any organization, much of the knowledge is there, if you know how to find it! The ability to deliver insights is the ability to organize and prioritize these data files, documents, external links, communications, and other information. Tagging, annotating, commenting, or otherwise identifying these files are essential, along with the ability to connect the information with any event, case, or review that management has opened. Gathering sets of information and reporting is a function that can be executed in seconds rather than business days using the proper technology solution.

Revealing Insights

Once all data is accessible via a single platform, connections can be made between the data points to gain better insights into any particular subject (person, situation, business unit, etc.).

For example, specific employee risks can be discerned by combining cybersecurity incidents, personal ethics violations, e-communications, and activities performed on behalf of the company. These insights into character, organizational structure deficiencies, and other problems become apparent when all data is collected and analyzed together as opposed to via single reports spread out over months.

Recognizing Patterns

While the insights described above are generated by looking through specific groups of data with predefined algorithms, there are potential avenues of activity to be investigated that can be revealed by pattern recognition algorithms. Clusters of data not readily apparent to us can be revealed along with an analysis of ancillary data that may be useful. The human response as to useful or not can be used to train the system to further focus the results on meaningful datasets.

How ACA Can Help

ACA’s ComplianceAlpha® platform has been designed specifically to transform best practices into a manageable workflow tool. The platform integrates policies, procedures, compliance risk management, marketing review workflows, and results monitoring as well as code of ethics, employee trading, and portfolio surveillance capabilities. ComplianceAlpha incorporates multiple ACA solutions such as Decryptex® trade surveillance and ACA Aponix’s vendor management outsourcing service (VMOS) into a single, consolidated platform. The platform provides many of the organizational, efficiency, and knowledge access capabilities discussed in this blog post.

About the Author

Burt Esrig joined ACA Technology in 2017. As a Managing Director, he leads efforts to create regulatory technology (“RegTech”) employee compliance products for use by a wide array of financial institutions. Burt has more than 20 years of experience in financial and technology businesses, marketing, and business creation and has established a solid track record of building and expanding superior distribution teams and unique, profitable businesses.

Prior to ACA, Burt served as chief operating officer of Marstone, Inc., a digital wealth management technology company. There he managed overall business efforts to create digital platforms for banks, broker-dealers, and investment advisers. He has also been a managing director in the UBS fixed-income division. In that capacity, he managed the securitized products marketing function and then conceived, planned, and executed the creation of infrastructure for the acquisition, pooling, securitization, and disposition of high-quality residential mortgage loans.

Prior to UBS, Burt was at PaineWebber Inc., where he was managing director in charge of international fixed-income sales and US securitized products and credit products marketing. Earlier in his career, he had fixed-income trading responsibilities in US government and money market securities at JP Morgan and other firms.

Burt earned his Bachelor of Science degree in Computer Science from the State University of New York at Stony Brook. He has also completed non-degree coursework in accounting, marketing, and finance at New York University.