RegTech for digital surveillance and ML/TF 2022

Today’s economic crime. Pre-Covid, regulators found that despite a clear correlation between suspicious market behaviour and money laundering/ terrorist financing risk, firms had decoupled these risk functions. These issues remain today but have been made worse by the current political environment which demand wholesale rewriting of AML regimes while putting tough sanctions into place. Thanks to pioneering innovation teams, new technology has been proven to be able to tackle the challenges, but much enabling policy and infrastructure has yet to be been put in place. New rules are on global drafting tables and the time is right to discuss the target RegTech-enabled operating models.

The urgency. A $4 million fine to Mass Mutual in September 2021 for failure to spot their ‘kitty’ roaring via 250 hours of YouTube has raised serious questions about Compliance’s ability to move to predicted and integrated capabilities. In December, JP Morgan has been landed with a $125 million penalty for failure to preserve written communications, on text messages, WhatsApp, and their own email accounts which discussed securities-related business matters. Goldman Sachs and HSBC are being investigated for by the SEC for unrecorded social media. Notably Deutsche Bank have recently told all staff not to delete any WhatsApp conversations amidst scrutiny and we are aware of several investigations the FCA are running into firms with unmonitored social media chat such as WhatsApp. Ominously, Italy’s UniCredit SpA were ordered to pay $1.3 billion for breach of sanctions on Iran and other countries in 2019...

RegTech solutions. The days of checking every transaction manually and generating a few alerts are a distant memory. Compliance requires more data of more types to be fed through ever growing AI-driven controls to spot outliers. RegTech experts are deploying a wide range of solutions including: APIs to trusted data sources, Privacy Enhancing Technology across firms, Machine readable rule book for update monitoring, common identifiers, modelling standards and network validation protocols.

The catch. Regulators have produced thousands of pages on new AI policy and third party risk management guidelines seek to control digital behaviour. Firms are rethinking the breadth and depth of their technology programmes and wrestling with thorny ethical and privacy issues while hoping the public sector will start to migrate to the tools required for the digital age soon. This means working through policy, business, legal, privacy and audit objectives in parallel. Priorities must be set and alignment with many stakeholders is required.

Path forwards. With sanctions freezing assets and restricting trade, digital compliance strategies are being reworked this year. Public and private sector must decide the priorities, do the business case and establish plans to migrate towards safe, appropriate and efficient crime tools enabled by RegTech.