FINANCE

How automation can help the financial sector meet GDPR requirements

How automation can help the financial sector meet GDPR requirements

By Venu Kannan, Chief Solutions Officer, UiPath

What a huge advance it is that the financial sector now has robots to relieve the ever-growing pressure of regulation.

Almost everyone handling or processing personal data now faces vastly increased compliance requirements once the European Union’s General Data Protection Regulation (GDPR) comes into force in May. The new rules cover the personally identifiable data of any European Union or British citizen and are very prescriptive, with penalties for infringement that could amount to four per cent of global revenue. Small wonder, then, that Fortune 500 organisations are reported to have spent $7.8 billion on GDPR so far.

More regulation than ever 

For the financial sector the challenges of GDPR come on top of the plethora of Know Your Customer (KYC) and Anti-Money Laundering regulations. It all amounts to a heavy burden made much weightier by the infamously disparate IT systems that banks and financial institutions have accumulated through the long process of mergers and acquisitions.

Without the power of automation, compliance in this landscape of multiple pitfalls would be a nightmare. Consider for example, the right to be forgotten under GDPR.  Any citizen, or their lawyer, can demand that any organisation destroys or hands over all personally identifiable data about them that it holds. This is a right that will continue indefinitely and requires constant monitoring of incoming requests.

Retrieving all that data about a single individual who may have multiple current accounts, savings accounts, mortgages, credit and debit cards is never going to be easy for a bank or insurer. Many businesses simply will not have the resources once consumers start exercising their rights under the new regulation. Compliance must be continual – it is not a once-yearly process of annual validation. An organisation must check all its data against consent and revocation databases in order to establish whether there is any right to retain it.

RPA removes the time-consuming, repetitive work 

Fortunately, robotic process automation (RPA) makes this incredible drudgery easier, faster, cheaper and more accurate than using the skills of back-office staff. The software robot becomes a vastly capable virtual compliance officer, able to penetrate into the furthest recesses of any set of disjointed systems so it can examine and retrieve information just as any skilled member of staff would, but with infinitely greater efficiency. From this tangle of sources, RPA robots can provide the single version of the truth that is required, but at a speed, scale and level of security that humans can never match.

RPA can target key aspects of GDPR compliance 

RPA can help organisations achieve two very important aspects of GDPR compliance. The first is by cleansing data – regularly purging what should not kept in a database. The second is through the automation of processes around customer consent, which is an essential requirement under GDPR. Organisations can deploy RPA to provide customers with a portal through which they can log in to obtain a unified, single view of all data referring to them. Once consent for its retention and use is obtained, the technology can monitor the use of all such data, flagging up information which is not covered.

In the event of data being used without consent, or of a security breach, RPA will automatically inform the customer, ensuring this vital aspect of GDPR compliance is achieved. Regulators view both occurrences with great seriousness and the indications are that any failure to immediately inform data-subjects of breaches will result in stiffer penalties.

Fortunately, audit and reporting are in-built into RPA, since each action undertaken by software robots is logged centrally where it can be monitored and updated in relation to new rulings or regulatory directives. Strict access controls, the integration of advanced data protection technologies and where necessary, encryption, all take security to the highest level possible.

RPA is low impact, low cost, but highly efficient 

RPA in the financial sector has already proved its worth in this field many times over. Indeed this is one of its great advantages, since robots can work on compliance functions when they are not fulfilling their other routine, but complex tasks. Being easily configurable they can be oriented to work on the data required for all the various regulations, but with minimal impact.

Compare this with the alternatives which are either resource-intensive manual processing or major IT undertakings such as master data management projects which eat up substantial amounts of cash and take a great deal of time to implement.

RPA also has one very significant advantage over technologies such as machine learning – it does not in any way alter the data, nor in the process of retrieving and presenting it, does it retain anything, which is a basic requirement of GDPR. It is mechanistic and deterministic and far more appropriate to compliance-related tasks than machine learning-based solutions. RPA is also very much at home with the kind of green-screen legacy technology that some financial institutions may still operate.

Outsourcing of RPA makes sense 

As RPA develops and the massive efficiency gains become apparent in relation to compliance, its provision will inevitably move into the outsourcing sector. This makes sense when deadlines and budgets are tight. If institutions outsource payroll and human resources, then they can access robotised compliance functions in a similar way. It is clear that outsourcers or systems integrators deploying utility platforms will broaden the scope of organisations using RPA.

Whether outsourced or on-premises, RPA is bound to play a major role in meeting the heavy demands placed on financial institutions by the regulators. It is worth considering the obligation that GDPR places on organisations to implement appropriate technical and organisational measures to achieve compliance. If, in this context, institutions neglect RPA, they risk very high costs and the devastating impact of compliance failures.

To Top