Key learning points:
• IT GRC Framework
Using Information Technology (IT) to manage the various Governance, Risk Management and Compliance Management processes of an organization
• Technology in GRC
1) Undertake effective compliance rule mapping using IT
2) Identify and manage data handling
• New Technologies
• Upcoming and Future Trends
1) FinTech Ecosystem
2) Blockchain Technology
IT GRC Framework
One of the greatest challenges that organisations are currently facing is the effective management of their IT resources and needs. With the ever-increasing pressure on regulations and customer expectations, many organisations are compelled to establish a systematic, enterprise-wide solution to IT GRC. In recent times, many organisations have realised that having a jumble of technologies and processes operating in silos will not only lead to inefficiency, but also greater costs and risks.
With a coherent management of the associated activities and a unified IT GRC approach, we will be able to increase productivity, accountability, and have a comprehensive overview of the IT environment.IT GRC ensures that :-
• Investments on activities and responsibilities of IT support are maximised
• Costs are well optimised, strategy and best practices are used
• Through a common IT platform, effective information governance will help business to extract data for all GRC related reporting across departments, which allows top management to compare GRC performances of different business units and identify real time risks.
The Role of Technology In GRC
For compliance to be effective, the technology in place requires a well-built system of records that can prove the condition of compliance and logs any alterations made, which provides a thorough audit trail. Organisations are putting together extensive compliance technology architecture, to ensure that compliance is an essential part of the organisation’s culture.
Deployment of technology in GRC improves efficiency and reduces human errors. Automated Compliance would facilitate better compliance management. However, there are limits to technology and hence compliance professionals must create a robust compliance GRC. Technology should be used as a tool but should not define what we are as compliance professional.
A well-designed compliance technology architecture supporting compliance risk management comprises of the following capabilities:
• Compliance risk management : Aids the management of compliance risk surveys, assessments, and associated risk information;analyse, report and model compliance and ethics risks.
• Regulatory change management: Tracks, log and manages all regulatory changes along with their impact to the business.
• Learning and training management: Record and disseminate compliance related training programs, including delivery of training, examinations, and managing training records.
• Policy and procedure management: Maintain policy lifecycle management across all phases; development, maintenance, communication and attestation. Maintain a thorough audit trail and capability to manage content, ensuring that policies are up-to-date and well-communicated.
• Investigations management: Enable proper management of incidents, facilitate teamwork, and log investigation processes. The capability to track issues reported from all sources, the resolution, and the investigation outcome.
• Benchmarking, metrics, and dashboarding: Generate reports that assure management that compliance is well-designed and operating well enough to tackle compliance risks in the dynamic business environment, providing assurance to executives and the board that their legal obligations for compliance are fulfilled.
In my organisation, we have the EIM (Enterprise Information Management).
EIM role is to define the overall data warehouse (DWH) strategic direction, managing the DWH ; Business Intelligence (BI) solutions, design, develop and maintain the DWH and BI ETL processes and components, provide business and technical metadata, govern the data model with FSDLM (Financial Services Logical Data Model) standards and ultimately a platform for ease of understand data, access of data, and secure the data for strategic, regulatory or operational.
The EIM framework comprises of: –
• Enterprise Data Warehouse Environment
1. A comprehensive and integrated data store with the required data history. It will be the ‘single version of truth” for all organisation data integration and reporting requirements.
2. Data will be integrated across all required parameters like Customers, Agreements/Accounts, Products.
• Business Intelligence Solutions/ Data Marts/Applications
1. Data platform for campaign management application, business intelligence, analytics requirements and including reporting
2. Analytics (including predictive models, segmentation, risk analytics, financial analytics, etc.)
3. Regulatory reporting that is analytical in nature.
• Business and Technical Metadata
1. Comprises of source data dictionary
2. Source mapping for Reference and Target tables
3. Business rules and logic for transformation and loading,
• Standards and Policy
1. EDW Data Model comply to the Financial Services Logical Data Model (FSLDM) to support business, risk and regulatory requirements.
Most banks in Singapore are beginning to develop data capabilities to promote the use of new technologies to gain insights on various aspects. They have also been working with various business units to understand and support their reporting and analytics requirements via their big data platform and enterprise data warehouse.
In my organisation, we are banking on digital evolution to elevate customer experience through the application of artificial intelligence, machine learning, and automated technologies to CRM data.
Here are some of the new technologies /innovations that organisations are embarking on.
• Data Analytics
The analysis and examining large repositories of unstructured data to identify otherwise invisible trends across large data sets.There are 3 phases to this: Explore & Prepare, Analyse& Interpret, Validate and Communicate.
The end goal is to create an effective product that answers key objectives in the form of a dashboard, a recommendation or anything that facilitates business decision making,
• Big Data
The definition of Big Data, given by Gartner is, “Big data is high-volume, and high-velocity and/or high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation”.
Big data is being utilized in many areas in the financial institutions, such as employee monitoring and surveillance. Additionally, predictive models are being used by insurance underwriters to set premiums and loan officers to make lending decisions
• Machine Learning
It is a subset of artificial intelligence. It enables systems to constantly enhance its abilities by using a software that allows it to imitate the way that people learn.
There are 3 types of Learning: –
1) Supervised Learning
2) Unsupervised Learning
3) Reinforcement Learning
Machine learning gather data (inputs) then use one of the learning methods in order to improve its accuracy to deliver the right output.
New technologies for client on boarding and monitoring
One of the most challenging tasks is to create a service that enables financial institutions to identify the details of potential customers in a more seamless manner.
A possible solution to this is to have a know-your-customer (KYC) utility targeted at devising a better way to check against sanctions and blacklists.
This will help to improve the current manual methods that the banks use to obstruct illegitimate funds from coming into the bank.
Financial institutions are now starting to take a closer look at many new tools that emphasises on KYC processes. This not only helps to improve operational efficiencies, but also ensures that all regulatory requirements are met.
Benefits of KYC utilities include:
• Substantial cost savings due to the sharing of AML compliance activities over various establishments
• Better able to discover systemic trends such as money laundering
• Valuable when it comes to handling products/sectors/services with high risks
• Great operational benefits, especially when automating processes that very manual, such as adverse media searches.
Upcoming and Future Trends of Technology
The advancement of technology has changed the way people live their lives. What has also transformed is in how people engage with their banks, increasingly expecting banking to be simpler, smarter and safer.
Banks have been using financial technology (FinTech) to improve their operations, products and services over the years. Through the many innovations in FinTech, banks are now more competent in dealing with the ever-changing demands of customers.
With the rapid rate of innovation and adoption of these technologies, as well as the increased usage of mobile devices, the demand of FinTech has increased as well. Many regulators around the world have recognised the potential of FinTech and are focused on using FinTech to enhance the competitiveness of the financial industry.
Blockchain is basically a decentralised database that maintains a continuous and growing list of transactions in a distributed, peer-to peer fashion. It is secure because records are interlocked to form a chain. It is practically irreversible and cannot be altered.