Compliance framework vs. RegTech with Big Data

Around 6 months ago, I was being invited to participate in a panel discussion for an IT security conference.  The topic was about Security Innovations and my focus is mainly on AML transactions monitoring as that time I was still working in this area for a global banking incorporation.  Recent years, people start to discuss about the Regulatory Technology: - RegTech.  The origin of the term “RegTech” was introduced by the Financial Conduct Authority (FCA), defining this as: "RegTech is a sub-set of FinTech that focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities".  And I believed that RegTech is not only the ordinary technologies that highly used in the compliance transactions monitoring or name screening, but also an innovative high-tech solution on making the compliance more effective and efficient, in other words, a real revolution of the entire compliance framework today.

Compliance today is basically regulatory enquiry oriented resulting that the regulators continue to increase their scrutiny and then fines.  I think the major reason is that regulators just indeed do not know what and where the industry would do and moving forward.  The business model is ever-changing, from the ATM/Phone Banking in early stages to the e-Banking in mid 90s to the recent FinTech era.  Over the last several years, regulatees have had to deal with an increasing number of diverse, uncoordinated and ever-changing set of regulations across different locations.  To stem the tide, moving towards to a more holistic regulatory response mechanism might be the only door to out and the innovations of RegTech with Big Data would be the key.

Put into practice, I believed that RegTech is more on a workflow and I think one of the ways that we could go is to combine different market available solutions into the compliance workings cycle.  For example, we could leverage the artificial intelligence solutions with the Big Data detection scenarios and the audit sampling approaches, such as combining Assisted Review in e-Discovery with Cumulative Monetary Amount (CMA) sampling method on top of the existing detection scenarios approach.  I would be very keen that RegTech would create a revolution for today’s compliance which would facilitate the delivery of regulatory requirements and continue improves the efficiency and effectiveness of the existing capabilities.  There is always a better solution to make our world better as well as making our life easier and RegTech approach would definitely be one of these where I would share more on my experience in the near future post.  However, the very first road-block now might be more on the today’s compliance management people on who firstly dare to make this little step forward as to overcome the today’s problematic compliance approaches. 

If you are also interested in this area, please feel free to drop me a note and I am always happy to discuss and work together with you as to make this little step forward.

My first post: - Introduction

conceptual structure of my focus areas

As for my first post, let me start with some quick explanation on what’s Computer Forensic, e-Discovery and Data Analytics is according to my own understanding and interpretation.

 

I am a Chinese who born in British Hong Kong. My mother-tongue is Cantonese where English is one of my second languages.  However, be honest, I am an idiot in Chinese character typing so that this blog is going to be conducted in English and I think people interested in my focuses do have a common language in English. 
 

Please kindly forgive me if you found any silly grammatical mistake here and please just feel free to clarify with me if any of my words are misunderstanding or misleading.  All the things in this blog are purely based on my own experience so please allow me to place my very first caveat here that the information provided in this blog may not happened the same in your scenarios where I do believe that there are always much more to explore and to learn in the reality.

 

Computer Forensic: - general speaking, it’s about investigating and presenting on what the users did on any of his digital devices including, but not limited to, desktop, laptop, external hard disk, USB thumb drive, smart phone, etc.  Computer Forensic experts are acting as a storyteller who present the fact.  We are not magician or superman with superpower, so that all our analysis or works are always technically limited by the available technology sciences.  The most common tasks are data preservation, data recovery, system log analysis, etc.  In additional to dealing with the technical supports, unlikely ordinary IT people, computer forensic experts also required to have certain legal knowledge and presentation skill to act as the storyteller in the Court or towards the clients.

 

e-Discovery: - It’s a legal terms from US originally.  It’s about discovery in litigation or regulatory requested investigations on the electronic stored information (ESI).  Over 70% of works are relied on the software which allows us to do indexing, keyword search, and some other analytics on the backend; then allows the investigators, such as forensic accountant, lawyer, law enforcement officer, etc. to review the information with an auditable and forensic sounded process from the frontend.  The rest 30% are relied on the analysts’ experience while there are always sometimes tricky step which enable the data access towards the actual data content, such as encrypted data, email archive, OCR, etc. and to make the review process more effective and efficient. 

Data Analytics: - As from the words itself, this is to analyze the data according to the business needs.  It’s not only about investigation but could also in any forensic or non-forensic needs.  It could be for business review, management consulting, academic research, personal interest, etc. which is a very hot topic today namely “Big Data”.  Data Analytics has generally no limit on work scope range from purely data entry and consolidation, system and data integration, business restructuring, user interface design, to management decision making, etc. This almost 90% relies on the data experts’ experience and innovations to identify the right most solutions task by task.