Digital Disruption in Risk and Compliance – Understanding the Risks and Opportunities, and Managing their Impacts
@ the IERP® Global Conference, October 2022
Moderated by Robin Lee, Head of APAC at Napier, this session covered how current and emerging technology is shaping the future. Among other issues, panellists discussed the major technology forces which were shaping business and industry in 2022 and beyond. Cryptocurrencies and blockchain, artificial intelligence (AI), innovations in payment methods and competition in the area of fintech were some of the most pressing issues facing organisations today. Discussions also took into consideration how the global regulatory landscape is keeping pace with changes across businesses and industries.
Panellists also shared opinions and experiences of the impact that environmental and market forces have had on evolving roles and responsibilities, and the scope of work of today’s compliance, risk, legal and audit professionals. Stating that technology has become easier and more accessible today, Aurelie Saada, Global Lead, Fraud Risk, Microsoft remarked that even a ‘non-IT’ person like herself found it possible to build apps today because of user-friendly software. Productivity is likely to increase, she said, particularly because collecting information from people in different departments will be more easily expedited, and risk professionals will have more time to work with others on forecasting.
Automation, appropriately applied, is likely to lead to better deployment of talent in organisations, she added.Responding to Lee’s question whether people were actually adopting technology at the level mentioned by Saada, Nur Fazlim Mohamed Kunju, Associate Director of Compliance, Integrity & Governance, TouchNGo Group said that based on her experience, there was no definite answer. “It really depends on the organisation and the management’s willingness to expand its support of technology for compliance requirements,” she said. “From the regulatory perspective, the organisation has to show that it understands its own technology usage and ensure that it is adequately governed.”
Her firm has adopted eKYC technology to support customer due diligence facilities, she added. The SEACEN Centre provides training and research for central banks, such as offsite monitoring and supervisory courses, and fintech courses, said Mark Mckenzie, Senior Financial Sector Specialist. “We engage with the private sector and see that skills develop within the central banks,” he said. “We are seeking to use this new technology to enhance supervision and reduce the burden of regulatory requirements on banks and financial institutions, and try to address inherent challenges such as manual processing, which is time-consuming, and difficulties in tracking data.”
The technology is applied essentially to enhance the supervisory process, allowing it to do transactional processing so that more time may be invested in supervisory insights and action. Lee quizzed the panellists on which of the new or augmented technologies they felt could have the most impact overall on risk management. Saada identified AI because “it’s the widest. You fit the data, you have the model, you can see the output,” she said. “Of course, you need to check the quality of the data, but you can build anything. You may not have the solution ready but you will have different options with different probabilities of what will best work for you.”
Nur Fazlim’s choice was blockchain and how this could be successfully leveraged to increase transparency, although it was still relatively new but was optimistic that with the global push towards digital technologies, this would soon be a reality. She also mentioned machine learning, particularly in the natural language processing of invoices and bills of lading. “Deep learning has the capability to draw insights but the problem with AI/machine learning is that it may draw insights which may lead to the organisation automatically turning away from its customers,” she said. “This is because it operates on the data available…algorithms are inherently biased, and organisations have to be aware of this.”
Machine insights can be limiting not only from a business perspective but can raise ethical concerns, she explained further, illustrating possible scenarios. Mckenzie’s choice was natural language processing especially where it is applied to sift through letters, supervisory actions and other documents to identify actions for consistency and language. This increases efficiency. “If you’ve worked as a bank supervisor, this is one of the most tedious tasks – going through board documents and minutes,” he said. “You can try to use NLP and machine learning to increase efficiency in terms of how you go through these documents.”
AI and machine learning is also being used in data analytics and supervisory technology, but there is concern over the need to upskill to be able to use it effectively, as well as over the biases inherent in systems, and the background work required to feed data into the systems. Saada gave an overview of the efforts taken by Microsoft to combat fraud using AI, providing examples of how possible breaches could be identified, including how it is able to identify ‘family fraud’ – cases of unauthorised use of credit cards within a household, especially by children.
Remarking that disruption has negative connotations although there are positives, Lee invited the panellists to give views based on their day-to-day IT use. NurFazlim pointed out that the technology which supports blockchain also supports cross-border digital payments to be made, although it is not as popular as the standard switch network currently used by banks. She also pointed to optical character recognition (OCR) detection which could autonomously read or detect key information from digital documents. “The next step will be for the industry to adopt OCR and language processing capabilities using semantic analysis to support autonomous processing of invoices or bills of lading,” she said. “Organisations which are focused on trade-based transactions will obtain greater value.” However, challenges still exist.
Remarking that there was so much happening in the central banking space that was giving rise to worries about blockchain and crypto assets, for instance, Mckenzie said that banks were now even exploring their own digital money although blockchain still remained a concern. Nur Fazlim said that disruption happens when the environment is conducive to it; adopting a ‘sandbox’ environment was therefore a good initiative by the regulators to support industry against the disruption of the financial system. “What we don’t want is novel technology that is not supported or approved by regulators,” she said. “Regulators are now enhancing themselves and providing avenues for the disruption.”
How has this impacted the evolving roles and responsibilities or scope of work of today’s risk and compliance professionals? Saada said that there were now more tools to help. “With the different tools, you have more tools now to present,” she said. “Chief Risk Officers now have the data and nice-looking dashboards that pinpoint in a simple, visual way, to the CEO and board of directors when things are bad or good. You also have a great variety of choices now. It will simplify your life, so you need to embrace it. You need to take the personal step of being aware of these tools. It’s a change; it’s difficult but you need to embrace the risk management mindset of which tool will help you do your work.”
It’s tough to keep up; but one approach may be closer public-private collaboration. The SEACEN Centre engages its members such as bodies like central banks and monetary authorities together with private sector companies, in its efforts to share knowledge about what they are doing. “We also engage with the private sector to provide resource persons to share the work they are doing in these new areas,” Mckenzie said. “More specifically, in the area of cybersecurity, for example, there is a lot of public-private collaboration. The authorities are working with the private sector to come up with solutions for better compliance.”
In concluding, Nur Fazlim said that overall, industry welcomes disruption because it allows them to lower security and compliance costs without compromising integrity but this brings about new digital risk that was never present before. “Organisations have to take into consideration their capabilities or the lack thereof, because regulation can be slow about keeping up with industry.” Mckenzie said that central banks were proactively upskilling and becoming more aware of new technologies because they want to enhance the regulatory and supervisory process and reduce the burden on regulatory institutions.
“At the same time, they are mindful of the challenges of new technology,” he said. “They worry about things like data privacy, and whether they can acquire the same skills that IT giants like Microsoft can afford but which they cannot pay for – but yes, they are embracing the technology.” Saada pointed out that Covid actually had the effect of hastening the digitising efforts of many companies. “You had to follow, you had to change or you would be left out,” she said. “Now we have the tools; the difference will be how we use them and keep on using them. Uncertainty is inevitable. For each of us, it’s how we need to keep up, what will happen to our roles, and however risk will manifest, we will be ready.”