Cover story: How regtech tools can help UAE-based entities enhance compliance and security

As the backbone of national and global financial systems, banks are held to the highest standards of accountability, financial stability and fairness,” says Eshana De Silva, who is the chairman of Singapore-based regtech firm Northlark. However, the consequences can be harsh and far-reaching when these standards are not met.

Reflecting on the crisis that ripped through the global banking industry earlier this year, De Silva notes that the collapse of four regional US banks and the collapse of Credit Suisse was a serious test of the banking regulation reforms that were introduced between 2007-09.

Together with the disruptive events of 2023, such as high inflation and soaring interest rates, the implosion of Credit Suisse – a financial juggernaut deemed ‘too big to fail’ – accelerated changes in banking regulatory perspectives and will likely impact the direction of regulations going forward.

Regulation and compliance are some of the major headaches confronting banking executives due to the sizable increase in penalties as a direct result of breaches that range from money laundering to terrorism financing to sanctions violations.

The latest data from compliance firm Fenergo shows that financial regulators collected $1.6bn in fines from violations across Europe, the Middle East, and Africa (EMEA), North America and Asia Pacific in the first half of 2023.

Faced with severe consequences for non-compliance, financial institutions are incurring additional costs to stay up to date on the latest regulatory changes and to implement the controls necessary to satisfy those requirements.

Redefining compliance

As GCC countries have made huge strides in digitising their economies, the proliferation of innovative technologies and products in the financial services sector is a major challenge for regulators, who are finding supervision and oversight more and more difficult.

On the other hand, banks operating in the region are faced with a growing number of regulatory and compliance requirements as industry watchdogs have increased scrutiny of financial institutions, and levying fines when necessary.

“Regulation in the financial services sector has expanded at an astounding rate over the years and, consequently, so has the cost and time to ensure compliance,” observes De Silva, who has served as chairman of two banks in Sri Lanka.

With more and more banks turning to intelligent solutions that use modern technologies, De Silva says NorthLark’s offering meets the need of the hour.

The regulatory technology (regtech) platform promises not only to help banks cut the cost of compliance processes but also to advance effectiveness to make them quicker and more reliable while lessening the risk of costly compliance failures.

“NorthLark stands as a cutting-edge platform tailored for banking compliance, leveraging AI and ML to offer real-time monitoring of global regulatory changes, ensuring banks remain well-informed,” says De Silva.

The identity and business verification tool helps organisations to comply with changing regulations. “NorthLark offers a single application programming interface (API) integration to meet cross-border anti-money laundering (AML), know your customer (KYC), and customer due diligence (CDD) requirements, including know your business (KYB), risk mitigation and fraud prevention,” explains De Silva.

To meet the new business entity verification requirements, the platform’s verification solution eliminates manipulated documentation and offers transparency of beneficial ownership to prevent fraud, corruption, tax evasion, and money laundering.

De Silva says the platform’s suite includes Sentinel, Consular, Guardian and Transaction Monitoring. NorthLark Sentinel offers risk assessment forms and built-in risk scoring, streamlining risk assessment, policy management, and compliance monitoring.

Similarly, the company’s consular service validates identity documents with facial biometrics and machine learning technology while transaction delivers case management and alert disposition for all-inclusive oversight.

“NorthLark goes beyond monitoring and assessment, conducting both internal and external audits for the banking sector to guarantee full regulatory compliance,” says De Silva.

“It provides complete regulatory compliance frameworks and standard operating procedures (SoPs) that can be customised down to jurisdictional requirements.”

The platform, which enables instant verification of over five billion customers and 330 million businesses with one API, leverages ‘Kerner AI’, a proprietary software that was built using AI and can identify more than 2,500 different document types from 195 countries, including GCC countries.

“Our solutions are designed with a strong focus on automation, with the majority operating fully autonomously and others requiring minimal human intervention, achieving up to 70 per cent automation,” explains De Silva.

The company seeks to obtain the necessary regulatory approval and certifications in all jurisdictions where it operates in line with the mandated guidelines. De Silva says the company will tailor its solutions to meet domestic regulatory and financial intelligence unit standards while ensuring full compliance with requirements.

Regtech to the rescue

The wave of digitalisation in the GCC financial services sector is a prime example of how financial institutions are leveraging customer data, analytics and segmentation to augment services, and products while future-proofing customer experience.

Banks and other financial institutions manage a large volume of sensitive information about their customers that ranges from online card transactions to customer service interactions and ATM transactions.

However, the breach of such data can have dire consequences. Data privacy has become a hot topic over the years due to colossal failures in security amid mounting concerns about how banks use the personal data they collect from customers or users.

De Silva emphasises that data is almost a religion for technology companies and regtech platforms are often better at data mastery than traditional banks. “Data has become a cornerstone for modern risk management, influencing the way risks are identified, managed, and mitigated.”

Regtech, often considered a subset of fintech, is being touted as the solution to data security concerns, and the rising cost of compliance, risk and reporting duties at banks. De Silva explains that the principle of deploying innovative tech solutions such as regtech, to significant business challenges is nothing new. However, he says what’s new is that regtech promises to marry the new landscape of post-financial crisis regulation to the new landscape of digital technologies.

GCC region banks are therefore keen to collaborate with regtech startups to learn how to leverage customer data better within their organisations, expose it more cheaply for regulatory reporting reasons, or get simultaneous business benefits such as improved loan decisions, or better liquidity pricing.

“The GCC region is witnessing a surge in collaboration between financial institutions and regtech solution providers,” De Silva explains while noting that the collaboration is fostering the creation of tailored compliance solutions and innovative responses to the increased regulatory scrutiny.

“Regtech solutions are becoming imperative for GCC institutions with cross-border operations, as they offer the means to reduce costly manual efforts and ensure compliance.”

Furthermore, because many regtechs are deploying innovative technologies such as cloud computing, artificial intelligence (AI), and blockchain, they can offer an advanced infrastructure or backbone, he says.

To date, the most common regtech applications provide tools to manage five areas of governance, risk and compliance including KYC, reporting and risk management, consumer protection, market conduct, and advanced regulatory requirements management services.

“The adoption of cutting-edge technologies in the GCC region’s financial service sector is paving the way for regtech innovations, making compliance more cost-effective and efficient,” De Silva observes.

He underscores that regtech solutions leverage AI and ML technologies to streamline processes, making compliance more efficient and effective.

An evolving landscape

The regulatory and compliance landscape in the banking sector has been continually evolving in response to changing economic conditions, advancement in innovative technologies and the need to maintain financial stability.

From Basel III’s capital and liquidity requirements to the Fourth Anti-Money Laundering Directive, and new regimes such as the Markets in Crypto-Assets Regulation and the Corporate Sustainability Reporting Directive, regulation keeps evolving and banks must ensure compliance and that processes keep up.

Regulation is a creature of legislation, and by its nature, legislation follows wider societal and geopolitical concerns. De Silva says post the 2008 global financial crisis, regulation keeps evolving and compliance must ensure that systems and processes will keep up.

While financial crime has always been a major part of the regulatory and compliance agenda, geopolitical tensions, sanctions and events in the crypto market have given it new impetus.

The AML and CTF landscape rapidly changed, as central banks are actively strengthening regulatory frameworks and bolstering oversight activities. “NorthLark will play a pivotal role in helping financial institutions effectively address AML and CFT concerns,” says De Silva.

“This involves guiding banks, maintaining the security and confidentiality of their data, and ensuring full regulatory compliance in alignment with global regulatory bodies such as FAFT, the United Nations, and the Dubai Financial Services Authority (DFSA), depending on the jurisdiction of operation.”

There is a growing emphasis on AML regulations and KYC standards to prevent money laundering and terrorist financing, which is accelerating investments in sophisticated compliance systems.

The UAE has gone further than most countries in financial crime regulation and the country is leveraging innovative technologies to support compliance.

Meanwhile, digitalisation in the financial services sector is revolutionising banking, with the pace and scale of change only likely to increase driven by innovative technologies such as AI, the cloud and new entrants that are offering banking services.

“Regulators recognise the importance of digital innovation in the banking sector and are working closely with industry stakeholders to introduce regulatory frameworks that foster innovation while ensuring risks and financial crime are kept at bay,” remarks De Silva.

Financial institutions are a prime target for cyberattacks due not only to the money they have but also the data their systems house. Not a week passes without a new revelation of a massive cyber breach somewhere in the world.

“Cyber resilience continues to be a top priority for the financial services industry and a key area of attention for financial authorities,” says de Silva, adding that compliance with cybersecurity standards and regulations is critical to safeguarding sensitive financial data.

Banks are the primary target for cybercriminals, and effective cybersecurity risk management is critical to protect banking institutions and minimise data theft, breaches, or misuse. De Silva notes that NorthLark developed security compliance and data leakage threat identification applications to safeguard data, adding, “We provide quarterly penetration and vulnerability reports to clients.”

Thus, fears of a major cyberattack on banks have been rising since hackers got away with $81m from Bangladesh Bank in February 2016. While the law requires banks to refund money lost through cyberattacks, a bank’s reputation may be impacted by a data breach.

Based on the growing demand for security in a global digital economy De Silva expects heightened supervisory of global financial regulators to accelerate the adoption of regtech solutions. “This is where NorthLark can help and make a difference,” adds De Silva.

Broader scope

De Silva adds: “NorthLark is a perfect tool as a screening software. While it’s prudent for any industry, dealers particularly in the special metals and stones, jewellery and real estate businesses can also use the software to stay compliant. The verification can be done simply in a matter of minutes.