This is a transcript of the podcast episode PJ Di Giammarino on regtech and embedded compliance featuring a conversation between GRIP’s senior reporter Carmen Cracknell and JWG founder PJ Di Giammarino.
[INTRO]
Carmen Cracknell: So, PJ, it’s great to have you here. Could you start by telling us about your background and what led you to found JWG Group?
PJ Di Giammarino: Sure. Thank you for having me, Carmen. It’s been a wild ride for me in the compliance space. I didn’t grow up a compliance professional. I was really an ops and tech guy that got bought up into a McKinsey in the late 80s, early 90s, right when the internet was a big new thing. So, I did lots of plumbing and more strategic work to try to figure out how to apply technology to solve business problems.
When I was coming out of Barclays on my way to Goldman to do an operational role, I met Mifid1 at a joint working group meeting, which is where the JWG comes from. I was just shocked at this great opportunity we had to do things better, faster, cheaper and safer because we could get all common interpretations on the same page. And that’s the benefit of new regulation coming in. So, I pivoted my career to really focus on building a network of regulators, regulated and their suppliers.
JWG is an independent safe space. It sort of works with many trade associations to try to reflect the priorities that the industry has. And we act as a voice of reg tech priorities of implementation. So, we’re the ones there trying to look ahead, see what’s coming, mutualize efforts and get standards and help everybody control the change.
Carmen Cracknell: Cool. And I guess a lot’s happened since Mifid1. What regulatory reforms right now are in progress and the most needed, do you think?
PJ Di Giammarino: Yeah. I mean, where do you start, right? You know, as well as I do doing these many different podcasts, there’s so many different angles, but ultimately, we’ve focused on a top 50 right now that really are all focused on regulators having taken technology-centric obligations and baked them into new policy.
So, we’re looking to get to those places where regulators have really specified that you no longer can use a pencil and a piece of paper to put the return in. That you now need to have your risk data aggregation capability able to have a data dictionary with up-to-date data lineage and that people are responsible for a whole raft of kind of quality controls, as an example.
So, what we’ve done is looked at it holistically, what is it that the businesses are being asked to do by these regulations, then focused on the places where the pain is the most and the value of collaboration is the highest. And really, what we’ve seen is that, you know, with the new technology coming on board, there’s a really fast-paced change in place happening this year for compliance. You know, really, this critical point where the how you do the compliance is really part of thinking about how do you comply with the new reg.
Carmen Cracknell: And I guess AI is a big part of that. How can firms leverage AI compliance tools?
PJ Di Giammarino: It’s a fast-moving conversation. We did a research paper last year talking to the compliance community and the ops and tech folk that support them really around this very topic. And as we’re doing the research, which was unlocking embedded compliance, which we published at the end of the year, you know, the whole Gen AI conversation was springing up. And I think that in a nutshell, it was really healthy to have senior management wake up to the fact that the technology can do so much more and actually get their hands on these large language models and start applying them.
But it really forces the conversation about compliance back to how do we get the role right. And for us, what we argue about the nature of the compliance function moving forward is it has to be more about being keeper of the Boolean logic. You know, and that logic today, kind of exists in policies, you know, big, thick documents that kind of marry up via to the systems that people actually use will be a control. But those controls tend to be on spreadsheets and line up to PowerPoints. And they’re kind of hard to keep lineage of the whole thing. And those days are gone. And really, to leverage the power of Gen.
AI and all the good tools coming in, you need to codify these rule sets in a logic that the machines can understand. And the humans have to be able to use the applications they need to book the flight or process the trade or put something in front of a client, you know, with the system that’s attuned to the same rules that the compliance organization has blessed in his is that the control functions are able to sign off on. So it’s really that the bridge across those, the systems that’s becoming enabled by AI. And I think that, you know, a key part of that is staying on top of the regulatory change. And that’s the place where we help the most.
Carmen Cracknell: Yeah. And the report you mentioned, which can be found on your website, Embedded compliance unlocked, leverage AI enable compliance tooling now to be ready for 2025. Can you talk a bit about what exactly embedded compliance is and how it works?
PJ Di Giammarino: Sure. So embedded compliance is all about making sure that the, you know, the systems that I’ve got my hands on now, while I’m doing the thing I have to do for my firm, are aligned back to a common set of logic. And that logic can exist in many different types of systems. But if you think about it as a kiosk, there’s a central knowledge base that says in order to do, you know, thing X, these are the rules of the road for doing it. If I want to offer that product to that client and that jurisdiction, here are the hurdles I have to pass in order to be able to present it to them.
And if they don’t click these boxes, they’re not even going to see it, right? It’s no longer a case of somebody thumbing through a policy manual to try to make that happen. And that and the great thing about getting that into, you know, structured, if then else statements, is that it enables the person that’s trying to do the business very clear as to whether that’s something they’re able to do. And they put compliance in an advisory position when there are questions.
So it really helps clear that conversation in a much more straightforward way. The other thing it does is it really makes it easy to prove to a regulator that yes, these obligations and these regulations are being met by these controls. And this is how we check them and can confirm that that we’re all under control. And more and more, that’s the nature of the conversation.
And regulators are actually looking for firms to be adopting regulatory horizon scanning technology like we provide with our Reg Delta program so that we can take website information that comes out in the form of a PDF or a memo that comes from a trade association as a Word document or some internal email and use all that to justify why a certain policy is the way it is, control that single version of the truth that people have in an organization to be able to then say, OK, this is how we do things. This is the letter of the law and this is us proving that we are in compliance.
Carmen Cracknell: Beyond companies, governments are now working on policies. The EU has its proposed AU Act so that they’re at the forefront. How do you see this playing out in other jurisdictions and what will the influence be on compliance?
PJ Di Giammarino: Very quickly, to answer the first part of your question. We’ve already seen the US and UK moving to establish AI centers. We all know that when Europe passes a law, it takes a while to get those regulatory technical standards actually on the books. We’re seeing this very quickly become a global conversation but it definitely is something that is going to take a European type flavor like we saw with cookies. There will be obligations that hold senior managers accountable for understanding the risks that could potentially occur by using AI.
What that means is you’ll have to go through a whole series of processes to say, well, what were the risks and what were the regulatory risks that I was meant to be checking on in each jurisdiction where I’m deploying it? In a lot of ways, it’s like with the crypto conversation and the fact that bitcoin is now included in some ETFs in the US has been a big hurrah. But at the same time, there’s then that downer of, oh yes, but then we now we need to make sure all these rules are followed. I think we’ll see the same with AI. It’s not going to obviate the need for any of these controls. In fact, it’s going to mean you need more of them.
Carmen Cracknell: Moving on to priorities for 2024 and the outlook going forward, what are in your view the biggest priorities for RegTech in the coming year?
PJ Di Giammarino: I think 2024 is one of these years where we’re beginning to understand where we are in the economic cycle. I think last year we just didn’t. It’s a year where we know we have a lot to do and we can finally focus on some of the things that are here and now with a bit of a longer term view. In our perspective, we follow the money. We look for where it is that implementation programs and budgets are hot and where we know suppliers will be coming in with consultants and contractors within the firms to be able to reconfigure things.
We’re looking at those things that are big thematically. For us right now, there are really three or four things that are hot other than what we have on our conference agenda. The first one is the strategic initiatives around data and reporting to regulators. The US has a Financial Data Transparency Act, Europe has a data strategy, the UK has a Transforming Data Collection. This is all coming in by 2028-2029. There’s a lot of heavy lifting and planning about what that’s going to mean, but in a nutshell, it could mean a complete rewrite of the way people think about the data that they have to share with the regulators. That’s an enormous program.
We think about that as running in the background for things like digital assets. Obviously, with MICA coming in and with the UK sandbox now being approved, which is a really big deal actually because it allows people to get right out to market with some of these tools, some of these products. That will start forcing the conversation about how do you apply truly digital controls and digital compliance. We think about that as tokenizing the whole discussion and fits with what we just talked about in terms of the embedding compliance.
Then ultimately, there’s another couple of things out there this year like client conduct, payments is being looked at again in some detail, looking at aligning AML rules globally, the open banking initiatives are starting to move again. Here in the UK, we see the economic crime plan kicking in with a lot of discussions about collaborating and getting better transparency around what’s happening. We’re watching that space as well as what the impact of post-trade T plus one clearing and settlement is likely to mean here in the UK and Europe. Those are some of the big things other than the stuff that’s right here right now at our annual conference on 7 February.
Carmen Cracknell: Yeah, this is slightly off my next question, but around digital assets and MICA and the struggle for regulation to keep up with technology and digital assets, how can compliance and regulation keep up with such fast-paced technology? What are your views on that?
PJ Di Giammarino: Well, much like my views on what’s happening internally to the firms, you have to get if-then-else statements sorted out because you need to have that logic about this asset was able to be offered to this individual under this regime according to these rules. Then if that asset travels to another jurisdiction, the rules may change, but you have to be able to control that.
These will be the new challenges. How do I know my customer? How many hops do I have to take? How do I do market surveillance when we have to think about the exchanges slightly differently? Those are the probably leading conversations that will force some of the bigger banks, bigger asset managers to really start looking at how do they think about compliance, not just for digital assets but for other asset classes as well.
Carmen Cracknell: So talking about your upcoming conference in February, and I know this is going to be a major topic there, what is lacking right now in regulatory reporting?
PJ Di Giammarino: Yeah, well, this is our eighth annual conference, right? And so reporting, I don’t think we’ve had any conferences in RegTech that haven’t talked about regulatory reporting, but it really is here and now. And so one of the big things we’re focusing on is the data crossroads. There’s just so much transactional information that’s on the agenda this year with the EMEA refit and Europe and the UK and then six other jurisdictions around the globe.
All the derivatives processing is now being realigned. And that has tremendous impact then on all of the infrastructure and frankly, the standards community, which has really had a big step up in the past couple of years, I got to give a call out to Finos who have been helping the financial open source community that runs within the Linux Foundation. So it’s a 501c.
We’ve actually seen open source RegTech get delivered in time for some of these implementations. So that really changes the game in terms of how you think about then, OK, what are the new control artifacts that I can map to? It’s no longer just a spreadsheet or some vendors’ view of what good looks like. You can actually get your hands on this.
These are what comes out of my systems and then this is how I map it to what the regulators want. And ultimately, then that brings the number of errors down and the quality up. And that conversation is happening not just with transactional data, but also then prudential and statistical data. So all the risk reporting that is being looked at.
And we have great regulators coming on to join us. We’ll have the Bank of England and the ECB and the Banca d’Italia that are all leaving that conversation about how do you think about joining all the dots in the prudential reporting space? And what is the reality of joining that information with the actual transactions? So that really brings together the whole post-trade reporting with the risk management conversation in a really exciting way this year.
Carmen Cracknell: And what other topics are going to come up at the conference and how do people get involved?
PJ Di Giammarino: Yeah, so the way I position it is it’s everything from the trade itself all the way through the regulatory report and all the infrastructure that it sits on. So the other things that we haven’t talked about are the pre-trade surveillance space, so something near and dear to your hearts. But what’s happening there to think about using common models? And then what’s happening with the risk space around ESG in particular? So there’s a lot happening with corporate reporting and financial institutions having to collect that new reporting under CSRD and SFDR.
Again, we’re having a great Finos conversation about using some open source tooling in that space. We’ll definitely come along check that out. And then we’re looking at the operational resilience and technology risk conversations, including the AI like we talked about, which is going to come along definitely to hear that bit. But there’s also this bit of like DORA is in Europe, which is digital operational resilience. So that’s a whole conversation that’s really starting to take off because the deadlines are starting to hit and technical standards are starting to be written. And it’ll have a tremendous impact on every firm and every supplier.
Carmen Cracknell: Yeah, quite a few big regulations coming up.
PJ Di Giammarino: It is. As I say, I mean, there’s 50 of these individual regs, I’m just using general language. Check out the website, which is regtechconference.co.uk, the big agenda there, lots of articles we’ve linked in some of them we’ve probably already posted on your site as well. There’ll be some reg casts, which we’ll be recording in advance. You’ll find links to those there. You can also go to regcast.co.uk or find it on our JWG website, which is jwg-it.eu or any of your pod players that you’re probably listening to this on now. So ultimately, get involved. Let us know. 7th of February in London all day, physical event. First time we’re physical in three years. The last one we had was exactly the same day in 2020.
Carmen Cracknell: It’s good to be getting back to doing things in person, isn’t it?
PJ Di Giammarino: It is. It is.
Carmen Cracknell: Awesome. Well, have we touched on everything, do you think? Or was there anything else you…?
PJ Di Giammarino: Yeah, look, I think that I’m happy to kind of give you a post-game recap after the conference. But come on board. We’ll have literally hundreds of professionals there, lots of great sponsors that have been part of it, lots of booths, ways to check in, see what other people are doing, and have those quarter chats we haven’t been able to have that much of. So what we’re doing with that, a lot else on our agenda, we continue to scan the horizon. And our RegDelta platform is helping lots of people in lots of great ways. Check out the RegDelta page on our website if you want to learn more information about that.
Carmen Cracknell: Thank you so much, PJ, for your time.
PJ Di Giammarino: Take care. Bye-bye.