Workday Podcast: Compliance: Less Pain, More Gain

Nicole Carrillo: If there's one thing about regulation that never changes, it's the fact that regulation always changes. It's a fact of life in a sector that's undergone considerable disruption. Regulation just evolves to keep up with the new risks and the threats thrown at our sector. That's its job. But for those of us in financial services, it can feel like a constantly rolling crisis.

Whether it's related to technology, cybersecurity, reporting, auditing, accessibility, the market, the economy, the environment, there are always new rules to wrangle with. There was a time when no matter how challenging the regulation, many organizations could just throw money at it. Now they can't afford to.

In this episode of Workday Shift, we're looking at not just catching up or keeping up with it, not just getting ahead of it, but making it work to create value for us. I'm Nicole Carrillo, Managing Director for Financial Services at Workday. And for this exciting conversation, I'm joined by Senior Industry Advisor, Viren Patel.

Nice to see you back. Thank you, Nicole. Before we get going, please introduce yourself to our audience and share a little bit about yourself and your background. 

Viren Patel: Sure. I'm Workday's Financial Services Industry Advisor, in EMEA. And part of my role is speaking to our customers about their industry challenges and opportunities.

Of course, regulation being a key one. I've been at Workday five years. Previous to that, I was in consulting. I was at PwC in the financial services consulting practice. And thank you for having me on this podcast. 

Carrillo: I want to kick it off by asking you about the mindset in our sector towards regulation.

Just as the imperative to report carbon emissions helps businesses find new areas for energy efficiency improvements. We're looking for a silver lining in every regulation. Do you think that's a realistic mindset for banks and insurers? 

Patel: Yeah, absolutely. I'm having more and more conversations with financial services organizations where they're seeing regulation as a springboard to do more.

They don't just want to comply. They see regulation as an opportunity to unlock value, to even unlock a competitive advantage. Let's take IFRS 17 as such an example. At a high level, IFRS 17 is an accounting standard that applies the principles for the recognition, the measurement, the presentation, and the disclosure of insurance contracts to improve the transparency and comparability across the insurance industry.

Now, the equivalent in the U.S. is LDTI. And look, at the principle around any other regulation, and of course IFRS 17 and LDTI is that it requires more data to be captured. Insurers need to do more with that data. And of course, report that data in a specific way to meet the regulation. So. With IFRS 17, organizations are holding policy data at a very granular level.

They're adding even more data around risk data, around discount data as well. So it's a great opportunity for insurers to build a strong data backbone. And by combining and analyzing contract data, insurers can transform regulatory compliance into valuable insights. They can combine regulatory data and operational data with finance data to really provide greater insight, especially around customer and policy profitability.

So this foundation of a data backbone I'm talking about can be leveraged. In a number of ways beyond just compliance. So for example, it's about building investor confidence. It more importantly, it can inform smarter and faster decisions through comprehensive data analysis and modeling capabilities.

These insurers can anticipate trends and adapt strategies in real time to course correct, and they can see policy profitability faster, allowing them to be more agile to market demand. And linked to this is understanding customer behavior. This allows insurers to see claim patterns and market trends, providing a deeper understanding of customer needs and to help them personalize their products, which is really important in this industry right now.

Another way this data backbone can be leveraged is around streamlining reporting processes. And importantly, again, detecting and preventing fraud. So with sophisticated analytics and risk detection capabilities. around this data backbone, insurers can be proactive and manage fraud risk. They can protect both the assets and their customers.

So we can see there how regulation. Can be used to spin gold. So Nicole, I'm going to push this back to you here. What other examples are there? What else is regulation enforcing banks to do with data that can by extension enable them to create value somewhere?

Carrillo: I think that's really interesting about what you're seeing in insurance. And I think we're seeing similar things happening in banking. I think it wouldn't be a normal day if there wasn't discussion of a new banking regulation that has come out or is about to come out or is being put out for discussion.

Some of the biggest ones that we've seen in the last couple years come around security and other risk reporting the requirement to report publicly into different regulators. When there is a potential breach, when there is a potential incident, pushing that information out, I think when that came out, many banks were really concerned about the onerous amount of information that they were not just going to have to document and process things that they'd have to document, but what that would mean when they actually went to report this data.

What we've seen so many of these banks be able to do as they've worked to comply with this regulation is better I. T. security monitoring, better detection and risks, not just within the I. T. department, but cross department.

Many departments have had to get involved in the documentation of the development of the processes in order to meet these regulations and thus more departments, more people, more functions are aware of the risks of what they should look out for, of how to be proactive about preventing these types of security incidents.

Because as we know, many security incidents that financial institutions faced are often because of the action of an employee who was unaware that something was phishing, that something was going to expose them to a potential breach by having these regulations, they've been able to, and they've had to do so much cross department and cross functional education in order to do these processes that I think it has made employees much more educated and reduce that risk of an employee led incident where they inadvertently are opening and exposing the company to risk.

So another one that I think has been really relevant that we've seen is some of these higher capitalization requirements under a lot of the different regulatory standards, we've seen different methods and different calculations and different capital level requirements coming out of not just the great recession, but some of the liquidity crisis that we saw back in 2023, more assets reporting more on your long term debt holdings.

Giving more of a reserve tranche amounts, integrating rates and the impact of that into your cashflow forecasting and unique in different ways that maybe people hadn't thought of before. We have seen banks and other financial  institutions really embracing the importance of analytics and data and being able to model and do scenario analysis.

Similar to what you are seeing, Viren, is as they've had to embrace this in order to not just understand the impact that these new requirements are going to have for them and figure out how they're going to calculate in compliance with this. They've then exposed themselves to so much data. The ability to then do different levels of profitability analysis.

Do different analysis as they think about where they should invest for growth or where maybe they should scale back because it's not necessarily providing the returns that they expected. They're able to do much more of this analysis, be more thoughtful in their business decisions for growth and for scale because they've had to do all this as part of meeting these new capitalization requirements.

So I think the takeaway is we're seeing something that's very similar between insurers and banks. One thing that I think we are seeing that's a little bit different though, I think is specific to you in the UK, Viren, related to SMCR. I know that many of our regulations that we get are often ones that follow what we're seeing in Europe first.

And so maybe you could tell us a little bit about SMCR and what you're seeing in the UK and what SMCR is in general, actually. 

Patel: Yeah, absolutely. And it is interesting because this is an employee related regulation in financial services. And generally, I think we're going to start seeing more of this now.

As you said, it's a UK regulation. The SMCR stands for Senior Managers and Certification Regime. In essence, it's about ensuring that individuals in key roles in financial services organizations are certified as fit and proper. And we're seeing these regimes being introduced in other countries, especially across Europe at the moment.

What SMCR does. What these regimes do, is reduce risk of misselling and therefore helps protect the brand and reputation as well of these financial services organizations. And these regimes require holding more data and reporting data. And that data is around employee certifications, it's licenses, it's training, as well as conduct, employee conduct as well.

So organizations can use this regulation and data to spin gold elsewhere. For example, widening it across the organization, not just in customer facing roles where employees are selling financial services. So specifically, when we think about cyber risks, this becomes important. Employees in all areas of an organization are typically the first line of defense against cyber attacks and fraud.

So financial services firms can use this regime or this approach to not only protect the firm's reputation, But to minimize the risk of data and assets being used in the wrong way. So there you go. The regime there is a compliance regime, but we can use that to broaden that and spin gold out of it. 

Carrillo: Yeah, that's really interesting.

I'm going to be curious to see how that surfaces itself in the US and other regions as the regulators compare notes and start to see the benefits that companies are pulling from this, I think that's great. So, thinking about all of that, what are the common themes that we're seeing? When we think a system is needed to efficiently respond to potential regulatory change, that can also be put to work for wider value.

What are the core capabilities that keep showing up as you see this, Viren? 

Patel: Yeah, the capabilities I'm going to refer back to what I said earlier about regulation requires capturing and holding more data. It requires organizations to do more with that data and then report it as well. So the capabilities one for me are around integrating and centralizing data to help better and faster decision making and provide a single source of truth across the whole wider organization.

Secondly, for me, it's also about improved analytics and reporting to help translate that data into business insights and alerts, which underlie more informed decisions and faster responses. That's what I'm thinking around capabilities. What are your thoughts, Nicole? 

Carrillo: When I listen to all of this, the biggest thing I hear is just improving that data sharing and collaboration.

A lot of times companies sit in multiple different silos and you have different views. Sometimes you've even the same exact information. So I think what I'm hearing is that as more regulation comes in and as companies adapt and have to pull this data in, it's gonna improve data sharing and collaboration.

I think it's gonna help keep everybody on the same page and avoid some of those conflicting views across an organization. So I think that's the way I see it, but I appreciate those other comments on the analytics and reporting as well. So let's think about this, how do we wrap up this conversation about Regulation and how do you spend gold out of this?

So if you think about it, our listeners are from organizations that are meeting the requirements of regulation, but maybe some of them just cannot see how to turn it into gold as we've been saying, because for them to be compliant, they must be able to show the data, but that's as far as it goes for some people what's missing for them, what framework do you think that they can look at in order to try to see where they can get value? Where should they start, Viren? 

Patel: Sure. Well, look, I'm from a consulting background, as I said before, and we need a framework, right? So I think of this as a data value triangle, and it's an approach, as you say, of how you can go beyond just compliance.

And if we think about the first point of this triangle, it's where an organization focuses on meeting the specific regulation and reducing risk. And which is the focus because it has to, of course, avoid penalty. So the organization is identifying regulatory data where value and insights can be disseminated to reduce risk.

Now, the next point in the triangle is about turning that regulatory reporting into business information to drive operations and processes to reduce costs and automate controls. This will lead to cost reduction and efficiency gains. And the last point of the triangle is about increasing value and revenue where the organization is reducing data silos and warehouses across the whole organization is merging data with revenue and external data to add value for group and senior management oversight across the organization.

So we've gone from regulatory to financial performance and increased revenue. Just like the IFRS 17 example I mentioned earlier and the examples that you mentioned, Nicole. And then, from that triangle, you go back to the first point on the triangle and look at the next regulation. Or an iteration over the existing regulation and use the same motion to springboard into cost reduction and efficiency gains, and then on to increasing value and revenue across the organization.

Carrillo: Yeah. I think that's interesting. We can always rely on our favorite consultants to put a framework around some of the most complex ideas. So I like that. I hadn't heard that one before. So I think in closing my last few comments, thinking about what you just said about the triangle and all the stuff that we've discussed today.

I think one of the key lessons is just not to be afraid of fast moving data in our operational systems. If we have to capture it for regulators, we have to think about it that we're capturing it for ourselves too, because the right technology can make light work out of capturing it, unifying it, standardizing it.

And putting it to work for us, not just the regulators, so that we can understand performance and understand what's around the corner and, hopefully make faster and more confident decisions. The other thing that probably comes to mind as we think about data, because that really is the underpinning of a lot of what we're talking about today is AI and ML, we can't not talk about AI and ML in the way that we think about the future for financial services.

But I think right now there's things that are around the outer edges, that as we see our data become more unified, AI and ML are going to be able to shine in not just customer facing activities, but really core back office systems, because if we get our data into one place, in order to do some of this regulatory compliance, it's then in one place for a lot of these new functionalities and technologies to be able to learn, and lift work off of our back offices. So I'm excited to, to really see how that plays out as well as one of the ultimate spinning gold out of new regulation and compliance, 

Carrillo: We've been talking about regulation and compliance in the financial services industry. Less pain, more gain with Viren Patel from Workday.

If you enjoyed what you heard today, be sure to follow us wherever you're listening and remember you can find our entire catalog at workday.com/podcast. I'm your host, Nicole Carrillo, and I hope you have a great work day.