View
14
Download
0
Category
Preview:
Citation preview
Volume 1 / 2014Volume 1 / 2014Volume 1 / 2014
CRO INSIGHTS JOURNALLEVERAGING TECHNOLOGY TO ENHANCE RISK MANAGEMENT & COMPLIANCE
Volume 5 / March 2017
Freddy Gielen
Executive Partner
Freddy Gielen is a Founding Partner
of Avantage Reply. Freddy has over
20 years’ experience in Prudential
Risk, Finance and Regulation. Prior
to establishing Avantage Reply in
2004, he worked on financial sector
regulation at The World Bank and for
global financial sector regulators. He
started his career at Andersen and
EY. Freddy holds a Master’s degree
in Finance and in Engineering. He is
also a Certified Public Accountant
(U.S. CPA).
Email: f.gielen@reply.com
“Hedge fund managers beware, someone is watching you. Or rather, something is watching you. A
new artificial intelligence system can monitor traders, learn their behaviour patterns and raise the
alarm when they do something out of character.1”
In this fifth edition of our CRO Insights Journal, we are exploring how technology can enable and
sometimes transform the compliance, finance and risk functions. The edition discusses RegTech of
course; but it also explores other technological advances that have not yet reached the prominence
of their RegTech counterparts. Brace yourself for a journey into the future; albeit not a too distant
one.
RegTech has taken off, with financial services firms placing high hopes in new technologies that will
facilitate compliance with regulatory requirements in the financial services sector. RegTech is seen
as an enabler of the achievement of compliance with the tidal wave of regulation unleshed since the
2008 financial crisis. Big banks spend well over EUR 1 billion a year each on regulatory compliance
and controls2. We will explore (i) how technological changes are used to enhance regulatory change
and ensure compliance to regulations (Michelle Curtin, BNY Mellon), (ii) the use of technology
to manage internal models in line with regulatory and supervisory expectations (SR 11-7, TRIM)
(Bovaro Quach and Isabelle Poitte, Natixis), (iii) technology and regulatory reporting data analytics
(Cyrus New and Rob Konowalchuk, Data Reply & Avantage Reply), (iv) conduct monitoring and
technology (Richard Acreman, WM Reply), and (v) Blockchain (Massimo Morini, Banca IMI); all of
which were among the seven issues identified by the Institute of International Finance in a recent
report on how RegTech3 can help address issues.
Beyond RegTech, there is much more… Unearthing the potential of technology but also the
challenges that technological advances may pose to Compliance, Finance and Risk is covered in
three thought-provoking articles, featuring Filippo Rizzante (Chief Technology Officer of Reply)
who discusses the advent of machine learning, augmented reality and the Internet of Things; Paul
Delforge and Claire Huvelle (Avantage Reply) who discuss how quickly a financial institution can
implement process automation solutions and data-robotics.
A fascinating journey into the Compliance, Finance and Risk functions of tomorrow…
EDITORIAL
About Avantage Reply
Established in 2004, Avantage
Reply (a member firm of Reply)
is a pan-European specialised
management consultancy
delivering change initiatives in the
areas of Compliance, Finance, Risk
and treasury.
Website: www.avantagereply.com
Freddy Gielen Partner Avantage Reply
1 “Artificial intelligence and biometrics help banks comply with rules”, Martin Arnold in Financial Times, 14
October 2016
2 “Banks face pushback over surging compliance and regulatory costs”, Laura Noonan in Financial Times, 28 May 2015
3 “Regtech in Financial Services: Solutions for Compliance and Reporting’, B. van Liebergen, A. Portilla, K. Silverberg, C.
French in the Institute of International Finance, 22 March 2016
Technology and Analytics: Using technology to enhance risk management model
CONTENTS
Introduction
RegTech: Riding the RegTech Wave within the financial services
2
4
12
8
1
Process Automation: How increasing amounts of data can be managed in reduced timeframes by fewer staff?
Enhanced Analytics & Risk Management: Using enhanced data analytics to improve risk and regulatory reporting
22
16
Best Execution Tool: Improving compliance and productivity with SharePoint 28
Blockchain: Increasingly prominent role of innovative technologies 30
2
Filippo Rizzante is a Computer Engineering Graduate from the Polytechnic University of Turin, whom has always been fascinated by new technologies. Filippo began his career with Reply in 1999. In the early years, he worked within the Reply Group mainly in consultancy and projects for the web division, focusing in particular on the development of B2B and B2C portals. Since 2006, he served as an Executive Partner of the Reply Group, overseeing the Reply Group companies that deal with Oracle technologies, Safety, Information Lifecycle Management, Web 2.0 and Open Source. Over the years his responsibilities within the Reply Group grew and he assumed direct responsibility for various business lines, including Architecture and Technologies, Digital and Mobile Media. Since 2012, in the capacity of Reply Chief Technology Officer, he led the development of new offer elements associated with technological innovation and assumed Group responsibility for all partnerships. He has been an Executive Director of Reply S.p.A. since April 27, 2012.
Freddy is a Founding Partner of Avantage Reply and responsible for the firm’s activities across EMEA. Freddy is a specialist in finance and risk within 20 years of financial services experience. He started his career in Luxembourg with Arthur Andersen and developed his experience further as a Senior Manager with Ernst & Young in Asia and the United States before spending five years with The World Bank Group working on financial sector regulation in Europe and the United States. Freddy is a Réviseur d’Entreprises (Luxembourg) and a U.S. Certified Public Accountant (CPA). Until 2010, he was a member of a working group advising the International Accounting Standards Board (IASB) and he co-chaired the Accounting and Auditing Practices Committee of the International Corporate Governance Network (ICGN), a global membership organisation
Bovaro Quach is in charge of Regulatory Ratios at Natixis where he covers prudential topics such as regulatory reporting, policies and methodology for both solvency and liquidity.Bovaro started his career with Ernst & Young where he was involved in auditing and advisory services for major French banks. He joined Natixis in 2006 as Deputy Head of Financial Accounting then relocated in 2010 to Hong Kong as Chief Financial Officer for Natixis Asia Pacific CIB Platform. He moved to his current role in 2015. Bovaro is a Chartered Accountant.
Isabelle Poitte joined Natixis in 2006, she is Head of Prudential Norms, Own Funds and Capital Planning. Her role includes the control and lead of capital ratios (internal capital, regulatory change) as well as all aspects linked to prudential watch and support to the operations structure of the bank (deal flow). Isabelle started her career at the Generale Inspection unit of Crédit Lyonnais (Crédit Agricole Group) within the Key Corporates Coverage unit. She has held various functions in Finance & Risk: ALM (liquidity risk management), RAROC models implementation and economic capital, Basel credit risk methodologies.Isabelle graduated from HEC Paris.
Michelle Curtin is the EMEA Head of Regulatory Change for BNY Mellon and provides its businesses with leadership and strategic direction about regulatory changes and reforms. Michelle supports BNY Mellon in its implementation of major regulatory reforms including the EU Bank Recovery and Resolution Directive, MiFID II, UCITS V and the Central Securities Depositories Regulation. She has been with BNY Mellon since 2008 and has over 17 years’ experience in the financial services industry in compliance and regulatory project management. Michelle has a Bachelor of Financial Services and a Professional Diploma in Compliance from University College Dublin.
Rob Konowalchuk joined Avantage Reply UK in September 2016 as an Associate Partner, having spent his career in various advisory roles within financial services risk and regulation. With 16 years of experience in the financial services sector (primarily banking and capital markets), Rob has become an expert in a broad range of issues facing financial services firms, particularly in prudential risk and regulation. With a background in accounting and auditing, Rob applies expertise in governance, controls, systems and data to design and deliver change and remediation programmes, primarily driven by prudential regulation (with a focus on capital and liquidity management, regulatory reporting, capital planning and stress testing, and recovery and resolution planning). Rob has a degree in Business Administration and is qualified as a chartered accountant in the UK and Canada.
CONTRIBUTORS
CONTRIBUTORS
3
Cyrus New is an Associate Partner at Data Reply - helping clients to govern, exploit and make sense of their data. Cyrus has been consulting within the areas of data analytics and digital for over 10 years. Before setting up our London Data practice he jointly led Portaltech Reply, a global leader in eCommerce implementations based on SAP’s hybris technology platform. Prior to that Cyrus led a ‘solution development’ R&D team within a subsidiary of Bertelsmann. Cyrus trained as a Chartered Accountant with PwC, and started his consulting career within their Performance Improvement practice.
Paul Delforge is a Senior Manager at Avantage Reply and has spent the last 12 years in various technical and functional roles in Banking & Insurance. Paul is responsible for supervising the Insurance Risk and SAS Practices Avantage Reply expanding the knowledge base and necessary employee coaching activities. Paul has significant experience in Solvency II, consulting major Belgian and German companies since 2010. Furthermore, Paul has in depth knowledge of credit risk capital requirements, mainly focusing on financial leasing firms and this dates back since 2006. Combining applied mathematics, advanced programing languages, gap analysis, regulatory and capital optimization techniques, Paul is a well-rounded risk management professional who can deal with all levels of seniority within an institution.
Claire Huvelle is a senior consultant within Avantage Reply Belgium. Claire has been supporting various clients in the implementation of Solvency II utilising her expertise of the regulatory requirements and landscape combined with the specific application/calculation engines developments. She is a very confident SAS specialist, supporting and providing clients with innovative solutions. Claire has significant experience in the insurance sector working for firms based in major cities such as Paris and Brussels where she developed her SAS & Solvency II knowledge base. She holds a MSc in Statistics and is certified in actuarial sciences. Claire is specialised in data management and actuarial sciences.
Richard Acreman is a Partner at WM Reply (formerly WM360 which he founded and was CEO). WM Reply is a digital
consultancy that specialises in Microsoft SharePoint and is part of the Reply Group.
Richard has worked across a variety of major clients including Vodafone, Nokia BT, M&S, Centrica British Gas, E.ON,
NHS, Knauf, Tullow Oil, and Coca-Cola Enterprises.
Massimo Morini, Head Of Interest Rate and Credit Models & Coordinator Of Model Research at BANCA IMI is a
consultant to the World Bank and other supernational institutions. Massimo holds a PhD in Mathematics and an MSc
in Economics and is Professor at Bocconi University and MSc Director at Milan Polytechnic, and he was Research
Fellow at Cass Business School, London.
Massimo is a member of the Advisory Board of Numerix and of the Steering Committee of the R3 Blockchain
consortium. He has published papers in journals and is the author of "Understanding and Managing Model Risk: A
Practical Guide for Quants, Traders and Validators" and other books on credit, funding and interest rate modelling.
“Financial institutions can remain on top of the coming
wave of changes and arrange their day-to-day relationships with technology in ways that
bring maximum benefits. The technology enablers will
transform compliance, finance and risk, and we believe they must be at the heart of what
Reply brings to its clients.”
INTRODUCTION
Filippo Rizzante and Freddy GielenAn interview by Valentine Seivert, Manager, Avantage Reply
How technology will shape the Compliance, Finance and Risk
functions: A conversation with Filippo Rizzante and Freddy Gielen,
Reply Chief Technology Officer and Executive Partner, respectively.
It is 2046. We are sitting under the Tuscan sun, overlooking the
enchanting hills where much of The English Patient was filmed, and
where the centuries-old tradition of the grape harvest lives on. iRobot
serves us a delicious glass of local Brunello as Filippo and Freddy
recount the progress we have made in the 30 years since compliance
officers, risk managers and finance officers were snowed under with
PowerPoint overload.
The year 2046 is the future to which Kevin Kelly transports us in his
latest book, The Inevitable. This is a fascinating, provocative must-read
for anyone who wants to understand the technological forces shaping
our future. In it, an optimistic Kelly shows how the coming wave of
change – from virtual reality in the home and an on-demand economy,
to artificial intelligence embedded in everything we manufacture – can
be understood as the result of a few long-term, accelerating forces. If
we understand and embrace these forces, Kelly says, it will be easier
for us to stay on top of change and to get the most benefits from our
relationship with technology.
I spoke to Filippo Rizzante, Chief Technology Officer of Reply, and
Freddy Gielen, Executive Partner in charge of Reply’s Compliance,
Risk & Finance Transformation business in EMEA, and asked them
how inevitable change really is within Compliance, Finance and Risk in
financial services. Their answers catapulted us all the way from the hills
of Tuscany back to San Francisco and Seattle.
Valentine: Filippo, you have just returned from your annual
innovation tour to the US West Coast, with the Chief Technology
Officers of 10 companies who are clients of Reply. Is Kelly’s 2046
very different to theirs?
Filippo: Kelly is a maverick. He co-founded Wired magazine in 1993,
co-sponsored the first Hackers’ Conference, and predicted the growth
of the internet. His view is spot on, but I don’t believe the next wave of
innovation is 30 years down the line. It is not even 10 years down the line.
4
5
It’s just around the corner. Three fundamental technological drivers
will shape corporate Europe within the next two to three years. They
are artificial intelligence (AI)/machine learning; augmented reality;
and the internet of things (IoT).
By understanding and embracing these three things, corporate
Europe and financial institutions can remain on top of the coming
wave of changes and arrange their day-to-day relationships with
technology in ways that bring maximum benefits. These technology
enablers will transform Compliance, Finance and Risk, and we
believe they must be at the heart of what Reply brings to its clients.
Valentine: Are Compliance, Finance and Risk now blowing
away the dust and the cobwebs?
Freddy: Compliance, Finance and Risk have cultivated an image
as robust, stable and dependable functions within financial
institutions. To the modern eye, they are sometimes seen as
resistant to technological change. That perception couldn’t be
further from the truth. For the Chief Compliance Officers (CCOs),
Chief Financial Officers (CFOs) and Chief Risk Officers (CROs)
that we work with, the insightful use of technology to enable their
respective functions is mission-critical.
This edition of the CRO Insights Journal is full of examples
illustrating how technology is ‘disrupting’ Compliance, Finance and
Risk. In process automation, for example, or in regtech (see Natixis
article, page 12), CCOs, CFOs and CROs are rising to the challenge
with gusto.
Valentine: Filippo, let us go back to the three waves of innovation
you mentioned. Did your recent visits to San Francisco and
Seattle confirm your vision?
Filippo: Yes, indeed. Reply has a strong technology DNA and is
known as a repeat innovator. However, this year we were blown
away by what we experienced in our working sessions – in San
Francisco, with Google, GE Digital, Oracle, Salesforce and at the
Tech Crunch, and in Seattle, with Microsoft and Amazon.
One compelling example was in AI and machine learning. Here the
power of the algorithm, and the three Cloud APIs being delivered
by Google (vision, speech and natural language recognition), allow
software to interact with humans in a way that we could not even have
contemplated two years ago.
Think of a machine capable of understanding an image, understanding
speech – in four languages – and with the ability to understand the
context. Then apply that to an area like regulatory compliance, where
information is unstructured and the costs to financial services firms
are skyrocketing. Now you have a machine that can read through
regulation and determine requirements, look at controls from a GRC
system and determine the gaps. Many players are recognizing that
this is the future, not just in health (where recent success stories have
stolen the limelight), but also in risk and compliance. IBM Cognitive
Solutions for Risk & Compliance provides a good example.
Figure 1: Search Engine Indicators: ‘Machine Learning’ (source: Google Trends)
6
Valentine: So, AI & machine learning in the risk function – is this
fiction or reality?
Freddy: Very much reality. Filippo could also have mentioned
Microsoft’s Future Lab in Seattle which is centred on Cortana.
Innovation is essential to Compliance, Finance and Risk, and machines
that learn from data have the potential to transform the way we work.
You can already see this in areas such as transaction banking and
payments (intelligent payment management), in fraud detection and
sanction filtering (compliance), in advanced analytics (risk), and in
process automation within regulatory reporting (finance). There has
also been a shift in the trade-off between off-shoring or outsourcing
and data robotics, bringing jobs back onshore.
And this is a cycle of continual improvement. One of the main benefits
of AI and machine learning is that as soon as an action is understood,
it generates new ways of improving by more knowledge discovery.
Valentine: What about augmented reality?
Filippo: A number of indicators that do not lie have gone through
the roof, including investment in augmented reality tech firms. Take a
look at the figures for interest in augmented reality through search
engines (see Figure 2 below):
Figure 2: Search Engine Indicators: ‘Augmented reality’ (source: Google Trends)
Augmented reality is about powering human beings with
information that is contextual. Microsoft will release this capability
on the Cloud to enable other manufacturers to develop an
entire ecosystem around it. One immediate accelerator could
be a regulatory analyst powered by data and information that is
contextually relevant. Wow – just think of that!
Valentine: You also touched on the internet of things (IoT). Why
does that matter to us in Compliance, Finance and Risk?
Filippo: Well, I could invite you to visit Breed Reply, our IoT incubator
in London, Milan and Munich. IoT start-ups hooked into the financial
services ecosystem are transforming financial services. Right now,
this is affecting Compliance and Risk more from a ‘what they have
to cope with’ perspective than as an enabler, but it is still early days
and the IoT future has much in store for us.
Valentine: Freddy, you are running a number of projects in the
IoT space, are you not?
Freddy: We certainly are. Indeed, we are seeing a transformation
of the financial services ecosystem that tests the capacity of
Compliance and Risk (more so than finance at this stage) to keep
pace with adoption of IoT by the business. In motor insurance,
for example, it is already some years since we developed car
telematics devices that monitor driving behaviours, are used
for underwriting purposes, and can potentially feed into claims
handling. There are significant hurdles to overcome along this
digital journey, not the least of which involve compliance issues
like data privacy, and risk management issues.
Another very active area of financial services where we have
introduced IoT solutions in is health insurance. There, even more than
in motor insurance, Compliance and Risk have an advisory role to
play in helping insurance companies to revolutionalise the way they
run their business.
One last change perhaps, new applications will allow homeowners to
provide their insurers with information on how they manage their daily
household risks, so that they can then be rewarded for it.
Figure 3: Callsign, a Breed Reply Start-up – An IoT solution for multilayered authentication (source: Reply website)
7
REGTECH WAVE
Michelle CurtinAn interview by Dean Mitchell, Associate Partner, Avantage Reply
Dean Mitchell spoke with Michelle Curtin, from the Bank of New
York Mellon (BNY Mellon) to discuss regulatory change and the
so-called “RegTech Wave” within the financial services sector
that is capturing so much attention. Dean asked Michelle to
share her thoughts as EMEA Head of Regulatory Change on how
technology can be used to enable or enhance how banks manage
regulatory change and ensure compliance to regulations.
In a series of questions, Michelle reflects her own personal
thoughts and her experiences at BNYM on the rapid pace of
change within financial services regulation and how technology
has changed, or not changed the approach.
Dean: Michelle, in conversations with other senior banking
professionals we are aware the definition of RegTech and how a
firm chooses to view the advances in technology, differ from bank
to bank. Can you share with us what RegTech means to BNYM?
Michelle: When I think about RegTech, I see it as an enabler, which
allows us new options on how to address the ever increasing and
changing regulatory requirements.
I don’t think that RegTech is a new concept per se, as at BNY Mellon
we have always used technology in some way to manage regulatory
change. What has changed however is the pace and volume
of regulatory change. It is the sheer volume of new regulations
combined with the complexity of many of them that forces firms to
look more to technology to address the delivery requirements and
manage challenges.
There are two main drivers behind why BNY Mellon looks to
innovative technology in relation to regulatory change.
The first is our clients. As the investments company for the world
serving corporations, investors and institutions who are each faced
with their own regulatory change challenges, we are uniquely
positioned to partner with our clients to develop solutions in this area.
The second relates to managing regulatory change within BNY
Mellon, with a focus on cost management and efficiency. Managing
8
Riding the RegTech
Wave within the financial
9
costs and being efficient with resources are important factors
for BNYM, as they are for other banks. We are keen to harness
technological advancements wherever possible to help achieve
these aims.
Dean: A quick follow up question Michelle. Are you able to
distinguish any differences between varying geographies in the
trends that you are seeing?
Michelle: Whilst there is a global commonality to the aims and goals
of many regulatory changes, the way in which they are implemented
in each jurisdiction can be quite different. Even in the EU we
face challenges with implementing European regulatory changes
consistently across organizations as there is often an element of
national discretion across the Member States. This can make the
implementation more complex in a global organization and make it
difficult to leverage technology and gain efficiencies.
Dean: In terms of the split in types of regulatory changes, say
conduct risk vs. prudential risk, are there any differences in the
challenges you face?
Michelle: Yes, there are differences between the conduct
challenges and prudential requirements we are asked to address.
In respect of prudential regulation, much of the information has
been requested for some time now and is often linked to existing
regulatory reporting. What we are seeing however is a move to a
much more granular level of detail, and the ECB’s AnaCredit project
is one such example.
On the conduct side, there has been an increased focus on data
in new regulatory requirements, either through new data request
or more granular data. Much of the data requested is new and not
necessarily captured by firms currently for other purposes. The
new MiFID II/MiFIR transaction reporting requirements requires
more data at a granular level, and the new Securities Financing
Transactions Regulation (SFTR) calls for new reporting on SFT
transactions. I think the regulators on the conduct side are seeing
data as a way to understand the broader market behavior.
The move to more granular data and requests for new data on
the conduct side presents challenges to the industry and the
opportunity to leverage technological solutions.
Dean: Several of our clients have noted that the UK or European
regulators often lead the way with the introduction of new
regulatory requirements. Are you experiencing any benefits
from utilising technology for managing EU requirements in say
different geographical regions such as the Asia and Pacific areas?
Michelle: In general as I mentioned we do see a trend of
global harmonisation of new regulatory requirements or at
least regulatory goals but I would have to add that we do not
necessarily feel we are benefiting from the reuse of technology
across different regions.
When we take a closer look at similar new regulatory requirements
we often note differences across jurisdictions, for example even
in definitions of fields for reporting, that do not allow us to directly
reuse the software and data. On the face of it, the regulation may
seem the same but it is when we look at ensuring full compliance
in each jurisdiction that we realise subtle differences. We then
need to consider software changes and or different approaches
which do not permit us to simply reuse the original solution.. This is
certainly one of the main challenges we have when approaching
the use of RegTech to manage regulatory change.
Dean: To what extent does BNY Mellon use RegTech and are
there any examples you can share with us?
Michelle: BNY Mellon has developed a number of innovation
centers globally, each with a slightly different focus. In EMEA for
example, our innovation centre is focused on bringing together
tech start-ups, developers, industry experts and researchers to
collaborate, disrupt and experiment with and for our clients. As
the investments company for the world and one of the world’s
largest custody banks we are looking at developing solutions not
just for our own requirements but also to meet our clients’ needs.
As an investment services company we hold an increasing
amount of data and we are working with our clients to consider
ways of harnessing this data to help them meet challenges they
are facing. BNY Mellon recently introduced NEXEN, a complete
financial services digital ecosystem which delivers end-to-end
analytic insights and business solutions across the entire investment
lifecycle. NEXEN’s Gateway provides clients with online access to
BNY Mellon’s solutions, services and data and also allows clients
to access our app store which will give them access to capabilities
offered by select FinTechs and more established financial services
providers.
Internally we continue to work to improve our regulatory change
management process through technology and innovation. We are
actively working with a number of RegTech firms including Fenergo
and Suade. We also continue to work with a number of consultancy
firms like Avantage Reply, Deloitte and others to utilize RegTech
solutions they have developed. As we continue to tackle emerging
regulatory requirements we will continue to partner with new start-
ups and more established firms to find better, more efficient and
smarter ways of managing compliance.
Dean: Finally, on a practical basis, has BNY Mellon experienced
any benefits in terms of reduction of costs or enhancement of the
quality of regulatory implementation though the use of RegTech
that you can share with us?
Michelle: From my perspective as a Compliance Officer of a large
financial services company tasked with managing our regulatory
change agenda I am interested in the benefits FinTech and RegTech
can bring to help deliver or enhance the effectiveness of regulatory
change process. In Europe we are monitoring about 100 new
regulatory changes on a monthly basis so that we can assess the
impact they might have on our firm. We are working with a third party
vendor to onboard a system that will allow us to manage this process
more efficiently and also track and manage applicable requirements
through the regulatory lifecycle. With this in mind it would certainly be
a help to us if the regulators, especially those that operate a rulebook
based system, developed a common delivery system that would feed
into all banks regulatory change systems rather than having rely on
manual uploads. Our regulators are actively engaged in the FinTech
and RegTech space and have certainly been very open to discussing
such ideas with us which is very positive.
10
11
The other area we are interested in is machine learning and the
possible benefits we could obtain from this new area of technological
development. This area is still evolving and we continue to keep a
watching brief on IBM and their much-publicised Watson capabilities.
We can certainly visualise how a machine learning tool could add
value to the regulatory change process by replacing some of the
work our staff currently undertake in assessment of changes to allow
them to better focus their efforts where needed. However we still
see a challenge in providing the data points across our businesses
that staff have worked for years to learn and understand to allow the
machine to properly analyse proposed changes and truly assess the
impact on the organization.
This is a very interesting time and given the pace of regulatory
change and enhanced regulatory expectations, coupled with an
environment that is encouraging and fostering innovators and new
technologies, there is a perfect storm that is, and will continue,
delivering exciting new advances.
INTERNAL MODEL RISK MANAGEMENT
Bovaro Quach & Isabelle PoitteAn interview by Freddy Gielen, Executive Partner, Reply
12
Freddy Gielen interviewed both Bovaro Quach, Head of
Regulatory Ratios and Isabelle Poitte, Head of Prudential
Norms, Own Funds and Capital Planning at Natixis, the
commercial banking subsidiary of BPCE, one of the largest
European Banking Groups.
Bovaro and Isabelle share their views how technology can be
leveraged in order to optimise or enhance risk management and
finance processes, in particular with a focus on regulatory changes
and increasing regulatory demands that are being placed on financial
institutions.
Freddy: Bovaro and Isabelle, you are definitely both facing
and dealing with a multitude of regulatory demands from the
European Central Bank, the French Regulatory Authorities as
well as your group to which you need to feed information and
data in support of the group's responses to regulatory demands.
Against that backdrop, we were interested to gain insight into
why you are looking at using enhanced technologies more now
than maybe a few years ago in the context of your day-to-day
activities.
Bovaro: It is, to an extent, part of our survival instinct. Regulation
is increasingly demanding and precise. With respect to regulation
and good practices, we draw a distinction. Obviously, we always try
to do our best to have efficient and effective risk management and
finance processes. The difference is when something becomes
regulated, there is a presumption that - when we undertake a task
which is not completely formalised - that the task may actually not
have been undertaken completely and properly. I think that is a
key differentiator introduced by regulation. It raises the bar for
the standards of evidence. We, on the back of those regulatory
changes and demands, have been forced to up our game
compared to what we used to do, and certainly to formalise what
we do on a day-to-day basis a lot more than maybe in the past.
Isabelle: Yes, definitely. Bovaro is very right. The additional
regulatory requirements have placed more demands on our
departments. Of course, we have within the departments a number
of very experienced staff members who deal with a high volume
of regulatory demands. For example, we might have had over the
Using technology to enhance risk management
model
13
last 12 months in excess of 30 meetings with supervisors. So there is
an increase in regulatory demands, but combined with a significant
change in the way banking supervision is conducted with more
scrutiny and more presence on site. That has driven a lot of changes
in the volume of work we have to deliver, to not only satisfy regulatory
requirements, but also address the demands, the requests for
information from supervisory authorities, the European Central Bank
or the French Regulatory Authorities such as the ACPR.
Now, this basically translates into a lot of requests for data and a lot
of requests for data items that, whilst they might have been used in
the past, were not used from a regulatory perspective. Bovaro rightly
pointed to the key differences between an item that is submitted
to the regulator and an item that is used for internal management
purposes. The amount of formality involved when you submit
something to a regulator is usually greater than when it is solely used
for internal purposes. This results in more scrutiny being placed on
the data item and additional work being undertaken. For all these
reasons, the regulatory requirements combined with the pressure
on the supervisory front, we have had to look for innovative ways to
leverage technology in a way to deliver on these increased demands.
Freddy: Thank you for this. You pointed to more regulation and
more intensive banking supervision and you have said that you
are looking at technology as one of the enablers to help you
cope. What are the areas where you have seen technology being
the most effective where you believe that the rate of return of
investing technology might be the greatest?
Bovaro: Well, we are and we have obviously been using technology
for years. I think the change comes in how we are using the technology
and what kind of technology we are looking at. We are certainly
looking at using technology in areas where potentially in the past we
wouldn’t have contemplated the use of systems and data. It’s really
both dimensions. I’ll give three examples to illustrate the point. The
first area is obviously the area where we work with Avantage Reply,
where you are helping us building an internal model management
platform to help us to better manage internal models that we are using
to run the bank and to comply with capital requirements imposed
on us by regulation.
The second one is capital planning where we are looking at ways
to automate and enhance some of the simulations we run internally
and for regulators to plan our capital usage. Capital is a scarce
resource. It is obviously a complicated process to calculate how
much capital a bank needs at any given point in time and given
certain scenarios. We are trying to make best use of the technology
to come up with the right responses.
The third area, potentially one of the largest area in terms of focus
today, is the usage of data lakes. We are (and this is driven by
things such as BCBS 239) looking at opportunities to identify the
golden source of each data item, source the data from the golden
source, validate the data items, and make it the official version of a
data item, so that each data item once validated, can be available
to a range of users - not just in risk, not just in finance - to address
regulatory requirements and beyond. I think it is for us an area
where technology, in particular the more novel ways of dealing
with large volumes of data, is of particular interest.
Freddy: I can only agree with you. I think we see at Avantage
Reply a range of clients investing in technology to transform
the way they manage data. There is a significant focus by
regulators, by supervisors including the ECB on the quality of
data and the use of this data for decision making purposes by
banks. You mentioned internal models. We have just started to
see the first phase of the targeted review of internal models
by the ECB and, Bovaro, you mentioned the fact that Natixis is
looking at technology as enabler to better manage its internal
models. Internal models are prevalent in banks, they are key
to the activity of any bank and I am not just talking - of course
- about internal models used for RWA risk-weighted assets
purposes. Why this topic and what can you expand a little bit on
what you are doing in that space?
Bovaro: Technology is enabling us to adopt a much more
structured and comprehensive approach to the management of
internal models. Where in the past it was rather piecemeal (with
excel spreadsheets, different departments, different stakeholders
doing their best), the technology we are using, based on the work
we are currently doing with you at Avantage Reply enables us now
to put together the different departments, stakeholders in the bank,
the regulation, people from the back office, from the middle office,
from the front office, from support functions in order to basically cut
across the silos and provide a transversal cooperative approach to
the management of models.
Why? Back to the point we made earlier, there is increased
regulatory pressure on making sure you have the right governance
and not just the right methodology for your models, that you are
using the right data. Think of Regulatory Technical Standard 36
(RTS) issued by the European Banking Authority. Think of the
TRIM exercise to which you made reference, Freddy. The ECB
is definitely looking into the use of models and trying to assess
whether banks are serious about it. Models are key to running a
bank. They are, when approved for RWA purposes, an integral part
of the determination of how much capital a bank is required to hold
for the business that it runs. Models are key from a regulatory and
from a business point of view, and as a consequence, regulators
are demanding that we have adequate governance around these
models. The technology that we are building is essentially an
enabler for us to have more effective governance and to be more
efficient in the way we manage a vast array of internal models.
Isabelle: Absolutely. We must improve the way we manage our
models. It is key to meet regulatory demands, not just at the outset
when we apply for an internal model approval from the European
Central Bank — for those models that are used for RWA purposes
—but also through the lifecycle of the model. So we basically
document that we have done proper back-testing, that we have
complied with the requirements imposed on us to conduct certain
tasks on a regulatory basis (e.g. annual independent valiidation).
For example, a review by internal audit and things of that nature.
Technology enables us to more effectively manage the workflow,
the evidential requirements set by the regulations. So the use of
technology is for us a way to be better able to demonstrate that we
comply with regulatory requirements.
Last but not least, in the use of the internal model authorisation tool
(IMAT) that we have co-developed with Avantage Reply, we see a
key way to demonstrate compliance with use test requirements.
Whilst we are using technology to improve efficiency, we are
also looking at ways to improve the management of our internal
models, through better governance and demonstrable oversight.
As a consequence, we expect to improve our performance under
the Pillar 2 reviews.
Freddy: Thank you for sharing how you are progressing with
your internal model authorisation tool. What are the key
functionalities that you believe technology enables you to
encapsulate into that tool that will enhance the processes
within finance and risk at Natixis?
Bovaro: Certainly formalisation. The tool enables us to formalise
a lot more and a lot better how we are managing internal models,
both from an authorisation application perspective as well as
through the lifecycle of the model, including changes to the model
and the all pre-approval or pre-and post-notification process, as
applicable.
Isabelle: One of the key functionalities for us is certainly internal
model documentation management where we have much better
management capabilities in terms of the documentation of a
model, both at inception and during the lifecycle.
The second key functionality where technology is a game changer
is the possibility to connect the dots, to have a process from the
conceptualisation of a model to its implementation in day-to-day
life. Thereafter, a process workflow to manage the lifecycle post
go-live, so we have a unified process enabled by technology. As
opposed to what we had in the past, which was a little bit of a
patchwork with a lot of good things happening but maybe more
siloed than they should have been.
Freddy: In terms of technical changes, we have talked about
what you have already done, what you are currently finalising
(internal model management, capital planning, data lakes),
what are the next developments that you anticipate, with
respect to the opportunity to use technology to enhance the
functionalities of a department such as yours in finance?
14
Bovaro: We are definitely looking at other developing technologies
such as technologies had would enable us to automate certain tasks
in order to free up time to analyse the data, as opposed to process
the data. There are certain aspects such as the business process
automation (BPA) or data robotics which are of interest. These are
certain areas where we are looking at opportunities that could be
made available by technology to automate certain tasks where the
time of a staff member might be freed up in order to cater to focus on
tasks with more added value.
Cyrus New & Rob Konowalchuk
In the following article, Cyrus New, Associate Partner at Data
Reply and Rob Konowalchuk, Associate Partner at Avantage
Reply unveil how data analytics can enhance risk and regulatory
reporting.
As regulators have strengthened their supervisory processes over
the years since the financial crisis, data has become the name of the
game. A higher volume of more granular and more complex data is
the common thread between the multitude of new and emerging
regulatory requirements. This era of data hungry regulation brings
challenges – not just in sourcing, assuring, transforming and
aggregating; but also with interpreting and understanding the
data before sending it out the door. Whilst a comprehensive and
strategic architecture solution may still be a costly longer-term
ambition, enhanced analytical data tools and techniques can help
management gain comfort and avoid errors, consequential fines
and reputational damage. Crucially, this can also generate business
insight to support decision-making, thereby taking advantage of the
new compliance requirements.
IntroductionEight years after the peak of the financial crisis, financial regulation
is still imposing new and burdensome requirements on banks
and other financial institutions into the foreseeable future. This
comes with a proliferation of data intensive regulatory reporting
requirements. There are more requirements from different sources,
in varied formats and frequencies, including larger data sets that
are increasingly granular.
After a period of seemingly disjointed reporting requirements
being introduced, regulators are gradually developing more
coherent strategies and approaches for collecting and using all of
these data.
Using enhanced data analytics
to improve risk and regulatory
reporting
16
ENHANCED ANALYTICS & RISK MANAGEMENT
Figure 1: Regulatory Reporting Landscape (non-exhaustive illustration)
17
United Kingdom Eurozone Global
PRA returns COREP BCBS G-SIB assessment exercises
Firm Data Submission Framework (FDSF) ‘actuals’ FINREP FSB G-SIB data collection
Pillar 2A data templates Pillar 3 disclosures
Product Sales Data (mortgages) AnaCredit
IFRS 9 implications on credit risk data
BoE consultations on Sector-specific loan level data requirements (e.g. CRE, SME, buy-to-let)
Actu
al/h
isto
rical
da
taFo
reca
stda
ta PRA Capital + (forecast data) BCBS Quantitative Impact
BCBS 239 Principles for Risk Data Aggregation and Reporting
Regulatory data strategies and frameworks
Ongoing data architecture and quality programmes
Ove
rarc
hing
fra
mew
orks
an
d ch
ange
pr
ogra
mm
es
For example, in the eurozone, the ECB is developing a European
Reporting Framework (‘ERF’) and accompanying Bank Integrated
Reporting Dictionary (‘BIRD’); and the Bank of England now has
a strategic plan for data, data architecture and data analytics,
overseen by the ‘PRA Data Board’.
As these encouraging plans develop, many banks are noticing
a growing tendency towards greater supervisory scrutiny of
returns: identifying errors and inconsistencies, commissioning
independent reviews and, in some cases, imposing costly and
embarrassing fines.
Banks of course are not standing still in the mean time. The principles
in BCBS 239 for effective risk data aggregation and reporting have
been a catalyst for enhancements to banks’ underlying reporting
processes and many banks have on-going programmes of work
aiming to improve data architecture and management, systems
infrastructure and reporting capability (both internal and external).
Challenges facing banksAs with all mandatory change, there are immense challenges
relating to systems capability, data availability and quality, time,
resource and cost.
Systems capability
Most large banks would admit that much of their systems
infrastructure is ageing and fragmented and in many instances
lacks the capacity to produce all required information in an
automated fashion. While infrastructure is usually reliable
overall, at the very least there is too much of it and reporting is
cumbersome. At worst some sort of capability uplift is required to
meet future needs. But there is a reluctance to invest in large,
strategic infrastructure change while the regulatory reporting
landscape keeps evolving. Tactical data and reporting solutions
therefore continue to abound.
Data availability and quality
Regulators are obsessed with data quality, as are banks – and
rightly so. The best reporting infrastructure in the world won’t
help when poor quality or incomplete data is fed into it. Even
when solutions are found for data sourcing, in many cases new
levels of granularity or aggregation require new processes to
ensure these data are extracted, processed and controlled
adequately.
Time and resource
This perennial issue is especially challenging given the backdrop
of non-stop regulatory change. A key challenge with regulatory
reporting is that even when banks have found the time and
resource to implement change and generate reports, there is often
little time left to review and challenge the output at a senior level
and reflect on what it means for business risk and strategy.
Cost
Banks continue to feel pressure from the perspectives of earnings,
cost control, return on equity and capital strength amidst many
competing demands for spend on mandatory change. Prioritisation
is therefore key, and for the large banks, big-ticket changes like
structural reform are sucking up large amounts of this constrained
spend.
Given all of these challenges, the focus on compliance often
outweighs any action taken to derive real business benefit from
all this new reporting. In theory, more robust and integrated
systems and processes enabling better use of data through more
sophisticated reporting and analysis techniques should enable a
richer set of data that management can be confident in, with which
to enhance its risk taking and strategy setting activities. In reality
the time and cost associated with this gets in the way.
18
Each institution will formulate its own response to changing and more data intensive regulatory requirements in line with their
business priorities and unique challenges. Nevertheless given the common reporting requirements within the European banking
sector, banks should be talking to each other to identify areas of common interest, feedback for the regulators, possible non-
competitive areas of collaboration, and sharing of best practice. In 2017 Reply is hosting a series of themed round tables
focused on the technological, data and operational challenges within regulatory reporting.
19
TRANSACTIONAL / SOURCE SYSTEMS
TRADE CAPTURE LENDING
FINANCE SYSTEMS
GROUP GL
RWA ENGINES
WHOLESALE GL
RISK SYSTEMS
CREDIT RISK
MARKET RISK OPERATIONAL RISK
REPORTING SYSTEMS
REGULATORY TEMPLATE GENERATION ANALYTICAL FRONT-ENDS
REGULATORY SUBMISSIONS AND RISK REPORTS
Interactive, role-specific dashboards Super user "sandbox"
Figure 2: Reply's vision for enhanced risk & regulatory reporting analytics
PAYMENTS SECURITISATION TREASURY
COUNTERPARTY RISK
INTERNAL RISK REPORTING TOOLS
RETAIL GL
A potential solution: enhanced data analyticsAgainst the backdrop of multi-year programmes reworking or replacing upstream systems to improve data validity, consistency and granularity,
banks are faced with the need for ways to synthesise and interpret their reporting outputs in a pragmatic way that prompts the right questions
and supports senior decision-making.
Our vision for this takes the form of a lightweight analytical layer that converts regulatory submissions into comprehensible and action-oriented
management dashboards.
STATIC DATA
This solution helps answer four core questions for those
responsible for regulatory reporting submissions:
1. Conformity4
Do the data in our submission conform to the reporting
specifications?
2. Consistency
Are data points consistent?
• Within a submission?
• Between different submissions?
• Between submissions and other key reports?
3. Plausibility
Do the reported results make sense given our business model,
the external environment, and compared to trends in other
submissions and reference points?
4. Insight
What is the data telling me about my business, my risks and my
exposures?
As indicated in Figure 2, based on the completed regulatory
submissions, multiple interactive dashboards are generated, each
tailored to a specific role or user group (e.g. board / non-exec
level, executive level – CFO/CRO, reporting heads, subject matter
experts). Users can quickly assess the salient points from the
submission in aggregate, and can drill down to interrogate the data
as needed. This can be performed by analysts in order to construct
a senior management report, or used ‘live’ in management review
and challenge sessions.
There will be times when these pre-built views generate questions
for deeper analysis, which can be performed in what we term the
‘Super-user sandbox’. This is an interactive web-based analytics
tool in which reasonably technical users can run flexible models
and perform exploratory analysis (e.g. identifying outliers, joining
external datasets and so on).
There are various ways this toolset can be deployed in a business
– either by independent experts running the analysis and helping
determine and shape the messages; or directly used within the
business as part of the reporting process (at the review, challenge
and sign-off stages).
Credit risk example
Credit risk is an area subject to a great deal of external reporting.
This is done through a multitude of regulatory returns and
disclosures. Furthermore, IFRS 9 is creating a whole new set of
processes and external reporting in annual reports that will be
heavily scrutinised by investors and other users.
The table below indicates the types of analysis that can be
performed using our solution.
Type of analysis Credit risk examples
Data point to equivalent data point (cross return)
Comparing credit risk exposure data for a given exposure class between COREP returns, FDSF returns and AnaCredit submissions.
Data point to related data point relationships
Evaluating the relationship between credit risk expected losses and provisions at a point in time and its evolution over time (as reflected in multiple returns).
Comparison of IFRS9 expected losses and regulatory expected losses.
Period on period trend analysis
Evolution of default / arrears data over time, plotted against macroeconomic variables.
Forecast to actual Stress testing projections data compared to business plan forecast data (plotted against historical results).
Composition of credit portfolios by default grade by portfolio or over time, as reflected in multiple submissions.
Drill-down
Actual to benchmark data
Non-performing loans ratio compared to risk tolerance / risk appetite as reflected in multiple submissions.
4 This solution can check that the data conforms to the specification, not whether the figures being reported are the right figures. The latter is based on human judgement and the complex system of processes and internal control that is embedded into the end-to-end reporting process.
20
Benefits of an enhanced analytical toolset
The primary beneficiaries of employing this enhanced analytical
approach are those with accountability for filing compliant
regulatory submissions (i.e. the head of regulatory reporting,
CFO, CRO, ExCo, risk committee, audit committee). Submissions
can be reviewed and approved with additional comfort that they
conform to mandated reporting templates; that obvious internal
inconsistencies are identified and resolved prior to submission;
and that senior management’s attention is focused on those
aspects of the submission that are most likely to interest the
regulator.
In the context of new and changing regulatory requirements, and
short reporting lead times that are posing real challenges to most
banks, our enhanced regulatory reporting analytical approach
represents a rapid response to an increasingly pressing need.
Another benefit of deploying such an analytical tool is the audit trail
it creates. Given the volume and complexity of today’s regulatory
submissions, being able to evidence robust senior management
and board review and challenge is becoming more difficult – but
regulators expect a rigorous process.
Of course the underlying aim behind most regulation, and
responses to it, is better management of risks. With enhanced
regulatory reporting analytics, banks are better placed to:
1. Gain comfort over the quality of externally consumed data
Behind each submission are questions the regulator is trying
to answer. As their methods continue to grow in sophistication
(a trend we expect to continue) so the bank’s internal review
mechanisms need to develop and anticipate. More widely, public
forms of disclosure (e.g. annual report and accounts, Pillar 3) are
subject to scrutiny from analysts and increasingly sophisticated
investors. If banks don’t find ways to more quickly interpret and
risk-assess the reports they submit to the regulators and publish
for public consumption, they will continually play catch-up.
2. Identify and prioritise improvement areas
Problems can only be solved when we are aware of them. Problems
in the data we collect could indicate many things: processing
errors; misaligned classification rules; duplicate sources; old/
invalid records. Many such issues remain unnoticed, or worse
still are noticed and deemed acceptable precisely because their
impact is not properly understood.
3. Better exec/board engagement
In addition to greater assurance on the quality and conformity
of the data, more informative analytics can generate insights
into the business model, risk profile, vulnerabilities and potential
opportunities, in order to inform more confident strategic decision-
making. In other words, this proliferation in regulatory reporting
can help drive business benefits, if its value is harnessed properly.
Obviously, regulatory reporting demands will not go away and are
only growing in their complexity and associated challenges. Banks
need not wait for full delivery of their ‘strategic architecture' solution
to feel more comfortable with the veracity of their submissions. An
efficient, analytical approach to understanding regulatory data
will provide this comfort and help banks achieve the nirvana of
regulatory compliance – using it to drive business advantage.
21
Claire Huvelle & Paul Delforge
Paul Delforge and Claire Huvelle, both experts SAS at Avantage
Reply, will demonstrate how quickly a financial institution can
implement process automation solutions and datarobotics
In the coming years the financial industry will continue to be exposed
to a number of important challenges including increasing regulatory
demands, and shortened regulatory timeframes, against a backdrop
of a difficult and uncertain economic environment. Faced with
pressure on their profitability, most major players are assiduously
cutting costs and announcing significant staff reductions. These
challenges come at a time when the industry is eager to invest in
new technologies, in particular opportunities to incorporate a much
more vast set of data into its decision-making processes.
The raises the crucial question: how can these increasing demands,
and commensurate increase in the extent of data and processing,
be met with reduced staff and within the required timeframes? The
answer: innovative solutions to process automation through ‘data
robotics’.
Background: Onerous requirements demand efficient solutions
Banks and insurance companies are subject to increasingly complex
and detailed regulatory reporting requirements enshrined in the
Capital Requirements Regulation (CRR), ‘Solvency 2’, in respect of
financial and prudential reporting, and EMIR and MiFID, pertaining
to the regulation of financial markets and related reporting of
transactions. These regulations, together with their implementing
technical standards, require a significant amount of calculations and
reports to be delivered in challenging timeframes with an increased
focus on the quality and the traceability of data.
Between 2006 and 2016 the cost of data storage has been divided
by 10 and the emergence of new sources of data (e.g. social networks
and smart devices) has also significantly increased the amount
of information (customer, counter-party, product, competitor) that
financial institutions can store and use. During this same time period,
How increasing amounts of data can be managed
in reduced timeframes by
fewer staff?
22
PROCESS AUTOMATION
processing power has only doubled. So, as the amount of available
and required data has exploded, new technology approaches have
to be considered to cope with this new situation in reasonable
timeframes.
In recent months and years, many major financial institutions have
announced significant staff reductions. These announcements are
often a response to extreme pressure to reduce persistently bloated
cost to income ratios, but have also been part of a transformation
strategy towards digitisation, streamlining and automation of
processes.
During this time, data management and data quality have become as
critical as the data itself. For the banking industry, the need for robust
data management has been codified in the seemingly obvious and
simple yet challenging set of principles in ‘BCBS 239’. This contains
regulatory expectations for firms’ risk data aggregation and reporting
capabilities. Whilst many large banks are materially compliant, most
are still on a multi-year journey towards their ideal data management
end-state. And while this ostensibly applies to ‘risk data’; most industry
participants see this as having broader application for enterprise-
wide management of data.
In summary, financial institutions must have the capability to perform a
multitude of calculations based on data that are fully traceable, whose
quality has been assessed, within reduced timeframes (often ‘real
time’ or at least ‘intraday’). All of this must be in line with documented
processes and controls implemented by a leaner complement of
resources. The only solution to this complex problem involves a
relentless pursuit of greater efficiency!
Process Automation
As vital and dynamic compliance, finance and risk functions are,
many of their tasks are repetitive and somewhat tedious and
cumbersome. In the world of regulatory reporting, for example,
calculations and report generation are performed as often as daily,
and sometimes intra-day. Most reports require a large quantity
of data and a vast number of underlying calculations of varying
complexity.
Even if the majority of these activities are partially automated,
infrastructure limitations often necessitate the reliance on manual
processes, with the inevitable consequence that compliance, finance
and risk staff face a perennial work overload. A distinct pattern exists
across the industry in respect of these manual tasks. Scarce qualified
individuals perform manual and repetitive tasks such as:
• Data sourcing and extraction / querying;
• Data manipulation and transformation;
• Opening and running programs or macros;
• Correcting data due to quality issues (e.g. posting adjustments);
• Creating manual reports using spreadsheets or other end-user
defined applications;
• Maintaining spreadsheets formulae; and
• Reprogramming VBA macros that have ceased working.
Firms still rely on manual steps for these repetitive and routine
activities despite the fact that we now have the technology at our
disposal to automate these processes to solve manual inefficiencies.
This is at least partly due to the fact that the regulatory landscape has
not stopped shifting since the financial crisis. When requirements
continue to change and there is no certainty in sight, it is difficult to
get buy-in for significant spend on infrastructure because it may not
be future-proof. Another reason for this reluctance is simply the fact
that until recently, many automation technologies have been stuck in
the ‘proof-of-concept’ phase rather than in the mainstream.
While process automation is touted as a way to address cost
inefficiencies in the back office and other areas prone to labour
intensive processes, there are other related benefits, such as:
• Lead time: Whether it is a compliance activity requiring an
immediate decision, or complex financial analysis such as
stress testing or pre-deal capital impact analysis, lead time is of
paramount importance and definitely an area where computers
trounce humans. Improving production speed enables more
timely analysis and decisions, which is a critical success factor
for financial institutions more so than ever.
• Accuracy: The conduct, compliance and other fines imposed on
institutions (in monetary terms or via remediation programs) as
23
a result of inaccurate/unreliable risk management information
and supervisory filings are high on the agenda of senior
management. There again, in terms of ensuring robust and
reliable data inputs and outputs, computer processing defeats
error-prone manual intervention.
A Word on BCBS 239 (Banking) & EIOPA Guidelines (Insurance)
Regulatory authorities have made clear their expectations, by way
of BCBS 239 (for significant banks worldwide) and within the EIOPA
Guidelines (for insurers in the European Union).
These principles and guidelines stress the limitations and the risks
these manual processes carry and articulate their expectations of firms
in addressing these, emphasising the need for data accuracy and
capabilities to address quickly evolving information requirements. Within
banks subject to BCBS 2395, for example, the following principles apply:
• Principle 3: Accuracy and Integrity – A bank should be able to
generate accurate and reliable risk data to meet normal and stress/
crisis reporting accuracy requirements. Data should be aggregated
on a largely automated basis so as to minimise the error probability.
• Principle 6: Adaptability – A bank should be able to generate
aggregate risk data to meet a broad range of on-demand, ad hoc
risk management reporting requests, including requests during
stress/crisis situations, requests due to changing internal needs
and requests to meet supervisory queries.
A financial institution is not only obliged to perform complex calculations
on large amount of data, they also must do it in reasonable timeframes
using automated systems, while demonstrating the completeness and
accuracy of the data used.
Data Robotics: The Reply Way
‘Stufenweise’ (as our German colleagues put it) or ‘one step at a time’ is
the common approach we have taken with senior compliance, finance
and risk managers facing the daunting challenge of doing more, faster
and better with less.
Whether it is a bank with more than 1,000 risk officers seeking to
reduce staff by over 30%; an overloaded compliance department
facing heightened regulatory scrutiny and a myriad of legacy
issues; or a finance function facing staff attrition as a result of
deteriorating morale; the solution invariably begins by looking at
existing processes from a business-driven and technology-aware
perspective. It is not about the incremental tactical changes that
will increase efficiency by 5%. It is about looking for novel ways to
automate processes (including those that have been outsourced or
off-shored) and remove process ‘friction’ with a view to undertaking
a transformation that really changes the game.
So why ‘stufenweise’? The Reply approach starts with this
transformative vision but then quickly moves on to executing and
progressive deployment, reaping the benefits along the way whilst
keeping the direction of travel firmly aimed towards the ultimate
goal: the ‘game changer’.
Case Study 1: Automating Data Quality Processes and Controls
in a Financial Institution
We have already emphasised the importance of data quality in
regulated processes. It goes without saying that data quality is a
theme that is very relevant in the vast majority of processes but
when it comes to Compliance, Finance and Risk, the threat of
regulatory sanctions or fines due to poor data quality hangs over
financial institutions like the sword of Damocles.
A large financial institution had over the years increased staff
allocated to manual data quality processes and controls within
the supervisory reporting workflow, culminating in having 20+
qualified staff processing Excel spreadsheets and posting manual
adjustments, year in year out.
As a first step part of a comprehensive process automation initiative,
Avantage Reply developed a data robotics modular solution that
interactively and comprehensively automated the data quality
testing of data files used within the regulatory reporting process.
24
5 Source: http://www.bis.org/publ/bcbs239.pdf
25
Until then, our client had implemented simplistic and limited tests
within spreadsheets to test data quality (e.g. reconciliation controls).
The controls were time consuming and provided limited assurance.
The modular data robotics solution we developed and implemented
within a three-month period automated these manual processes.
The automation of processes ensured that the format of the
100+ distinct files used was adequate and consistent (arguably, a
mundane and low value-adding task but one that had significant
detrimental implications for the process downstream when not
adequately conducted).
Data Quality Checks Definitions.xlsx
Perhaps more interestingly, the module also introduced a user-
friendly interface allowing functional users to define data quality
tests they wanted to perform on the 100+ data files, have the ‘data
robot’ run the tests and deliver exhaustive reports via email and/
or graphic interface. The paradigm shift in the approach was two-
fold. First, the approach empowers functional users (rather than IT) to
design and implement the data quality tests without any advanced
IT knowledge. Second, the module automatically ‘translated’ user
instructions into executable programs that automated the process
and controls designed by users.
PGM_DQ_TEST_1.sasPGM_DQ_TEST_2.sasPGM_DQ_TEST_3.sasPGM_DQ_TEST_4.sasPGM_DQ_TEST_5.sasPGM_DQ_TEST_6.sasPGM_DQ_TEST_7.sasPGM_DQ_TEST_8.sasPGM_DQ_TEST_9.sasPGM_DQ_TEST_10.sasPGM_DQ_TEST_11.sas
From: DQ_engine@reply.comTo: John SmithSubject: Data Quality Feedback
Hi, User John Smith has started the data quality platform. File to load is Balance_sheet: C:\Replyrisk\balancesheet.xlsx
3,409 records have been loaded.Data quality Results can be found in: C:\Replyrisk\balancesheet20170315.xlsx
63 tests were executed.27 level 1 tests were executed and returned 41 errors.
Figure 3: Reply approach
This pragmatic and rapidly deployable approach transformed the
data quality control phase within the supervisory reporting workflow,
reducing manual processes and data quality issues by a factor of 20
and 50 respectively.
Case Study 2: Automating Stress Tests
‘EBA EU-wide Stress Testing’, ‘Comprehensive Assessment’,
‘Comprehensive Capital Analysis and Review (CCAR)’, ‘Reverse
Stress Testing’… The role of stress testing in risk management and
prudential supervision has grown from a somewhat esoteric practice
into a mainstream risk management and supervisory tool.
Within financial institutions, running a stress test generally involves
sourcing multiple data files from across different businesses,
subsidiaries, functions (ranging from front office to risk and finance)
that often require complex calculations (e.g. determining capital
requirements implications of shifting the credit profile of an entire
portfolio; revaluing a portfolio of derivatives assuming a specified
market shock). Also, it is quite common that these data files need to
be interconnected (i.e. that the value of a data item in one data file
impacts the value of a data item in another data file).
From a process perspective, stress testing can quickly become
hugely time consuming, cumbersome and inefficient, with staff
assigned to chasing colleagues all over the firm for data file
submissions and others trying to make sense of the sequence of
tasks to be conducted given the dependencies between files and
the frequent incoherencies between submissions.
Using data robotics to streamline and automate this process was at
the core of a project Avantage Reply delivered with a banking client.
The ‘data robot’ we co-developed allows users to execute stress
testing processes, verifying that the required data files are available
and ensuring that dependencies are fulfilled. A significant amount
of time is saved since processes can be executed in bulk and by
one single person instead of each process being executed by its
developer, as was previously the case.
This module configuration is maintained by business users and
imported into the system. There again, business users are able to
execute monthly closings without having programming knowledge
or interaction with IT.
Today, the ‘data robot’ is comprised of 400 programs which process
800 source files. Without any further demand being placed on IT
time, the process is managed by two business users delivering
stress tests results within a timeframe that has been reduced by
40%.
26
Richard Acreman
“Productivity - the amount of output delivered per hour of work
in the economy - is often viewed as the engine of progress in
modern capitalist economies. Output is everything. Time is
money”. Tim Jackson – Economist & Author
In this article, Richard Acreman, Partner at WM Reply, unveils the Best
Execution Tool and outlines the revolutionary potential of the SharePoint
platform as a 'RegTech' tool to deliver regulatory requirements.
If productivity is the cornerstone of capitalism on a macro level, then
we should not only strive for efficiency within our working processes,
but also succeed at it.
However, risk and compliance exercises like data entry, auditing and
archiving can often be lacking in both commitment and enthusiasm by
end users. Throw in archaic and incompetent software and you’re less
like an engine of progress, and more like a clapped-out rust bucket.
Also, factor in the post-apocalyptic aftermath of the financial crash and
the increase in strict regulatory guidelines surrounding data trails and
accountable information storage. You can begin to see a gap in the
market for a smart, intuitive, and versatile tool that boosts efficiency and
captures the most important data for maximum leverage.
One of our clients, a large multi-national bank, found themselves
in need of a tool to bridge this gap. End users were using Excel
spread sheets to manage and record complex confidential business
processes and information in relation to their compliance with the
'best execution' requirements of MiFID. After merging a plethora of
data into one master document they would then use emails to cross-
reference with their teams. This was not only time consuming, but due
to the lack of structure and consistency produced substandard data
which struggled to comply with regulation. In our experience, we find
these problems all too common when reviewing business processes
and data entry tools for our clients. With no centralised point of entry,
either too much restriction or not enough, and completely relying on
manual input, it is clear to see this sector is screaming for innovation.
And that’s where we come in…
Improving compliance and
productivity with SharePoint
BEST EXECUTION TOOL
28
The Best Execution Tool
Working closely with our client we developed the best practice Tool
to offer a tangible solution to an out-dated business process that
alerts firms to risky trades, compliance issues or inexact information
that can result in the loss of a deal. The business benefits achieved
can be broken down into five areas:
• The introduction of an Automated Business Flow allowed
our client to request built in notifications of any changes that
occurred in the trades or transactions with an escalation and
multi-tier approval process.
• Dynamic Reporting with an intuitive dashboard generates
filtered custom reports, that have been security trimmed and
the ability to export data to other file formats.
• The Audit Archive function allows for complete transparency as
users can view every change, restore old versions of content
and create retention and certification polices.
• The Advanced Search function empowers users to self-serve,
offering recommendations, filtering and pre-filling target search
queries.
• It Is also ‘safe as houses’ as you can restrict access, through
Permissions and Access Control on any file, folder or
classification ensuring sensitive details don’t get into the wrong
hands.
SharePoint is the saviour
What makes this tool a real win is the platform on which it’s
made, Microsoft SharePoint. As the personification of productivity
SharePoint has been helping organisations work smarter for over
10 years. This tool fully integrates with any Microsoft product,
dramatically reducing disruption and with familiar features that are
easily customised it can adapt to market requirements and end
user needs.
Conclusion
In summary, this software is at the forefront of the ‘RegTech’
revolution and embodies the very essence of this innovative
market space.
When you apply this systematic model of data capture to other
market sectors you can quickly see the transferable benefits.
There are many highly regulated industries that place a huge
burden on organisations to store, produce, audit and aggregate
data in various ways, such as: Healthcare & Life science, Energies
& Utilities and Pharmaceutical.
29
Massimo MoriniAn interview by Giorgio Pavia, Associate Partner, Avantage Reply
In the following interview by Giorgio Pavia, Associate Partner
of Avantage Reply (Milan), Massimo Morini, Head of Interest
Rate and Credit Models at Banca IMI, discusses the increasingly
prominent role of innovative technologies, including the
distributed ledger technology (also known as “DLT”).
Giorgio: Massimo, beyond the much touted use case of electronic
currencies (including bitcoin), blockchain technology is making
front pages news as an enabling technology in financial services.
What is unique about blockchain?
Massimo: I believe it is unique precisely because it is not just yet
another technology. It is much more than distributed databases and
machine replications. In my opinion, blockchain is unique because
it is a sea change in terms of business model implications. With
blockchain, counterparties agree to share part of their accounting,
data and processes.
Banking is characterised by high transaction costs and lengthy
– and often manual – processes that are error-prone. The sheer
idea of addressing some of the root causes that contribute to that
state of affairs is intriguing. Blockchain is in that sense an exciting
technological development.
As an example, take Ethereum -- an open-source, public, blockchain-
based distributed computing platform -- and its ”smart contract”
capability; it is an innovation enabler, one that will transform financial
services as we know them today for the benefit of the real economy.
Giorgio: Smart contracts …. Could you elaborate?
Massimo: I probably should, since “smart contracts” cover a wide
range of cases, including the bitcoin cryptocurrency. In essence,
bitcoin is a basic form of smart contract underpinning a transaction
with pre-defined conditions having to be met for the transaction
to “settle” -- for the bitcoin money to move from the buyer to the
seller.
Increasingly prominent role
of innovative technologies
BLOCKCHAIN
30
Ethereum is in effect more evolved; call it “smart contracts 2.0”.
They say about themselves that they provide “applications“ that
run on a custom built blockchain, an enormously powerful shared
global infrastructure that can move value around and represent the
ownership of property. This enables developers to create markets,
store registries of debts or promises, move funds in accordance
with instructions given long in the past (like a will or a futures
contract) and many other things that have not been invented yet,
all without a middle man or counterparty risk6.”
Certainly, this technology can redefine some financial processes.
Take the need to ensure that in a transaction such as the purchase
of securities the delivery of the security happens simultaneously
with the price payment. A smart contract would allow you to ensure
that you achieve this goal with a simple instruction in the smart
contract code, without the involvement of a third party (or third
parties), as is currently required. This technology has the potential
to revolutionise financial roles such as Central Counterparties in
derivatives clearing or Central Securities Depositaries.
Giorgio: If I understand the logic, you are suggesting that smart
contracts could transform a highly regulated industry such as
financial services, because they have the potential to reduce
systemic risk resulting from counterparty risks, settlement
risks, etc. Smart contracts as a risk mitigation driver?
Massimo: Certainly, if you use a smart contract, some of the
traditional risks (that we have been managing for years and have
had to manage much more tightly since the financial crisis) will fade
away. Settlement risk is a good example.
More generally, for collateralised transactions, if you transact
through an efficient smart contract, a lot of what we call counterparty
risk can essentially be eliminated by much more efficient collateral
exchange, by making a settlement of cash flows simultaneous with
the corresponding update of collateral.
But, Giorgio, risk managers will not be out of a job overnight, and,
paraphrasing Peter Bernstein, it is more about risk replacement
than risk eradication. As a matter of fact, with smart contracts, one
is transforming traditional risk types into new risk types, including
systemic cyber risk.
An impressive example of this risk was exposed by the DAO
case involving Ethereum. The DAO, a Decentralised Autonomous
Organisation instantiated on the Ethereum blockchain, was a form
of investor-directed venture capital fund with no conventional
management structure or board of directors, to eliminate the usual
risk of opacity of this sort of investment fund. In June 2016, hackers
exploited a vulnerability in the DAO code to enable them to siphon
off one third of the DAO's funds into a subsidiary account. In July,
the Ethereum community decided to take a controversial action to
restore virtually all of the funds to the original contract by breaking
Ethereum into two separate blockchains and two separate active
cryptocurrencies.
When you move the management of a market from human
beings to machines, you get rid of the typical human operational
and counterparty risks, but you introduce cyber risks that human
beings are less able to control.
The DAO hack is similar in a way to a recent incident in which a
self-driven Tesla car had an accident that killed a person; after that
Tesla cars were changed to reduce the chances of such things
happening again. Similarly, the community is working to improve
blockchain and smart contracts. For example, R3’s Corda has
features designed to prevent a third party from taking control of
a smart contract.
So, with the end or the partial end of old risks, we have the birth of
new risks, but also the birth of new ways of managing these risks.
31
6 Source: https://www.ethereum.org/
Giorgio: Thank you for setting the scene for our readers. Now that
we have a baseline understanding of DLT, allow me to turn to the
topic at hand. You have looked into the opportunity to leverage
this technology to mitigate the impact on derivatives pricing of
XVA fair value adjustments. Can you tell us more about that?
Massimo: One of my pet topics, with pleasure! As we discussed a
few moments ago, blockchain technology allows us to achieve much
more efficient collateralisation, which can play a large role in managing
CVA and KVA volatility, and reducing the associated costs.
Since the ledger is truly distributed, disagreements about
exposures and collateral can be dramatically reduced, because the
counterparties are using data, pricing logic and a balance sheet in
common, and are therefore looking at the same numbers. Through
a smart contract, the change of an exposure and update of collateral
can happen simultaneously, and automatic actions such as breakup
clauses can be introduced in case of payment delays.
The introduction of collateralisation and central counterparties brought
significant transformation, and blockchain can make their associated
processes much more efficient, transparent, fast and decentralised.
But changes of this magnitude don’t occur often, or easily.
Giorgio: Fascinating times ahead! What is your estimated
timeframe for all this? Any hurdles to overcome?
Massimo: Well, some of your readership may remember the 1990s.
The Internet became available in the ‘90s, yet it took more than 10
years before it really impacted the economy. Those who overinvested
too early lost a lot of money. Blockchain now brings similar risks and
opportunities. We first have to agree on a common standard and
protocol. Then counterparties will need to become nodes of the
blockchain system. We are not there yet!
In financial services, that alone will not suffice. Your question on
“hurdles” is very relevant. Regulation is a potential show-stopper
unless it evolves and provides an enabling environment for blockchain.
Interesting times ahead!
There are some promising examples. In January, the post-trade
market infrastructure provider Depository Trust & Clearing Corporation
(DTCC), announced that IBM, Axoni and R3 would provide a DLT
framework to drive improvements in derivatives post-trade lifecycle
events by re-platforming DTCC’s Trade Information Warehouse, which
automates services for more than $11 trillion of credit derivatives.
A similar project is underway in Europe by DPactum, working with
the CCP LCH.
Giorgio: Are there real benefits in cost cuts that CCPs and
banks can achieve through the use of blockchain and smart
contracts? And if so, in which functions? Is it possible to reduce
costs in the back and middle office?
Massimo: There is more to it than that. Under the current business
model, blockchain technology can’t really cut costs, because as
long as you continue to do business the same as you have been,
you can’t reduce costs just by means of technology. Blockchain is
more than a technology.
When you actually change your business model and the way
you do things, the cost reductions can be enormous. Think of
the units and staff that now work on regulatory reporting; the
associated costs could be eliminated if regulatory reporting were
replaced by giving regulators visibility on a financial institution’s
transactions. Think of the efforts involved in collateral imperfection
and reconciliation; the related costs could be eliminated through
trading on a single distributed ledger. Or think about the capital
and credit risk related to the long margin period of risk assumed
by regulators; these could be dramatically reduced if it were
recognised that the margin period of risk, when you deal through
an automatic smart contract, is reduced to a fraction of that.
As you may have noticed, all of these things require radical
changes in business models, which are currently not even allowed
by regulation. This is probably the biggest reason why blockchain
enthusiasm seems like hype now. Unfortunately, there is an
incorrect idea, which is that blockchain is a piece of technology,
like an artificial intelligence algorithm, that can be applied today
and allow you to do things faster or better without having to
change your business model. This is not the case with blockchain.
Its increased efficiency and savings are only realised when you
change your business model radically.
Giorgio: In closing, and looking back at the discussion between
Freddy and Filippo, a word on other innovations such as
artificial intelligence and machine and cognitive learning. Are
you as excited as Freddy and Filippo about the potential these
things offer to address the regulatory onslaught that financial
institutions are facing?
32
Massimo: My opinion is that it depends on the specific problems
you have to tackle. If it were possible to deal with compliance
with new regulations for bilateral initial margins or implementation
of the standardised initial margin models in a market organised
around blockchain, there would be massive improvements. Until
now, we have traded with initial margin only among a few large
banks with similar levels of technology. In a few months, we will
see initial margins for the majority of relevant counterparties.
At that point, there is the potential for the market being overwhelmed
by data and implementation disagreements, lack of standardised
processes to solve these disagreements, and compliance issues
related to specific features that a depositary institution needs in
order to be able to hold initial margin.
When I was working at R3 as a member of the board and with
responsibility for research on collateral and risk management, we
looked at the possibility of using blockchain technology for initial
margin.
The enormous advantage that you would have in such a business
model would be that the participant bank would be working on the
same data stock. They could agree to use not the same code for
the initial model, but essentially the same implementation as part
of an agreed smart contract. This could eliminate the possibility
of disagreements and consequently the need for reconciliation.
With blockchain, the manner of handling initial margin would
be completely different, and the special deposits required by
regulators could be more easily obtained by designing special
digital wallets.
With regard to FRTB, you don’t have the issue about agreeing with
your counterparties, but rather an issue about agreeing with the
requirements set by the regulators. These requirements are things
such as the so-called “P&L attribution test” or the VaR test banks
are expected to run every day. Their internal models are expected
to meet hard statistical conditions if the bank wants to keep the
capital savings that are made possible by having an approved
internal model.
In this case, I immediately think of machine learning as technology
helpful to the task. When a banks developed an internal model, this
internal model had to be back-tested multiple times on historical
data. This was not the fundamental condition for having the model
approved, because the expert judgement of the regulator was
even more important. Now, after the initial approval, the situation is
reversed: the test needs to be run every day on an ongoing basis
and it is the critical requirement to keep the internal model.
Being able to do this task which is defined by precise formulas,
every day with the data that we see over years with different
conditions, is a job for machine learning algorithms. I really
expect that banks will use this technology. While they will need
to understand and justify the costs, it’s unthinkable to me that this
problem, which is completely based on data and mathematical
formulas, will not be approached with what we today call artificial
intelligence.
33
CONTACTS
Avantage Reply (Rome)
V.le Regina Margherita, 8
00198 Roma
Italy
Tel: +39 06 844341
E-mail: avantage@reply.it
Avantage Reply (Turin)
Via Cardinale Massaia, 83
10147 Torino
Italy
Tel: +39 011 29101
E-mail: avantage@reply.it
Avantage Reply (Lisbon)
Avenida da Liberdade, 110
1269-046 Lisbon
Portugal
Tel: +351 21 340 4500
E-mail: avantage@reply.com
Xuccess Reply (Frankfurt)
Hahnstrasse 68-70
60528 Frankfurt am Main
Germany
Tel: +49 (0) 69 669 643-25
E-mail: xuccess@reply.de
Xuccess Reply (Hamburg)
Brook 1
20457 Hamburg
Germany
Tel: +49 (40) 890 0988-0
E-mail: xuccess@reply.de
Xucess Reply (Munich)
Arnulfstrasse 27
80335 München Germany
Tel: +49 (0) 89 - 411142-0
E-mail: xuccess@reply.de
Avantage Reply (Amsterdam)
The Atrium | Strawinskylaan 3051
1077 ZX Amsterdam
Netherlands
Tel: +31 (0) 20 301 2123
E-mail: avantage@reply.com
Avantage Reply (Brussels)
5, rue du Congrès/Congresstraat
1000 Brussels
Belgium
Tel: +32 (0) 2 88 00 32 0
E-mail: avantage@reply.com
Avantage Reply (London)
38 Grosvenor Gardens London
SW1W 0EB
United Kingdom
Tel: +44 (0) 207 730 6000
E-mail: avantage@reply.com
Avantage Reply (Luxembourg)
46A, avenue J.F. Kennedy
1855 Luxembourg
Luxembourg
Tel: +352 26 00 52 64
E-mail: avantage@reply.com
Avantage Reply (Milan)
Via Castellanza, 11
20151 Milano
Italy
Tel: +39 02 535761
E-mail: avantage@reply.it
Avantage Reply (Paris)
Rue du Faubourg Sainte Honoré, 3
75008 Paris
France
Tel: +33 (0) 1 71 24 12 25
E-mail: avantage@reply.com
Visit Avantage Reply’s LinkedIn pageVisit Avantage Reply’s LinkedIn page
Recommended