Looking ahead to 2023: Modernizing risk and operational resilience for BFSI’s
October 31, 2022
As the new year approaches and belts are tightening for a projected recession, Compliance teams and professionals are already looking towards mitigating risk. Our expert panelists are honing in and addressing:
– Challenges and considerations around the industry’s hot topics including addressing new regulations around AML, BSA and Fintech, Cryptocurrency.
– Capital stress testing and banking resilience.
– The future of RegTech in a volatile and shifting market.
Hello, everyone. Thank you for joining us. We’ll just wait a couple of minutes while we get everyone to file into the room here, and then we’ll get started.
Alright, looks like we have a full house today, so thank you guys for joining us. Welcome to Compliance AI and SRA’s webinar on”Looking ahead to 2023: Modernizing Risk and Operational Resilience for BFSI’s.” Before we get started, if you guys have any questions during the webinar, please feel free to drop your questions into the q&a box. I’ll be monitoring that and we’ll be doing a q&a session at the end of the panel. Our panelists can answer some of them as we go, if they seem relevant. So we’ll be managing those questions, drop them there. If you have any other questions, concerns, sound issues or anything like that, feel free to use the chat box as well. We’ll be there. You can chat with each other during the panel. We’ll just be monitoring that. Then at the end, we’ll also be doing an “on demand” posting of this webinar after we’re finished. You’ll be able to access it sometime next week. With that, I’m going to hand it over to our CEO Asif Alam to get started.
Asif Alam (Asif)
Thank you. Thanks a lot. Ronjini. It is my pleasure to be part of this amazing webinar. And Michael, thanks a lot. This will be more like a fire chat than a webinar where Michael and I will be going back and forth on the topics that I think are pretty hot as we go into 2023. But before we go into that: a little bit about me. I’m sort-of new to Compliance AI (about four months into the job), but not new to the industry. I’ve been in RegTech/Legal tech for 20 plus years, (in different companies.) I was with Thomson Reuters for more than 18 years, after which I did a lot of startups. Now here I am at Compliance AI. I am really thrilled to be here. Again, there’s an amazing team we have in here, but also the opportunity that lies in front of us as we open up in 2023. (We will talk more about that,) but before I do that, I would like to introduce Michael, who will be here. We will be talking a bit about this industry that we are very passionate about and this topic we are very passionate about. Michael, why don’t you introduce yourself, it would be great for the audience to hear from you.
Michael Glotz (Michael)
Great, thank you Asif and thanks for the invitation. We’re really excited to be working with Compliance AI to help the banking industry: an industry I’ve been in over 30 years. Strategic Risk Associates (SRA) is a risk management company focused in the banking industry. It’s a company I started in 2008 and we’re about 60 employees now. Prior to that, I was a risk executive with Capital One Financial (from its early days) and through lots of growth, lots of earnings (so we’ll bring some of that) and I was a strategy executive with SunTrust Bank. So thank you very much. We’re looking forward to talking more about the future.
Asif
Awesome. So as Michael and I begin, <as I said> we will go back and forth. But, we want to keep it really simple. We would love to actually have questions to answer and some of the biggest things I see. Michael, as we go into 2023, if we really take a step back and look at what is happening in the space, the compliance cost is increasing like crazy <as you know>, it’s up about 16% from 2015 to 2020. Crazy numbers, right? The fines and the penalties keep on increasing the complexity. The days are gone when people were really managing everything “on an Excel sheet,” but now looking at how to “do” the compliance and regulation. So we’ll touch upon all those topics a little bit, (and also, capital stress testing/bank resilience and what is happening in that space.) Is the future of reg tech in this? There’s a lot of headwinds we are seeing. Michael, as we actually go into 2023 with the economy and everything that is happening, (especially in the US) but also globally and with the war. What does this mean? How are the banks, financial institutions and the insurance companies reacting to all of these things? What place does reg tech or legal tech have in regulation, risk and compliance? Where do you put it? I think this is an important perspective. Would you want to comment a little bit on that Michael: on the current landscape and trends? I would love to also add some points in there, but I want to give you the mic.
Michael
Yeah, I’ll just throw a few thoughts out, Asif. You know, we always start with the heightened regulatory standards. I saw a few weeks ago that the OCC put out its focus areas for the next year, (which started October 1 of this year through next year.) It’s a lot of the things that you might expect: given safety and soundness-related focus areas that you might expect the regulators to look at. Knowing that we may be going into a recessionary environment and so a lot of focus on resiliency. How does the bank do enough testing of Capital Management? Does the bank do enough testing of liquidity management? Is it operationally resilient for things like cybersecurity.One especially growing concern is, <from a regulatory perspective,> a lot of financial institutions are starting to bring on Fintech and RegTech companies to help become more efficient, which is a great move. Obviously, they’re concerned about the risk and the bank’s ability to manage that risk. So that’s going to be a very big focus of the one I’m intimately involved with and spending a lot of time helping banks onboard crypto risk. Why is there some intense scrutiny in that space? It was moderate six months ago, but today, if you’re bringing on crypto asset products, (or digital asset products), having all of the infrastructure laid out so you can prove you have that infrastructure is really, really important. And then lastly, it’s a great time to be in banking and risk management, with all the new advances in technology. How can we leverage technology to become more efficient, with less people in the market to hire? Also, how do we become more modern and effectively know the risk? How can we use data to monitor risk instead of humans to monitor risks? So those are my top of mind thoughts.
Asif
You’re spot on Michael. I live in San Francisco now in the Bay area, but I used to be in New York (in 2008.) What I remember (very vividly) Michael, back then, was the debacle of the whole financial crisis happening. Soon after, the banks and financial institutions very quickly realized that technology is not just nice to have, it’s a must have. I’m feeling the same kind of passion or the same kind of drive in the compliance officers (and the Office of the General Counsel) that technology is not something where” it’s good, let’s do it” kind of thing. But it’s a “must have” as I said earlier, that the complexity of the velocity is increasing tremendously. How do you counter that there are various ways to do that, (technology being one) which really makes your whole workflow solution easier in how you do that in BFSI (the banking, financial institutions and insurance.) They are driving this whole regulatory change that is taking place. But now I also see <in other industries> that it has started to pick up, which is very interesting. The other thing I’m seeing as we are heading to 2023, is that RegTech (more or less) was very much focused in the United States, (for the banks and financial institutions here.) But what I’m seeing now is that Europe, (especially UK, after the Russian war). Everything is right behind there and really catching up fast. So that market, again, the concept of “must-have” instead of “nice to have” the technology. They are very quickly understanding that and as they are looking forward to 2023 they’re doing that. Two weeks ago, I was actually in a very interesting symposium in the Middle East. I thought the whole rigor and urgency is building up in that region also. There were a lot of folks from Asia overall, but the same tenacity of RegTech and what it means. As we go into 2023, the spend they need to do in order to mitigate risk is real. And it’s now, not in the future. It’s not something that you do in the future. Which brings us to a quick poll.
<To Host> Ronjini, if you can, please do that.
While the poll is happening, Michael, do you want to comment on this? So let me just really quickly read the question: “complexity, velocity and pace of penalties are increasing every year, what has been the hardest thing to manage for your organization?”
We’d love to hear from you. Michael and I also have a point of view here but as audiences and participants are giving their voice, I would love you to do a “voiceover” if you will.
Michael
Yeah, that’s really a challenge. The complexity in banking has become more and more complex over my 30 years and with it, and its new products. Complexity is the complexity of integrating,( let’s say, FinTech) into your bank. And it’s the complexity of more and more regulations that are constantly changing, that need to be constantly monitored. So how do you keep up with not only a more complex environment, but an environment where we’re now monitoring state level regulations, (as well as federal level regulations), and even regulations in Europe, <that may impact the US>? So it’s a real challenge, I’m really looking forward to some of the feedback from our participants.
Asif
Yeah, it’s amazing. So the variety and type of regulation is followed by increasing volume of new regulation. I think it’s just about right where the complexity and the velocity is just going up and up every year. Again, it goes back to talking to our customers. Not too long ago, it was okay to manage things manually. That is now becoming impossible with (again) the “real-time” changes that are happening to how it affects you as a unit regulated company and regulated firm. Also, how quickly you make decisions. The other thing that is happening is seeing that penalties and fines are not that significant, but I think it’s it’s the proactive nature, which I think the regulator’s are also playing, which is, which is I think a good thing where firms are just not getting fined when they have done something wrong, but they’re also getting fined when they are not proactive in putting up a compliance officer (in setup in that sense.) So you know, it’s that the world is changing at a very fast pace, in that sense. So, very quickly: Challenges. You know what? Let’s talk about 2023. It’s just around the corner, yeah? Michael, what are your views on 2023? What will be the biggest thing in Q1 getting into Q2, what should our customers be focusing on? And what should they be working on right now (as we speak) in October going into November?
Michael
Yeah, that’s a great question and it’s interesting: the last three months have helped me almost change my perspective a little bit in terms of what I’m seeing, and expect to see over the next year. And I would say one key trend is regulatory pressure stopping FinTech and crypto progress. And so we have a handful of clients that in the last three months have gotten consent orders from the regulators, OCC that nfbc and MRA is an MRI in this manner, requiring board attention, having the effect of stopping the progress of banks onboarding fintechs. Requiring banks to have a framework that’s so comprehensive and gets measured around the effectiveness. it’s forcing the banks to regulate (so to speak) the fintechs. The regulators, the OCC bed, and FDIC can’t regulate the fintechs. But with the new guidance, they’re almost forcing the banks to become regulators in FinTech. That’s going to drive staffing and strategy changes. But for those banks that do it, well, they’ll have a competitive advantage at the end of the day. So risk management and strategy become two sides of the same coin ( from the regulatory standpoint and from the recession proofing standpoint.) Boy, I think back to the last recession, 2007-2008,2009. SRA had about 30 banks that it helped through constant orders from the regulators, OCC, FED and FDIC. That focus was because it was credit based and a lot of real estate. Did they have the amount to give allowance for loan loss? Was it adequate? While there will be that focus, most banks have moved to Sisa, which is more standardized. Now is the focus really capital stress testing? What you have is a handful of recession scenarios that you run through to prove that you have enough capital. Do you have enough recession scenarios to prove you have enough liquidity, as well? So those are the top of my thoughts, Asif.
Asif
Yeah Michael, a great point, because one thing that I’m hearing over and over again, with all the headwind that we are taking into 2023, is to find a way to reduce, (if you will) the operating cost (in general) of what you want to do. One of the things that you don’t want to be fined billions of dollars or hundreds of millions of dollars, and then get short-changed on other things that you want to do. So everyone is trying to be ahead of that and really have a strong sort of monitoring. What are those enforcement actions coming out? I think that is pretty big. The other thing that is happening, and I would say in real time is that, again, the regulated firms, (especially BFSI), they are looking for faster obligation extraction. What I mean is that things are happening so quickly (in real time) with either the President or the Prime Minister giving speeches that may conflict with the policies you may have and how you change that very quickly is you need to be ahead of it. So again, with reduced operating costs, with the need in this economy to really do that: How do you do it? Again, it goes back, Michael, to my earlier point of why technology is so important. That “yes, we can get the job done” but if you can get the job done in one hour instead of one day, why not? Because it’s saving a lot of time, really. I think those are some of the bigger things. One other thing which is very interesting to me is that all of the big firms (companies that are sitting on a lot of cash) everyone there is looking to sort of (as we have already said) be “recession-proof” (in the sense of saving cash). However, I think risk and compliance is one area where they are seeing: “hey, this is an area where, if I spend some money, it will help me save more money.” So that is another change I’m seeing and keeping us very busy. But really, working a lot with the customers in that view and as we go into the Q1 of 2023. What are those avoidances that we can do? What can we spend on? It would be great to hear from you, Michael, before we move on to the next slide, and get a view from you (from banking), but also your view on the insurance sector? Also, do you see the same thing happening there? Or do you have another view here?
Michael
Yes. On the banking side, if we look at the last few recessions, we saw (for almost all banks), a compression of revenue, (less revenue). (To your point, Asif), you have the cost factors to work with. You need to be building contingency plans today for cost management (really tightening your belts.) And that means, in some cases, looking at business lines that are not very profitable and discontinuing them, (or stopping activities that are not as value-added.) The other part is automating however you can automate. There’s been tremendous gains over the last few years in terms of automating AML BSA monitoring and investigations, and significantly reducing costs using AI. That’s a great example: investing in AI to help reduce costs. On the insurance side, what we’ve seen is there tends to be a more stable revenue stream, given the long-term nature of insurance, but our insurance clients are facing many of the same issues that the banks are: increased regulation. On the insurance side, we’ve seen (just recently) more focus on resiliency in the insurance business. So I would put insurance, from a cybersecurity standpoint, (or an operational risk standpoint) very much with parallel issues there.
Asif
I very much agree. And, as we talk a little bit more,(I think it was very interesting when we talked earlier). I would love to get a view from you around the liquidity stress testing. What is your view on that? How is that playing out?
Michael
Yeah, it’s interesting. On the liquidity stress testing side: as we dissected the last recession, we saw that about two thirds of the banks failed because of lack of capital, a third of them failed because of lack of liquidity. Think of Wachovia Bank and the run out of the local bank. (Whoever thought a large financial institution could disappear so quickly?) So, one of the key kinds of fundamental parts of capital and liquidity stress testing is data quality. It was something that wasn’t focused on (by the regulators) a year or two ago, but I think there was a realization that a lot of the information banks were using (from capital and liquidity stress testing), were manually-aggregated and brought together from various sources. Therefore (kind of) necessarily tied to the “system of record” and didn’t have a strong amount of quality. So that at the end of the day, when you finished your liquidity stress testing, all your capital, (the output) was wrong because the inputs were wrong. I think you’re gonna see it a lot more. After the last recession, the regulato’s came out with SR 12- 7, (which was guidance on stress testing) and prominently displayed was data quality. In the past a lot of liquidity and capital stress testing was based on what happened in your credit portfolio and that was a big part of what moves the needle. More and more, the focus is not only on the credit portfolio (from a stress testing standpoint), but think of things like deposit runoff. I was talking to a CFO of a large bank yesterday, and he said that he hasn’t seen as much deposit runoff in the last few months, as much as he’s ever seen in his career and that there’s a lot of places to put money now with a great return. Banks return levels for deposit. So with less deposits, that means less liquidity. You’re going to need a strong scenario analysis on deposit runoff, cybersecurity and other things that relate to that.
Asif
Yeah and that takes us to the future of banking. We have touched upon this topic also. Another thing that I’m seeing (again, talking to our customers) which is very interesting (yet natural and organic), is the collapse of silos. Because of the nature of and the way that everything was collected, (and then used, from a regulation perspective), it was very manual, right? It’s somebody downloading, and then you’re doing “this or that” so people are looking for that orchestration,( if you will) that “how do you do all of that” thing at one place? Which is to not only get all the information, (all the content, if you will) but then how do you reduce the noise? How do you create alerts? How do you do it? It’s just not the Chief Compliance Officer, it’s the internal audit, it’s overall: the general counsel office, the chief risk officer, it’s even the different P&L of “how can you have this one unified platform which then decimates (or passes on) all the different (and same) information to different places?” In very clear terms say, “What are your risks?” What do you need to do in that sense? What are the penalties? I think, another thing that I’m seeing in the Bay Area, (which, again, is interesting, though not really banking-related). What tells you the pressure that is on banking: is looking outside of banking. A Lot of these technology firms were just okay with being fined, (or they really didn’t care that much), are now being very prescriptive, and want to know if they take some action, then what would be the penalty? So be ahead of the game and address the penalties. All of the big banks that you think about, they are definitely getting into FinTech and to the InsurTech, all those things. They need a very cohesive RegTech story platform where a lot can be done together. I think it is very apparent. Though that’s what the compliance officers are asking the CIOs: “Hey, this is the solution I’m looking for. It’s just not about me. It’s about my whole firm. What can I do about it?” Anything that you are seeing from your seat Michael, that would be great to know.
Michael
Well, I know our two firms have spent a lot of time talking about this to try to help our customers get ahead of the game. And, you know, one of the examples I would give you is probably a success story in terms of how to prepare for the future of banking. And if we take that first bullet of FinTech and InsurTech there’s a number of banks moving to a banking as a service model. And we have a number of banks that have recently started that are originating deposits from Fintechs and originating loans from Fintechs. So really, the core function of banking is being fully outsourced to innovative technology companies, and banks are becoming more of an umbrella management firm to oversee those ( if they are using data and technology.) A lot of the Fintechs, RegTechs and Insurtechs are being monitored by various companies (like Dun and Bradstreet), for IT services, (information technology). How can your firm utilize technology to aggregate information on your partners so that you can automate the monitoring versus having so much manual activity? And certainly, there’s gonna be manual monitoring that’s needed. But how can you leverage your technology to aggregate data on your suppliers, and the leading technology companies in the world that are doing this today? Google is one of our customers, and they certainly are moving on this at a pretty rapid pace: aggregating industry wide debt data on your vendors, including fintechs (and monitoring that to identify trends)
Asif
One thing we keep talking about is banks moving to FinTecH or are they? Is it true or (on the scale of talking about 2023) what is the base? Do you see any banks who are not there yet? Do you see them also going into that space? From the area that we are talking about, (which is RegTech) do you see any investment there in that? How do you see the next few months?
Michael
Yeah, I saw some recent research from Cornerstone advisors, and they put out an industry paper on Fintechs, RegTechs and the trends. It was amazing to see that two-thirds of all banks in the US have moved to take on either a FinTech or RegTech to support their organizations. These are banks, large and small. Even more interesting is that a third of all the banks in the US have invested in Fintechs and RegTech, so they’re not only using them as partners, they’re investing in them. And because of that trend, the average bank in the US today, (according to that research), has two and a half to three Fintechs or RegTechs that they’re utilizing today.
Asif
Yeah, so that takes us to the second poll, Michael, which is “How has RegTech figured into your operational strategy?” And it’s good to see that and we will keep the poll live for a little while. But let’s do a voiceover. It’s good to see that a lot of folks are saying that we have started implementing RegTech into our organization, or there are a lot of folks who are saying we are only beginning the RegTech journey. Staying on the topic of 2023: Any comments on that? Or what are you seeing in there? (I also have a very strong view on this, which I want to share, but I want to give you the mic first.)
Michael
You know, what we’re seeing is some amazing technology with firms that are coming out. Fair Lending is a great example. There’s a software company that we partner with called “Fair Play” and they’re looking at meeting regulatory requirements about fair lending, but doing it in a way that generates more revenue. Can you imagine RegTech generating revenue AND making sure that you’re meeting regulatory guidance? And so that’s a big one. There’s another firm we work with called AML Sentinel, very inventive. They have an AI platform around AML BSA, they’re able to reduce AML monitoring costs, (which is usually the biggest compliance cost in the organization, 50%.) How do you better comply with regulations and dramatically reduce costs? So that’s it, but I love the top answer from the three people that say “we pray to the tech gods for all guidance.” That is really funny to see that. But you know what? In a lot of cases, if you don’t have the money or the resources, that is your fallback plan. Number one is “pray to the tech gods.”
Asif
Yeah, yeah. No, I hear you. But one thing I’ll say, Michael, is that we are only beginning the RegTech journey. We have started implementing RegTech into our organization. I just want to talk a little bit about that, what I have seen in the past three years. It has been slow (yet again, because of a lot of things), the market condition and everything is speeding up. One thing I still see that our customers are asking for, is very reasonable solutions. Even if it’s a large global bank, a large global financial institution. They want to have a very modular approach (in the sense of reasonable stories). “What can I do” in the United States? What can I do in the UK? What can I do in the EU, Asia and the Middle East (and so on and so forth), but then have the capacity (or a platform) where I can all bring it together. So in a typical global organization, you may have a Chief Compliance Officer looking after one one region, and then you may have a global compliance Chief Compliance Officer. So they want their own specific dashboards, they want all those stories, they want to know about everything. We are going in to 2023 and one thing that excites me in this area as we go, is that people are looking (more and more) for that global solution (if you will). That, “Yes, I want reasonable solutions, but I also want to look at a global view of how I can connect the dots.” And I keep saying that in this whole ecosystem of RegTech, there are so many different things you need to get right and I’m so glad that we partner in this area, Michael, because frankly, I don’t think that there is one organization (or one vendor) that can do it all. There are a lot of things that need to happen in that whole area. And one thing I feel very strongly about in order for RegTech to be really “humming” and really working (like a well oiled machine), it requires a very strong ecosystem of partners. Where all of us should be working together, figuring out what are the workflow problems (or solutions) our customers are looking for? And to really find that thing? And what is that thing that we need to build in order to provide that solution to our customers? Going into operational risk management? Any comments (before I give my two cents on that)?
Michael
I just wanted to make it quick: I saw Jeff had a quick question that he wanted me to repeat. The publication that has the FinTech information, (I would say for our audience, it’s a must read publication.) It’s called the “State of the Union and Bank FinTech Partnerships.”You can Google that (Cornerstone Advisors published it). It’s probably some of the best research I’ve seen, (it came out in June) that I’ve seen to date in that area. Now, back to the operational risk management that is real time. You know, I think back to Crest bank 30 years ago, when I was an analyst in the risk area. We were doing manual assessments of risk in the operational station, deposit operations and loan operations. My team would go in and assess it, and would (on an annual basis), assess the relative level of risks. Boy, times have changed. And nowadays, I wish I had the tools and see if I had what I didn’t have back 30 years ago, because we could have done such a better job. But I think the whole key in this operational risk phase is really using real time data to assess risk. And you can do the annual assessments, that’s okay. There’s still some value there. But what about the other 11 months of the year that you’re not doing assessments? That’s when things fall apart. And here’s one of the things I learned in one of my real time data monitoring engagements in the last year or two: whenever you have a change in a department, (a manager of an operational department) there’s a higher likelihood you’re going to have a risk event. So the number one thing I would say is keep track of how long the people have been in their roles from IT operations, deposit operations, loan operations, to online banking. And when you have changes, that’s being proactive. That’s when you need to really get in and assess and help train and you’ll actually prevent operational loss events. Then those risk indicators are more “real time” and not once a year. Your organization is going to need to gravitate that way to be truly effective, to get ahead of the ballgame. It may take time, aggregating all that information (you could do it with an Excel spreadsheet) but it’s hard to use the technology to aggregate the information AND to monitor. I think that if there’s one takeaway from today, it’s that automating operational risk management is going to help you a lot.
Asif
I do 100% agree with you. And with that I’ll say, (I’m looking at the clock, we are running out of time), but one thing I’ll say is that (again) the whole ecosystem of of RegTech involves so many different things: regulatory change, management, enterprise legal management, policy, change management, and operational risk management. The time is now and as I look into 2023, this is the ecosystem of overall “legal space.” If so, how do you orchestrate that? How do you actually help your customer solve that problem? I think the key there, when we talk about modernizing, is just not about ORM, but all these things being orchestrated. Where you either make it very seamless for the customers to actually get it done or by partnering. So our role is really, “Hey, there may be something that I do really well, and there’s something that you do that you do really well, how can we make sure that the customer gets the best of both worlds?” Through partnering and creating that. I think that is one of the big asks I see coming, from the other way around. You and I are sitting on the other side, I think that it is on us to really have those strong partnerships so that the workflow, (the solutions), become easier for our customers (as they are doing it). Very quickly, (I don’t want to take too much time on this thing), but if you really look at the status quo (of what is happening, right, Michael? I feel like we have talked enough about Excel sheets and whatnot), but it’s the manual, but very expensive knowledge worker who is trying to figure out the impact analysis. The team is disjointed, if you will, from regulatory intelligence, the whole change management. Again, very manual and spotty enforcement actions, time consuming audit reports. How do you bring all those things together? I think that’s why I feel like a little bit of it is on us (Compliance AI). That’s what we do. We are trying to make it easier with increased speed, reducing the noise with proactive change management. And it is a big thing about PENALTY AVOIDANCE, if you will, improving the whole audit, and enterprise. Reporting (in that sense) and a lot of the things we do ourselves is how we make it easier for our customers: to partner with folks like yourself, right? How do we do that? So anything that you want to raise in here, (which would be important before we open it up for any questions).
Asif <To Audience>
If Anyone (if you want to)… If you have any questions, please start chatting away while Michael is, (or Ronjini will come in a few minutes and you can ask it through that also. But before we do that, Michael, any comments on that?
Michael
Yeah, just one comment. You said something earlier Asif, that really hit home and it is that NO ONE company can do all the RegTech or risk management activities. It’s too wide. It’s too diverse. You know, we’re a relatively large, fast growing and well funded technology company and even we can’t do all the functions of enterprise risk management and operational risk management in the organization. And so we’ve partnered with five leading RegTechs (like Compliance AI) when we were out looking to say, “Who is the best in the industry?” At compliance monitoring, Compliance AI is the best in the industry. Why would we try to develop software like that when it exists, and we can utilize it and plug it together. The same as with other “best in breed” technology. A bank Chief Risk Officer looks for those best in breed regtechs out there to help your life easier. Look up Watchtower as well, because we’ve done a lot of that work for you in terms of those partnerships. So Asif, back to you.
Asif
Yes, thank you.
<To Host> So Ronjini. I’m looking at the clock and I just want to see if there are any questions. I hope there is.
Ronjini <Host>
No, we don’t have any questions. I did also send the link to the report in the chat box. So if anyone’s looking for that, take a look there. We don’t have any (I don’t see any) questions popping in yet here. (Oh, here sorry.) Mark has just asked a question (or a comment/question.)
“I’m sure the same arguments stating the need for change automation/ reduction of manual processes are constantly discussed and deemed necessary. The problem is that banks (and cultures) move at a snail’s pace, will this be a question of ‘survival of the fittest’ in the future?”
Michael
That’s great, let me have a thought or two, Asif, then have you jump into that too.
Yes, I think it’s going to take some time to see the survival of the fittest. One of my pieces of advice Mark, for you, (and it’s a great question) is there’s a tool that the Risk Management Association developed called the RB risk framework. We’ve helped them automate that tool to do a complete assessment of your program today, from an automation/people standpoint, and create a three year roadmap. In my experience over the last three years, whenever you go up to your management team and board to ask for more money (and more automation), a lot of times the answer is “no, we can’t afford it today.” So what you need to do is have a holistic three-year plan that says “here’s where we are today, here’s where we’re going over the next three years and here are the investments that we’re going to need to make over the next 12 quarters in people and technology.” When you lay out that complete plan, you’ll get there. There’s a high probability you’ll get more capital funding. If you can’t make that case, then I think you’re gonna have a hard time operating in the future.
Asif
Yeah, I 100% agree with you, Michael. And the only thing I’ll say is that (a little bit different from the question), but I would say that culture is very important. And I think that culture is changing, in the sense of the importance from the top down of what it means. What you need to do is an important factor in the sense of what can be implemented and again, having proper, (if I may use the word) “project plans.” Right? You need to have that bigger picture of “what is your global plan,” but then having very regional specific things. Because in this RegTech regulation industry, it is very reasonable. It is like if you’re doing business and you have an entity within the US in Texas and California versus EU, what does that mean for you? I think being very deliberate and prescriptive, and building that story and then working backwards, (if you will), in that sense.
<to Host> Ronjini anything else?
Ronjini <Host>
Yeah. So we have another great question.
“How are firms addressing challenges around data across the enterprise for risk and compliance such as data silos, balancing access with privacy and security?”
Michael
Asif, do you want to take that? Or do you want me?
Asif
Happy to. You know, it’s a great question because I think about what is happening, (and I’m a data geek), I can talk all day long about data. I have seen sort of a transformation of what data meant before versus what data means now, in 2022. (Overall, the use of the data.) I always say that before we had this mindset, we either “acquire data or see your data”, and we use it for very specific things, and then we let go of that data. Now what is happening is that, because (thanks to the technology), we can take the data and we can squeeze it in so many different ways. We can make the most out of it. You can really become very efficient if you use your data the right way and that is my reason (when I say about the ecosystem), that what folks are looking at in the RegTech is not those silo solutions, but a very cohesive solution, a platform where either they are looking for Alm or policy change management or regulatory change management or enterprise legal management. Yes, they may be different things, but how can they use the data for lots of different things? And I think that is the power of the data. Going into 2023, I feel like vendors who provide capability, the flexibility, if you will, for the customers will be the winners into going into onwards 2023, either by having that modular approach in their system, or by partnering (or having the capability of partnering.) So that’s why we are a very important part of why (Michael and I) are here, because we feel like “Yes, a lot of things SRA does really well, a lot of things that we do really well. Together, we can provide so much value in solving the customer problems that are out there. Michael, to you.
Michael
I think you hit the most of it, I just want to mention one thing on the data side: put a data management plan together. Usually you want to appoint a leader around data management and quality if you’re over 10 billion in assets, that should be a full time, position data, data management or data chief data officer. If you’re if you’re smaller, it might be a part time position. But put a data management policy together. Start start on the journey of developing a data management plan with each long journey, and it’ll take you many years to get your arms around it. It just takes a single step. And that’s that single step is create appointment. That’s all I have today.
53:14
Ronjini back to you. Any any other questions.
Ronjini Joshua 53:16
Now we are we are good. That’s that kind of wraps up our questions. Thank you, everybody, for joining. Thank you awesome. And Michael, for the very informative and insightful discussion. Don’t forget to take a look at our upcoming webinars, we have another webinar next month, addressing ESG. And then we’ll also be talking about some more additional trends in the month of December. So we have some webinars lined up and you could check those out on the compliance AI, events calendar. And then this webinar will be on demand. I would say in a few days, we just like to transcribe it and and get the video set up for you guys as well as the PDF of the deck. So you guys can access that in a couple of days. And everybody who is registered here will be sent an email, follow up so you guys can expect that in your inbox in a few days. But that’s it. That’s it for today. Guys, thank you so much for your time.
54:12
Thank you. Thank you, Michael, thanks a lot for your time. It’s been a pleasure and I look forward to great partnership between us and helping helping solve customer problems. Thank you. Thank you have a great afternoon. Bye thanks. Are we off
Asif Alam is the Chief Executive Officer at Compliance.ai. A leader in shaping disruptive technology, his experience includes building products using AI and natural language processing for GRC, payments, lending, risk, trading, and new solutions, from Fortune 500 companies to startups.
In his most recent role, he served as the Chief Strategy Officer of ThoughtTrace, unlocking new revenue streams and markets, and reignite portfolio growth. ThoughTrace was then acquired by Thomson Reuters in 2021.
He brings more than 20 years of management and business experience; increasing profitability, unlocking new revenue streams and markets, and reignite portfolio growth for companies like Thomson Reuters, Crux Informatics, and Finastra. Asif is a forward-thinking expert driving engagement via client forums, public presentations, and white papers.
Cesar Lee is a Principal at WRV, a venture capital fund focused on early-stage investments in hardware, semiconductor, and other technology-related companies. Previously, he was an investment professional at Riverwood Capital, a technology-focused, late-stage venture capital, and private equity fund. He began his career at RBC Capital Markets, where he was part of the Mergers & Acquisitions group for two years and the Equity-linked & Derivatives group for one year. While at RBC, Cesar spent a majority of his time working on M&A advisory transactions for technology companies.
Cesar’s investment experience includes buyouts, later stage, early stage and seed rounds. Cesar has completed transaction in the U.S., Latin America, and Asia, and in technology sectors including data centers, software, semiconductors, consumer electronics, robotics, big data, and internet.
Maria Devassy is a RegTech, Content, and Technology leader with over 20 years of experience helping companies bridge the gap between technology, product, and business. Maria has held leadership positions with MetricStream, KPMG, Oracle Corporation, and other technology companies. She has launched several successful RegTech products, business partnerships, and advised Fortune 100 clients on risk management, audit, advisory, and compliance business across Industries.
Hugh Cadden is a recognized expert in derivative financial and trading markets including futures, options, and swaps. Hugh is currently a senior consultant and expert with OnPoint Analytics, Inc. an economic, finance and statistical consultancy specializing in expert testimony for complex litigation. He has been specializing in the organization, operation, and regulation of financial and trading markets for over 40 years. Hugh’s experience includes both the public and private sectors and he has held senior level positions with the U.S. Commodity Futures Trading Commission including serving as Director of the Division of Trading and Markets and Deputy Director of Enforcement. He has been qualified as an expert on financial and trading market matters before the Commodity Futures Trading Commission, the Securities and Exchange Commission, the U.S. Tax Court, Financial Industry Regulatory Authority, National Futures Association, American Arbitration Association and federal courts.
Drake Ross is a former bank regulator who specialized in compliance with consumer protection regulations while at the OCC, FDIC, and OTS. While at these agencies, he provided extensive training and guidance and developed materials to ensure full comprehension and proper application of rules, laws, policies, and guidance, and served as a Subject Matter Expert in numerous areas. Because of his expertise, he often presented at agency and industry events. He also played a significant role in successful windup of the 2008 IndyMac Bank failure, where because of his extensive knowledge of the FDIC deposit insurance regulations, he was called upon to administer highly-complex insurance determinations.
Carliss Chatman is an Assistant Professor of Law teaching Contracts, Agency and Unincorporated Entities, Corporations, and Transactional Skills. Her work is influenced by over two decades of service on non-profit boards and involvement with community organizations. Through leadership positions, she has developed expertise in corporate governance and non-profit regulation. She has also been instrumental in strategic planning and fundraising efforts. Prior to law teaching, Professor Chatman was a commercial litigation attorney in Houston, Texas. In practice, she focused on trial law, appeals and arbitration in pharmaceutical, health care, mass torts, product liability, as well as oil, gas, and mineral law. In addition to negotiating settlements and obtaining successful verdicts, Professor Chatman has also analyzed and drafted position statements regarding the constitutionality of statutes and the impact of statutory revisions for presentation to the Texas Legislature.
Sign me up for all regulatory updates
Get access to EITL Forum recordings
Mariam is an Operating Principal at Cota Capital. Mariam has experience providing guidance on strategic and operational planning to Venture and Growth stage companies. Prior to Cota Capital, Mariam spent her career in management consulting as a Director at KPMG. She has experience leading global transformation programs and developing innovative service offerings for Fortune 500 companies in the Technology sector. Mariam has an MBA from UCLA’s Anderson school of management with an emphasis in Finance and Entrepreneurship. She has a Bachelors in Science in Finance and a Bachelors in Science in Economics from Santa Clara University.
Chris Callison-Burch is an Associate Professor in Computer and Information Science Department at the University of Pennsylvania. His research interests include natural language understanding and crowdsourcing. He has served the Association for Computational Linguistics as the General Chair for the ACL 2017 conference, as an action editor for the Transactions of the ACL, as an editorial board member for the Computational Linguistics journal, and an officer for NAACL (the North American chapter of the ACL) and for SIGDAT (the special interest group for linguistic data and corpus-based approaches to natural language processing)
Tom Ladt is an experienced executive and investor. Tom has lead and served on the boards of several public and private companies serving highly regulated industries such as technology, healthcare, real estate, and food processing. Tom has also served in key governmental roles and on numerous community boards.
Jeroen Plink is a global executive with a proven track record of developing and growing businesses, teams, and technologies with innovation and passion. Jeroen was CEO of Practical Law US during its acquisition by Thomson Reuters. He now serves on numerous boards and acts as a strategic consultants for start-ups.
Global Legal and Compliance executive with 15+ years of success in the SaaS technology and financial services industries. Partner to the CEO and executive team in corporate transactions, business development, product expansion, and regulatory navigation during periods of intense growth and organizational change. An advocate of effective risk management that starts with sound business practices and putting the customer first.
Richard Dupree has held multiple Risk, Compliance and Operations positions at regional, national, and global financial services firms including Wells Fargo, Silicon Valley Bank, Bank of the West and BNP Paribas. Rick currently advises FinTechs and RegTechs and sits on industry panels, contributes to industry whitepapers, thought leadership efforts, and speaks at industry seminars on Risk and Compliance challenges faced by banks and FinTechs.
Brian advises clients on legal and regulatory compliance in the financial, tech, and procurement sectors. His passion is helping businesses succeed in heavily regulated environments. As counsel and trusted advisor to businesses of all sizes, and as a former regulator, policymaker, and federal official, Brian acutely understands the unintended burdens that even well-intentioned government requirements can put on innovation and business growth, as well as how to create policies that strike the right balance.
Brian served as National Ombudsman in the Obama Administration, leading the federal Office of Regulatory Enforcement Fairness in assisting hundreds of startups, entrepreneurs, and small business owners in every industry and every state.
Dr. Marsha Ershaghi Hames is Managing Director of Strategy & Development at LRN, a leader in advising and educating organizations about ethics and regulatory compliance, as well as corporate culture, governance and leadership. With the focus of inspired behavior versus required behavior, LRN is a leading voice in the industry for companies to build ethical cultures instead of “check-the-box” compliance approaches. She’s advised Department of Justice corporate monitors on successful program transformation under CIAs (Corporate Integrity Agreements. With over 20 years of experience in leading multinational ethics and compliance strategies, Marsha has become a highly sought-after thought leader on leading Corporate Compliance and Ethics practices.
Carla Carriveau is currently the Senior Managing Counsel at Wealthfront, an automatic investment service firm in Redwood City, California. Carla was previously Senior Counsel, Division of Trading and Markets, at the United States Securities and Exchange Commission. As a former regulator with over 15 years of experience in helping small businesses navigate legal and regulatory needs in the financial services sector, Carla advises Compliance.ai on financial services regulation, the regulatory landscape and industry practices.
