Compliance Insights
The Regulators Are Optimising Their Use of Data. Are You?
Consider these questions: Can financial institutions manage effectively in a world where issues and breaches are known to regulators before the chief compliance officer or anyone else in the organisation even learns about them? Are Compliance departments — and the institutions they serve — prepared to keep pace with the regulators’ efforts to develop data-driven insights? Or will they find themselves continually on the defensive, struggling to react and respond to regulatory inquiries and challenges?
A key point: It was only six years ago that the term “SupTech,” or supervisory technology, was introduced and started gaining prominence in the regulatory world. However, the use of technology and data science for supervisory purposes has been evolving over decades.
By the numbers: 71% of regulators globally report having SupTech initiatives and 50% indicate they have at least one SupTech application in operation.
Why it matters: For both the regulators and the financial services industry as a whole, the potential benefits of SupTech include increased efficiency and effectiveness of the supervisory process.
- With that promise comes a shift away from outdated, one-size-fits-all templates and manual procedures in favor of data push and data pull approaches that make use of structured and unstructured data.
- These approaches not only strengthen supervision, but also reduce its cost and burden.
- SupTech also holds the promise of better customer protection.
The success or failure of Compliance teams in guiding the institution in a data-led supervisory environment will depend, first and foremost, on the quality and availability of the institution’s own data.
The bottom line: We envision a dynamic supervisory environment in which regulators respond more quickly to market and individual institution developments. Their response will be based on the availability and their interpretation of more voluminous and timely data than they have been able to collect in the past. Financial institutions that are unable to meet these regulatory data challenges will find themselves at a significant disadvantage.
Recent Publications & Insights

Principles for Data Recovery From a Severe Cyber Scenario
Financial institutions build and sustain capabilities to mitigate the impact of events that may compromise the confidentiality, integrity or availability of firm and customer data. As part of this process, financial institutions plan and exercise how they would respond to an extreme-tail event such as a highly destructive cybersecurity incident so as to mitigate harm to financial markets, counterparties, customers and the investing public.


Advanced Analytics in Sanctions Compliance
The adoption of advanced analytical tools and emerging technologies such as artificial intelligence and machine learning (AI/ML) has continued to gain enterprise adoption across compliance solutions within the financial services industry. While the advantages of these techniques are widely accepted and continue to be leveraged and monetised in the domains of transaction monitoring, customer segmentation and risk rating, their adoption in sanctions programmes lags in relative comparison.

Implications of U.S. Banking Regulators’ Final Guidance on TPRM – with Brian Kostek, Kathryn Hardman and Helen Smith
In this podcast, Brian Kostek from Protiviti interviews Kathryn Hardman from Veritex Bank and Helen Smith from First Citizens Bank about the implications of the updated interagency guidance for their institutions and how institutions can reconcile the revisions in their existing TPRM programmes.


Risky Women Podcast | Talent Management and the Nature of Work
Tonya Hummers, Managing Director at Protiviti, speaks with Sarah Olthoff, Senior Vice President and Chief Business Risk Officer at Discover, about talent management, the nature of work, and the skills risk roles need most.

Navigating sanctions compliance through the transition to ISO 20022
The International Organisation for Standardisation’s (ISO) new global messaging standard, ISO 20022, is set to be adopted by payment processing organisations globally by 2025.
The transition to the new standard poses challenges for sanctions professionals and their technology partners. While ISO 20022 migration should yield several improvements over current standards, achieving them will require careful planning and cautious implementation to ensure that sanctions compliance does not suffer.
