How banks can modernise processes to comply with regulations
In a post-financial crisis world, financial institutions are under pressure to transition from using the London Interbank Offered Rate (LIBOR) to the new Sonia rate, that is overseen by the Bank of England.
LIBOR, the benchmark interest rate that is used to indicate average rates at which banks pay to borrow wholesale from each other, was discredited after it emerged that bankers were manipulating it and submitting false estimated lending rates.
Regulators are pushing to phase out LIBOR and ensure it is decommissioned by the end of 2021, but this could result in challenges and banks are unlikely to meet deadlines, as the benchmark is embedded in some $350 trillion of financial products worldwide.
Michael Yatsko, senior director of compliance at DocuSign, spoke to Finextra about their recent report ‘4 Regulatory Changes Impacting Data, Identity and the Digital Trail’ and how a shift from a forward-looking term rate to a backward-looking daily rate will involve a more urgent need to identify contracts at risk, repaper relevant documentation with new rates and notify relevant parties of the updates.
Yatsko highlights that “the immediate impact for financial institutions is the legal obligation under their existing agreements with individuals and other businesses and updates will need to be made to contractual language to comply with the new regulation itself.”
The challenge here is the monetisation of the forms itself as many banks and insurers rely on either a paper or an electronic form such as a Word document or a PDF file and in that case, the forms are either emailed or faxed to individuals to be filled out and returned.
He continues: “If FIs don’t have the information systems in place to manage these transactions in businesses, it will cause the financial services industry a lot of problems. They need to be able to process those forms quickly and accurately so that they can avoid the ‘not-good-order scenarios, which would cause additional delays.”
The installation of an efficient migration solution and replacement rate would help solve some problems, but as Yatsko explains, it is dependent on volume and required changes.
“When modernising processes within an electronic system, factors like the number of days it takes for the agreement to be signed and how many agreements need to be processed again as information was not captured correctly, need to be considered,” Yatsko says.
Identity and payments
Banks are looking to modernise processes following a recent surge in technological developments and increasing expectation for instant online payments, the volume and variation of businesses operating with these processes is exploding.
In addition to this, the recent trend toward consumer protection with the establishment of the Consumer Financial Protection Bureau has also seen a move toward focusing on meeting the requirements set by The Federal Reserve’s Regulation E – the standard that establishes the rights, liabilities and responsibilities of participants in electronic fund transfer systems (EFTs).
To comply with Regulation E, identity and consent to authorise must be verifiable enough to attribute signatures to unique electronic documents, modernising the entire process. Yatsko says that while regulators have been concerned about privacy for some time, responsibility has now fallen to the FIs and they are now catching up with other industries.
“Strong identity proofing is the cornerstone for combining an individual to their signature on consent authorisation. Customers are already required to comply with Know Your Customer requirements, which are designed to ensure that FIs collectively verify the individual’s identity itself.
“After they’ve invested time and effort into identity proofing, FIs need to find strong credentials to verify each transaction itself.” Yatsko uses Chip and Pin as an example here, as it authenticates the customers using something that they have (physical credit card) and something they know (PIN number.)
He continues: “Regulation E is taking that same approach with EFT agreements. When you have the account opening, funds transfer instructions, claims and error resolution, it needs to be
ensured that there is reasonable assurance of a person’s identity. Through the authentication mechanism, the person requesting that transaction at that point in time belongs to that identity.”
Yatsko concludes: “Visibility is critical, especially across disparate information systems, for FIs to assert compliance with all the new requirements. Privacy-related regulators mandate data flow diagrams and record of processing activities (ROPAs).
“FI-related regulators require audit trails to record events within the transaction lifecycle. FIs need to modernise information systems to ensure this visibility for the entire transaction journey.”