Financial institutions are being urged to enhance their compliance practices, ensuring they manage costs and profits without running into regulatory hurdles. Ongoing demands from regulators, lawmakers, and customers are prompting these institutions to adopt new strategies and embed compliance controls into their regular daily operations.
To help them do so, financial services regulatory intelligence company JWG has joined forces with Apiax and EY, to produce a research paper entitled Embedded Compliance Unlocked: Leverage AI-enabled compliance tooling now to be ready for 2025.
The study is based on a variety of worldwide sources and is underpinned by over 20 interviews with compliance and business professionals from both sell-side and buy-side sectors, exploring the potential of embedded compliance for the financial industry.
Embedded compliance explained
The report explains what is meant by embedded compliance and how it works.
Through embedded compliance, an organization recognizes that legal obligations should be an inherent part of its operations, rather than an add-on. With rules explicitly baked into its fabric, managers can consistently ensure that regulations are met and risks detected and minimized in a timely manner.
David Silverman, senior risk and compliance executive, said: “This study describes the transition which financial services is undertaking now. Like the car companies in the 70s, we cannot rely on a department to catch the mistakes. To have quality at every step, we have to have compliance at every step. It needs to be baked in.”
The “compliance by design” or “embedded compliance model” is more likely to please regulators who are demanding that firms have a mix of detective and preventive controls (see graphic below). By relying on rule libraries, checks at the point of transaction can be done more consistently and the risk control and attestation aligned to business process, not stuck in a spreadsheet maintained by people who sit far from the business.
The business can make increasingly complex judgments faster and more consistently by embedding compliance in the workflow. The more that can be done to embed controls in the workflow, the timelier the checks and the more the business has certainty as to what it can and can’t do.
PJ Di Giammarino, JWG’s founder and CEO, said: “With more leaders embracing RegTech, the industry can be more agile and efficient. Common models and open source become the reference point for ‘what good looks like’ to the customer and regulator.”
Rule-based compliance workflow
Shifting compliance from a “noun to a verb” has big implications for an organization. The report said that rule-based workflow flushes out the detail of how the business really works and forces alignment across businesses, geographies and customers.
Embedding compliance means moving away from weighty policy documents to rule repositories and model-based controls which align advisory from the Second Line of Defense and put the checks into the systems that the business uses.
Embedded compliance imperative
Three lines of defense
The report said that the traditional compliance department should not be the only beneficiary of the business taking more ownership over their controls. It also gives the rest of the lines of defense a way to align their control frameworks. Legal, risk and audit functions are able to work to the same description of risk and align governance. This enables technical legal and risk advice in a jurisdiction to be captured and integrated in a consistent way.
The report highlights the steps that the surveyed financial institutions are taking in their digital transformation. By adopting embedded compliance using rule repositories, model-based controls and generative AI approaches, these institutions navigate between regulatory compliance and profit ambitions. According to the report, this ensures regulatory compliance at every step of the way.
Ralf Huber, co-founder of Apiax, said: “This paper provides an excellent roadmap for compliance functions’ digital journey to streamline business controls and reduce risk by embedding compliance into core business processes. Our clients are seeing real RoI for the trip down this road to a fully- digital business.”
The paper is available free of charge and can be downloaded from the Apiax website.