Bank IT compliance: how financial services can stay compliant with regulations

Financial services compliance is a big area. Antony Savvas looks at strategies that can help organisations stay on the right side of the law, meeting regulations and industry-adopted standards


Prajit Nanu, CEO of B2B payments platform Nium, says it’s in everybody’s interest that payment transactions are as frictionless as possible, but many commonly used payment systems carry unnecessary layers of complexity, including when ensuring regulations and compliance.

He says automation can help to resolve lags arising from risk and compliance checks, which can be a time-consuming and labour-intensive process, particularly for those dealing with cross region, cross country checks. An automated payment platform appropriately integrated with other business software can perform these checks much more seamlessly.

Nanu says: “Digital tools, such as individualised transaction profiles, coupled with the output of machine learning processes, will be able to offer real-time solutions which significantly reduce the time required for risk and compliance checks, while still allowing effective identity verification and fraud detection checks.”

A guide to IT governance, risk and compliance — Information Age presents your complete business guide to IT governance, risk and compliance.


Leo Labeis, CEO at coding platform REGnosys, says: “Regulatory reporting has long been a challenge for financial institutions, as the sector has historically struggled with standardisation, meaning firms are often forced to contend with fragmented and ambiguous reporting requirements across jurisdictions – adding cost and risk.

“The delay to the rewrite of the US Commodity Futures Trading Commission [CFTC] from May to December 2022, itself following the delayed technical standards publication, illustrates just how much work is involved for firms to comply.”

Crucially, however, the new CFTC Rewrite deadline allows time for financial institutions to review their regulatory reporting practices and adopt more efficient processes to data management. Technology-driven initiatives, such as ISDA’s (International Swaps and Derivatives Association) Digital Regulatory Reporting (DRR), will play a central role in this transition, offering firms the chance to build an open source, standardised and machine-executable interpretation of the rules.

DRR should streamline post-trade operations and help firms adapt to upcoming regulatory deadlines.


“Successful compliance must be embedded into sales and service processes, and this starts with a mindset that’s trained into your staff and ends with both automated and manual compliance checks, that protect the customer, the bank and support staff,” says Steve Morgan, global banking business lead at Pegasystems. “To embed compliance into any process, such as onboarding/KYC [know your customer], lending or transaction monitoring, requires technology that can, for example, run simple online checks for identification for account opening or tap into large volumes of data for fraud or sanctions checking.”

It also needs to be able to send any exceptions to someone for a human touch to intervene, providing them with all the relevant information to easily resolve and track. When regulations change, then processes need to adapt, and again technology plus training enablement should be easily adjusted.

“Not adapting fast and easy to regulatory change is where banks can slip up, drop into manual interventions and inadvertent non-compliant behaviours,” adds Morgan.

To keep pace with compliance regulatory change easily, banks should be leaning into low code workflow automation with predictive and adaptive models, so that compliance is easily integrated.


A “regulation as-a-service” approach will become the new normal, to the “relief” of banks and financial institutions, as they will no longer need to deal with managing software implementation, says Pedro Porfirio, global head of treasury and capital markets at financial software provider Finastra.

Currently, many banking and treasury management systems, and the regulatory reporting solutions that sit alongside them, are working as independent data silos, making it difficult to consolidate data. APIs and data lakes, on the other hand, provide a single access point to multiple sources of data, providing visibility front-to-back to reduce risk and ensure compliance, through real-time reporting.

Porfirio says financial institutions will share all relevant data securely through the cloud with selected ecosystem partners, for processing in “full compliance” with regulations across all relevant jurisdictions.

Know your customer, anti-money laundering (AML) and sanction-screening requirements are all examples of services that can be provided in this way, he says, as well as “risk as-a-service” type offerings for handling the necessary risk calculations in relation to the industry’s Fundamental Review of the Trading Book (FRTB).

“Enhanced data management lies at the heart of regulation as-a-service. The use of artificial intelligence and machine learning, supported by cloud and digitalisation, will connect to this readily available data, and will be key in ensuring compliance, helping to spot suspicious behaviour, potential fraud or other areas of risk,” Porfirio says.

Secure Storage

“Banks need to be very careful about the types of cloud solutions they choose to adopt, and one way to stay compliant is to adopt private cloud storage solutions that are deployed entirely within the organisation firewall, and enable firms to comply with data residency requirements,” says Aron Brand, CTO of data storage firm CTERA. “Cloud solutions should also be required to use at-rest data encryption, and must integrate with the bank’s existing security infrastructure, including key management solutions utilising the KMIP protocol.”

In addition to data residency and encryption, banks need to consider other security factors when choosing a private cloud storage solution. It must provide granular controls over who has access to what data, and the auditing and logging capabilities should be comprehensive. Some modern storage solutions also offer AI assistant behavioural-based alerting, that can detect threats before damage is done, and data classification tools that detect sensitive and regulated data, eliminating excessive data access.


Intelligent automation [IA] has become vital for not only future competitiveness and differentiation in financial services, but also for maintaining compliance,” says Brian Halpin, SVP at AI software firm Blue Prism, and the former head of automation at HSBC. “By automating compliance processes, which typically include time-sensitive and intricate tasks, you can limit costly human error and also free up crucial staff time to be used on more fulfilling roles.”

Halpin says automation technologies support digital ecosystems that can “re-shape” how financial services are discovered, assessed, purchased and delivered. He cites one example. One of Europe’s oldest and largest banks, serving more than 10 million customers in multiple countries, realised major gains in service quality, speed-to-market and customer experience from its IA deployments.

More than 300 acquisitions had led to a complicated operating environment with no core banking system. IA enabled the bank to manage operations across legacy estates, using a combination of APIs and software bots to bridge systems and alleviate problems. The bank reckons it has achieved a 150 per cent improvement in overall efficiency from its automation and expects additional gains from process improvements in 2022.

Customer vulnerability

Organisations providing financial services to consumers are required by law to have a special protocol for identifying and interacting with vulnerable customers. Failure to do so can result in substantial penalties as well as reputational loss.

Darren Rushworth is president of NICE International, the international division of the UK National Institute for Health and Care Excellence. He says: “What’s startling is how many of us are classified as vulnerable. The Financial Conduct Authority classifies 27.7 million adults – 53 per cent of the UK population – as having some vulnerability, including poor health, low financial resilience and low capability. And just because someone is not deemed vulnerable today, it doesn’t mean they may not be tomorrow.”

Contact centres rely on their agents to identify vulnerable customers based on training. But it is difficult to determine the subtle clues of vulnerability because many consumers are not willing to admit or are even unaware they classify as vulnerable.

Artificial Intelligence when correctly implemented in a financial services provider’s contact centre can interpret consumer behaviour and can consistently and accurately identify vulnerable customers during interactions, without manual effort. Machine learning identifies these behavioural patterns in the data that would be inaccessible to humans.

“This results in organisations being able to comply with FCA regulations and deliver exceptional customer care,” says Rushworth.


How the regulation of big tech can affect your business — The UK’s pending Online Safety Bill and the EU’s Digital Services Act are designed for the regulation of big tech, but there is the issue of legal but harmful and unintended consequences that can affect your business.

How financial services companies are gaining value from cloud adoption — Ben Walker, partner and founder at Airwalk Reply, and Matt Mould, partner at Storm Reply, spoke to Information Age about how financial service organisations are gaining value from cloud adoption.

The role of data analytics in Fintech — This article will explore the role of data analytics in Fintech operations, as the disruptive innovation space continues to grow.

Antony Savvas

Antony has been a business technology journalist for 35 years, including following the convergence of computing and telecoms, the emergence of mobile and wireless data, and now new industry productivity...