Lost In translation: Making Sense of Regulation

In his 2016 state of the union address, Barack Obama famously said “Food Stamp recipients didn’t cause the financial crisis; recklessness on Wall Street did”. Since 2008, regulators have been trying to plug the gaps which caused the crash by using two main approaches; massive fines and masses of new regulation.

The implications of the fines are clear enough, with calculations running up to over $300bn globally since 2008. While this is a pretty big stick with which regulators have sought to punish the industry, in many cases it is actually the reams and reams of new regulation which has caused a bigger problem. While it has been drafted with the best intentions of correcting poor behaviours and protecting consumers, the regulation is all too often longwinded, technical and lacking in clear and measurable outcomes.

In order to deal with this outpouring of good intentions, global FS firms have hired in hundreds, and in some cases thousands, of additional risk and compliance professionals. One of their key jobs has been to support the enormous translation exercise required to make sense of what the new regulation means for their businesses.

Thankfully, relevant technology has made great strides over the past few years. Taking a lead from translation services like Google Translate, firms are now looking to utilise the various technologies associated with Artificial Intelligence to translate the language of regulation and compliance into something more easily understandable. Many of these firms have badged themselves up as RegTech companies.

At Altus, we define RegTech solutions as being those that either solve challenges associated with a particular highly regulated activity, or solutions which improve the management and implementation of compliance within businesses. So in its broadest sense, everything from identity management solutions and reconciliations software through to advice process management and risk and control framework software. Importantly, understanding what the regulator requires of you is at the heart of all of these areas.

The first step for firms is to be able to reliably collate the requirements which relate to them. With regulation coming from the FCA, PRA, TPR, HMRC, HMT, EBA and ESMA to name but a few, there are a multitude of acronyms to keep your eye on. All of these organisations have different publishing schedules and approaches, which result in a big overhead for financial services firms.

Luckily a number of technology providers are looking to include functionality into their systems that monitors and consumes the output of these organisations. This gives firms a central repository of documentation that relates to their businesses. This monitoring has been enabled by the regulators themselves becoming more consistent in their output. The FCA for example, publishes all of its new consultations and discussion papers on a central searchable web page. The collection of handbooks is also available as a set of time stamped data which means that solutions can be built which rely on this data structure and availability.

By building automated systems which crawl these web pages and data sets, technology firms are building self-filling and self-maintaining repositories of regulatory data, which can be varied based on the types of business firms operate and therefore the regulators they are covered by. By having a consolidated set of data with the noise removed, the onerous task of “regulatory watch” can be reduced and much improved.

Having all of the regulation in once place is useful, but for many firms, one of the biggest tasks is to read it and understand what is being asked of them. Because of the complexity of most regulation, this isn’t a job which is easily resourced. Regulation policy teams, staffed with qualified compliance professionals, are typically responsible for this activity but even with expertise, the process is a slow and manual one. Large consultation papers and completely new pieces of regulation can take weeks to digest in order to understand the true complexities of what is being asked of firms.

The impact of this can be seen clearly in the hiring profile of Financial Services firms. Big banks have been upping the number of people in their compliance departments by up to 500% which has resulted in costs for compliance teams rising dramatically. Risk and compliance now takes up a significant portion of the overall cost base of financial services firms.

Firms are trying to use technology to circumvent this approach. Specifically, they are looking into using a couple of techniques from the Artificial Intelligence canon, Natural Language Processing and Supervised Machine Learning. NLP technologies take the free form text contained within regulatory documents and convert it into machine and human understandable content. They then go through a process of key word extraction, sentiment and key point analysis and categorisation. Compliance professionals can then review this focussed output, clarify exceptions and provide feedback on where the system was right and wrong. This aspect forms the basis of supervised learning and allows the algorithms within the system to learn what good and bad outcomes look like, and use this information to improve their future performance.

Of course, understanding the scope of the regulation is one thing, but for many firms, the biggest pain point comes next. Most compliance staff aren’t necessarily aware of the detail and restrictions of operational processes or technological systems. In most regulatory change programmes, there is a stage of impact analysis whereby the change function works collaboratively with the compliance team to understand the business context and required changes in order to meet compliance.

Unfortunately, the change function is all too often focussed solely on the change at hand, and not the wider organisational context. This usually results in the impact analysis work required for a piece of regulation being essentially throw-away, as it doesn’t have a balanced and logical base which can be used again for a different project.

In order to solve this challenge, what is needed is a translation of the actions required from the regulation, which is attached to a framework which exists within the business, which is agnostic of the change project, and provides a consistent view of the entire business. This should be used to build a common language and understanding needed which can get change to work more effectively. If this framework is effectively linked to the policy owners in compliance, the project leads in the change function, and the business heads in the operations function, all stakeholders can be kept abreast of the requirements new regulation is bringing and the impact this will have on their teams.

For forward-looking Financial Services firms, there are huge opportunities to improve the way compliance works within their businesses. By working with RegTech start-ups to improve internal processes and automate cumbersome translation work they can ensure that their team of compliance professionals are focussed on higher value work. Firms who embrace this new way of operating will see drastic decreases in the cost of managing risk and compliance in their businesses and those that don’t will struggle to keep up in tomorrow’s market.

This article first appeared in FT Adviser, September 2017

Fixing the Regulatory Problem

The weight of regulation and a new world of risks are making compliance ever more complicated – could technology be the answer to both protect and regulate companies in this complex environment? From internal compliance solutions, to financial crime investigations, the world of RegTech has garnered a lot of attention really. How could it be working for you?

Since the financial crisis of 2007/8, regulators around the world have been producing swathes of documentation and legislation. In response, Financial Services firms have massively increased the number of compliance professionals they employ, dramatically raising their annual operating cost as a result. Currently most international banks spend hundreds of millions on compliance, and potentially billions more on the fines which are levied for compliance failings.

With these challenges getting worse as time goes on, firms are looking to technology to improve the situation. FinTech itself has spawned many sub categories (Robo-advice and InsurTech are two notable examples) but none of the various portmanteau’s available have received quite the level of attention which RegTech (or Regulatory Technology for the uninitiated), has recently.

Depending on who you speak to, you’ll get a different definition of exactly what RegTech covers but broadly speaking it tends to fall into two camps.

1.       Technology solutions concerned with the process of compliance in companies

One thing that has become patently clear is that throwing people at the problem won’t solve it. A number of RegTech solutions are positioned to help financial crime professionals work smarter.

One example is the use of natural language processing software to consume, analyse and interpret the mass of regulation which is output around the world and apply this information to risk frameworks, policy documents and key processes. This can help firms fast track the impact assessment of regulatory change and ensure completeness of coverage. By using a system to identify business owners and manage a workflow of change, firms hope that they can drastically cut down the traditionally manual process of reading swathes of regulation and interpreting the impact on a business on a case-by-case basis.

Going one step further than supporting the translation of regulation, in the UK, the Financial Conduct Authority itself is looking at supporting initiatives around the development of machine readable and machine executable regulation. There has been a recognition across the industry that developing testable and concrete approaches to regulation would be of benefit to customers and businesses alike, and would ultimately lead to an increase in innovation and competition.

Another key area of focus has been that of regulatory reporting. Many firms struggle to manage and orchestrate their data in such a way as to provide a feed into the various regulatory regimes to which they are subject. Complex IT landscapes with a mix of data and integration types make it very difficult to consistently provide the right information to regulators. This has typically resulted in a manual process where time consuming and high risk end user computing solutions are used.

A number of technology providers have been developing data management solutions which specifically target the translation of data into standard report types defined by key global regulators. The idea is that the mix of business knowledge around what data needs to go in the report and technical knowhow around data orchestration should mean that these processes can be automated and made far more robust.


2.       Technology solutions which are centred around heavily regulated business areas

An example of this which has seen a huge amount of work and investment over the last few years is identity management (covering both initial verification of customers and the on-going authentication).

Over the past twenty years the amount of data which exists in relation to individuals has sky rocketed thanks to the internet, social media, mobile devices and improvements in communications technologies such as email. Financial Services firms have not made use of these new data types for their onboarding checks (AML and KYC), typically relying on basic banking, and credit reference agency data to prove someone’s identity.

A number of firms are providing propriety software which looks to increase the scope of data sources checked at the point of onboarding a customer, with a view to tying together data held by different companies (banks, mobile phone carriers, credit reference agencies, social media providers etc.) into a more reliable picture of who a customer is.

In addition to supporting the initial onboarding of customers, firms are also looking to improve the way ongoing authentication of these customers works. Traditionally, authentication has been binary. We trust you or we don’t trust you, based on one or two indicators (password, token etc.). Now, firms are starting to ascribe a level of trust, based on a wide range of indicators and are using this to gate access to certain parts of customer journeys. By using Mobile and device data (such as browser configuration and type, operating systems, font settings etc.), digital body language indicators and biometric data, companies are able to dramatically reduce friction in customer journeys while upholding higher levels of security.

These new approaches to identity management represent more than just interesting uses of technology. As financial criminals have become more attuned to bank processes and the opportunities, firms are having to get smarter in order to protect themselves and their customers.

As with any collection of solutions, there are some fantastic innovations in the world of RegTech and some pretty tenuous examples of vapourware. Importantly though, for forward looking Financial Services firms to be able to address the problems posed of them in a post financial crisis world, finding a way of harnessing the power of technology is essential. This said, none of the solutions will be replacing humans any time soon. Instead they should be enabling financial crime professionals to work smarter.

This article was first published in Intercontinental Finance and Law

Anti-Automation: The importance of people in process

If you have paid even the smallest bit of attention to any business or technology news sources recently, you’ll almost certainly have come across at least one article promising the death of employment as we know it, and the rise of AI and software driven processes.

Robotic Process Automation (or RPA for those in the know) is one of the key phrases being thrown around in this context. Despite undoubted improvements in automation, there is still a lot of manual activity going on in most operations; copying and pasting, reading hand written documents, comparing spreadsheets and entering data are still common. At a basic level, RPA looks a bit like a traditional enterprise workflow system, but has some clever programming within it which allows businesses to automate away some of these more basic and labour intensive tasks.

Another area receiving significant attention is the contact centre where the proliferation of chatbots offers the potential to slash the workload of front line staff. Firms are moving beyond basic text based interfaces to introduce computational logic which automates some basic functions within these text interfaces. Take the example of a retail bank. A huge proportion of the inbound calls they receive from customers will be focussed around a few easily automatable tasks; resetting a password, viewing a balance and finding out what a customer’s most recent transactions were are likely examples.

So great; chatbots, RPA and a range of similar technologies will help us automate away a swathe of ‘lower value’ work. Which leaves us with a question; “what do we do with the people who had previously completed these tasks?” The cynical response would be to wheel in the axeman and reduce headcount (and thus costs). Whilst that may help to push a business case through, there is a problem with this approach.

While the automation of tasks brings about cost savings for your business, it doesn’t inherently improve your customer’s experience with your firm. Because it is relatively easy for your peers to copy any automation you develop, this can lead to a zero sum game where the only net impact is a reduction in headcount.

A more rounded approach would be to use this new technology as a people enabler which allows companies to deliver maximum customer value. Assuming we get to a point where, through a range of clever technologies, we have freed up between 20 and 50% of our operations staff, we should stop thinking about simply reclaiming their cost, and start to think about using this resource to improve customer communications.

At a basic level, we could start to see optimistic strategies about multiskilling staff move beyond PowerPoint and into the call centre. This however, is only one improvement and there are a range of other ways in which we can improve how we communicate with our customers by helping our staff work smarter.

Many firms have been developing enhanced CRM capabilities, and often enriching these with data from external services, to build personality profiles for their customer base. If you can apply the same personality diagnostics to your call centre staff or business development team, you can seek to understand which staff member would be best placed to talk to which customers. Increasingly, CRMs are also providing information for life stage changes and more effective data for the management of customer relationships across longer timer periods, allowing communications with them to be more pertinent and timely.

Building on this base, we could go a step further by inspecting recent communications with a customer to understand their likely mood when they make contact. Are they buoyant after being told their investments have soared in value, or depressed about the recent loss of a loved one? In an ideal world, you would have a different staff member deal with bereavement cases than with withdrawals and bonus payments. CRM and telephony technology has improved enough to make this possible and additional data sources such as device identification, GPS and digital body language could help even further to position the right staff at the right contact points.

The march of technology is endless and automation of basic tasks in the workplace will see continued attention over the next few years. Assuming your business can keep pace with this technological advancement, you will almost certainly have to answer the key question, what do we do with the savings? Instead of going for the easy option of reducing headcount, maybe it’s time to think about reinforcing and improving the long term relationship with your customer base by drastically improving the service you deliver them.

Buzzword Buster – Venture Capital

In its broadest sense, a lump of cash which is given to a firm in its early days to allow it to grow, in return for a stake in the company. More specifically, people often refer to Venture Capitalists and Venture Capital firms (or VCs). Venture capital firms usually have a particular remit (i.e. fintech firms, health tech firms, early stage, late stage, etc.).
The idea of a stand-alone venture capital firm which makes money by investing in a portfolio of early stage businesses has been around for many years. In principle, these firms invest in a range of businesses on the assumption that while some will fail, enough will succeed to make the overall venture successful.

More recently, venture capital arms of established businesses have become popular (like banks and insurance companies). These firms have a slightly different remit. They are tasked with finding businesses to invest in which will grow and provide a return on their investment, but also will potentially provide new propositions and solutions for the wider group business. These functions sit between true venture capital businesses, and innovation functions which are focussed on partnerships as a way for start-ups to secure funding and support.

Some VC firms have acquired a reputation for going from friendly business buddies to aggressive (and even litigious) combatants in very short order when a company’s growth projections don’t materialise.

Disagree or want to add something? What does Venture Capital mean to you?

Creating the Solos of the Future?

The creation of innovation labs and digital garages by major brands and enterprises has become commonplace over the last few years and is a trend which shows no sign of abating. The mandate behind them is clear and largely universal, even if specifics around success measures and targets are harder to come by.

To work with small groups of smart people to develop products and ideas which large organisations would not be able to deliver within their existing structure.

Personally, I’m all for these facilities and I know for a fact that many are spawning great ideas (hopefully enough to keep their sponsors happy). Innovation functions which operate efficiently are picking up where research and development functions and propositional designers have failed over the last decade.

The silos of the future

These functions can be a brilliant way of introducing a pipeline of new ideas into a business but there is a problem which is all too often overlooked in favour of the next shiny thing. Without having an overall architectural vision and working hard to make new developments a part of the overall business and technology infrastructure, innovation functions run the risk of creating the silos of the future.

We often look at legacy business and technologies with a smirk as we see stove-piped pieces of product-led technology and operational support which seemingly have no view of shared capabilities and functionality. These often represent the hangover of a series of M&A activities spanning the past few decades. While many of these business lines can be profitable, this is often thanks to the very high margin business they run. The cost of supporting these legacy systems is typically very high and requires specific expertise that’s hard to come by. They also represent a large technical debt which increases the complexity of future change.

Unfortunately, without an appropriate level of planning, each new proposition runs the risk of standing alone within your company’s ecosystem. This is likely to counter any positive revenue impact from the propositional development and lead to a large mediation programme to “tidy things up” in the future. Today’s innovation becomes tomorrow’s legacy all too quickly.

Just enough architecture

In terms of mitigating against this, architecture (both business and technical) is a key consideration but it is important to be pragmatic when delivering this. The agile concept of “just enough architecture” is an important one here. It will vary between businesses but success will come from finding the optimal amount of information to gather to ensure change is done well. Not so much that you have teams of people spewing out requirements documentation, but also enough that it is not merely an afterthought.

By including analysis of key business and architectural objectives you should be able to think through some high level scenarios which show interaction between key actors in your proposed solution. An application overview, with key coupling points can follow this and will allow for future flexibility around integration and expansion.

A good old fashioned business case?

In addition to assessing the “do-ability” of concepts being developed through the innovation function, it is important to make sure teams adequately reflect on whether they should bother developing them at all. Of course, this question isn’t new, and has been the main point of a good old fashioned business case for many years.

I’m not proposing you produce a three hundred page board document with the ins and outs of every growth scenario, but I do think that, even though you’re developing innovative ideas, you should challenge yourself with some key questions and make sure key stake holders agree. If you don’t know the answer to these, I’d suggest stopping and taking stock is a pretty good idea;

  • Who is this for?
  • How do we know they want it?
  • How much is it going to cost if we a) prototype this, b) develop and launch this?
  • How will we know if this is a success?
  • How does this fit into our existing enterprise landscape?

Conversely, for every innovation function which could do with adding a commercial focus, there are others which are incredibly astute and will look to bin projects if they can’t show a return within a year. While these functions are far better at removing dead wood than traditional change functions, there still needs to be some careful planning around how the solutions work within the organisation as a whole.

For innovation functions to truly deliver positive and tangible change into businesses, there needs to be a refocusing from the short-termism and bauble chasing which some have fallen victim too, and a reflection on the value of solid business planning and architecture.

If you get these things right, the cool things you create might just be of enduring value to the business as well.

This article was originally published on The C Suite


Buzzword Buster – Angel Investor

Angel investors are individuals who provide much needed cash for early stage start-ups. While there are no hard and fast rules, typically angel investors provide substantial capital injections to early funding rounds, after founders have exhausted their own funds. They may also do this via private arrangement prior to formal funding rounds.

In return for providing capital to largely untested (and even unestablished) businesses, angel investors usually gain significant chunks of equity. Founders who are only interested in the funds provided by these individuals are usually missing a trick, because often the greatest benefit an angel investor can provide to a small business is the insight and experience they have gained from their often extensive career.

The name, quite obviously, comes from the idea that these investors are guardian angels selflessly defending the growth and prospects of start-ups against the varied corporate interests which surround them. While not intentional, the name is particularly apt as these people typically have a direct line to the gods of start-ups everywhere, the VC firms and scale enterprises which can make or break you.

Disagree or want to add something? What does Angel Investor mean to you?

Innovation in Insurance – Personalised pricing and the risk to pooled risk

I was on a panel session at the Benefex Client Winter Forum recently and was asked what I thought the biggest technology driven changes in financial services would be and how they would impact employers and the services they provide their staff. While everything about the world around us is changing at pace, there was one area in particular which stuck out like a sore thumb. Insurance.

In the workplace context, insurance is vital to most benefits packages. Life cover is standard, and health and critical illness cover are also increasingly popular enhancements for staff. Additionally, while pensions saving has moved towards defined contributions, there is still a key insurance contract for most people in the annuity that we buy when we retire.

There is change afoot however, in the way insurance is sold and priced, which could have a profound impact on employers and employees alike.


The amount of data available about individuals (and by extension, society as a whole) has exploded in recent years and the more recent additions of wearables, connected homes and increased mobile usage have taken us to a point where, for most people, there is a wealth of data ready to be mobilised by firms.

On a day to day basis, we see this data being put to good use. Our shopping experiences are tailored based on what retailers know about us. Our web searches are focussed in on our location to make the results more relevant. Our email accounts strip content to create reminders for events and travel plans to stop us missing important dates.

Insurance providers of all types are now trying to make use of this data in order to provide more competitive and accurate pricing for customers. The basic principle is that with more data known about someone, the pricing can become more specific and tailored, reducing the risk and ultimately ending up with a keener price for both the client and the insurer. It also has the associated benefit of reducing the likelihood of non-disclosure and policy fraud. Or at least, that’s the idea.

For insurance providers, this is really the continuation of a trend.


All traditional insurance business is based on the principle of pooled risk. When you take out life insurance, for example, you are becoming one of a group of people with the same policy. The insurance company has made a series of assumptions about your group. They think some people will die earlier than you will, and some people will die later than you will.

They calculate what they believe to be the likelihood across the book of business, and price the policies within this book to reflect those assumptions, and a bit of profit of course. Up until recently, the way insurance companies looked to derisk themselves from the unknown was to shrink the size of the pool and to manage multiple pools to balance risks across well understood books of business.

  • I’ll only insure drivers over 55, and younger than 75, because I can obtain a range of data sets which show that, historically, that group has been safer drivers than the average.
  • I’ll only offer this annuity to people who have recovered from critical illnesses because I can make some firm assumptions about their longevity.


Now though, with the prevalence of data, insurers are looking to move away from traditional pooled risk groups, and instead assess risk on an individual basis. On the surface this might appear to be a positive step. Car insurance is a nice example. Drivers are in control of their speed and driving style, so it seems reasonable to assess them as an individual and price accordingly based on real time data. Better drivers get cheaper policies and vice versa.

Applying the same principles to life insurance and health cover is a much thornier issue though, and there is a high risk that large sections of the population would essentially become uninsurable as a result of these developments. On an individual level this is obviously worrying and could lead to a number of challenges, but for employers, there is an added layer of complexity.

While many firms are used to dealing with renegotiating and quoting for workplace cover policies, I’m pretty sure very few have thought through how to handle the case where a high percentage of your staff can’t get health or life cover. In order to manage this, employers are likely to need to think of strategies which allow them to collect data on their workforces, via connected devices and fitness trackers.

This data would have to be anonymised (especially with GDPR around the corner) but will provide employers with a way of proving a general level of fitness for their workforce. In a few years, it is likely that this is the only way an employer will be able to get a reasonable workplace policy without it being prohibitively expensive.


This blog was originally published on the Benefex Blog here