As global financial markets go through a raft of regulatory changes, demand for risk management and compliance solutions that can be streamlined across all sectors of a financial organisation is on the rise. IBM, ranked best provider for governance, risk and compliance solutions in the Risk Technology Rankings 2016, illustrates why leveraging artificial intelligence and cognitive computing while developing a risk-aware discipline is key
One of the greatest challenges financial organisations face in dealing with risk and compliance is the need to adapt quickly and effectively to an ever-changing environment.
The task is neither simple nor easy, and demand for solutions that are consistent across all sectors within an organisation is on the rise. Couple that with a recent survey conducted by CEB Risk Management – which found that 45% of respondents wish to spend less time facilitating risk identification and assessment, and more time supporting risk monitoring and mitigation – and it is clear firms are looking for risk and compliance solutions that are flexible to regulatory changes, accurate in their risk reporting and that simplify their daily operations.
Over the past few years, IBM has led the way in working with clients worldwide to help them embrace a risk-aware culture by providing an integrated platform that streamlines regulatory compliance management at financial organisations.
OpenPages, a governance, risk and compliance (GRC) software, was acquired by IBM six years ago and has since expanded its footprint into the risk and compliance space, bringing in customers from across the globe.
IBM OpenPages GRC seeks to embed compliance solutions into the everyday fabric of financial companies. In doing so, IBM helps business managers tackle their risk-aware decision-making, reducing the possibility of non-compliance across their enterprise and ultimately improving their bottom line.
Creation of a risk-aware discipline
In order to provide tangible solutions that lead managers to deliver more profitable products, IBM works closely with them to understand the risks involved with their product lines, their particular geography and their business units. Thanks to the support it provides, IBM was voted the top provider for GRC solutions in Risk’s 2016 technology provider rankings. It was also ranked number one in high-performance computing in the specialists category.
“One of the things that we’re doing is helping companies embed GRC as a discipline within their enterprise,” says John Kelly, regulatory compliance portfolio marketing manager at IBM. “The objective is to help front-line business managers take risks into consideration when making product line decisions.”
The bulk of IBM’s success comes from the banking and insurance space, but alongside financial services the company is involved in other areas such as manufacturing, energy, healthcare and telecoms. Regardless of the specific area though, one of the key aspects of IBM OpenPages GRC is that of delivering an integrated approach that combines the different point solutions into a single platform, meaning that a single data model is generated for a single set of services – such as security, user access and policy management.
Thanks to the IBM OpenPages GRC user provisioning, a full understanding of where the company stands from an enterprise risk perspective can be granted to different individuals within the firm – from the person responsible for the audit, to the chief risk officer or the chief compliance officer.
“This way you have a single view across your enterprise when it comes to executive-level dashboards, reporting and understanding each month where your exposure is and the heat maps where you need to focus,” Kelly says.
More often than not, different regulations have similar requirements when it comes to IT and security. The key word for IBM here is simplification, because reducing the amount of audits and testing saves companies time and money.
For example, Kelly explains, “just about every regulation has a firewall requirement and a password security requirement. So the IT team gets
hit very frequently with control tests. We are able to harmonise a lot of those requirements into a single control that meets many different regulations and requirements”.
Reducing the number of times a compliance measure needs to be assessed and tested means demand on the IT teams diminishes significantly.
Watson and cognitive computing
IBM’s ability to deliver several compliance solutions on an integrated data model has proven successful for several years and it has now moved on to the next wave of innovation, which involves leveraging artificial intelligence and cognitive computing.
IBM Watson uses cognitive technologies to streamline and reduce compliance costs. Watson’s ability to learn by continuously being fed queries and new pieces of information means that compliance officers can reduce the time it takes for them to identify obligations and help implement better controls.
IBM recently acquired Promontory Financial Group, an advisory firm in the regulatory compliance space. It has been using the expertise of its team – mostly made up of former regulators – to help train Watson by applying their regulatory expertise to the compliance space. As Watson ‘gets smarter’, it will be able to speed up the process and provide increased guidance.
Navigating a sea of regulation
The finance industry has reached a point where it is increasingly difficult to keep up with regulatory change. The numbers around compliance are staggering: IBM estimates that $99 billion is spent every year addressing compliance, which by 2020 will rely on 300 million pages of regulation.
Traditionally, many firms have risen to the challenge by hiring more staff to their compliance teams. But with the overwhelming amount of regulation hitting markets and new frameworks about to be implemented – such as the Markets in Financial Instruments Directive II, due to come into force in January 2018 – this approach must change.
“Firms continue to add people to tackle regulation because it’s a very manual process. But what we are trying to do is help them keep track of what is changing and give them visibility into control effectiveness, since it’s nearly impossible to physically keep pace with all that change, Kelly says.
“This is a major issue that a lot of our clients are dealing with. They are interested in how cognitive can help their overtasked team and make very manual processes more automated and more efficient,” he continues.
Kelly identifies four key risk and compliance points that IBM is helping to address through Watson: compliance costs; amount of regulatory content and constant change; risks associated with lack of adherence to regulations; and double-spending across organisations in the industry. Additionally, Watson can provide experienced compliance professionals with expertise at their fingertips so they can focus on the highest-priority activities.
“If you think about the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, that’s 2,300 pages, which is extremely time-consuming [to read]. There is an inability for compliance and legal teams to keep up with that large amount of regulation. They need to print it out, highlight it and identify which obligations apply to them, Kelly says.
“What we do is task Watson to identify the obligations, use Promontory to train it and then use OpenPages to map those obligations to the firm’s internal controls policies and procedures. The goal is to reduce that upfront obligation identification and the amount of time it takes, and to improve the accuracy of those obligations as well as visibility into the performance of the internal controls,” he explains.
Thanks to its regulatory compliance system, IBM’s clients can understand when a regulation has changed or a new one has come into force, and map it to a single control framework. With other providers, clients need to manually identify the obligations and the controls, whereas IBM provides an end-to-end regulatory compliance solution that ties it all together in one place.
Alongside this, IT security continues to play an important role for IBM, which has been working to combine decades of experience in this field with the more recent regulatory compliance analytics, meaning that the IT risk part of OpenPages has now been integrated with the IBM security solutions.
“You may have a policy in place for end-point security, and we can not only help you communicate that policy to end-users but, through our integration with the IBM security products, we can also make sure that your policy is in compliance, Kelly says.
“Further integration with the IBM security solutions has been a big push for us and a big desire from end-users. For us it’s important to leverage cognitive solutions and the security solutions, all in one IBM ecosystem.”