Total Capture – Robotics, AI; IT Controls & Data integrity | Regulatory Insights Series #8 🔎👨🏾‍💻

Total capture: have AI and automations transformed IT controls and improved data integrity?

Data integrity and total capture of data continues to be a key focus area for auditors, firms, and the FCA – firms have, on average, invested significantly to evolve and enhance their organisational arrangements around this.

Many firms have moved away from manual process and controls, instead opting to tactically automate with the use of robotic-type technology solutions. However, firms continue to see breaches and incidents associated with data, total capture, mistreatment of data and transactions, and shortfall management and coverage impacts.

With that in mind, here are some questions we’d like you to consider:

• Are you confident that your data is whole and the resulting processing, reconciliation, and controls are applied across all relevant data?
• How does your firm attest to, evidence, and prove full capture of data?
• How confident are you that your data supports robust, resilient, and accurate CASS & Asset reconciliations and output?
• Can you rapidly analyse data and related root causes within your firms’ recorded breaches/incidents?

Automation – does efficiency outweigh risk?

Firms using third-party apps or outsourced arrangements are often further challenged with transparency and the ability to identify incidents, without the rapid response of their chosen partner in these areas.

There is no doubt moving away from manual processes and controls has demonstrable benefits for productivity and exception management, but at what cost?

In deploying tactical solutions through robotics-type functionality, firms and particularly those with outsource relationships, can experience further impenetrability and lack of sight to the underlying IT controls and governance arrangements directly linked to the associated technology deployment.

In a perfect world, automation using the tactical methods should be a force for good, but where the firm’s business continues to grow, change, and evolve – it relies on very effective change management and housekeeping, including the discipline to document, describe, and prove the mechanics of the underlying robotics and AI IT code and fully test all change to the touchpoints in practice.

Governance and transparency is then key to maintain the envisaged benefits in a changing corporate landscape.

The challenges of demonstrating total capture

Auditors and the FCA continue to ask firms to demonstrate total capture alongside their IT controls and change governance – that’s not always as simple as it sounds. Challenges include proving of the IT code, controls, and evidence, plus resilient demonstration of how well that’s monitored over time. Firms with outsource providers in place, where such processes are embedded to the provider’s generic utility type services, often find challenges with related oversight and evidence. If the outsourcer service definition doesn’t include the provision or service to deliver reporting against generic IT process code, it may not even be possible for firms to obtain insight.

So, in understanding the challenges and the tensions, one thing is clear, evidencing total capture and having robust governance of tactical IT solutions, code, and resulting output continues to be a close encounter, and for firms with outsourcers, a fragmented and difficult situation.

Breaches and incidents continue to occur and while most firms will have stringent change controls in place, it can be fraught with manual checks, enhanced oversight, and 2^nd and 3^rd line compliance monitoring and findings. This moves the effort from the process to the governance and controls spectrum – potentially negating the productivity benefits that the solutions were designed to achieve.

As firms reassess and look to strategically address the root cause of why the tactical solutions were put into place, the need for specialist reconciliations, controls and risk management toolkits, and governance remains paramount.

Embrace a smarter regulatory future with Grath

Grath can provide you with rapid deployment of a purpose-built regulatory platform, to enable you to reconcile and prove total capture, reconciling your general ledgers, and proving transactional level and balance level input to downstream reconciliations, such as CASS reconciliations, asset and custody reconciliations, cash and currency reconciliations, and more.

Using the Grath platform from a controls and risk management perspective enables you to ingest or easily create your entire risk appetite and framework with risk taxonomy, controls inventory and responsibilities, and testing. It also delivers intelligent compliance and audit monitoring – all fully aligned to your firm’s policy and standards while supporting your regulatory obligations.

For outsourcers and firms using outsource partners, we can further assist all parties in the contractual relationship and can help you strengthen multi-dimensional governance and deploy evidence to multiple stakeholders.

As standard, Grath gives you intuitive reporting, workflow, and dashboards; we store the evidence associated and audit trails to enable you to efficiently address and instantly demonstrate the associated evidence

Interested in learning more?

If you’d like to know how Grath’s technology can help future-proof your regulatory compliance and risk management process, then we’d love to talk.

For regular updates & insights, follow our Linkedin page here.