The rise of automation in compliance monitoring has the capacity to change the mechanisms by which organizations maximize regulatory compliance and leverage the outputs of monitoring efforts. Traditional compliance monitoring, still the standard in many organizations, is plagued by inefficiencies and redundancies. Automation allows for the real-time transparency of results, unlocking insights not previously discernible. This transparency and insight into ongoing risk monitoring allows for agility in the development of new products and services that benefit customers without significantly increasing the risk of the organization.
The more-reliable data provided through compliance automation and continuous monitoring can be further used in refining customer interactions and the fair servicing of accounts, as well as in the creation of new products that align with an organization’s risk tolerance.
The downsides of manual testing
Most financial organizations still rely on manual compliance monitoring and testing across all three lines of defense, which often entails spending inordinate amounts of time on low-value activities such as data entry and extraction from hardcopy or imaged files. Because human monitors can only analyze discrete amounts of data due to time and resource constraints, they must extrapolate results and corrective action from samples pulled from the population of events and transactions.
The reduced statistical significance of any compliance issues noted during this type of analysis then become easy to dismiss as anomalous and might not be acted upon, leaving the organization open to liability. Furthermore, the value, beyond ticking a box with a regulator, is not unlocked. Too frequently, no real operational changes result from this type of monitoring and testing.
Often, manual testing is conducted in separate siloes, with each one operating using its own sets of data and procedures. Though their stated purposes are discrete, in practice they might use the same types of data and search for some of the same patterns. In this set up, costly redundancies are likely to occur, driving up the cost of a nonrevenue creating activity.
Automation and continuous monitoring
Emerging artificial intelligence (AI) technologies allow for continuous monitoring. Rather than manually reviewing discrete data sets from a single moment in time, continuous monitoring programs assimilate all requisite data on an ongoing basis. When that data is properly structured and staged, it then becomes much easier to run it against the appropriate regulation-based rules and parameters. Instead of using representative, but likely flawed, samples, entire data populations can be analyzed. Doing so allows for the real-time detection of compliance risks that can be quantified with a level of statistical reliability unmatched by manual testing. The case for obtaining necessary resources and funding to correct noncompliance across the organization is thus stronger and solutions can be implemented in a comprehensive and expeditious manner.
For example, Regulation V of the Fair Credit Reporting Act requires that financial institutions provide consumer reporting agencies with accurate information about their customers credit performance. Very little proactive monitoring of compliance with this regulation occurs across the financial services industry. Most compliance evaluations occur following a complaint or a dispute about the accuracy of those files made by the consumer. Automated systems would allow proactive monitoring to enable the entire body of data from the servicing system to be exported and then compared to what the codes should be according to Metro 2 values, thus revealing any regulatory exposure in the current system for aggregating this data.
Further compliance-related analysis can be completed using similar sets of loan performance-related data. One example could be the identification of first- or near-first payment defaults, which might (or might not) be indicative of customers being steered to improper products as a result of inappropriate sales practices. This type of analysis does not necessarily identify consumer harm or noncompliance, but significant business-related lessons can be learned from it.
Increasing organizational efficiency
On the front end, automating compliance monitoring does present challenges and corresponding investments. The aggregation and standardization of data is typically the most daunting for financial institutions. Because different lines of business or operating units own, store, and organize their data in different formats, it can be difficult to aggregate the relevant information in a way that an automated system can use.
AI technologies such as natural language processing (NLP), optical character recognition (OCR), and robotic process automation (RPA) help to eliminate some of the labor costs inherent in gathering and consolidating this data. OCR can pull data from paper records, saving time on manually inputting it. NLP can assist in reviewing informal documents such as emails for any additional data that might be needed. RPA can expose structural problems in data management by quickly comparing how it is organized across multiple platforms. This repetitive, low-value work, which would take hours when conducted by a human, can be completed in a matter of minutes using the proper fixed rules and algorithms.
Once the data is fed into an automated system, the benefits begin to accrue quickly. Machine learning can then help to discern patterns and outliers across these records. This form of analysis might expose inaccuracies and inconsistencies that could be useful in adjusting data collection processes across an organization. The algorithms themselves can then be corrected so that they only return items of genuine concern. This iterative capability allows for exponential increases in efficiency over time. Ultimately, systems might then become predictive, enabling compliance management to get ahead of risk before it emerges in the first place.
Furthermore, it is likely that monitoring procedures are redundant across the siloed lines of defense. By its very nature, automated monitoring breaks down those siloes, exposing repetitive testing. The costs saved by eliminating identical testing that occurs at multiple lines of defense are self-evident.
Also worth noting is that such discoveries allow for the adjustment of organizationwide business practices that contributed to this inefficiency in the first place. Relational mapping can help organizations to better structure their data for analysis and identify additional data that needs to be gathered. The end result of these processes is a standardization of data that can make it accessible to anyone, organizationwide, for use in a variety of contexts. Compliance monitoring is thus comprehensive and consistent.
These efficiencies then translate into the human structures of an organization as well. They mandate the coordination of data and compliance personnel, who might have previously functioned in different siloes, with minimal direct communication. Integrating these teams can make their interactions more productive, assist in adherence to the organization’s risk appetite across the board, and reinforce a culture of compliance.
Benefits to the customer
Organizations themselves are not the only beneficiaries of the efficiencies created by automating compliance, which has long been a time-consuming and expensive process. The organizational adjustments and reduction of risk created by these emerging technologies create opportunities to better serve customers whose interests might have taken a backseat in the past as organizations strained to meet their regulatory requirements with limited time and resources.
The comprehensive data sets available when compliance is automated, along with their real-time transparency, allows institutions to more accurately assess the risk of procedural and product changes. They can then act with confidence when considering new approaches to customer interactions and the fair servicing of their accounts. Entirely new products and design features can be implemented with the secure knowledge that they fall within the organization’s risk tolerance.
The increased emphasis on customer-facing innovation has the capacity to both reinforce the loyalty of existing customers and to attract new ones. By cutting losses due to consumer dissatisfaction and by attracting new business, profit margins can increase.
Clayton Mitchell is a Principal at Crowe LLP.