At a glance
Managing compliance risk throughout the technology development lifecycle will help to avoid costly and time-consuming actions to address regulatory concerns later on.
Virtually every financial institution is enhancing or expanding its use of technology at a relentless pace to improve or automate existing infrastructure; to meet increasing customer demands; to support new products, services, access to information, or functionality to manage accounts; or to otherwise improve their business prospects. More broadly, the financial services industry is paying close attention to new technology companies offering innovative products and services designed to disrupt the market. Despite the many drivers for technology change, the financial services industry carries significant hurdles due to the complex supervisory environment and expectations for regulatory compliance.
Based on our experience, regulatory compliance implications are typically considered during the initial planning and deployment stages of technology initiatives, where subject matter specialists serve in an oversight capacity. However, as the technology initiative transitions between design, build, and testing we have seen significant gaps in managing and documenting compliance – particularly when institutions engage with new financial technology firms not accustomed to the heavily regulated US market. Unfortunately, where the compliance implications of an initiative are not readily apparent, compliance considerations may be relegated to an afterthought. This outcome can be costly, and may also result in negative customer impact, reputational damage, and regulatory or audit issues which lead to enhanced scrutiny from regulatory agencies.
This article is intended to help institutions avoid those unfortunate consequences. After providing some background information on industry standards for technology initiatives generally, we describe action steps institutions can take to integrate compliance across the technology development lifecycle.