Managing new regulatory requirements faster and more effectively can be achieved thanks to advances in RegTech, but getting the right strategy and tools could make the difference between success and severe consequences.
Emerging technology and the new business models it enables puts immense pressure on both regulators and organisations. This has triggered a seemingly increasing amount of new regulation for organisations to manage – concerning cyber security, data use, individual privacy and more. Adding to this complexity is the changing role of customers – who are now making decisions for organisations by defining the way they want to interact.
"The most obvious example is Uber and the taxi industry," says James Mabbott, Partner, Innovate, KPMG. "Uber embraced technology to allow people to use their vehicles to offer transport, and citizens to book a trip and rate a driver. That forced change on the regulatory environment to accommodate that."
Conversely, technology is a key way to help organisations manage the challenge of regulatory compliance. From monitoring regulatory changes, to tracking the compliance of staff, and reporting to boards and regulators, regulatory technology (RegTech) can help companies stay a step ahead of their obligations.
Technology in this space has been transformed in recent times with organisations now able to tailor an auditing approach suitable for both their operating model and compliance requirements. Stan Gallo, Partner, Forensic, KPMG, says examples of RegTech range from technology that is able to compile and cross reference data, to advanced voice data analytics.
"Voice monitoring technology can index entire data sets, incorporating accents and languages. It can identify particular words and sentences, and the context of those words," Gallo says.
For example, it could uncover a financial trader attempting to manipulate the market, or a sales staff member inappropriately selling products to customers.
Other RegTech tools can help organisations manage the huge amount of information that they deal with in a compliant way, such as data identification classification systems that automatically classify data.
“For example, personally identifiable information that is flagged as 'confidential' could be automatically stored and treated," he says.
Mabbott adds that analysis of broader data sets, such as Facebook, Twitter, YouTube and Snapchat is increasing, to help companies combat compliance risks from multiple angles.
A key part of ensuring compliance is to ensure staff are trained in compliance requirements and are acting upon them. This is where bio marker technology could help, Mabbott says.
"KPMG's Solution 49x team is using advanced algorithms and artificial intelligence to monitor stress levels and physiological attributes. This is done in real time on standard laptops and demonstrating how these technologies have a practical use in behavioural compliance and allow effective audit paths for regulatory use," he says.
On a stock market trading floor, this could measure who is under stress, and trigger a management enquiry into the cause, or further training.
Gallo adds this technology could also combat the threat of an internal data breach.
"If you combine a person's heart rate with their user activity, you can compare it to a baseline of their day-to-day activity patterns. The system could create an alert if the activity deviates significantly. For example, if a person is flushed, their heart rate is elevated, they could be accessing files that they don’t normally access, copying data, or their internet traffic flow could increase," he says.
Clearly the use of such technology will need to be balanced with the needs of staff to feel trusted and supported, and with consideration for relevant regulatory requirements such as privacy.
The power of Artificial Intelligence (AI) in the form of cognitive computing is also being harnessed to combat regulatory overload. The ability for cognitive computing to search and analyse vast content for regulatory requirements could help organisations detect legal updates.
Gallo says advanced analytical predictive coding is also developing in a way that can help uncover issues.
"Now we are analysing ‘concepts’ rather than just conducting keyword-based searches. A cognitive approach allows for a more accurate interpretation of the subtleties of language combined with data analytics to identify linkages between objects, entities, people and events that would not be linked by standard keyword-based searches,” he says.
Gallo adds that there is also a rise in the use of robotic process automation (RPA), which has the potential to change the corporate environment in the way the industrial revolution changed manufacturing.
“Through the use of automated processing, organisations will have the ability to industrialise their manual processes, such as monitoring tasks, to facilitate high sample sizing, greater efficiency and ultimately increased accuracy and reliability, all at a lower cost,” he says.
As organisations embrace technology for compliance, regulators will demand more transparency and technology acquired evidence.
"We are seeing regulators being more active in the areas of trader surveillance, privacy and information compliance. Financial institutions and insurance call centres are looking to technology to see if staff are properly informing people about the products and terms and conditions in line with regulatory requirements," Gallo says.
Mabbott sums up that with customers, costs and reputation are just some of the areas at stake, RegTech could help act as a line of security.
"If industry doesn’t adopt it, innovative new companies will come in, making it faster and easier to adopt. They will either adopt it, or get left behind," he says.
Regulatory compliance obligations are challenging for all organisations, particularly those with large networks. Explore techniques to overcome this in: Compliance at large – meeting obligations across networks.
©2021 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.
Liability limited by a scheme approved under Professional Standards Legislation.
For more detail about the structure of the KPMG global organisation please visit https://home.kpmg/governance.