Webinar: Guidance and Tips for Navigating Risk and Compliance
October 2, 2023
SPEAKERS
Ruth McKenzie, Daniel Buckingham, Karol Wojtczak
INTRODUCTION
Ronjini Joshua <Moderator>
Hello everybody. Welcome to” Guidance and Tips for Navigating Risk and Compliance” today. I’m going to let some people come into the room for a few minutes before we get started and then we’ll be off.
<pause>
Moderator
I feel like we need a little light bossa nova for this waiting period here. Next time, guys.
Panelist
We need to come better prepared right?
Moderator
I will get started for the sake of time. Hello, and welcome to Compliance AI’s webinar. This is Ronjini, I’m part of the marketing team. This is “Guidance and Tips for Navigating Risk and Compliance.” Before we get started, I want to go through a few housekeeping items. If you have any questions during the webinar, please feel free to drop them into the Q&A section and our panelists will answer them at some point during the session (if it makes sense) or most likely, in the end, we have a Q&A period. So, we’ll try to answer your questions then. If we don’t get to them, we will definitely get back to you. If you have any comments or anything, go ahead and feel free to use the chat box (if anything is going awry during the interview). Also, this will be on-demand afterward. In a few days, (probably early next week), you’ll get a copy of this webinar on demand. So, you can hang tight for that as well if you want to see the recording. All right, now let’s introduce our panelists. Today we have Ruth McKenzie, the VP of Product Management at Compliance AI. She’ll be leading the discussion with Daniel Buckingham, who’s the head of monitoring and screening controls at Danske Bank. We also have Karol Wojtczak- tribe and area lead at ING hubs, Poland. With that, I’ll hand this over to Ruth to get started.
Ruth McKenzie <Ruth>
Great. Well, thanks very much for the introduction. I’m excited to be here today with my colleagues. I think they’ve prepared a very compelling and interesting case study that we can review. (Specifically focused on challenges in correspondent banking with respect to AML.) We’re going to be discussing correspondent banking AML outlook as well as public-private partnerships and entity resolution. That’s just the centerpiece, of course, the topic is broader. This is just a very interesting case study for us to review. We’ll also be talking during the conversation about the use of new technologies to manage transaction compliance (hopefully moving forward) to providing some interesting solutions for managing risk for AML and processing. So, with that, I’d like to start our conversation by just kind of piquing your interest with a survey. I’d like to get a quick understanding from you all about what you see as the industry’s top challenges in monitoring today. So, we’ve posted a poll for you all to answer and we’ll certainly share the results with you once you’ve had a chance to answer.
<Poll>
High false positive rates due to lack of information,
Potential challenges with data quality and architecture,
Expensive integration and manual processes,
Technology and tooling
OTHER: We’ve also given you an opportunity to indicate “other” and provide some commentary if those responses don’t feel 100% right for your scenario.
<To Moderator>
So, Ronjini, let me know when you want to share our results.
Moderator
Sure thing. I’m going to try to see if we can get a couple more people jumping in here.
<Pause>
Ruth
Right, and of course, there’s no wrong answer. This is really just a launch point for our discussion.
Moderator
Okay, let’s see if I’ll end this poll so we can show you guys the results. Oh, you guys are “last minute-errs.” Get in there. Okay, I’m going to wait a few more seconds. I love seeing the answers roll in. So, this is good. Here we go. All right, I’m going to end the poll so we can get moving, sharing the results. Do you see them, Ruth?
Ruth
I do see them, let me relay the results. Here’s how your opinions rolled out. First, the most common response: 56% of you said that “expensive integration and manual processes” was your number one industry challenge. In second place, we had “high false positive rates due to lack of information.” Then third: “data quality and architecture.” (I’m sure that’s connected also to expensive integration.) Then finally: “technology and tooling.” Perhaps people just didn’t have a moment to type in a response, but that’s how things laid out. I’m just curious to hear from my colleagues, any surprises there for you?
Daniel Buckingham <Daniel>
Not really, I think, between integrating multiple different systems into your core platforms on the third-party data sources is especially where you’ve got to develop your own API’s and do all the testing. It’s just an expensive and challenging process with the high false positive rates. Karol and I will touch on that a bit more as we go through the conversation. It’s definitely a common challenge there in reality as well.
Ruth
All right, well, let me hand it over to my colleagues and get started.
Karol Wojtczak <Karol>
Sure. Thank you, Ruth, and hi everyone. Happy to see an audience that is very interested in the topic. We will touch base on the issues that, as Dan mentioned, you have put into the survey. I thought the sequence would be a bit different. So first, you’re having issues with a significant amount of false positives, and then that implicates toward a solution (because that begs for a solution.) Then when you go to the issues with expensive integration and the issues related to that are being handled through respective design in your data architecture and tooling. So, to me, that’s pretty much the sequence. However, it doesn’t have to be the same in each and every institution. Going to those challenges and limitations of traditional approaches- (there are multiple of them), we will touch on six bullet points here. I will touch base on a couple as well and then move to a bit more practical example as a sort of reference point. It’s not specifically on correspondent banking. (Correspondent banking will be the subject of an example here). The blueprint that we will try to build here is just to prompt a way of thinking about anti-money laundering processes overall. To keep the discussion close to a particular example, we will base it on correspondent banking, which in itself is a bit of a challenge, and I will explain why in a second. So, to explain the challenges, definitely, traditional anti-money laundering relies heavily on the data that we are collecting in the “Know Your Customer” processes during the onboarding of clients. This already restricts the available information to what the organization can gather from customers and the records of transactions. That is leaving a bit of an external perspective, especially if it comes to transaction monitoring. At the moment when you are collecting records about your client (to onboard the client), that’s fine, you keep it as a record of information about the client. But then there is a behavioral part of a client which is more dynamic, where the external information might be a bit more useful for us in favor of the effectiveness of anti-money laundering processes, transaction monitoring in particular. We mentioned the incomplete KYC integration. Indeed, the KYC systems are often not fully integrated with the transaction monitoring environment. They typically provide only basic customer information, making it challenging to get a comprehensive view of customer behavior (that I mentioned.) Not to mention the operational management and the seamless and effective workflow management and the risk management end to end. There are a couple of layers here on the effective operational management, but the effective operational (and risk management process overall, end-to-end). That integration is absolutely key here. We see that particular bits and pieces are being addressed, especially now in technology. It’s so advanced. Yet integration is a bit of a nightmare. Legacy systems: so many financial institutions are hindered by the legacy transaction system, especially when we’re talking about traditional banks, not the FinTechs that are growing based on a single technology, and one data platform that can be designed seamlessly for downstream processes. The Legacy system in the traditional bank is putting an additional burden here into the integration complexity of it as well as the anti-money laundering processes. The purpose of those legacy systems is also different. Very often, it’s not aligned with the new regulatory requirements. Another one related to payment gateways may also lack full integration and capabilities leading to incomplete or low-quality information. With low-quality information, we can’t count on a high-quality output. Internal data quality (as we talk about data) is an absolute topic as well. Poor data quality within an organization can result in data set errors and make it difficult to integrate (or even to plan for) the integration. Not to mention an effective execution based on it. Internal data quality definitely is one of the challenges that we have ahead of us. What else to touch upon? The manual investigations (that was mentioned in the survey as well). With generic generated by (definitely imperfect) rule-based anti-money laundering systems, investigations are highly manual. A huge workforce is needed in order to address those issues through manual processes. So, analysts may need to make decisions about the risk without access to necessary data or spend a lot of time trying to collect missing information, (for example, from customers), and this is where the customer outreach comes in (and the customer experience as well). So definitely manual investigations on imperfect, anti-money laundering processes are another set of limitations that we have. I also did touch base slightly on the customer outreach, the anti-money laundering acting behind the scenes should be seamless for customers. It shouldn’t create issues for them. So, the customer experience is impacted when we have an imperfect rule-based system and we don’t have contextual information related to a behavior, we need to have an outreach. Jurisdiction to jurisdiction it looks the same. For Germany and Baffin, for example. The approach is that when you perform your transaction monitoring and it doesn’t mean anything suspicious, don’t go to a client. If a client is doing something illegal, the response: the client will lie, (or at least will be aware that there is something the bank already knows). Something wrong is going on. So, we have a risk of such a client just going away and not being caught with illegal activity. Whereas in other jurisdictions in Europe, regulators are saying that a client has always right to explain themselves very different approach and it’s a challenge. It’s a dilemma. When we have such a process in global institutions or international institutions, that needs to be resolved. In summary, the traditional approach to anti-money laundering faces numerous challenges related to data limitation, integration, complexities, manual processes, and the need for generic rules, all of which can just hinder the effectiveness of anti-money laundering at the end of the day, and impact customer experience as well. To address these issues, we’ll go through a couple of examples of where we can land if it comes to overcoming those limitations and challenges that we have.
<To Moderator>
So if you can go to the next slide, please. Just quickly, because we will talk about how we resolve certain issues that we just outlined.
Karol
Based on the example of correspondent banking, and the variety of experiences that we may have in the audience of that meeting, I would like to briefly introduce correspondent banking. Correspondent banking is a financial service that allows clients and other financial institutions (banks, but not only) to operate across the globe, pretty much. Not all the institutions or individuals that need to perform transactions across the globe have such an infrastructure that allows them to operate freely hence, we have correspondent banking. Also, we have different types of correspondent banking: the traditional one (really simple) is when we have a correspondent bank that provides services to a client and the correspondent bank is building a capability of extended money transfers. Within that relationship, you can see how difficult it is to build a client portfolio that will allow you to effectively monitor your transaction and perform your anti-money laundering obligations. Yep, that is the simplest scheme that you may have. Then you may have a nested activity. So, you have a downstream respondent bank. (The clients of your client of your client.) So, we can forget about having any records in our KYC information about such a far end of our transaction. So that is already creating significant issues. For correspondent banking, this is why we have special rules for this type of financial service. Then we have a pass-through (or payable through), which is another service that has developed from traditional correspondent banking. But just to give you a view of the product itself, and then we can go to risks that are related to that product. So, we have challenges. This is the product on which we will just discuss potential solutions. To understand the challenges better to that particular product. Let’s just go through a couple of risks: money laundering and terrorist financing risks related to correspondent banking. Also, it’s a bit of a provocative slide because as you can see, there is FATF guidance (Financial Action Task Force) about correspondent banking services. It’s great that from the top of the world of anti-money laundering (from FATF) we have guidance. But look at the date: October 2016, right? Technology in 2016 and 2023: it’s something that you can’t compare. Right, just naming Chat GPT. In 2016 we probably didn’t even imagine that there would be a generative AI. The same with payments and methods. Yet these are some of the limitations we are facing. However, going to those risks when they lay the key money laundering risk, in correspondent banking following the FATF (and that still holds true) might be related to insufficient due diligence on correspondent banks. When you have downstream responding, it’s even more risky. So, failures on that due diligence might cause a situation in which we are not able to effectively monitor transactions. All of the requirements from the regulators come to financial institutions. As they are performing correspondent banking once that step fails, everything downstream fails as well. The use of Shell banks is typically unaffiliated with any physical presence and exists primarily on paper, allowing transactions involving show banks can be a significant definitely significant anti-money laundering risk as they often have limited or no annual controls in place right at all. So, that is another issue that is being mentioned by FATF. Also, transactions originating from high-risk jurisdictions. So, of course, correspondent banking relationships with banks located in high-risk jurisdictions can expose financial institutions to increased money laundering risks. There is a reason why jurisdictions are rated as high-risk. That is definitely an issue that FATF is pointing out. Then layering through complex and unusual transactions. In correspondent banking, we have to deal with huge amounts of money being transferred. We very often do not know what the ultimate originator or beneficiary is out there, and we also require KYC. So, know your client, (and the client of your client) in order to take responsibility for anti-money laundering, for the funds that you are facilitating through cross-border correspondent banking. Lastly (this is not something that you can find in FATF guidance from October 2016). It’s a new phenomenon that is a virtual IBAN and is something new in payments: Virtual IBANs are a set of international bank account numbers that are assigned to a specific transaction (not to individual accounts) that create some issues for controls around international payments. Also, the US can introduce anonymity to a certain extent. Of course, virtual ibans are very effective and convenient yet, with the new technology, the risks are being brought as well to the business of anti-money laundering business. I will not elaborate more on the virtual IBANS, but this is something that I think the audience may take away (and take a look) at the emerging risks in the space of correspondent banking services, not only in financial services et al. In summary, before we jump into the content of this slide, correspondent banking relationships can pose significant money laundering and terrorist financing risks in due diligence and transaction monitoring, especially in respondent banks. When it’s related specifically to Shell banks as well. When the Shell banks are involved, transactions from high-risk jurisdictions might not be adequately monitored complex transaction layering is not detected and lastly, the virtual IBAN that I’ve mentioned, that might be used for money laundering and posing the risks. Financial Institutions must implement robust anti-money laundering, and counter-terrorist financing controls and stay in compliance with FATF guidelines to mitigate those risks effectively. But meeting the FATF guidance and regulatory expectations in that field is a step behind actually, right? So, we need to know exactly the purpose of why we are doing this anti-money laundering for correspondent banking that will allow us to get up to speed with technology. This is why we are jumping to this slide where we are today and what is correspondent banking, the anti-money laundering development path we are heading to, and then that will walk us through (in more detail) the most recent developments. I’m starting with the rule-based system, where we started to put countermeasures to money laundering through correspondent banking. But again, the rule-based checklist is imperfect. It definitely creates a lot of false positives. “Looking for a needle in a haystack” is really difficult when you have thousands and thousands of false positives that you need to go through to just find one that might pose that risk and may lead to finding an illegal activity that you filed for law enforcement. Finally, you are able to limit financial economic crime at the end of the day, because this is why we are doing it: to limit financial economic crime. Not the petty crime, it’s about this huge crime that is going on and then the money is being laundered in huge amounts through such significant products as correspondent banking, financial markets, trade, finance, and so forth. So now, from the rule-based, that imperfection has been noted, and then some new developments in analytical solutions have been put in place. And it’s not that transaction monitoring or anti-money laundering has developed some new technologies, it’s about the interdisciplinary dialogue. Some of the technology solutions being used in other businesses are now being deployed for the benefit of transaction monitoring and anti-money laundering. So analytical solutions known from the business appear to be effective when we can visualize the behavior of a client, it’s not a simple bridging of rule-based thresholds. Now, it’s a behavior that can be verified through analytical solutions, when certain data that we have gathered as well as we can get from open source are being collected and then visualized. So analysts can quickly go through the data verification, find outliers, and make a decision. So that is definitely something that is advancing further anti-money laundering for correspondent banking (but not only). Then from analytical solutions, we learn more and more. Something that is already operating in some countries is a private and public partnership in anti-money laundering. In the Netherlands, for example, or in Poland, we have those solutions, where associations of banks are sharing information, according to GDPR and trying to get out of there a lot of information that they can share in which they can be much more precise in detecting anomalies in the behavior of customers through money flow, and information that they may have from different sources. It’s definitely a great example. It is not yet a systemic-wide solution but it’s great to see that there are ideas being implemented in those countries. They promise an outlook for a better outcome. The other one might be related, (or might not be related), but it’s related to the development of anti-money laundering: another solution related to network analysis. Network analysis is also something offered on the market through different technologies, and it allows us to perform anti-money laundering within a better context, disclosed by the network analysis. And on the network of connection of people entities, documents, and transfer of money, we have a much better view on money flow, and we are able to verify whether there is anything odd, or unusual, that is going on in payments that we are obliged to monitor. Dan will also refer to those new technologies related to entity resolution and technology that we know from other businesses that recently is starting to play more and more of a role in anti-money laundering and also some examples that we’ll tackle will explain how effectively that can be used for a compliance, anti-money laundering, and other compliance related topics. So, Dan, over to you.
Daniel
Thanks, Karol. So, I won’t delve into this too deeply because I think Karol’s given a fairly good overview about safety considerations and the risks but what I wanted to touch on here is two newer concepts. One is called entity resolution, which is about how you take two sources of data and join them together to enrich your understanding of that data. I think a lot of us will find already we have third-party data sources that we’re subscribing to in our institutions. We know that we can connect to government databases, etc. So, there’s a real opportunity to use these types of capabilities to get access to information that we may not necessarily have, (or would need to invest considerable effort to get) historically.
<To Moderator>
On to the next slide.
Then when we talk about network analytics here primarily. Once we’ve resolved those entities, let’s map out the relationships that we’ve been able to identify and then how we go about trying to navigate those networks. And as Karol said, try to find the “needle in the haystack.” And so, this is where I want to step through a typology, just to try and give this a little bit of visualization of life so that people can appreciate what it is we’re trying to get out here. So, if we go to the next slide, we’ll go into a survey….
Ruth
Sorry to interrupt your flow, (I know you’re on a roll), but we also wanted to engage our audience again. Now that we’ve looked through a scenario, get your perspective on where you and your organization stand in terms of this evolution. So, the options we have for you:
<Poll>
We’re doing everything manually.
We’re assessing reg tech solutions but haven’t found one we like.
We have started to integrate technology solutions into our strategy.
We have a bulletproof automation process.
So just curious to hear how everyone will respond to this one. With any luck, we’ll be seeing that everyone is in Camp D.
Karol
Probably not looking at the response from the first survey.
<laughter>
Moderator
Yeah. I don’t know about that.
Ruth
I’m sure our audience would love to be on Point D, though. Yeah.
Karol
Next year, next year.
Moderator
All right. I’m going to end it here. Oh, you guys. I like the last minutes. I love it. Okay, here we go. I’m going to share these results with you guys.
Ruth
Okay, I just have to get everything in view. Okay. I personally think the responses are decent. So, we have 69% of you in Camp C: “We have started to integrate technology solutions into our strategy” and then evenly split 13% each: doing everything manuallyor assessing solutions. Then we do actually have 6% of our respondents who feel they already have bulletproof automation solutions. So, a lot of you at least are hopefully well on the path towards bulletproof. So let me get back into the flow.
Daniel
So as Karol said, we’re kind of using correspondent banking as a way to illustrate these considerations. That’s because it’s a very difficult part of the financial crime, (or anti-money laundering as Karol was saying) arena to solve. You’re at the mercy of the information that flows through you, especially if you’re operating as an intermediary, that bank in the middle. You don’t own the sender, you don’t own the receiver, and you can only work on the information that’s usually sitting within the transaction message itself. So, it’s very, very limited. Here I want to show this is a real-world example that we’ve seen, and I want to kind of simulate and show you how difficult it is for the role of the intermediary bank to live up to its AML obligations and identify the risks that may be present in the payment chains that are there. So here what we see is on date X, a company in Venezuela sends a large sum of money to accompany in the US, and the intermediary (by law and regulation) needs to screen and monitor these transactions. The screening engine is able to detect that there is a potential sanctions consideration here because Venezuela and the US have a sanctions nexus in place. There’s a US company involved as US dollars involved. So, it was enough to stop it in the screening fields. The intermediary bank then rejects the transaction. Not necessarily because they have concrete evidence that the sanctions which are sectorial sanctions are being breached, but there’s enough going on here that from a risk standpoint, they believe there’s sufficient risk to reject the transaction. And in this instance, (here as an intermediary again) you probably feel that you’ve done what you need to do. You’ve actually solved the risk and managed the risks that are potentially coming through from a sanction standpoint. But it’s also the trigger. What’s about to play out next? This very much then leads into the challenges Karol’s saying.
<To Moderator>
So go to the next slide, please.
So, we’re dealing with an organization here that understands potentially what’s just happened. So, the payment is rejected. So, the next day, the same company in Venezuela then sends $1.8 million to a holding company in the Cayman Islands. The following day, they send further $6 million to the same company in the Cayman Islands, and the following day, they send a further $2.8 million to the company in the Cayman Islands. In this situation here, there is no direct sanctions consideration anymore, because the Nexus is between Venezuela and the US, there’s no longer a US company involved. And so as a result, the screening engine doesn’t actually pick this up, we then think about well, the next line of defense would actually be transaction monitoring, and trying to identify these red flags. While we can see that there are some red flags there, such as a high-risk geography ascending to a higher-risk geography. And if we sat down and saw these transactions in isolation, we can see that they aggregate to the exact same amount that was rejected in day zero. The ability to try and detect that and isolate that, as Karol said, out of all the noise of potentially hundreds of thousands of other transactions that might be flowing through this corridor is an almost impossible task, especially if this is the only information you’ve got available to you. So in this instance, the payments go through.
<To Moderator>
Go to the next slide.
What then plays out is on day five, the company in the Cayman Islands now says, Through the intermediary bank, to the company in the US that was involved in the original transaction that was rejected. And they sent through $1.8 million on day five. And so they sent it through a smaller amount, because there’s now a new FI involved in the payment chain to test them out to see if there’s any issues that may play out there, the payment goes through. So then, on day six, to speed this all up, they send the rest of the $8.8 million through the intermediary through to the US and again, neither the intermediary nor the beneficiary institution, stop the payment. Because from a sanction standpoint, there’s no sanction consideration here at all anymore, the whole sanctions Nexus has been decoupled and bypassed, when we then think about it from a transaction monitoring standpoint, they’ve also decoupled all the payments from the original payment. And the notion that we know that there was $10.8 million there. And then the three previous payments, which aggregate the 10.8, they’re all decoupled, because you’ve now got different institutions, different counterpart or beneficiary parties now involved. So, it makes it very, very difficult once again, to identify these particular transactions, and especially these two transactions in isolation.
We now go to the next slide. If we then were able to look at this at a snapshot in time and let’s just say that was presented to us, most people would when they’re looking at this, they would sit there and say, Well, hold on, there is something weird going on here, I can see that there was a rejected payment, I can then see this three others that aggregate to the same amount, and then I can see it comes back for the same aggregate amounts to the end beneficiary that we rejected the original payment for. So, there’s plenty of evidence there. The problem is (as Karol has identified), how do we get that out into the open? If we go to the next slide, this is where the entity resolution starts to kick in. In this case here, what we can say is, “Well, we don’t own the sender.” We don’t own the beneficiaries but what we can try and do is see if we can connect them to other information sources to further enrich that information. In this instance, here, through connecting it to third-party sources, they could be examples such as Bureau VanDyke, Moody’s, and other sources of registration and government databases. What we’re actually able to resolve automatically in the background is that a company in Venezuela is actually a 100% owned subsidiary of a very large arch government in Venezuelan government institution. We also can see that the Venezuelan company, which we now know as a subsidiary, also has a CEO and a director. We’ve identified this through controllership registrations but are both designated as perhaps or politically exposed persons. We then see the US side of things that we’re able to resolve that there is a director. On the Cayman Islands, we weren’t able to resolve anything. That’s primarily because of data secrecy and other restrictions around the transparency of data. That side of things stays quite isolated in terms of what we know. Already, what we’re starting to see here is a very, very important, what I (kind of) call “building blocks” (or data differentiators) that are going to allow us to very much start to be able to pull these things out of the noise that’s actually there. So, if we just go to the final slide of the typology here. Now if we look at the whole thing, we’ve got a very, very different picture. As Karol was alluding to earlier, traditionally, we wouldn’t have anything beyond what we’ve got here as the strange name company of Venezuela, we wouldn’t have anything beyond “Super Metals LLC” sitting over in the US and trying to write rules (or use screening technologies) to find these things is extremely difficult without creating large amounts of false positives (by which we mean by generating lots of triggers to look at) that are actually just noise, legitimate activity. You’re trying to sift through all of that, to find this one golden nugget that’s actually here. But by actually then using entity resolution and being able to then use newer technologies that allow us to join this all up to create this network here. Suddenly, things like the pet park are state-owned entities and the 100% ownership side of things starts to allow us to think about how to write rules to look at those attributes. And to some extent, I can ignore everything that’s happening to the right, because if I just target those attributes, which will actually be few and far between in the data set, because pets are not common, right, not every company is owned by a pet, not everyone is operating as a pet, it’s a high-risk trigger a high-risk flag, it suddenly allows us to bring this information out into the open, and then are forced to put that in front of an investigator, suddenly, I can find this noise, I can find this golden nugget in all the noise, and allows us to really move as Karol was alluding to, away from trying to find very basic petty crime kind of considerations into much more sophisticated, organized crime. What you’ve got playing out here is a deliberate attempt to evade sectorial sanctions in Venezuela. They were smart, that was the rejected transaction, and they knew exactly what was going on. They tested the waters with new institutions to see what would flow through, they knew that the intermediary institution they would keep reusing because they now know what their triggers and how to bypass their triggers are. And so they’d play this typology out testing each step of the way, in order to still achieve the same outcome, how do I get $10.8 million, or sorry, $10.6 million into this company into the US to evade those sanctions? And so while screen, got the first one, and to some extent, maybe that was even lucky, because it was a risk-based call. It’s going to require other technologies outside of screening, for example, to pick this up. And so even though we’re talking about it from an AML standpoint, what we’re finding here is very much a sanctions consideration. But we’re looking at it from an AML lens, which allows us to pick these kinds of things. So, the purpose of today really was just to try and get people to appreciate some of the new emerging technologies that are there. The fact that we’ve actually got a lot of the information we already need to use these technologies in order to be able to give us these insights and really give us a different way of doing this type of work and highlight these types of risks. So hopefully, the typology here also kind of brings that to light and makes the explanation a little bit simpler. So, Ruth, I’ll hand it back over to you now.
Ruth
Great, thanks very much. And thanks Daniel and Carol for some very interesting insights. What I wanted to do to just bring this home is talk to you all a little bit, not only as risk and compliance professionals but also as businesspeople. Based on what we’ve seen in the surveys, you’re all on the path to improving your strategies. But of course, one of the key considerations is, that you’re probably still in the process of building your business cases, to continue investing. Compliance AI, we’re a reg tech platform, and one of the things we can do, we always talk to our clients about these five themes, bringing regulatory intelligence, helping you with regulatory impact analysis, automated change management, enforcement, action monitoring, and providing better data for audit reporting. I think there are two themes in here that are really tightly tied to what we’ve discussed today. One is the regulatory intelligence side of things. So, what you can rely on from our platform, of course, is a clear understanding of those emerging regulations. So, the regulations that Karol talked about on the books, this is years old now, right, but the regulators aren’t asleep at the wheel. There are emerging regs, and that’s something you can monitor within Compliance AI. So that you can be thinking, not just hey, what’s what are the regs that are on the books that I need to comply with today? But what can I expect to see in the future? In addition to that, you can be reviewing information like white papers and guidance that can help guide your emerging approach. The other theme I wanted to talk about was enforcement actions. I was just reviewing our quarterly enforcement e-book, (the new one that’s coming out shortly) and as with past, eBooks, you see AML considerations all over the place, right. So not only can we help you stay abreast of changes in and new thinking, but we can also help you build your business case, by understanding the real-world consequences of those enforcement actions that are coming down the pike. So you can build your business case by hopefully not being the one who’s being fined but being the one who clearly understands the implications on your peers, not only in dollars and cents terms but also in terms of reputational damage. Those are two kinds of key areas where I hope that we can help you, as businesspeople, as well as compliance and risk professionals. Understand the business case that you’re trying to develop. Of course, some of you in our first survey talked about the challenges you’re facing in kind of running manual processes or running processes that are still emerging from manual to best practice. And just as in the case of reg change, we’re going to see in these areas, a lot of time that you all are spending on manual processes when you could be putting technology to work. As I mentioned, one of the key resources we have available that we’d like to invite you to take a look at is our quarterly eBook. Let me just click through here. So, we always have a current copy of our eBook available. I’d like to invite you to come to the compliance AI website and request the most current book. We do have our prior q2 book available right now. But shortly, we’re also going to have a q3 book available. So great information for you in the last one and more great information for you upcoming. With that said, I’d love to turn things over to Q&A. So, we can respond to any questions that may have come in from our audience.
Moderator
Yeah, feel free to submit your questions to the Q&A box. But in the meantime, is there anything you guys feel like we haven’t covered that may be critical to understand as you know trends are shifting and what should we be kind of watching out for in the coming months of this q4, anything in particular, Daniel or Karol?
Daniel
Well, I think last time I was just there, like from a q4 standpoint, but speaking about regulatory enforcement, I think this has been a trend for a little while now. And that is the regulators are looking at that, you know, institutions to be more sophisticated, have a better understanding of their data have a better understanding of their risks. In the industry itself for the last few years, and probably for the coming few years, we have been going through a little bit of an evolution with regard to the type of technology that is available to us. They’re out there, some of the technology is not necessarily new, but it’s new in the sense that it’s being applied to different use cases in different parts of the industry than it has historically done. So now, in the original survey, there were saying a lot of institutions now starting to apply tech in their strategy. I think most places probably had a level of tech already in their strategy. But we’re at a point where a good portion of the industry is very much looking at well, how do we move ahead. How do we get better, and smarter? How do we do this quickly? How do we do this cheaper? At the same time? How do we also get the outcomes that we that we need?
Moderator
Thank you. All right, guys, I think we’ve come to an end. Thank you so much for the time. I want to remind everybody that this will be on-demand early next week. So, watch out for it in your emails. And thank you so much for joining.
Ruth
Thank you very much for attending today.
regulatory change software
governance risk and compliance software
Asif Alam
CEO & Board Member
Asif Alam is the Chief Executive Officer at Compliance.ai. A leader in shaping disruptive technology, his experience includes building products using AI and natural language processing for GRC, payments, lending, risk, trading, and new solutions, from Fortune 500 companies to startups.
In his most recent role, he served as the Chief Strategy Officer of ThoughtTrace, unlocking new revenue streams and markets, and reignite portfolio growth. ThoughTrace was then acquired by Thomson Reuters in 2021.
He brings more than 20 years of management and business experience; increasing profitability, unlocking new revenue streams and markets, and reignite portfolio growth for companies like Thomson Reuters, Crux Informatics, and Finastra. Asif is a forward-thinking expert driving engagement via client forums, public presentations, and white papers.
Cesar Lee is a Principal at WRV, a venture capital fund focused on early-stage investments in hardware, semiconductor, and other technology-related companies. Previously, he was an investment professional at Riverwood Capital, a technology-focused, late-stage venture capital, and private equity fund. He began his career at RBC Capital Markets, where he was part of the Mergers & Acquisitions group for two years and the Equity-linked & Derivatives group for one year. While at RBC, Cesar spent a majority of his time working on M&A advisory transactions for technology companies.
Cesar’s investment experience includes buyouts, later stage, early stage and seed rounds. Cesar has completed transaction in the U.S., Latin America, and Asia, and in technology sectors including data centers, software, semiconductors, consumer electronics, robotics, big data, and internet.
Maria Devassy is a RegTech, Content, and Technology leader with over 20 years of experience helping companies bridge the gap between technology, product, and business. Maria has held leadership positions with MetricStream, KPMG, Oracle Corporation, and other technology companies. She has launched several successful RegTech products, business partnerships, and advised Fortune 100 clients on risk management, audit, advisory, and compliance business across Industries.
Hugh Cadden is a recognized expert in derivative financial and trading markets including futures, options, and swaps. Hugh is currently a senior consultant and expert with OnPoint Analytics, Inc. an economic, finance and statistical consultancy specializing in expert testimony for complex litigation. He has been specializing in the organization, operation, and regulation of financial and trading markets for over 40 years. Hugh’s experience includes both the public and private sectors and he has held senior level positions with the U.S. Commodity Futures Trading Commission including serving as Director of the Division of Trading and Markets and Deputy Director of Enforcement. He has been qualified as an expert on financial and trading market matters before the Commodity Futures Trading Commission, the Securities and Exchange Commission, the U.S. Tax Court, Financial Industry Regulatory Authority, National Futures Association, American Arbitration Association and federal courts.
Drake Ross is a former bank regulator who specialized in compliance with consumer protection regulations while at the OCC, FDIC, and OTS. While at these agencies, he provided extensive training and guidance and developed materials to ensure full comprehension and proper application of rules, laws, policies, and guidance, and served as a Subject Matter Expert in numerous areas. Because of his expertise, he often presented at agency and industry events. He also played a significant role in successful windup of the 2008 IndyMac Bank failure, where because of his extensive knowledge of the FDIC deposit insurance regulations, he was called upon to administer highly-complex insurance determinations.
Carliss Chatman is an Assistant Professor of Law teaching Contracts, Agency and Unincorporated Entities, Corporations, and Transactional Skills. Her work is influenced by over two decades of service on non-profit boards and involvement with community organizations. Through leadership positions, she has developed expertise in corporate governance and non-profit regulation. She has also been instrumental in strategic planning and fundraising efforts. Prior to law teaching, Professor Chatman was a commercial litigation attorney in Houston, Texas. In practice, she focused on trial law, appeals and arbitration in pharmaceutical, health care, mass torts, product liability, as well as oil, gas, and mineral law. In addition to negotiating settlements and obtaining successful verdicts, Professor Chatman has also analyzed and drafted position statements regarding the constitutionality of statutes and the impact of statutory revisions for presentation to the Texas Legislature.
Sign me up for all regulatory updates
Get access to EITL Forum recordings
Mariam is an Operating Principal at Cota Capital. Mariam has experience providing guidance on strategic and operational planning to Venture and Growth stage companies. Prior to Cota Capital, Mariam spent her career in management consulting as a Director at KPMG. She has experience leading global transformation programs and developing innovative service offerings for Fortune 500 companies in the Technology sector. Mariam has an MBA from UCLA’s Anderson school of management with an emphasis in Finance and Entrepreneurship. She has a Bachelors in Science in Finance and a Bachelors in Science in Economics from Santa Clara University.
Chris Callison-Burch is an Associate Professor in Computer and Information Science Department at the University of Pennsylvania. His research interests include natural language understanding and crowdsourcing. He has served the Association for Computational Linguistics as the General Chair for the ACL 2017 conference, as an action editor for the Transactions of the ACL, as an editorial board member for the Computational Linguistics journal, and an officer for NAACL (the North American chapter of the ACL) and for SIGDAT (the special interest group for linguistic data and corpus-based approaches to natural language processing)
Tom Ladt is an experienced executive and investor. Tom has lead and served on the boards of several public and private companies serving highly regulated industries such as technology, healthcare, real estate, and food processing. Tom has also served in key governmental roles and on numerous community boards.
Jeroen Plink is a global executive with a proven track record of developing and growing businesses, teams, and technologies with innovation and passion. Jeroen was CEO of Practical Law US during its acquisition by Thomson Reuters. He now serves on numerous boards and acts as a strategic consultants for start-ups.
Global Legal and Compliance executive with 15+ years of success in the SaaS technology and financial services industries. Partner to the CEO and executive team in corporate transactions, business development, product expansion, and regulatory navigation during periods of intense growth and organizational change. An advocate of effective risk management that starts with sound business practices and putting the customer first.
Richard Dupree has held multiple Risk, Compliance and Operations positions at regional, national, and global financial services firms including Wells Fargo, Silicon Valley Bank, Bank of the West and BNP Paribas. Rick currently advises FinTechs and RegTechs and sits on industry panels, contributes to industry whitepapers, thought leadership efforts, and speaks at industry seminars on Risk and Compliance challenges faced by banks and FinTechs.
Brian advises clients on legal and regulatory compliance in the financial, tech, and procurement sectors. His passion is helping businesses succeed in heavily regulated environments. As counsel and trusted advisor to businesses of all sizes, and as a former regulator, policymaker, and federal official, Brian acutely understands the unintended burdens that even well-intentioned government requirements can put on innovation and business growth, as well as how to create policies that strike the right balance.
Brian served as National Ombudsman in the Obama Administration, leading the federal Office of Regulatory Enforcement Fairness in assisting hundreds of startups, entrepreneurs, and small business owners in every industry and every state.
Dr. Marsha Ershaghi Hames is Managing Director of Strategy & Development at LRN, a leader in advising and educating organizations about ethics and regulatory compliance, as well as corporate culture, governance and leadership. With the focus of inspired behavior versus required behavior, LRN is a leading voice in the industry for companies to build ethical cultures instead of “check-the-box” compliance approaches. She’s advised Department of Justice corporate monitors on successful program transformation under CIAs (Corporate Integrity Agreements. With over 20 years of experience in leading multinational ethics and compliance strategies, Marsha has become a highly sought-after thought leader on leading Corporate Compliance and Ethics practices.
Carla Carriveau is currently the Senior Managing Counsel at Wealthfront, an automatic investment service firm in Redwood City, California. Carla was previously Senior Counsel, Division of Trading and Markets, at the United States Securities and Exchange Commission. As a former regulator with over 15 years of experience in helping small businesses navigate legal and regulatory needs in the financial services sector, Carla advises Compliance.ai on financial services regulation, the regulatory landscape and industry practices.
