26 July 2017 by Bronwyn Kunhardt
Polecat's Bronwyn Kunhardt argues big data can spot potential hazards, offering protection in the face of unprecedented scrutiny.
The year 2008 was pivotal. During the subsequent record-breaking downturn, financial regulators faced massive pressure to rein in what was, at the time, perceived as the cowboy practices of some bankers.
Potent, effective regulation was what the public and the government demanded, and major structural change to the sector’s oversight was the result.
More recently, it has become increasingly clear that the organisations tasked with policing financial institutions have every intention of facing up to that pressure. This will be done not just by leveraging more heavy-handed fines, but by promising ongoing action and monitoring in the future against those that fail to put their houses in order.
However, at the start of the financial crisis the world was a very different place, and not just measured in terms of disposable income. Just over a year before the collapse of Lehman Brothers, Apple launched the first iPhone. A year before that, Twitter was founded.
The ten years since the crash have been ten of the most technologically progressive and fast-paced in history. It should come as no surprise that during the financial services’ greatest modern crisis, the sector looked to the emerging world of technology for some answers to the problems it faced.
One way in which banks have responded to this increased regulatory scrutiny is to invest in big data technologies that allow them to monitor the risk profile of companies in their value chain.
These new governance, risk and compliance (GRC) tools are quickly proving to be an invaluable weapon in the arsenal of compliance officers, enabling companies to identify and address irregularities before they escalate to proportions that erode trust and lead to punitive litigation.
Compliance officers in modern financial institutions have to think about and plan against a huge variety of risks. Although their resources remain largely the same, they have to contend with increasing difficulties, from issues around bribery and corruption, to breaking sanctions, anti-money laundering and unfair selling.
Where in the past the regulator was judge, jury and executioner in cases of compliance failure, that power dynamic has changed quickly. It is no longer just the ire of regulators that firms have to fear, with a potentially more powerful threat emerging and making its presence felt – the court of public opinion.
“It is no longer just the ire of regulators that firms have to fear, but the court of public opinion”
The public and voluntary sectors are gaining ever-greater influence in the social media age, and compliance officers need to be aware of stakeholder concerns that even a decade ago would have been more exclusively within the remit of the corporate affairs or marketing team.
The financial services sector being what it is, inevitably some of the issues compliance teams must work to avoid are contentious and inflame fury on the high street. Offences which may not even qualify a company for significant regulatory sanctions can nevertheless engender deep concerns about corporate ethics, culture, governance and transparency.
Putting aside for a moment the brand and financial implications of reputational damage, any increase in public attention and anger can have a knock-on effect on the relationship between companies and regulators.
The attention inevitably invites speculation, comment and scrutiny from multilateral institutions, politicians, and NGOs. The default response, echoed at every indiscretion, is the call for regulators to have tougher powers to stamp out misconduct.
Looking at examples of just how much more proactive regulators have become, even a cursory glance at the figures paints an unmistakable picture. Take the banking sector, fines rose by 68% year-on-year in 2016, with $42 billion of fines levied in just that one year.
Despite this stark increase in regulatory power, there is little evidence that the influence of the overseers has plateaued, with each new issue leading to more and more pressure for an even sterner approach.
But just as the catalyst of public opinion firestorms hits the power balance between firms and regulators, another change in the relationship is starting to take effect, giving compliance teams yet another obstacle in staying ahead.
As fast as contentious issues can now escalate via social media around the world, new technology allows any interested parties – including regulators, compliance teams and others – to interrogate that global conversation, and to do so in real time, giving firms a relatively small window in which to respond to the latest events.
Parties on all sides can now take this unstructured data – everything ever published online – and use it to identify early warning signs, emergent trends and indicators of systemic problems around individual firms that warrant further investigation or intervention.
“Even the universe of unstructured data can now be distilled into accessible intelligence”
Technology’s ability to use big data and complex algorithms is opening up many new avenues, as it harnesses the science of linguistics to understand not only what is being said, but the context and to an extent the intent behind it.
In the first instance, it means that even the universe of unstructured data can now be distilled into accessible intelligence, revealing the complex relationships of banks with each other, as well as with the wider world.
Simple visualisations allow entire networks and value chains to be distilled down into dynamic and accessible information that can be tracked relatively easily. Doing so can and will quickly reveal compliance concerns, trending issues, and industry benchmarks, in different languages and markets – all at the click of a button and on a single screen.
However, the ability to reveal compliance concerns at the click of a button is not limited to regulators. Campaigning groups and NGOs are also making use of technology to highlight the complicity of the financial sector in causes they may be championing.
In the US recently, financial backers of the Dakota Access Pipeline were targeted by NGOs as vociferously as the energy firms they are funding to deliver the highly contentious pipeline.
The threats posed by regulators and NGOs are related, but distinct. While regulators are interested in cracking down on illegal or officially unethical behaviour, NGOs have a wider societal remit, and will determinedly identify actions and misdemeanours that they know will inspire a visceral public response.
Unlike regulators, many NGOs are also highly skilled users of social media when it comes to campaigning, and know how to leverage Facebook, Twitter and other networks for maximum impact and corporate embarrassment.
Reputational risk is entering a new era where the public and third party organisations have an unprecedented role in leveraging technology to monitor the activities of corporations, as well as campaign against them.
The net result is that compliance officers have more than fines to worry about. Like it or not, they have an increasing role to play, alongside others, as guardians of their organisation’s brand.
Today, it is the risks posed by corporate partners – so-called third-party risk – that poses the greatest compliance problem as companies are increasingly held accountable for standards of behaviour and performance not just within their own organisations but across their entire network of customers, partners and suppliers.
Major international financial institutions can involve tens of thousands of associated companies, so keeping track of what is going on across each and every one of them can be extremely difficult.
The process of due diligence to ensure key relationships meet not just regulatory requirements, but the highest governance and ethical standards, can no longer be a one-off or annual exercise.
It has been repeatedly proved to be untenable for any major corporation – particularly those with well-known consumer brands – to claim it did not know about underhand dealings undertaken on its behalf in some remote corner of the world.
“We have entered an era where ignorance, even on a grand corporate scale, is no excuse”
We have entered an era where ignorance, even on a grand corporate scale, is no excuse – and indeed is a massive liability. The onus is now on firms themselves to double-check the behaviour of partners in their network. It is a huge responsibility, and compliance officers are right on the front line.
Once upon a time – although not so long ago – the immense complexity of such networks and hierarchies meant a full understanding of activity and exposure was impossible. Firms could claim they could not possibly have knowledge of everything that goes on everywhere, but nowadays technology has changed all that.
The availability of data on these relationships and hierarchies is now everywhere, and organisations have no excuse for not delivering oversight of all of their networks, including full purview of the digital landscape and the intelligence it reveals – good, bad or ugly.
Only constant monitoring can help fulfil regulatory, stakeholder and shareholder expectations of governance and risk management to protect and enhance reputation and licence to operate.
Big data allows companies to cast an eye across the breadth of the globe to the remotest of corners – always open and alert to trouble, so that it can be proactively addressed and mitigated.
Amid all these difficulties, the good news is that today’s big data technologies not only provide compliance officers with far more effective risk monitoring and mitigation intelligence, they also help cut costs at a time when many financial institutions are looking to achieve the dual tasks of efficiency and global expansion.
Automating aspects of due diligence, vendor risk management and supply chains will bring greater rigour and confidence alongside cost efficiencies.
In embracing new digital GRC tools, compliance officers can simultaneously deliver the transparent due diligence demanded by regulators and the foresight, efficiency and rigour so valued by boards, customers and shareholders.
Ultimately licence to operate depends on the court of public opinion as much as any court of law, and employing the best technologies to protect and enhance operational performance will deliver the corporate reputation and trust essential to ongoing value creation.