Advances on all fronts
Pfister began with a look at the disparity between the disclosures of data that private banking customers obtain as opposed to those that others obtain.

"There have been plenty of advancements in technology. Both law and regulation are getting conquered by technology and the advance in technology is trickling into the wealth management space. It's a very competitive environment. Wealth management firms are not as technically-minded as firms in investment disclosure or and asking us to let them look at investment performance. They want to use RegTech to let clients know that this is what is happening, that this is contributing (or not) to their investment chances. People If your systems are already connected and you can produce a quality data set, you buy a workflow-and-XML-generator piece of software. You can either build or buy that. That is on the lighter side.

"If you have systems that are in silos and don't talk all that well to one another, then you – and these things can coexist at the same time – you need software that amalgamates the information and then you need your XML on top of that."

The crossover with SupTech
WealthBriefing asked Pfister about SupTech or supervisory technology – a term with which he was not familiar. SupTech allows regulators to monitor the activities of businesses. The Bank for International Settlements, the "central bankers' bank," defines it as the use of innovative technology by supervisory agencies to support supervision. It helps regulators to digitise reporting and regulatory processes.

Pfister commented: "There are regulators that are – it's not happened yet...the UK's Financial Conduct Authority (FCA) attempted this but it has not gone anywhere as far as I know – they said they are thinking of demanding formulated data sets of all firms. They want to say: 'put your data in a queriable set and I will query what I want to query.' Then the regulator can self-serve. We're talking about SupTech a little bit. But just as technology is enabling asset managers and clients to access regulation, the regulator is upping their game to do systemic risk analysis faster and look at it faster. The regulator is now asking itself: 'how can I get access to find the data I need to ask the questions that I might want to ask tomorrow?' They want to see a super-set of regulation without needing the right regulations. If they have subsequent questions, they can then ask You don't see pop-up private banks! They often do have 60 to 70 systems that are mired in the past. It's hard to do an overhaul."

He added that banks are also creating new stand-alone systems all the time because "you're still going to get new products, new investors. It's a trajectory, not an end state."

The Venn Diagram
When RegTech works well, one set of records goes one way – to the regulator – and another goes the other way – to the client. Most of the information in them is typically the same. Pfister was adamant that the bank in question should not be two-faced enough (or disorganised enough) to send off sets of data that contradict one another.

"They should not disagree. You should not keep two books of records. There are regulations proposal in the UK – the SDR one – requires consumer-facing reports and regulator-facing reports."

'SDR' is the FCA's shorthand for sustainability disclosure requirements.

Green flags and happy customers

One large subset of FinTech is FinCrimeTech, or financial crime technology. This includes software that supports the statutory "know your customer" rules which the British Joint Money Laundering Steering Group and the US Financial Crimes Enforcement Network help to impose on financial institutions. Between 150 and 200 software vendors operate in this area and their customers are also calling for access to information that they find commercially useful. This is the province of Dermot Corrigan, the CEO of SmartKYC, who spoke to WealthBriefing recently.

"What we're hearing from customers, on a positive note, is that knowing your customer as best you can is actually a good thing – not just in terms of whether there are any red flags, but also whether there are any green flags. Can commercial opportunities arise as a consequence of knowing some of this stuff, of knowing who's in that person's network? They certainly can. If you're targeting that potential customer over there and your software establishes the fact that he has a relationship with one of your happy clients over here, you call the happy client first for an introduction.

"This idea of relationship intelligence, I think, is becoming increasingly effective for banks. We've got 'use cases' where it's actually the relationship manager who is using SmartKYC, not the compliance people, because 'source of wealth' and some of this other contextual intelligence, as we call it, can be used to good effect. Lifestyle, hobbies, interests, back-story, origin of wealth, the extent of his wealth, the assets that he may have, such as luxury goods or collectables, relationships that he has – perhaps with his family, perhaps through company directorships, shares that he holds and business associates – can all be used to pulling effect. So knowing your customer isn't the exclusive preserve of compliance, because back in the day it was what we were all told to do in sales. It all has an influence on risk but it's also useful in developing business.

"We've got two or three clients now who have spotted this and said 'ah, actually I'd like to use that – this can give me the advantage that I need,' and I don't think it's because they feel they need to offset the compliance cost."

Adverse media 
The Financial Action Task Force's famous '40 recommendations' do not explicitly refer to negative news searches, but in 2014 that international body issued some guidelines for a risk-based approach to money laundering in the banking sector. It said that Enhanced Due Diligence or EDD – which occurs at the onboarding stage at private banks – entails "verifiable adverse media searches to inform the individual customer risk assessment." Of course, banks and other financial institutions have been searching for 'bad press' about their prospects at least since the passage of the US Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act 2001, which coined the term EDD. When this author asked the US Treasury at the time how EDD regarding customers should work, the official helpfully replied: “Look ‘em up on Google.” Things have come a very long way since then.

In recent years, AML software companies have been looking for more and more adverse information that has nothing to do with money laundering. This, too, has led private banks to ask for such peripheral information in growing numbers, as Corrigan explained.

“What is 'adverse'? The term has moved 'way beyond what it was two decades ago. It's gone from evidence of financial criminality into toxic association, ESG, reputational trouble and lesser offences for non-financial-crime things.

"One of the things we do is called Toxic Associations. This came from private banks. The private banks we work with all had this idea – hey, can your software watch to see whether the person we deal with, or might be dealing with, is associated with any of these things? So what they've got is this list of verboten subjects or people that they don't want to have any dealings with.

"Kanye West was offboarded by JPMorgan. Did he commit a financial crime? No, he didn't. It was to do with his views, which are objectionable, but the law doesn't require you to offboard someone for that. It shows how reputation has bled into the KYC decisions that banks make and will increasingly do so."

Horizon scanning...but for AML-related risks   
RegTech "scans the horizon" (see above) for AML risks as well as for fresh rules in the making. Increasingly, according to Corrigan, it does so at the behest of the banks themselves.

"The evolution that is coming from the private banks is this idea of 'we have to have our eyes always open.' In the past, the regulators said 'do your KYC better while onboarding.' You said: all right, tick. Then they said 'you've got to do it more periodically at intervals, just to make sure that nothing's happened.' And now there is this idea of risk vigilance – permanent vigilance. It's watching the world for these risks as they emerge. We are launching a tool called smartEYE exactly to that end. It enables you to watch mainly your very high risk, so that you can respond immediately to a risk event happening, whether that's reported in the Dutch media, on a Malaysian blog or via Baidu in China . That's the degree of sophistication that the compliance world has reached."

* Dermot Corrigan can be reached at dermot.corrigan@smartkyc.com