However advanced RegTech is, firms still need to invest in people with manual skills to operate it. There is much populist media scare-mongering about robots running the world in a few years' time, but this is far from the truth in the field of regulatory IT.

A tidal wave of demands on financial service institutions to keep up with regulatory demands has engulfed the world since the financial crisis began in 2008. In a bid to reduce risk, and keep up with a shifting global economy, regulators are demanding much more from today’s compliance teams around the world. Firms, meanwhile, are feeling the pressure to comply with all their obligations as cost effectively as possible – a far from easy task.

Last year saw the UK’s anti-money-laundering regime comply with the European Union's Fourth Money Laundering Directive (MLD4). This has imposed an extra administrative burden on compliance departments. Firms have had to amend their know-your-client (KYC) checks, which already helped them comply with sanctions and combat corruption, fraud, money laundering and terrorist finance. The new and amended rules do not deviate from those already in place but rather add to them. Firms are now required to:

• have a complete AML/ KYC programme in place;
• have adequate resources in place to monitor and enforce compliance with the relevant requirements;
• put in place adequate controls and oversee the AML programme properly;
• respond to any changes quickly and produce comprehensive reports;
• comply with latest data security rules; and
• provide full audit trails.

Plenty of firms are struggling to keep up with the extra demands placed on them. The three most common reasons why this may be occurring happen to be centred around the issues of decision making and subsequent implementation, out-of-date technology, and the global nature of the financial sector in which they work.

Looking at decision making, the problems here are obvious. At most firms, any decisions stem from the top. In terms of drafting AML and KYC policies, the job often falls on senior managers in the firms' compliance departments or AML financial crime advisory teams and, more often than not, the people whose job it is to put such policies into practice every day are left out of any drafting. The result is a policy that promises to meet all regulatory obligations but is simply impossible to apply. Another common trap into which many firms fall is the belief that the setting of policy is a one-off exercise or one that only requires sporadic effort; this, however, could not be further from the truth. Regulation, particularly on a global scale, is changing all the time now. People who have to put policy into practice every day are bound to be more acutely aware of the changes that their firms need to make. Firms can only bridge the chasm between policy drafting and execution, and the gap between policy and its execution, by involving a wide group of people when they draft up policies.

Technology also poses significant problems: enter RegTech. Many firms have yet to invest in new, up-to-date, ‘fashionable’ software. Many seem to be one step behind the RegTech (regulatory technology) revolution, preferring to wait and see what others do first. KYC tasks are repetitive in nature and, at the moment, prone to inconsistencies, inaccuracies and a duplication of processes. These repetitive tasks are also often performed on a number of different systems, necessitating the introduction of manual labour to bridge the gaps between them. Checks also require many requests for documents and proofs of identity, along with extensive verification. These are risky processes that consume vast amounts of time and lead to rapidly escalating costs in order to satisfy the ever-increasing demands of regulators.

The international dimension adds a fresh layer of complexity. Policies are often drafted from headquarters and local regulatory nuances are left out, causing problems further down the line. The upshot is that certain KYC procedures cannot be followed everywhere. Regulators are constantly updating their rules to stay ahead of fraudsters, criminals and terrorists. Needless to say, all globally active firms should have a coherent and well-enforced international KYC and AML regime in place if they want to stay one step ahead.

There are some ways to tackle these problems. Technological problems could be solved by the introduction of shared ledger facilities, though this process takes time and is disruptive in the beginning. The loading of data onto a database is certainly a first step and one in the right direction, but the key to efficiency lies in the way in which a firm uses algorithms to extract data, check and update it, analyse it and pass it on to others. This all requires expertise. A trusted service provider can not only set up the shared ledger facility but also manage it, thereby ensuring that all regions communicate with one another by sharing the same analysed information.

However advanced RegTech is, firms still need to invest in people with manual skills to operate it. There is much populist media scare-mongering about robots running the world in a few years' time, but we are still convinced that every firm will always need a human eye to look over its data. RegTech may be able to improve efficiency speed and cost-effectiveness by automating this-or-that manual process but it will always take that skilled human to highlight and analyse it.

* Andrew Frost can be reached on +44 (0) 207 305 5810