Dr. Tom Butler Technology Centre Principal Investigator

An Enterprise Ireland

& IDA Ireland Initiative

1 1

Funded by:

A Global Perspective

Greater regulatory oversight globally since 2008

Increasingly lengthy and complex regulations

Increasingly large fines—HSBC $1.92 billion for AML, BNP Paribas $9bn

Poor qualification and quantification of risk

Inadequate compliance knowledge management and reporting

Inadequate Information Systems

Poor data Integration of heterogeneous data silos Ambiguity and imprecise data semantics Absence of a common vocabulary

2

Compliance

Banks

Board of Directors

CEO

Sales and Trading

Legal

Investment

Research

Risk Management

Audit & Compliance

IT

Operations

Data Management

Compliance

Compliance

Compliance

Compliance

Governance

Compliance

Risk

Governance

Risk

Risk

Governance

Risk

Risk Mgmt.

Risk

Governance

Front Office

Middle Office

Back Office

MIS & BI

DMS e-Com e-Bus CRM DW

BSA Dodd- Frank

CFR Rules

FINRA Rules

Basel III SOX Solvency II FATCA

Compliance

Risk

Governance

Regulators

USA

EU

Japan

U.K.

France

China

Germany

India

Semantic technologies extract meaning from text and data, including video, voice and images

Big data —requires semantic technology that makes sense out of data for humans, or automates decisions

Mature technologies based on semantic web…

Provide advanced text analytics, statistics, data mining, machine learning and knowledge management

5

Big financial institutions are using semantic technology today to better understand, manage and unlock the value of their data.

If you are dealing with complex data integration challenges, semantic technology offers a compelling solution.

CDW is dead? State Street Corp…is experimenting with semantic

databases since 2012

…information storage solutions with flexible data structures that prioritize meaning in relationships.

6

7

Semantic Repository based on the Semantics of Business Vocabulary and business Rules (SBVR)

Financial Industry Regulatory Ontology (FIRO)

Financial Industry GRC Ontology (FIGO)

FIRO

Clarifies communication within and between GRC officers, the business, and other stakeholders.

Defines data semantics and business rules that underpins the design of information systems

Reduces the business costs of the misinterpretation of regulatory rules

US Bank Secrecy Act Use Case

Helps reconcile data inconsistencies in repositories and facilitate software redesign.

8

9

FIRO is a set of related ontologies

Regulatory Change Management PoC UK MLA

Wolters Kluwer

GRC Data Virtualization Integrate GRC data silos

Basis for Compliance Knowledge Management Solutions, e.g. Wells Fargo Securities

Vocabulary for Operational Risk (VOR)

.

10

11

Research Project Content

Providers

FinTech

Companies

Professional

Services

Financial

Services

1. Regulatory Compliance

Change Management System

RCMS √ √ √ √

2. Regulatory Compliance

Interpretation Methodology

RIM √ √ √ √

3. Regulatory Compliance

Information System

RIS √ √ √ √

4. Regulatory Compliance

Knowledge Base

RKB √ √ √ √

5. Regulatory Compliance

Knowledge Management

System

RKMS √ √

6. Regulatory Compliance

Maturity Model

RMM √ √ √

The objective of this project is to provide support to; 1) Query legislation, regulations and other texts in order to identify

compliance imperatives;

2) Identify changes to existing legislation and regulation introduced by amendments to existing law or new law;

3) Enable Regulatory Compliance Change Management.

Aid GRC Executives answer questions such as:

‘What are the various obligations in an individual instrument of legislation or regulatory rule?

And…

Query unstructured legislation and regulatory texts to identify prohibitions, particular types of obligations, derogations, exemptions, exclusions, and so on.

12

The RCMS helps identify sections/paragraphs etc.

RIM ensures that they are understood unambiguously

Using the Semantics of Business Vocabulary and business Rules (SBVR) to transform such text into a Regulatory Compliance Natural Language (RCNL).

13

First module will enable SMEs to create SBVR-compliant business and regulatory vocabularies and rules

E.g. build a Regulatory Compliance Natural Language in a human and machine readable format

Java-based application and XML document store

Future modules will publish and make the vocabulary and rules accessible

14

Semantics repository containing vocabulary and rules

Licensable components in GRC application development

Ontology family modules

Persists FIRO and FIGO-based RDF/OWL components

Export Universal Resource Indicators (URIs) for business, GRC, etc. to access the knowledge base

Implemented as an XML-based document store

X-Query and SPARQL endpoints

Linked with open GRC data and standards like the Financial Industry Business Ontology (FIBO)

15

A suite of application components GRC ontology, process models and design patterns

Enable financial services organisations and GRC software vendors to develop apps Data virtualization and analysis of structured and

unstructured GRC data

Query siloed operational and GRC structured and unstructured data

Inference over data to identify previously unidentified patterns and relationships

Enable risk management and compliance reporting 16

17

GRC Data

Stores

Accounts Mortgages Loans Pensions Funds Legal Trading

Production

Data Stores

Audit Process

Planning Execution Review Reporting Issuance

Authorize start of Audit

Prepare Audit Guide

Approve Audit Guide

Prepare Announcement of Audit and Kick Off

Meeting

Execute Audit

Evaluate Control Environment and Develop Issues

Prepare Draft Audit Report

Collect Comments and Update Report

Prepare Closing Meeting

Collect Comments and Update Report

Close and Archive Audit

Documentation

Issue Audit Report

Audit Announcement

and Kick Off Meeting

Discuss and Validate Audit

Guide (optional)

Discuss and Validate Issuance

(optional)

Review Draft Audit Report

Audit Report Issuance

Review Draft Audit Report

Review Draft Audit Report and

Closing Meeting

Review Audit Report and

Sign Issuance Clearance

Form

Yes

No

Yes

No

Yes

Comments

GRC Processes,

FinTech Applications

and Audits

Load

Extract

Transform

18

GRC Data

Stores

Accounts Mortgages Loans Pensions Funds Legal Trading

Production

Data Stores

Operational/Organizational

Ontologies

Domain-Specific Ontologies

Foundational Ontologies

19

GRC Data

Stores

Accounts Mortgages Loans Pensions Funds Legal Trading

Production

Data Stores

Query Related

Data

Make Inferences

Report

Provides a means for planning GRC process improvements across an enterprise

Continuous incremental improvement following an evolutionary path through stages of increasing capability

Excel-based assessment tool

Demonstrator for web-based software application

Assessments linked to regulatory domains Integrated with RKB

20

21

Research Project Industry Collaborators

1. Regulatory Compliance Change

Management

RCMS Wolters Kluwer

2. Regulatory Compliance Interpretation

Methodology

RIM Bank of Ireland, CitiGroup

Wells Fargo, Linklaters, Object

Management Group, Stanford

Research Institute, Coherent

Knowledge Systems, Model Systems,

Business Semantics Ltd.

3. Regulatory Compliance Information

System

RIS TBD

4. Regulatory Compliance Knowledge Base RKB Bank of Ireland

CitiGroup

5. Regulatory Compliance Knowledge

Management System

RKMS TBD

6. Regulatory Compliance Maturity Model RMM Bank of Ireland, AIB, Citi, BAE Detica,

Walkers Group

22