Preparing for EMIR Refit?
Click here to find out how to gain more from your EMIR Refit program.

Embedded Compliance – Done Once and Done Thoroughly

Comprising one of the most highly regulated industries in the world, financial institutions often struggle to deal with the pace and volume of regulatory changes. In cost-constrained environments, organizations find themselves reactively responding to regulatory updates rather than proactively building systems to future-proof compliance around trade lifecycle and workflows. When it comes to facing potential audits, fines, or serious investigations, there is a pressing need to address management of regulatory risk before it is too late.


In order to deal with these pressures, firms have turned to automating regulatory decisions across their business in the most transparent way possible. This practice is known as ‘embedded compliance’ and can be defined as the ability to determine real-time compliance decisions through automated integration with dynamic regulatory rules or control frameworks. By embracing data-driven automated compliance, firms are positioned to act preventatively when dealing with regulatory risk.


Data quality challenges
Clean, well-structured data is central to the implementation of dynamic system-wide changes. Firms face a number of different challenges implementing preventative and detective pre-trade controls as well as transaction reporting eligibility and validation. Data structures that drive regulatory decision-making include legal entity data, product models, and transaction context. Less obvious but equally important are the data structures codifying the relevant law and internal policies such as onboarding policy, sanctions lists, trader/entity mandates, and securities restricted for trading. All of this data must be accessible to critical decision-making infrastructure.


In any sizable financial institution, there exist a myriad of systems that generate and process transaction data. Regulatory and internal policy logic is often implemented in these systems as code that is both redundant and inconsistent across product silos. At the same time, the data used to make decisions tends to be ingested in different formats and transformed in different ways throughout the transaction life cycle. It is, therefore, challenging to understand the provenance and quality of data used to drive compliance decisions.


In establishing a strategy for regulatory data, the advantages of using a mutualized consensus data model are clear. Industry working groups can create decision models that are anchored to regulatory text and informed by best practice. For example, by evaluating standard decision models for business conduct, clearing, and reporting rules at point of execution, the number of implementation touchpoints for regulatory change can be both reduced and decision traceability simplified.


Establishing an embedded compliance solution
Once the data is clean and consistent, the principles behind embedded compliance are relatively straightforward. They deal with treating regulatory rules as data, establishing an industry-wide consensus around rules, and establishing an audit process to prove adherence to specific decision logic. Successful implementation of this compliance strategy requires the involvement of innovative senior leadership in the front, middle, and back office who are willing to take a structural view of transformation across the whole organization. Embedded compliance can be regarded not just as a compliance tool but as an enabler of efficiency across the entire business. This is an opportunity to future-proof the estate to reduce the marginal cost of responsiveness to change.


In terms of the implementation itself, financial institutions should aim for a composable architecture of best-in-breed components. By employing a more interoperable, modular approach, firms will not be wedded to one type of technology or vendor but can license components that do not offer competitive advantage or require deep familiarity with internal structures and processes. It is important to consider scalability. Instead of being fixed to a different solution for each individual regulation, firms should aim to utilize one platform across regulatory regimes, particularly with refits and rewrites in mind. When it comes to automated decision-making, true partnership is critical. In a rapidly evolving regulatory space with reputational exposure, it is essential to be able to trust vendors and work only with carefully chosen strategic partners. The most valuable form of partnership elevates the entire industry by facilitating the implementation of regulatory decision-making provenance backed by consensus regulatory interpretation.


Differentiate with confidence
Ultimately, transformation strategies that combine embedded compliance with reliably sourced input data help businesses differentiate competitively. Not only is there an imperative for embedded compliance to manage the introduction of ongoing regulatory change, but there is also an opportunity to streamline operational efficiency. Firms can only benefit by future-proofing their estates. It is preferable for firms to deal with a phased, upfront holistic change – done once and done thoroughly.