The Impact Team Gulf
Join CEO Mark Rothwell-Brooks from Dubai discuss the inside track on all matters Digital and AI transformation.
The Impact Team Gulf
Is AI bridging or widening the gap between Innovation and Supervision
Mark Rothwell-Brooks and Zeyn Adam discuss whether AI is bridging or widening the gap between Innovation and Supervision.
They discuss some of the challenges that the regulator will face as commercial banks race to implement AI into their organisations.
Zeyn Adam is CEO of riskcapcom.com, a leading global provider of RegTech & SupTech solutions, empowering banks and regulators with cutting-edge Basel framework compliance technology.
Welcome to another episode of your go-to show for insights at the intersection of digital and AI transformation, regulatory compliance, banking and fintech, especially here in the Middle East and alongside global markets. Today we are delighted to welcome a true thought leader in the RegTech space. Joining us today is Zane Adam, CEO and founder of a firm called Risk and Capital Compliance. With a career spanning more than two decades in financial services, compliance and risk management, Zane has built an organization with a clear global mission to make regulatory compliance effortless, real-time, and strategic. Now, according to uh Zane's website, the company specializes in delivering technology platforms such as ICAP Automation, supervisory dashboards, and capital risk frameworks, all underpinned by the full spectrum of the BAL 2, 3, and 4 regulatory regimes. So, Zane, thank you so much for joining us today. Before diving into the big regulatory tech themes and particularly how AI is uh potentially a game chamber for both the regulator and the commercial banks, let's uh let's start at the beginning. So, Zane, you you've spent a lot of your professional life working with banks and regulators to implement risk capital frameworks. In fact, I think you were one of the uh authors of the original Baal uh regulation. Um so could you tell us a little bit about how you arrived at the decision to found Risk Capcom and probably more importantly, what what what's the problem you set out to solve?
SPEAKER_02:Right. Hi, Mark. Thanks for having me. Um yeah, so the the what was the problem I was trying to solve? I'll explain. Um if you do research on the fines that banks have been receiving for the past two to three decades, um you can you can look at those, you can research those fines, and you'll find that they are mainly for procedural failures, AML failures, other business related, business process related failures that have taken place. And what's been happening in the industry up until my tool came uh about was that that technology and banks were focusing on quantitative submissions to the regulators. Uh that's uh financial ratios, etc. Uh, and you can see again across the world, if you look at bank failures, quantitative submissions um by now are down to a very, very sharp science. Banks can give you sleuths of quantitative data like you like you cannot believe. So I looked at the situation, I looked at the bank failures, and I decided let me develop a tool that uses the regulatory framework as the skeleton tour basis, and off of that to ask or or to challenge the bank on different business processes related to those compliance or to those capital or to those risk management procedures or the government procedures. That's exactly what started me down the road that I took.
SPEAKER_00:So more of a qualitative as well as a quantitative approach to defining the position.
SPEAKER_02:Yes, correct, exactly. Because if you look at traditional software uh tools out there today, which are uh called GRC systems, governance risk and compliance systems, what you will notice is that those are glorified operational risk loss databases, where what they're really doing is they're looking at near misses or misses that have happened in a procedure, in a business procedure, capturing those and reporting those and solving those. Now, that's not what you should be doing. You shouldn't be reactive, you should be preventive over things that could happen. And there's a way to find those things, those those incidents before they actually even manifest or are near misses. And that's exactly what uh we went down that road.
SPEAKER_00:Yeah, it's interesting. Because you know, on that point, your your company mission says um, I'm quoting here, a world where financial institutions achieve compliance effortlessly in real time. So just unpacking that a little bit, you know, in your view, um, you know, what are the some of the biggest structural pain points that banks and finance institutions face today, you know, in in risk, capital and compliance? What what what what are those?
SPEAKER_02:What are you seeing? Well, look, okay, that's a quite a broad question, but um you can you can look at it in a philosophical way, okay. And the philosophical way is today, regardless of whether you are proponent or exponent, technology is the flavor of the day, okay, especially in the banking industry.
SPEAKER_01:Yeah, for sure.
SPEAKER_02:It's a it's a it's a significant trend. And of course, AI, we'll get into that in a while. But if you look at if you look at technology, what is technology doing? It's generating rafts and and reams of of of of data, of of information, and that's got to be consumed um by people like the board, for example, or even the regulators. And they don't have a way to consume, digest, and come up with kernels that are important from all that information. So technology is the first one. The second one is is is there is a a growing um abyss, I'm gonna call it that, between the banks and the regulator. Why is that? Because the banks have got much larger budgets and are, of course, more numerous than a regulator, and therefore software houses are building technology around um solutions catered or centered for banks, and not around solutions catered for for regulators. So, what's happening is you've got a divergence in the industry where the regulator is going in one direction and banks are going in another in terms of technological development. And the information that's coming into the banking side is so vast and so um numerous that it's uh it's also stopping boards from doing their jobs properly. Boards are now overwhelmed by the amount of information they've got. That's another pain point. And then, of course, you've got the regulation trend itself. Okay, there's new technologies that have come about AML technologies, cybersecurity risks, and then AI. And those have not yet been well, cybersecurity has and AML has, but certainly AI has not been catered for within the regulations. But we'll talk about that later on. That's the the structural pain points are definitely amount of information, technological advances in one side of the industry and not across the entire industry, and of course the advent of AI.
SPEAKER_00:Would you say, I mean, I hypothesize that um it's always been the case that there's always been a lag between the technological advances that banks and financial institutions uh undertake and and and that lag between the regulator, quote, catching up. And what I see is that you know, with the well, I I maintain digital transformation is is more or less done now, or or at least it's in most markets, reached a level of maturity where you know there's a there's a there's a there's a contentment, you know. Most organizations have had digital transformation programs for the last five, six years. You know, if you haven't got one, you you're you're out of business. So the next great arms race is this AI feeding frenzy that's going on at the moment. And you know, I I noticed that in the conversations that we're having with banks and financial institutions, everyone that we speak to, they're all grappling with variations on the same theme. How do they leverage um AI into their organization? Um and and they're getting nothing from the regulator. And in the absence of, you know, in the absence of permission, what's gonna happen, I think, in the next six months is that all these banks will implement AI capabilities up and down the various areas of their bank and and and they're gonna ask for forgiveness. And and and I think, you know, my take on it, the technology, technological advances are are quickening and widening that gap between the lag between the innovator and and the regulator. I mean, do you see that as well?
SPEAKER_02:Yes, I do. In fact, you can look at it like you can look at it um in the following, I think, three ways. The first, right now, that's going on with regards to AI, is banks if it take the three lines of defense, if for a lack of a better way of visualizing this, okay. What's happening? Banks have started to use, and I'm not taking, I'm not taking from a risk management perspective or anything. I'm just taking AI is use in a in a financial institution. And if you want to cut it down into three lines of defense to see how it's being used, so it's AI has already found itself into banks' front offices, into their customer relations or into their customer-facing areas. It's also found its way into parts, very small parts, not big parts, of the of the second line of defense. Okay, the risk management. What I mean by that is they've developed tools which are data mining and looking for anomalies again in the quantitative side of life. And this is exactly like I was saying to you in the previous uh comment about the fact that they concentrate largely on the quantitative areas. So it's in the second line of defense. In the third line of defense, AI has not shown itself fully in the internal audit side of things in the banks, it's coming. And our tool is that it's coming, it's that's where it's it's gonna come from, uh, because that's what we've got in that area. But that's how you can look at AI in that context, the first consideration. The second consideration is that because you've got the presence of AI and decisions now being made in an autonomous environment with very little human interaction, okay, there's a lot of risks associated with that. Some positives, but there are also a lot of substantial risks associated with that. And like if you want on another technology technologically based premise, which is cybersecurity, AI has some some regulator has got to come along and and develop an AI-based regulation. And I don't mean that where AI is helping in the in the regulation in the in the regulation itself. No, I mean it that there's got to be a regulation about how a bank can use AI.
SPEAKER_00:Yes. I mean, I know you and I have had a conversation this conversation a couple of times prior to his you know coming together here. That that to me is the heart of the issue because Absolutely. The key question is how how how do we think the regulation sh regulators should approach governing AI? Because there are so many different use cases for it. It's it it has to be impossible for them to govern it at the individual use case basis, and that's not how the regulations work in any event. Yes, correct. So so uh, you know well, let's take a look. The secondary key question for me is how will it change the relationship between the commercial and the central bank community? Because sure that that that relationship really is really acute uh on a yearly, quarterly and on a yearly basis when you know after they've spent eight months compiling stuff, which by the time it gets to the regulatory is out of date. Now, the the the promise, well one of the promises of AI from a regulatory perspective, is the promise to actually improve that position. So you're not looking back, but you're looking in real time and potentially looking looking at what's happening and what's uh what's about to happen around and regulating that position. But but you know, before the regulators get there, they've got to really get their head around how they're actually going to approach governing AI in itself. So, do you want to talk a little bit about your views on that? Because you've got quite strong views on how the regulation should be formulated across a number of a number of areas.
SPEAKER_02:And the third one, uh, and come then I'll answer to your next question, the third one is about how the regulator uses AI to if you want to make banks comply. And we'll get into that in a few seconds. But the the way it should be done, I in my opinion, if you look at any regulation in the world, any financial regulation in the world, you can take credit risk regulation, you can take ICAP regulation, you can take, or rather Pillar 2, or you can take um any regulation in the world, you can take AML, cybersecurity, you will find that it's broken down into certain key components. Okay, and I'm talking from experience here, I'm not talking um from what I I can envision envision in the regulations. When a regulator goes to look to examine a big, they use a framework. They use it it's an unspoken framework, but it exists, I can assure you. The framework is first governance, then they look at it, they look at the interaction of that of that issue. Let's say it was credit risk, let's say it could be AI in this case, they look at how AI is used across the governance of the organization. Okay. And if you take that from a perspective of a regulator, what you are looking for as the regulator, you are looking at how AI is how AI is governed within the bank. In other words, what committees, etc., are set up to ensure that AI doesn't run away with the bank. Let's let's say that. And then there's other areas. There's looking at how um it would be used, how you could find AI coming through the risk appetite. Okay, it may come through operational risk, etc. It may not, it may come as its own line item now. And then, of course, capital management, strategic uh planning, etc. So that's how you would look at regulating AI is in that framework: governance, risk appetite, strategic planning, capital planning, capital management, rather, risk management, uh stress testing, uh, limit setting, uh, then uh reporting internal audit and the data quality of it. That's the framework you could use. Yeah, that's to look at AI in an organization. Um, the other aspect, which I think you were asking about, is about regulators using AI to help them.
SPEAKER_00:Changing the relationship. Yeah. Yeah.
SPEAKER_02:Yeah. And that's very interesting because that's what we're doing in our software.
SPEAKER_00:Yeah.
unknown:Yeah.
SPEAKER_00:I mean, I I I I I see your point. Uh uh with regards to in a way, you know, in a way, from a from a regulatory perspective, how you would uh manage AI from a framework perspective is no different to how you would manage you know AML or drugs. You know, there are there are certain facets of that which need to be consistent. I get that. Um and and although I get that, you know, you know, you know, fit and proper, you know, who are the people within the organization, you know, that are you know allowed to be involved in some of these decisions, you know, in what way they fit and proper for that role, for example.
SPEAKER_01:Correct, correct.
SPEAKER_00:Um the the the really, really interesting, and this is the opportunity I think for the regulator. Well, before we got that, before sorry, before we get on that, and and I don't think on that point, by the way, that the regulators have really got a handle on on how, even within the same consistent framework, they're gonna um that they want to manage AI, but I think they are some of the some of the central banks that we speak to are more advanced than others on on this topic. But the real, real game changers, I think, is that the potential for changing the relationship for the positive between the commercial bank who, as I've said, I mean you've been there, you've done this for for commercial banks, and you've been on the other side of the central banks and actually received information. The process of collating all the relevant evidence required and submitting that is a lengthy one and very and very problematic from a resource perspective. And by the time it gets presented and then assessed, it's out of date. Now, Silicon Bank is a fantastic example of that scenario. But the the the opportunity, I think, of AI is to change the relationship, the dynamics between the two organizations. And I think that's a really, really interesting um uh potential, which I just don't think we've even, from a regulatory perspective, even got our heads around uh what that could look like and how that could, you know, in which directions that could that could take them. But you know, I I talk about a utopian position where you have got a real-time um, you know, real-time view in the central bank about what's happening within the commercial banks under their purview. Um and you know, that's right. That may well be pie in the sky, but that it's certainly the potential to deliver that there.
SPEAKER_02:Yeah, yeah, absolutely. You know, let me give you a real life uh example and one as recent as a week to 10 days ago. Okay. What will AI do for a regulator? What will AI do for a for a central bank who is going to examine banks? Okay, this is very key because it happened 10 days ago and it just shows you. And not only that, you can look at your example of Silicon Valley Bank as another one, but and this is a common, common one. It will AI for a regulator will lead to a D-siloing of information within a bank.
SPEAKER_00:Right, interesting.
SPEAKER_02:Very because for example, we recently did a demo of our software to a very large global investment bank. Okay, and the gentleman that came on first of all, he had never seen anything like it. We know that because he's told us that while we're on the the the um demo with him. The other thing that he said is that he was unaware, in his own words, he did not have any view of any uh activities that go on outside of his framework um oversight. He was in the risk management framework area. So you know, yes, and our software stops that exactly from happening happening. And you see, it's very interesting. Um, you know, the the if you look at certain if you look at political movements in the world, there's a lot of political movements to decentralize power, to decentralize and allow for decisions to be made if you want in council at the council level in districts rather than okay. In a bank, you can't do that. Okay, you can make tactical decisions, of course, at the level of the front office, etc. etc. But you've got to understand that at the end of the day, everything boils down, whether you like it or not, to the amount of capital the bank is holding. So if you make a divorced decision uh without taking into consideration other areas. So let's for example, let's say, for example, as you know, there's a side cybersecurity um uh discussion that we're having at the moment. If you want to assess the maturity of a of an organization, cybersecurity framework or department, okay. If you go to a cybersecurity department, I would say most in the world, and ask them right now what how they what's their maturity, they will they will default straight to we've got fantastic controls in place, and we know that anything that happens, we are on top of it. Any ransomware tax, etc. etc. And you've got to step back and say, okay, that's just in your department alone with regards to technological uh controls, but there are other controls and they're large, okay? And this is what I'm saying about the de siloing. So if you look at our software, the way that we've built up our software is to bring all moving parts into focus. It sounds a hard thing to do, it is. It took us four years to get there, but the fact is, we can tell you in our software precisely how risk management and the fine and the finance department, financial department, and the board are interacting with each other with regards to cybersecurity. That's a huge ask. And that's exactly what regulators are trying to find. Because in your example that you used about Silicon Valley Bank, it's precisely one arm or one hand didn't know what the other one was doing. And and that's why Silicon Valley Bank failed. And and that's why all banks fail. It's because at the end of the day, by the time the board gets involved, it's too little too late. And the and the the proverbial horse has left the paddock. Never mind the stable.
SPEAKER_00:Yeah.
SPEAKER_02:Right.
SPEAKER_00:Yeah. I think I think I think um I think for our one of our next conversations, I'd I'd like to drill down, well, I'd like to drill down in two areas, and perhaps we do this as a sort of follow-up episode. One is the I call it compliance as a service. So it's it's it's perhaps drilling down into what are some of the areas and in which case you know that that that would evolve, do we, or would we think could evolve to enable that quicker, more real-time regulatory view and oversight that would require different behaviours from both the commercial and the central bank. So that's I think that's a that's that's a really interesting topic that we should we should um we should we should delve into.
SPEAKER_02:Okay.
SPEAKER_00:Um and you know, if if if uh people want to know more uh about what your software, because I mean we've not really covered um some of the values uh from a central bank and a commercial bank of this software and the people that are using it around the globe, of which there are quite a few G20 countries um you using that. How would people find out about you? I mean, we'll put the details in the in the in the notes, but how would if people wanted to contact you and understand a little bit more about what the software does and the values of both the central and a commercial bank, how would they do that, Zayn?
SPEAKER_02:Well, you can find me either in LinkedIn. Um we have a uh we have a a riskcapcom LinkedIn site. We have a website called riskcapcom.com. Um and you can find our information on that.
SPEAKER_00:Great. Okay, well, Zayn, I really appreciate that first first conversation. We we will get together and just drill down a little bit more on the sort of compliance as a service theme that I've got going on in my in my head, and um really appreciate your time. So thank you very much.
SPEAKER_01:Yeah, thank you very much. Cheers. Okay, thank you. Bye.