Risk and compliance analytics for small and midsize firms
We often hear the following questions and comments when discussing risk and compliance analytics with small and midsize firms: I’ve had surveillance tools and processes in place for years, they’re working just fine. We’re a small firm, how can we benefit from risk and compliance analytics? We don’t have the resources to deploy and manage compliance analytics solutions. Why change?
While valid points, there have been a number of changes and trends in the information and regulatory landscape in recent years that make it increasingly difficult to properly execute the compliance function. These changes have hampered the effectiveness of status quo compliance processes and tools (designed and built a decade ago) and smaller, less resourced firms will adopt increased compliance risk as a result. Allow us to elaborate on these changes.
A number of trends have intensified of late that, in our opinion, require that compliance teams rethink how they can better achieve adequate and effective oversight of regulatory risks and compliance violations. Some of these trends are as follows:
- Compliance teams are overwhelmed as the volume, velocity, and variety of information has increased exponentially and continues to do so (think email, IM, social, etc.)
- Legacy methods of violation detection aren’t as effective as they once were (too many false positives)
- Compliance teams are increasingly too reactive in response risks and violations (if you do successfully detect, how long before you respond?)
- Regulators such as Finra are issuing more frequent examinations, fines are on the rise, and more emphasis is being placed on firms establishing a proactive “culture of compliance”
In light of these trends, it’s clear that compliance teams are being squeezed. On one hand, regulators are demanding more. On the other, tools and processes aren’t as effective as they once were. And compliance teams are stuck in the middle. You may be feeling the pain already.
But the root of the problem is not compliance teams, of course, it’s that the legacy tools and processes in use to manage risk and violations are no longer satisfactory. These tools and process exhibit a number of deficiencies such as: violation detection methods (lexicons) yielding results riddled with false positives, surveillance processes that are too narrowly focused (electronic communications only; no correlation with other information sources such as trades), and underlying technology that’s bogged down by an ever-increasing amount of information. The existing model of risk and violation management – more specifically supervision or surveillance – while effective in 2006, is simply broken in 2016. Firms of all sizes need a new model with which to better manage regulatory risks and compliance violations.
That new model has in fact emerged. It’s built on the latest techniques in big data and data science to help move compliance teams from reactive response to proactive prevention, and addresses many of the changes in the information and regulatory landscape head-on. Risk and violation analytics that is built on this model should encompass the following characteristics:
- Provides a holistic view of risk and violations across multiple data sources (eComms, trades, IOI’s, CRM data, file and network access data)
- Identifies risky behaviors, patterns, and relationships – and proactively flags the potential for regulatory violations
- Incorporates violation detection techniques that significantly reduce the number of false positives
- Is actionable and audit-able, to enable follow-up on risk and violations in an accountable way
- Enables compliance teams to be proactive, not reactive, to align with expectations of regulators such as Finra
But how do smaller firms adopt such a model? If many large firms have already done so and have incorporated it into their compliance workflows by leveraging vendor solutions, why haven’t smaller firms? The answer is simple: solutions as such are too expensive and too complicated. And aside from having a high sticker price, they oftentimes require a sizable amount of customization, configuration, and ongoing management. Most smaller firms simply do not have the resources for this, and thus the status quo remains. But at what cost? At what compliance risk?
In summary, firms of all sizes now face a vastly different information and compliance landscape than they had faced historically and existing risk and compliance tools / processes are increasingly ineffective in this new environment. While large firms have begun to adapt and erect new compliance tools and processes, the same tools and processes are often too complex and too cost prohibitive for smaller firms. Simply put, there is indeed compliance value in new tools and processes such as risk and compliance analytics for small and midsize firms, but solutions as such need to be easy to deploy and configure, and can’t break the bank.
Panalytics Comply cost-effectively enables risk and compliance analytics for small and midsize firms. Click here to learn more.