US$7.2 billion. That is what Deutsche Bank paid to the US Department of Justice this year for misleading invstors in the packaging, securitization, marketing, sale and issuance of residential mortgage-backed securities between 2006 and 2007 which contributed to the financial crisis.
It might be the highest fine levied so far in 2017, but there will be plenty of others showing that when it comes to managing their regulatory risk financial firms are missing the boat. For every dollar, US financial firms are spending in regulatory compliance, they are paying three dollars in regulatory fines, according to Corlytics, a Dublin-based global regulatory risk intelligence firm. More often than not, firms aren’t greedy or ignorant about specific regulations. They just don’t have an accurate grasp of their regulatory risk.
Corlytics is the latest brainchild of John Byrne, the former chief executive and founder of Information Mosaic, a Dublin-headquartered post-trade processing and software firm bought by IHS Markit in 2015. Launched in 2013, Corlytics says it uses data analytics and predictive modeling to help financial firms estimate the potential they will be fined by a regulatory agency for a particular infraction. “Each regulatory fine levied by 60 regulatory agencies on firms and individuals is reviewed by attorneys who annotate each case using metadata,” explains Mike O’Keeffe, general manager of Corlytics in charge of its London office.
Along with data scientists, those attorneys code their legal insights into machine readable data which adds artificial intelligence to come up with the predictions for regulatory fines across regulators. Financial firms can also model possible scenarios, such as entry into a new jurisdiction, product line, or service, to understand their future risk.
“Corlytics has developed a taxonomy that structures enforcement notices enabling a financial firm to look across jurisdictions for common trends and patterns,” says O’Keeffe. “This global intelligence means we can pick emerging trends that are otherwise invisible.” A score of one reflects a low probability for a financial fine, while a score of 25 reflects a high probability.
So far, five tier-one global banks are testing Corlytics’ service while five regulatory agencies have signed up to use the service. They include the UK’s Financial Conduct Authority and Bank of England. Of those five regulatory agencies, one already increased its fines when it noticed that its penalties were far lower than those of its peers for the same violations. “By observing the financial impact of regulations elsewhere, regulators can learn from one another,” says O’Keeffe. Critical to regulators is their desire to “harmonize” their policies. They don’t want financial firms engaged in regulatory arbitrage.
Corlytics will charge anywhere from as little as US$50,000 to as much as US$500,00 a year for access to its database which has analyzed regulatory fines, which incorporates historical data as far back as 2009. The fee for obtaining information on particular fines, analysis of trends and a risk score for each of sixty regulators in 24 categories of regulations depends on the value of assets the firm has under management. Corlytics officials insist the money is well spent. It is far less than the minimum of US$1 million a year a firm can save in staffing costs and or a reduction in the amount of money it sets aside to pay for regulatory fines, according to O’Keeffe.
“Financial firms typically spend countless hours and millions of dollars each year having their legal counsel read thousands of pages on the reasons for specific fines from dozens of regulatory agencies across the globe,” says O’Keeffe. “Legal counsel then come up with a best estimate of the prospect for a regulatory fine and translate their beliefs to the risk and compliance departments which have to come up with the right budget.”
There is ultimately no way attorneys can crunch hundreds of numbers in their heads and make comparisons between regulators. On average, they study several dozen cases while Corlytics provides information on over 7,000. “The scenario leaves compliance managers struggling to come up with the right budget and the right amount of money the firm must set aside for regulatory fines,” says O’Keeffe. As a result, there is a good chance the firm will either be overspending or underspending in compliance staffing. Alternatively, the firm might have assigned the correct total number of compliance managers, but is using too many to follow one regulation and too few for another.
Sanctions regulations and customer suitability requirements top the list of hot-button areas where firms need to pay the closest attention. That is where the largest and highest number of fines have been imposed to date, says O’Keeffe. Likewise, based on Corlytics’ findings, US regulators are far more draconian in their penalties than their foreign counterparts. Hence, firms need to be extra cautious in following rules from the Securities and Exchange Commission, US Treasury’s Financial Crimes Enforcement Network, and Commodity Futures Trading Commission.
Given that data analytics and artificial intelligence are relatively new to regulatory compliance, Corlytics could be considered an early entrant. Its target market may not be certain its product offers unique value that cannot be found elsewhere. “The concept of using quantitative metrics to forecast regulatory risk sounds ike an excellent idea on its surface,” says Joanna Fields, principal of Aplomb Strategies, a New York consultancy which helps design compliance budgets for broker-dealers. “The results are only as good as the models used and would need to be tailored to each individual firm’s existing capabilities. Otherwise, the results may be skewed.”
What’s more, she says, relying on past regulatory fines is only one small factor in calculating a holistic forward-looking regulatory budget. Compliance managers are not immune from cost-pressures. Accurately assessing and revamping current staff levels and maintaining technology platforms are far more important. So is accurately predicting budgets required to meet future regulatory requirements.
“I expect the future of regulatory technology development will incorporate machine learning. Having reliable data points to use is a good start,” cautions Fields, a former compliance manager for Deutsche Bank. “However, I’m not certain whether firms would be served just as well using information on regulatory fines offered by law firms and consultancies for far less.”
Likewise, says Jane Shahmanesh, director of New York based Adherence LLC, “While it might be interesting to review the data, it’s not necessarily going to ease the burden of the average chief compliance officer.”
Shahmanesh, whose firm provides outsourced chief compliance officers for investment advisors and broker-dealers, compares the data provided by Corlytics to another version of reading regulatory decisions or FAQs. “All lawyers and compliance managers comb through speeches and other matierals to try to read the tea leaves and apply it to the specifics of their compliance program,” she says. “This is just another interesting tool to do so.”
One compliance manager at a New York brokerage predicts that Corlytics will have an easier time targeting regulatory agencies than financial firms. “Regulators are eager to compare themselves to their peers,” he tells FinOps Report. “They want to be on a level playing field when it comes to regulatory fines.”
O’Keeffe acknowledges that, while in-house attorneys are eager to reduce their workload, compliance managers may be hesitant to rely on third-party data. The reason: their necks are on the line. “Corlytics won’t tell a firm how many staffers to use or not use to follow a particular regulation. It also can’t guarantee a firm won’t be fined,” he says. “However, it does offer firms a powerful tool to help firms make more effective use of their legal and compliance staff.”
Considering the fact that his firm has only recently begun to market its service to financial firms, the interest generated so far is encouraging, says O’Keeffe. Of the five-tier one global banks testing Corlytics’ service, one has decided to increase its compliance budget while another has decided to reduce it.