FINANCIAL SERVICES RISK AND COMPLIANCE TRENDS IN THE POST- PANDEMIC WORLD 2 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Contents

Foreword 4

Build operational resilience, and keep pace with evolving risks 5 Trend 1: Strengthen operational resilience with technology 5 Trend 2: The FCRM space is evolving dynamically 7 Trend 3: Mitigating financial risks of climate change 8

Digital to transform the risk and compliance function 11 Trend 4: Rising digital adoption in GRC 11 Trend 5: Uptake in integrated digital credit risk management solution is rising 12 Trend 6: Increasing adoption of AI capabilities to fight financial crime 14 Trend 7: Leverage cloud-based managed service offerings to combat financial crime risk 17

Continued focus on regulatory compliance 19 Trend 8: LIBOR transition remains a key priority 19 Trend 9: Continued focus on FRTB implementation 21 Trend 10: Regulatory reporting solution market is growing rapidly 23

Acronyms 26 References 29 Infosys contributors 32

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 3 Rajneesh Malviya Ashok Hegde Amit Khullar Senior Vice President, Vice President, Head, Risk and Compliance, Financial Services, Infosys Financial Services, Infosys Financial Services, Infosys Foreword

Risk and compliance within The COVID-19 outbreak has firms’ operational resilience to financial services have been compounded the operational intensify. Financial institutions will undergoing transition. After the challenges to financial institutions have to conduct comprehensive 2008 global financial crisis, and is testing their operational stress tests to demonstrate their supervisors and regulators across resilience. Many other facets of preparedness for managing the world were focused on risk and compliance, including any operational disruptions. ensuring the financial resilience credit risk management, financial Maintaining business continuity, of firms. However, the spotlight crime risk management, and mitigating cyber risks, preventing is now shifting towards the firms’ regulatory compliance and IT outages, ensuring system non-financial risks. reporting, have been impacted and data access and availability, as well. The outbreak has elevated managing IT obsolescence, Several developments are shaping the risks to banks’ loan portfolios. and strengthening third-party this shift in focus. The uptake of There has also been a spurt in risk management (TPRM) are emerging technologies such as digital financial crime including amongst the key areas that will be AI/ML and cloud is growing as phishing emails linked to the scrutinized. these bring in substantial business epidemic. The pandemic has benefits. Yet, they also create new It is highly unlikely that any new forced regulators to postpone risks and vulnerabilities. The rise in regulations will be introduced the implementation dates of key cybersecurity incidents and data over the next few months by mandates such as Basel III. breaches, the onslaught of novel global governing bodies such and sophisticated financial crimes, Climate change related risks as the BCBS or FSB. However, the rising obsolescence of legacy are a growing concern for ongoing regulatory initiatives, IT, and the growing dependence financial institutions. The year such as FRTB implementation or on third-party service providers 2019 witnessed multiple storms LIBOR transition, would continue have increased operational risks and wildfires across the globe to be on the regulators’ radar. for financial institutions. As per including the Australian bushfire, In this 2020 edition of our report, a LexisNexis study, for every and Typhoon Hagibis in Japan. we have covered some of the key dollar of fraud loss, financial Apart from their economic impact, trends in the financial services risk institutions now incur US$3.25 such events raise the financial and compliance domain that we in costs. These charges include risks for banks. believe will play out in the next investigation cost, fines and Over the next few years, we few quarters. legal fees, transaction face value, expect regulatory scrutiny of and interest.

4 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited BUILD OPERATIONAL RESILIENCE, AND KEEP PACE WITH EVOLVING RISKS

Financial institutions have intensified their focus on building operational resilience. Firms are bolstering their capabilities to effectively manage newer risks such as those related to digital technologies, cyber and data security, third-party risks, pandemics and climate change. On their part, regulators too are increasing their scrutiny of financial institutions’ operational resilience. They are broadening their earlier BCP/DR focus to include all aspects of firms’ operational and cyber resilience. Regulators are also evolving the regulations to keep up with digital crime. Further, they are encouraging firms to leverage digitization and automation to fight financial crime and strengthen their operational resilience.

Trend 1: Strengthen operational resilience with technology

Operational resilience helps resilience. Institutions are also has published its guidance financial institutions better being closely scrutinized on these on security, information and respond to and recover fronts. The agencies are also communications technology risk from disruptions of business concentrating on the operational management for banks. Despite operations, customer segments robustness of institutions and the a rise in incidents, digital is a or even the industry at large. technology they use. In the U.S., must as customer expectations Regulators and supervisory the FRB is conducting horizontal have increased. Customers now agencies, historically focused examinations to gauge financial expect “anytime-anywhere” on building financial resiliency, institutions’ operational resilience. banking, real-time processing, and now have dived their attention to omnichannel experiences without Rapid technology evolution building operational resiliency as technical glitches. and digital disruption have well. A regulatory push, increased increased the need for building Unforeseeable events such as digitization, and a need to plan for operationally robust systems. COVID-19 and natural disasters uncertain events have contributed Increased digital adoption has including climate change to institutions increasing focus on also paved the way for a rise in demand novel strategies that operational resilience. cybercrime and cybersecurity ensure operational resilience. Regulators such as the EBA, incidents. Interconnected These include strategies for BOE, FCA, PRA and FRB, are interfaces that collaborate remote workforce management, focused on building financial with third party platforms have data security assurance, managing institutions’ operational resilience, created new vulnerabilities in supply chain disruptions and in addition to their financial systems. For example, the EBA business continuity. In the

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 5 wake of the COVID-19 crisis, providers and cloud solution enhance business agility, and financial sector authorities have vendors. Financial institutions offer on-demand scalability across recommended that international are also strengthening their the group. It is offering several actions to define the operational vendors’ due diligence processes. productivity tools within Office resiliency standards should take Institutions are identifying 365 to all its employees. The group into account (a) employee safety; opportunities to collaborate is also rolling out Microsoft (b) infrastructural needs of the with providers to strengthen Managed Desktop across its critical employees to support key the providers’ risk management business — making it the world’s business services; (c) IT capacity, practices and information biggest FI to do so. scalability and flexibility; (d) sharing mechanisms. In 2019, the Bank of Canada information security and cyber launched the Canadian Financial resilience; and (e) the operational IT systems Sector Resiliency Group (CFRG) continuity of critical third-party To strengthen their IT systems’ to strengthen the operational service providers. resilience, institutions are either and cyber resilience of Canada’s retiring or replacing obsolete financial sector. Amongst other Steps to build operational legacy systems to ensure activities, the CFRG was set resilience minimal operational disruption. up to support the ongoing This involves bolstering data operational resiliency initiatives Financial institutions have been management and cybersecurity. such as benchmarking exercises undertaking the following and regular crisis simulation. Business continuity and disaster actions to strengthen their The central bank has also made recovery (BCDR) operational resilience: significant investments to Institutions are strengthening enhance its own operational Reinforcing strategic thrusts their BCDR plans by better redundancy and resilience to Institutions are revising their understanding their IT systems’ withstand major disruptions, operational resilience program to vulnerabilities and mission-critical including natural disasters and make it comprehensive, adaptable operational processes. cyber-attacks. and forward-looking. They are also strengthening the synergy Stress testing The World Federation of Exchanges (WFE), a global between their operational risk Financial institutions are focusing industry group for CCPs and management (ORM) and business on scenario analysis, threshold exchanges, has provided details of continuity management (BCM) identification, comprehensiveness measures taken by the industry to functions. This helps reinforce of tests, and response planning enhance cyber resilience during the links between key functions to strengthen the scenario- COVID-19. As per the group, such as risk, compliance, based stress testing of their several CCPs and exchanges have corporate functions and LoBs. operational resilience. These programs ensure active activated their business continuity plans to ensure their operational involvement of boards and Actions taken by financial senior management, in turn resilience. Actions taken include helping prioritize operational institutions to build mass remote working and resilience programs and related operational resilience collaboration, and third-party investment decisions. risk management measures to Lloyds Banking Group has facilitate efficient and safe trading Third party resiliency committed to invest £3 billion during the pandemic. Through the in technology. The group has WFE, these financial institutions Institutions are increasingly been working for over the past have also been collaborating and trying to understand the risks and two years to institute a digital sharing best practices to increase operational resilience of third- office program. It is leveraging operational resilience. party providers such as back- Microsoft’s cloud platform to office service providers, IT service improve operational resilience,

6 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Trend 2: The FCRM space is evolving dynamically

Recently several factors have anonymity feature of virtual FTC and SEC are focused on led to a rise in financial crimes currencies (bitcoin), etc. combating financial crime. including fraud, cyber-crime, The COVID-19 crisis has provided money laundering, trade abuse, Adoption of multitiered risk-based fraudsters with another avenue for market manipulation, terrorist approach perpetrating crime. For example, financing and tax violations. As UK’s Action Fraud has been To protect against digital per a 2020 survey, around 50% receiving thousands of reports crime, financial institutions are of the respondents said that they of phishing emails linked to the adopting a customer-centric had experienced fraud within the pandemic. Criminals have been and segmented risk-based previous 24 months. During the targeting vulnerable citizens by approach. This approach assesses same period, the reported losses acting as sellers of face masks, or the users’ digital actions across from fraud amounted to US$42 pretending to be from WHO or the multiple tiers including (1) access billion. According to research, CDC, and carrying out malware endpoint (browsing devices and globally money laundering related and phishing attacks. application used), (2) navigation, crimes cost enterprises between (3) channel and cross-channel, US$1.4 trillion and US$3.5 The financial crime risk and (4) association focus. trillion annually. management (FCRM) sphere has been evolving rapidly. Tier 1 helps secure the user’s Factors contributing to a rise in Here are some of the changes access endpoint against financial crimes being witnessed: ransomware, spyware, computer viruses, etc. Tier 2 helps identify • Increase in digital payments conspicuous suspicious volumes and the rapid Rise in regulatory expectations transactions, or malware-induced evolution of online and mobile Regulators are taking steps to actions such as uncharacteristic payments channels such as strengthen financial institutions’ navigation patterns or unusually alternative payments providers FCRM practices. For example, in rapid navigation. Tier 3 analyzes (PayPal, Google Pay, Apple Pay, Europe, EU member states must the account or user-centric Skrill, Square, Stripe), social transpose the 6th Anti-Money behavior for individual channels, applications, and electronic Laundering Directive (6AMLD) cross-channels and cross-product gift cards. into national law by December behavior of users and accounts. 3, 2020. The 6AMLD brings in • Security vulnerabilities of the Finally, Tier 4 helps to analyze significant changes such as more newer digital technologies such transaction patterns to establish stringent punishment for money as cloud, mobility, social, etc. links between the individual or laundering, and stricter measures • Rise in the execution of organization and accounts to for virtual currencies. Similarly, sophisticated crimes by discover criminal networks. in Australia, the AUSTRAC has fraudsters and fraud rings reemphasized that firms must such as advanced persistent Increase in demand for holistic trade apply enhanced customer due threat campaigns (for example surveillance solutions diligence (ECDD) in high-risk Carbanak), identity theft, situations. In the EU, MiFID II To effectively combat trade/ distributed denial-of-service mandates that all pre-, at-, and market manipulation and attacks, ransomware, SIM swap post-trade data (including voice to comply with regulatory fraud, infiltrated POS systems, and text communications) must expectations, financial institutions and man-in-the-middle fraud. be automatically linked for trade have begun leveraging holistic • New avenues for financial reconstruction within 72 hours trade surveillance solutions. crime including (a) casinos of the request. In the U.S, several These solutions provide an and online gaming zones on governmental organizations such integrated approach. They bring luxury cruise, (b) exploiting the as the CFTC, DOJ, FBI, IRS, FINRA, together market, trade, client/

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 7 trader/broker, written and voice these capabilities, solutions and advanced FCRM solutions communication, and many other can help expose connections (that leverage real-time CEP, data points to deliver a unified between events, trades and stream analytics, AI/ML, and other cross-market/cross-asset picture. communications. advanced technologies to uncover Solutions can speedily correlate crimes across digital channels); and analyze data from several Growth in forward-looking FCRM (b) partnering with fintechs and disparate sources including investments regtechs for FCRM solutions; and videos, emails, chat and text Financial institutions are making (c) forming consortiums to share messages, user/access activity FCRM related investments with relevant data and insights on logs, security logs, transactional an eye on the future. For example, financial crime. data, and social media. Utilizing they are (a) investing in integrated Trend 3: Mitigating financial risks of climate change Climate change has become Risks to financial credit risk and a decline in a global challenge with collateral value when rising social, political and economic institutions sea levels and floods damage implications to the extent that For financial institutions, climate property and result in falling it was ranked amongst the top change creates significant property prices. five risks as per a World Economic financial and non-financial risks Transition risk is related to Forum survey. Climate change- including operational, credit, the shift toward a low-carbon related calamities — such as market, legal and reputational economy to mitigate climate rising global temperatures and risks. It causes risks in the change risks. Such transition sea levels, wildfires, droughts, mortgage, lending and insurance may involve policy, regulatory, hurricanes — have had disastrous businesses, and investments market and technology changes impacts. For example, 2019 and derivatives portfolio to rise. which could create financial risks witnessed wildfires in the U.S and The 2019 bankruptcy of PG&E, for institutions. For example, Australia, and storms in Japan and California’s biggest utility firm, consider the policy changes to the Bahamas. following the wildfires, highlights reduce dependence on fossil fuel According to the World Economic the increased credit risks for banks through energy taxes, new carbon Forum, natural calamities caused from climate change. prices, or emission rules. Such global economic stress and Broadly, there are two categories policy changes would adversely damage worth US$165 billion of risks that financial institutions affect oil, coal and gas producers’ in 2018. As per estimates, global face from climate change: physical businesses. Financial institutions warming extracts an economic and transition. with exposure to such producers cost of around US$250 billion per or to carbon-intensive industries Physical risks arise from the year from the U.S alone. Climate like the power generation and physical effects of frequent risk exposure has an impact on mining industries, may witness climate-related events such as interest payments as well — over rising levels of non-performing floods, storms, droughts and the previous 10 years, developing loans. Asset values, such as of wildfires. These risks result in a countries have spent an additional stakes in coal-based power plants, heightened risk of default on loan US$40 billion in interest payment could drop. Equity markets may portfolios and a decline in asset on their debt. shake-up, for example, through values. For example, financial the reduction in fossil fuel related institutions with mortgage export value. portfolios exposed to coastal areas may witness increased

8 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Increased regulatory panel to focus on the physical and Central banks and supervisory focus on transition risks emanating from The People’s Bank of China climate change, and its financial has undertaken several steps climate change risks impact on institutions. to encourage green financial Regulators and central banks The Prudential Regulatory development. It has included around the world have started Authority and the Financial green finance in its macro- focusing on climate change- Conduct Authority created prudential assessment system related financial risks. Here are the Climate Financial Risk that offers positive incentives for few instances of how these bodies Forum (CFRF) that enables Chinese commercial banks to are taking steps to tackle climate financial institutions in the U.K increase green deposits and green change risks. to share best practices and credit stock. build intellectual capacity on Global regulatory bodies climate change-related financial Climate change The Financial Stability Board risks management. has instituted the “Task Force risk management In February 2020, the Australian considerations for on Climate-related Financial Prudential Regulation Authority Disclosures” to recommend announced that it plans to financial institutions institutions to disclose uniform, implement mandatory climate Financial institutions are clear and comparable information change-related stress tests for increasingly expected to focus on on the risks and opportunities banks, insurers and the pension integrating climate change risks that climate change presents to fund industry. Banks will need with their FRM framework, evolve their respective businesses. to assess risks on their business their scenario analysis capabilities, Federal regulatory bodies models and loan books under and make strategic calls to several climate scenarios. mitigate climate change related The Commodity Futures Trading financial risks. Commission formed a 35-member

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 9 1. Risk integration 2. Scenario analysis 3. Strategy • Treating climate change risks as • Leveraging robust scenario • Adopting long-term and firm- financial risk, and integrating analysis tools and techniques wide approaches them into the firm’s FRM • Considering both physical and • Strategically focusing on risk framework transition risk scenarios management, opportunities • Understanding the potential • Enhancing the existing exploitation, and technology impacts of physical and stress testing and scenario and data aspects transition risks of climate analysis frameworks in • Proactively collaborating with change on customers, order to accommodate the regulators, central banks and counterparties, and the peculiar nature of climate other key external stakeholders businesses they invest in change scenarios to influence regulatory and • Integrating climate change monetary policy changes risks with the underwriting and credit review processes

Measures taken by financial institutions to manage climate change risks

Many financial institutions have their greenhouse gas (GHG) projects from the end of 2021 realized the importance of discharges in line with the in its efforts to mitigate climate protecting themselves against Paris Agreement, through the change risks. the financial risks caused by Science-Based Targets initiative. The has climate change and have begun ING Group, HSBC, Societe said that it will reduce to zero taking steps to mitigate them. Generale, Credit Agricole, and the net greenhouse-gas (GHG) Here are few examples. AXA Group are among these emissions of its operations in financial institutions. In September 2019, the 2020. The bank aims to become UN and several prominent In 2019, Citigroup established “climate positive,” to capture banks unveiled the Principles a working group to integrate more carbon than it emits, for Responsible Banking. the climate change related by 2025. 130 banks together holding issues with its risk management Commonwealth Bank of US$47 trillion in assets have controls. It also released its Australia and Westpac are signed up. Through the first climate report in line with analyzing climate change- principles, financial institutions the TCFD guidelines. The bank related scenarios on their have promised to align their has partnered with its peers to portfolios. ANZ also plans to businesses with the Sustainable develop pilot models to assess focus on climate-related risk Development Goals (SDGs) and how climate change-related governance and stress testing the goals of the Paris Agreement scenarios may impact loan of its specific portfolios. on climate change. portfolio performance. Over 50 financial institutions The European Investment Bank have committed to reduce plans to stop financing fossil fuel

10 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited DIGITAL TO TRANSFORM THE RISK AND COMPLIANCE FUNCTION

Until recently, the majority of a financial institution’s digitization efforts have been focused on their customer- facing business functions. Institutions have however been slow to adopt these new-age digital technologies in their risk and compliance functions because of the significance that these functions carry. This is gradually changing, however. Recently, an increasing number of financial institutions have begun adopting advanced technologies — such as cloud, artificial intelligence, and machine learning — to enhance transparency, improve decision-making and reduce the cost of their risk and compliance management operations. Several use-cases for digital technology adoption — such as in GRC, credit risk management, and financial crime risk management — have already been executed by institutions. Many more are in the evaluation stage.

Trend 4: Rising digital adoption in GRC

As businesses become per a MarketsandMarkets report. with regulatory mandates, increasingly complex and The financial services industry holistically manage risks, and technology advances, contributes the largest share to ensure sound governance. organizations’ governance, risk this market. These digital technologies mostly management and compliance include advanced and predictive Digital adoption is expected (GRC) applications have rapidly analytics, big data, cloud, artificial to be a key driver of the eGRC evolved. The global enterprise intelligence (AI), machine learning market growth. Institutions are GRC or eGRC market is estimated (ML), natural language processing increasingly adopting digital to reach US$60.8 billion by 2025, (NLP), robotic process automation technologies in their GRC from US$32.3 billion in 2020, (RPA), and blockchain. function to effectively comply growing at a CAGR of 13.4%, as

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 11 Benefits of digital GRC to state-of-the-art containerization help institutions (a) generate and virtualization technologies, applicable requirements from financial institutions enables firms to quickly the new regulations, (b) identify Digital technologies bring deploy GRC apps — for audit suspect communications or multiple benefits to financial management, risk management, transactions based on free-form institutions. They help save costs, and corporate and regulatory text, and (c) perform extended improve productivity and increase compliance — in the cloud. due diligence via data correlation efficiency, while maintaining the The solution provides optimal of various unstructured sources. security, reliability and scalability, trust quotient. A look at how each RPA enhances the productivity and require substantially less technology positively impacts and effectiveness of the GRC investment than does traditional eGRC includes these issues. function. For example, RPA and on-premises infrastructure. The cloud model helps reduce AI are being used to automate the total cost of ownership Many machine learning the testing of controls, speed up (TCO), avoid large upfront techniques such as Markov execution, reduce operating costs, investments, and reduce capital Chain Modeling, Random Forest, and ensure that all controls have expenditure on IT infrastructure. Deep Learning are being used in been tested. The technology also This flexible model helps digital GRC. These help financial monitors the controls, collects institutions scale quickly to institutions (a) optimize enterprise GRC data from multiple sources, respond to their ever-evolving risk or regulatory models and automates manual controls, and GRC requirements. Firms don’t parameters; (b) automatically executes several GRC activities. analyze and map regulatory need to engage in a prolonged Blockchain’s immutability requirements to business IT development lifecycle. Instead, characteristic helps establish processes and controls; (c) identify the cloud providers supervise proof of process and chain emerging risk patterns including software upgrades and security of trust. This makes it apt cybersecurity and AML typologies updates. Cloud also enables for GRC activities including or the techniques used to launder continuous system availability counterparty risk management, money; (d) support sophisticated and provides robust disaster risk underwriting, and policy and risk scoring; and (e) auto- recovery capabilities. For regulatory change management. example, MetricStream’s GRC suppress false positives. Similarly, Cloud solution, which is built on AI-backed NLP capabilities Trend 5: Uptake in integrated digital credit risk management solution is rising

Over the past few years, the have not kept pace with these and are difficult to integrate with complexities of the credit developments. These systems the newer digital channels and environment have increased comprise assortments of siloed systems. Critical situations such manifold. Regulatory expectations credit scoring and decisioning as the current COVID-19 outbreak from financial institutions have that are unable to provide have further exposed the intensified too. Institutions need a holistic view to the credit weaknesses of such systems. to comply with several credit risk underwriter — regarding the Owing to these shortcomings, management related regulatory risks involved, product pricing, financial institutions have been requirements and standards such customer lifetime value and other unable to optimally manage their as Basel III, CECL and IFRS 9. key factors. These legacy systems credit risks. As a result, they are require manual intervention, Most financial institutions’ legacy facing significant financial losses involve huge maintenance cost credit risk management systems

12 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited as well as the regulators’ ire. As per Features of an integrated • Empowers data management the 10th annual EY/IIF Global Bank and governance — such as Risk Management survey, one digital credit risk reference data management, of the major risks to manage in management solution automated data quality review, the next decade will be meeting data access and security, etc. Following are some of the main customer demands for a lifetime features provided by integrated • Offers sophisticated analytics offering. To mitigate this risk, digital credit risk management capabilities that enable (a) around 60% of CROs realize that solutions: real-time risk scoring and integrated risk platforms need to credit underwriting, (b) limits • Offers seamless integration be implemented. monitoring, (c) early warning with other internal systems signals and timely alerts, An increasing number of financial such as core banking, CIS, and (d) advanced reporting institutions have begun adopting CRM, loan origination, rating and dashboards. integrated digital credit risk models, portfolio management, management solutions. For collateral management, etc. • Leverages cognitive analytics example, Next Commercial Bank and artificial intelligence (AI) • Enables a 360-degree view and (NCB), Taiwan’s first digital bank, capabilities — including ML, the generation of holistic risk has implemented Kamakura NLP and RPA technologies metrics by ingesting data from Corporation’s suite of integrated — in relevant credit risk multiple internal and external risk management solutions. management processes such sources across business lines By adopting these integrated as loan application processing, and asset classes. solutions, financial institutions credit scoring and decisioning, • Supports (a) sophisticated expect to lower their TCO, improve loan pricing, and credit pre-screening and prospecting, risk management and accelerate default prediction. and (b) enhanced portfolio decision making. management and recovery.

Examples of advanced analytics and AI/ML adoption in credit risk management Zest Finance and Experian have implemented AI-powered underwriting solutions on alternate data sources to assess borrowers’ lending ability. Lenddo profits rose nearly 54% after it used a combination of traditional and alternate data-based models on risky unbanked population. JPMorgan Chase’s COiN, a contract intelligence platform, uses ML to review 12,000 annual commercial- credit-agreements in seconds, that would have otherwise taken the bank’s staff ~360,000 hours a year to analyze.

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 13 Figure 1. Illustrative integrated credit risk management solution

KEY CREDIT RISK MANAGEMENT MACROPROCESSES

Underwriting Behavioral and portfolio Credit collection Regulatory Audit and control and pricing monitoring and compliance

Data warehouse Decisioning and analysis engine Bank’s Internal data internal systems Ratings calculation engine Customer pro le Centralized reporting Core banking system Product speci c data ML based pricing optimization Monthly MI and regulatory Treasury management performance data Automated early warning system system reporting ML based collections / recoveries models Trade nance system External data Scenario analysis Data analysis and drill downs Credit risk Credit rating bureaus Simulation engine management system Adverse media Loan origination External macro system data (extracted from reliable sources) Model risk management

Collateral and limits Collection and Credit processing system Credit rating system management system recovery system

CORE CREDIT RISK MANAGEMENT SYSTEM

Source: Infosys Trend 6: Increasing adoption of AI capabilities to fight financial crime

Financial institutions have (d) have inefficient workflow leverage AI capabilities including realized that their incumbent and require significant manual ML, RPA and NLP. Some of the legacy FCRM solutions cannot intervention; and (e) are unable leading AFC solution vendors are support their needs. These rigid to keep pace with enhanced also investing in deep learning rules-based systems: (a) lack regulatory expectations. and advanced Explainable AI (XAI) predictive abilities; (b) are unable technologies to allow the results To overcome these challenges, to manage the volume, variety from the decision engines to be financial institutions have begun and velocity of today’s threats; understandable to experts. adopting new-age anti-financial (c) are error-prone and yield crime (AFC) solutions that high number of false positives;

14 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited AI adoption use cases Here are some of the use cases of AI that financial institutions have implemented or plan to implement.

AI and ML adoption in FCRM Domain Use case 1 KYC • Remote identity pre-checks • Customer onboarding • Real-time transaction-based KYC anomaly detection • Sophisticated link analysis • Intelligent customer segmentation • Automatic KYC scoring (by scanning social media, police registers, etc.)

2 AML • Screening • Holistic transaction monitoring and analysis • Generating insights on new money laundering typologies • Investigation queues prioritization (using sophisticated AML risk scoring) • Adaptive real-time monitoring of high-risk entities (against OFAC, SDN, etc.) • Enabling true identity-matching • UBOs and PEPs identification • False positives reduction 3 Fraud • Fraud detection management • Customer screening • Transaction monitoring • Alert investigation • Link analysis • Customer segmentation • Sophisticated fraud risk scoring • False positives reduction 4 Trade and market • Holistic surveillance (by leveraging NLP to examine both the traders’ surveillance transactions and communications) • Alert scoring, forecasting and threshold analysis • Link analysis and cross-asset linked alerting • Spoofing detection • Surveillance quality control • Dynamic maintenance of the traders’ profile • In the market surveillance programs of exchanges/regulators • Predictive scoring 5 Rogue employee • Monitoring of employees’ behavioral profile patterns, communication and detection transactions to unearth collusion/fraud

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 15 RPA adoption in FCRM Domain Use case 1 KYC • Customer data setup and consolidation • Customer screening (vis-à-vis OFAC, PEP, negative news, etc.) • Customer info extraction, validation and compilation • KYC data remediation • Capture results from customer screening • Flag missing/mismatched/outdated info

2 AML • Automated alert investigation • Enable efficiency gains in alert/case management • Customer info extraction, consolidation, validation and compilation • Document analysis

3 Trade • Tasks and workflow automation surveillance • Automatic order book reconstruction, trade reconstruction and market replay

Examples of AI adoption in FCRM

HSBC has partnered with Ayasdi, platform. The solution’s machine onboarding and KYC from 20 Inc. to automate its regulatory learning capability evaluates days to just five minutes. compliance processes. HSBC thousands of probable features. Japan Exchange Regulation employs Ayasdi’s AI-based Additionally, it scores millions of (JPX-R) and Tokyo Stock solution to automate its AML online transactions in real-time, Exchange (TSE) are utilizing investigation processes. to offer actionable insights on an AI-based solution for their illegal transactions. Hong Kong Exchanges market surveillance operations. and Clearing Limited has Nasdaq has utilized machine The solution assists surveillance implemented, across its equity learning to score and rank personnel in conducting market, Nasdaq SMARTS Market customer alerts that are preliminary investigations Surveillance’s ML-based solution generated by its trade quicker. By leveraging its and the participant-relationship surveillance solutions. machine learning capabilities, discovery technology. the solution can learn the earlier , Africa’s largest operations related to evaluation Danske Bank is using Think bank, has adopted WorkFusion’s of irregularities performed by Big Analytics’ (a Teradata firm) RPA- and AI-based solution to the surveillance personnel. AI-driven fraud detection reduce the time taken for client

16 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Trend 7: Leverage cloud-based managed service offerings to combat financial crime risk

Building an anti-financial crime software-as-a-service (SaaS) AFC of ownership vis-à-vis change (AFC) infrastructure in-house offerings are making advanced management, implementation, is expensive. The costs include AFC solutions affordable at onboarding, maintenance and server maintenance (for the scale for financial institutions. support. They also helped ensure CPU-intensive FCRM processes), For example, Infosys and NICE autonomous and adaptive licensing, security patching, Actimize partnered to provide delivery, as the latest versions of software upgrades and regular end-to-end AFC solutions, AFC software are automatically updates to watchlists. Small and where Infosys offers its delivery deployed at the flexible scale medium financial institutions capabilities and enables NICE of cloud. The SaaS model aligns find it uneconomical to build Actimize’s end-to-end AFC well with a financial institution’s robust AFC solutions. Many large solutions via cloud or in an APIfication strategy to adopt open financial institutions also want on-premises environment. banking. Most often, the system to avoid the complexities integrator responsible for moving SaaS-based AFC offerings involved in managing in-house infrastructure from legacy to the are a relatively new area for AFC platforms. cloud enables a self-updating compliance solutions and help agile technology infrastructure Cloud-based models and an deliver scalable, reliable and that prevents the accumulation of increasing number of partnerships cost-effective solutions. Financial technical debt. between product companies and institutions can better manage system integrators to provide IT costs and lower their total cost

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 17 These SaaS-based AFC offerings now have been expanded to create end-to-end business outcome-based services for banks. They bring in integrated technology and business process management capabilities, packaged and offered as a subscription model. Here are a few examples of cloud-based managed services in the AFC domain:

Service Description of managed services support to various category subcategories 1 KYC-as-a- • Supports client identity and verification, and KYC screening and monitoring to Service enable quick on-boarding, and remediation and refresh of KYC policies • Enables a comprehensive single-view-of-the-customer to support identity verification, and KYC screening • Streamlines the due diligence documentation workflow, and the KYC compliance processes • Integrates legal entity information (LEI) from reliable sources across countries and languages • Provides a central KYC data pool that can be shared across financial institutions, thereby enabling (a) economies of scale and cost efficiency, and (b) a transparent and collaborative KYC data approach amongst industry participants

2 AML-as-a- • Enables customer due diligence (CDD) including customer risk rating, sanctions Service and PEP screening, enhanced due diligence (EDD), and re-screening of high- risk customers • Supports ongoing real-time AML transaction monitoring, and the associated processes such as transactions profiling, suspicious activity review, alert/case investigation workflow • Provides access to up-to-date and comprehensive AML databases including sanctions and PEP lists • Assists timely reporting such as suspicious activity report (SAR) filing, MIS reporting, etc. 3 Fraud- • Uses a multitiered risk-based approach for fraud prevention Prevention- • Supports all digital channels (including mobile and web applications) as-a-Service • Enables cognitive solution to combat various forms of fraud including phishing, malware, account takeover, social engineering scams, man-in-the-middle fraud, etc.

18 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited CONTINUED FOCUS ON REGULATORY COMPLIANCE

The implementation dates of several key regulatory mandates such as the LIBOR transition and FRTB are on the horizon. Financial institutions have been working with full intensity to make the required business, IT and operational changes to be compliant. They are also focusing on bolstering their regulatory reporting capabilities — in order to keep pace with the enhanced regulatory scrutiny of their financial and nonfinancial risks.

Trend 8: LIBOR transition remains a key priority

For years, the London Interbank decided to replace the LIBOR Risk-Free Reference Rates Working Offered Rates (LIBOR) had with more sustainable alternative Group, the COVID-19 crisis will been the reigning interbank reference rates (ARRs) in their not have an impact on the LIBOR benchmark rate used by global local currency. These ARRs include phase out date. However, the banks. Over US$400 trillion of SOFR (U.S.), SONIA (U.K), ESTER pandemic may affect interim assets (including derivatives, (Euro Area), SARON (Switzerland), milestones in the LIBOR transition. bonds, mortgages and other and TONIA (Japan). loans) referenced the LIBOR as The U.K.’s Financial Conduct of mid-2018. Authority (FCA) has decided that Yet, after global banks were it won’t compel banks to submit alleged to have indulged in LIBOR quotations after 2021. manipulation, regulatory agencies As per the FCA, BoE and Sterling

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 19 Impact of the transition Risk assessment platforms to allow trade • LoBs level detailed risk pricing, capture and execution The LIBOR transition is assessments — vis-à-vis of ARR-referencing products anticipated to be amongst the products, clients, operations, • Post-trade processing most substantial changes in processes and IT systems: Back-office systems the financial services industry, update to support booking/ affecting a wide range of • Ascertaining the amendments processing/valuation of ARR- products and market participants. required to the risk referencing products The transition will likely impact methodology and valuation nearly all business units and • Treasury and ALM systems: functions of the concerned Contracts review Improving ALM processes financial institutions — including • Analyzing the need to update including cash-flow forecasting counterparty and customer standardized contracts — for and balance sheet funding, and management, product strategy, example contracts related to ARR-referencing products contracts, financial processes, fallback clause — and to design • Reporting systems: Enhancing risk models, and IT systems. new business contracts MIS and dashboards Institutions would face significant operational, financial, legal and Transition planning Regulatory focus reputational risks. • Vis-à-vis operational processes, risk models update/ Given the magnitude and Action for financial development, controls updates, complexity of changes involved and products enhancements in the LIBOR transition, regulators institutions (cash, derivatives, linked to risk- around the world including the FSB, SEC, NYDFS, ECB and Given its huge impact, the LIBOR free reference rates (RFR), with FCA, have been monitoring the transition has become a key fallback provisions, etc.) progress that financial institutions priority for all concerned financial • Create a transition roadmap are making. This regulatory institutions. Here are the activities that includes back-book and scrutiny would likely intensify that firms have been engaged in legacy trades closer to the 2021 deadline. to be prepared: Planning for IT changes Impact assessment • Data management systems: • Identifying LIBOR exposures Sourcing data including market • Evaluating the financial and data feed and vendor data for nonfinancial impact of the new products, validation, and transition on the balance sheet, system enhancements accounting and tax treatment, • Risk management systems: ALM, contracts, currencies, Risk modeling systems jurisdictions, clients, products, • Trading systems: Retooling processes, infrastructure and and reconfiguration of IT systems

20 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Trend 9: Continued focus on FRTB implementation In January 2016, the BCBS FRTB implementation 2. P&L attribution test published new rules pertaining challenges • Financial institutions are to the market risk framework analyzing their sensitivities to for capital requirements, FRTB creates massive instrument prices and pricing known as Fundamental Review implementation complexities models that are crucial for of the Trading Book (FRTB). and cost requirements for the P&L reporting and market These rules address Basel 2.5 banking sector. Investment banks risk management. vulnerabilities related to internal and Tier 1 and Tier 2 universal • Firms are working to ensure risk transfers, under-capitalization banks with substantial capital consistency between the of trading books, and capital markets business are especially calculations utilized for arbitrage between trading and impacted. The new rules are computing sensitivities and the banking books. expected to increase the amount valuation models used by front- of risk-weighted capital that banks Through FRTB, the BCBS intends office for trading purposes. to (a) create a distinct boundary need to hold in reserve. To comply [Note: The P&L attribution test between the trading and with the FRTB requirements, helps assess the efficiency of a banking books, and minimize financial institutions must make financial institution’s internal the incentives for capital changes to their front- and back- models and checks to see if arbitrage, (b) strengthen market office functions — including relevant risks that impact the risk standards and provide a infrastructure, IT, risk, operations, portfolio are captured. In order to consistent framework for financial data sourcing, data management, leverage FRTB-IMA, each trading institutions to capitalize their and quantitative modeling. desk in the firm must individually trading activities, and (c) ensure pass this test.] that both the internal model FRTB implementation approach (FRTB-IMA) and the focus areas of financial 3. FRTB Risk Factor Eligibility standardized approach (FRTB-SA) Test (RFET) to market risk can offer reliable institutions • Financial institutions are capital outcomes. The following are some of the analyzing their existing main activities that financial COVID-19 has forced BCBS to defer risk factor analysis (RFA) institutions are focusing on: the implementation of Basel III and liquidity horizon mandates, including those related 1. Business strategy management aspects. to FRTB, from January 1, 2022 to The aim is to strengthen the • The financial implications of January 1, 2023. This extension processes related to identifying FRTB are compelling financial allows financial institutions and modellable risk factors (MRFs) institutions to consider supervisors to enhance their and non-modellable risk whether and how to reduce operational capacity to respond to factors (NMRFs) for inclusion in their trading activities, or to exit the ongoing pandemic. internal models. certain business lines. The global FRTB rules need to • Owing to the complexities [Note: To pass the RFET, a risk be adapted to each country’s involved in implementing the factor utilized by a financial local reporting standards. This internal model approach (FRTB- institution in its internal model is a challenging task. It is highly IMA), many small-sized banks must fulfil certain criteria on a likely that not all the countries (Tier 2 and below) may adopt quarterly basis. Otherwise, it will be able to adhere to the the standardized approach would be classified as NMRF. BCBS deadline. (FRTB-SA). Under FRTB, this means that

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 21 the risk factor lacks ample price [Note: The sensitivities of financial data, third party data, and data to allow internal modelling. instruments to certain risk factors global market data pools; NMRFs lead to higher capital are utilized for computing the (b) designing market data charges for financial institutions.] delta/vega/curvature risk capital sourcing strategy; and (c) requirements.] ascertaining the changes 4. Revised standardized approach required for IT and data (SA) for sensitivities-based 5. Data requirements and risk infrastructure vis-à-vis data method measures sources standardization, data • Firms are strategizing to fulfil • Effective data management lake, computational capacity the regulatory expectations and access to high-quality for FRTB calculations, etc. under FRTB’s new sensitivity data, such as on observation, factor norms such as across asset classes and identification of risk factors, trade activity are key to estimating net sensitivities successfully implement FRTB. by risk factor, and calculating Hence, institutions have weighted sensitivities. been (a) analyzing the data requirements for internal

22 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Trend 10: Regulatory reporting solution market is growing rapidly

The global regulatory reporting the various departments (such adjustments, reconciliations solutions market is estimated as accounting, finance, risk, and submission. This has led to to grow at a five-year CAGR of and business segments) and higher manpower requirement 18.7% between 2020 and 2025, systems (such as planning, and increase in costs and with the Asia-Pacific region front office, accounting, risk, reporting errors. leading the market share. In capital management, liquidity • Supporting tools such as those the Asia-Pacific region, global and treasury management). used for dashboards are not regulatory mandates such as the Note: Amidst the COVID-19 crisis, being adopted. Consequently, Basel III net-stable-funding-ratio regulators such as the U.S. SEC, financial institutions are forced (NSFR) are being implemented. the Federal Reserve, EBA, APRA, to rely on tactical tools such Regional regulators also are RBA and ABS, have provided grace as end-user computing and intensifying their regulatory periods to financial institutions spreadsheets. reporting requirements. to file certain reports such as the Given the aforementioned factors, Factors that are leading quarterly reports, FR Y-9C, FR Y-11, financial institutions have begun to the rapid growth in the call reports, Pillar-3-disclosures, adopting integrated end-to-end regulatory reporting solutions etc. Regulators also have deferred reporting platforms to manage market include the following: the announcement of several new their regulatory reporting needs. reporting obligations. These platforms are expected to Heightened expectations from the have the following features: regulators Multiple reporting standards and formats • Seamlessly integrates with and • The reporting scope, processes data from various IT complexity, volume, • The number of regulatory systems including risk, finance, frequency, and required levels reporting standards and business lines, regulatory, of disclosures and details formats have risen manifold CIS, other core systems, and have intensified. There is an and lack international calculation engines increase in ad-hoc reporting compatibility and consistency. • Leverages centralized data requirements. Also, regulators For example, reporting warehouses/lake to offer a expect institutions’ reports mandates such as MiFID II/ single source of truth (SSOT) to be accurate, complete, MiFIR, FATCA, EMIR, COREP, traceable, auditable, and FINREP require financial • Enables automated end-to-end delivered on time. institutions to submit reports regulatory reporting processes encompassing data acquisition, • Many financial institutions utilizing different standards reconciliation, aggregation and need to file hundreds of reports and formats (such as XBRL, standardization; calculation with numerous regulatory XML, CSV, FTP, MS Excel, FpML, and classification; and report agencies. For instance, for the ASCII, etc.). generation, review, approval U.S. Federal Reserve alone, and submission concerned firms need to Suboptimal legacy reporting generate several reports related systems • Provides a frictionless user to stress testing, FFIEC 101, call • Institutions lack end-to- interface and reporting tools reports, etc. end data management such as inbuilt reporting templates, template designer, • New reporting obligations, and reporting capabilities. interactive dashboards and such as those related to CCAR, Their existing reporting drill-down capabilities, and Basel and FR Y-14, require solution workflow requires various reporting formats financial institutions to significant manual gather, validate, reconcile and interventions — vis-a-vis • Offers scalable and modular synthesize data from across data sourcing, aggregation, architecture and integrated cleansing, classification, reporting governance

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 23 Here is an illustrative functional architecture of an integrated reporting platform. Figure 2. Integrated end-to-end reporting platform: Illustrative functional architecture

Data sourcing Transformation and aggregation Validation, calculations and reporting Submission

Data sources Data acquisition, GL data integration and storage (trading book, banking book) Various formats Data Account data dictionary supported (loans, deposits, balances, etc.)

Customer data Validation XBRL (name, address, TIN, etc.) Standard Staging area rules extract from (Centralized data Trading data (securities, source systems lake/data Reporting warehouse) derivatives, positions, balance, etc.) Reconciliation tool DB XML Risk data (collateral, obligor Report risk ratings, etc.) Calculations and generation adjustments MS Excel Finance data (P&L, balance sheet, Review income statement) Data models and approval Data PDF Master and reference data (market quality Electronic ratings, currency exchange rate, etc.) checks submission

External/other data (both structured and un-structured) Straight-through-processing (STP)

Data lineage | Process ow engine | Analytics engine | Big data analytics | AI tools | Calculation designer | Calculation engine | Statistical engine | Audit management | Business rules engine | Data integration engine | Adjustment framework | Security and access management | Enterprise content management | Template designer | Business rules validator | XBRL engine | Reconciliation framework | Alerts framework | Visualization engine | Interactive management dashboard | Data proler

Source: Infosys

Several financial institutions — regulatory reporting obligations. cost savings and enhances especially the small and medium- The financial institution’s end-to- their reporting flexibility and sized ones — are adopting a end reporting responsibilities and scalability. It mitigates the hosted cloud-based regulatory processes are centralized with a challenges associated with reporting as a service (RRaaS) service provider, which updates building, managing, enhancing model. According to Wolters and maintains the regulatory and monitoring the regulatory Kluwer, nearly 30% of regional reporting IT infrastructure as well. reporting infrastructure. For an financial institutions in theAsia- illustrative RRaaS model see The RRaaS model can help Pacific region plan to use cloud for Figure 3, Illustrative RRaaS model. financial institutions revamp their regulatory reporting. their reporting capabilities. The RRaaS model involves the The model provides institutions outsourcing (or co-sourcing) of with efficiency gains and

24 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Figure 3. Illustrative RRaaS model

Service provider’s responsibility Report users

Collect Transform Consume Legacy database Regulatory agencies

FI’s board members, CXOs, ERP senior management Reports Scorecards Dashboards Data pro ling Data Data ingestion Data Data modeling Data Data analytics Data Data validation Data Data enrichment Data

Social FI’s GRC teams media content processing Real-time and Batch

Data quality Data Data security assurance governance management FI’s business analysts Other sources Scalable and exible Reporting SLA and KPIs IT infrastructure tools assurance Other concerned Updates to reporting rules – as per regulatory changes stakeholders IT sta – for issue/query resolution, ad-hoc requests

Source: Infosys

Examples of RRaaS offerings Suade Labs provides Regulation-as-a-Service (RaaS) via a software platform. The platform enables financial institutions to process huge volumes of data to generate required calculations, regulatory data, and reports. The platform is fast — it takes four minutes to generate a report on 56 million rows of data. Finastra’s RRaaS solution is hosted in its private cloud. The solution gathers and inspects transaction information from banks’ own or third-party system. It allows banks to effectively handle new and changing reporting requirements such as those related to SFTR, MiFID II and EMIR.

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 25 Acronyms

6AMLD – Sixth Anti-Money Laundering Directive EBA – European Banking Authority

ABS – Australian-Bureau of Statistics EBRD – European Bank for Reconstruction and Development AFC – Anti-Financial Crime ECB – European Central Bank AI – Artificial Intelligence ECDD – Enhanced Customer Due Diligence ALM – Asset and Liability Management EMIR – European Market Infrastructure Regulation AML – Anti-Money Laundering ESTER – Euro Short-Term Rate API – Application Programming Interface EWS – Early Warning Systems APRA – Australian Prudential Regulation Authority FASB – Financial Accounting Standards Board ARRs – Alternative Reference Rates FATCA – Foreign Account Tax Compliance Act BCBS – Basel Committee on Banking Supervision FBI – Federal Bureau of Investigation BCDR – Business Continuity and Disaster Recovery FCA – Financial Conduct Authority BCM – Business Continuity Management FCRM – Financial Crime Risk Management BCP/DR – Business Continuity Planning and Disaster Recovery FFIEC – Federal Financial Institutions Examination Council BIS – Bank for International Settlements FI – Financial Institution CCAR – Comprehensive Capital Analysis and Review FINRA – Financial Industry Regulatory Authority CCP – Central Counterparty FINREP – Financial Reporting CDC – Centers for Disease Control and Prevention FpML – Financial Products Markup Language CECL – Current Expected Credit Loss Accounting Standard FRTB – Fundamental Review of the Trading Book

CEP – Complex Event Processing FRB – Federal Reserve Board

CFPB – Consumer Financial Protection Bureau FSB – Financial Stability Board

CFRG – Canadian Financial Sector Resiliency Group FTC – Federal Trade Commission

CFTC – Commodity Futures Trading Commission FTP – File Transfer Protocol

COREP – Common Reporting GRC – Governance, Risk Management, and Compliance COVID – Coronavirus Disease G-SIB – Global Systemically Important Bank CRM – Customer Relationship Management IBORs – Interbank Offered Rates DFAST – Dodd-Frank Act Stress Testing ICR – Intelligent Character Recognition DOJ – United States Department of Justice IFRS – International Financial Reporting Standards EAD – Exposure at Default

26 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited IMA – Internal Models Approach SDN – Specially Designated Nationals

IOSCO – International Organization of Securities SEC – U.S. Securities and Exchange Commission Commissions SFTR – Securities Financing Transactions Regulation IRS – Internal Revenue Service SOFR – Secured Overnight Financing Rate IT – Information Technology SONIA – Sterling Overnight Index Average KYC – Know Your Customer STP – Straight Through Processing LGD – Loss Given Default TCO – Total Cost of Ownership LIBOR – London Interbank Offered Rate TONIA – Tokyo Overnight Average Rate LOB – Line of Business TPRM – Third Party Risk Management MiFID – Markets in Financial Instruments Directive UBO – Ultimate Beneficial Owner MiFIR – Markets in Financial Instruments Regulation WEF – World Economic Forum ML – Machine Learning WFE – World Federation of Exchanges MRFs – Modellable Risk Factors WHO – World Health Organization NGFS – Network of Central Banks and Supervisors for Greening the Financial System XAI – Explainable AI

NMRFs – Non-Modellable Risk Factors XBRL – eXtensible Business Reporting Language

NLP – Natural Language Processing XML – eXtensible Markup Language

NYDFS – New York State Department of Financial Services

OCR – Optical Character Recognition

OFAC – Office of Foreign Assets Control

ORM –Operational Risk Management

PD – Probability of Default

PEP – Politically Exposed Person

PRA – Prudential Regulatory Authority

RBA – Reserve Bank of Australia

RFET – Risk Factor Eligibility Test

RPA – Robotic Process Automation

RRaaS – Regulatory Reporting as a Service

SA – Standardized Approach

SaaS – Software as a Service

SARON – Swiss Average Rate Overnight

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 27 28 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited References

Trend 1: Strengthen operational resilience with technology • https://www2.deloitte.com/content/dam/Deloitte/us/Documents/regulatory/us-banking-regulatory-outlook-2020.pdf • https://www.ey.com/en_in/banking-capital-markets/why-banks-must-view-operational-resilience-as-a-strategic-imperative • https://www.bis.org/fsi/fsibriefs2.htm • https://www.corporatecomplianceinsights.com/regulatory-supervision-operational-resilience/ • https://www.globalriskregulator.com/Subjects/Reporting-and-Governance/Preparing-for-a-testing-2020 • https://www.chasecooper.com/uncategorized/operational-resilience-why-scenario-analysis-should-be-an-essential-ingredient • https://www.finextra.com/newsarticle/35087/lloyds-goes-all-in-on-microsoft-managed-desktop • https://www.bankofcanada.ca/2018/05/strengthening-cyber-defences/ • https://www.bankofcanada.ca/2019/06/bank-of-canada-announces-partnership-improve-resilience-financial-sector/ • https://www.finextra.com/pressarticle/82668/world-federation-of-exchanges-publishes-update-on-industry-cyber-efforts-during-the- pandemic • https://www.world-exchanges.org/storage/app/media/cyber-security-in-the-age-of-covid-19-board-003.pdf

Trend 2: The FCRM space is evolving dynamically • https://www.pwc.com/gx/en/forensics/gecs-2020/pdf/global-economic-crime-and-fraud-survey-2020.pdf • https://www.actionfraud.police.uk/covid19 • https://risk.lexisnexis.com/insights-resources/research/true-cost-of-fraud-study-financial-services-and-lending-edition • https://www.ey.com/en_gl/disrupting-financial-crime • https://www.infosys.com/industries/financial-services/white-papers/Documents/new-age-efrauds-challenging-fis.pdf • https://www.finextra.com/blogposting/14485/to-truly-transform-kyc-and-aml-operations-adopt-ai-and-ml • https://www.infosys.com/industries/financial-services/white-papers/Documents/new-age-electronic-frauds.pdf • https://www.fiserv.com/en/about-fiserv/the-point/2020-trends-in-fraud-and-financial-crime-risk-management.html • https://www.riskscreen.com/kyc360/news/another-kind-of-outbreak-covid-19-as-financial-crime-threat/ • https://www.finextra.com/blogposting/17389/key-ingredients-for-implementing-successful-holistic-trade-surveillance • https://www.fatf-gafi.org/publications/fatfgeneral/documents/statement-covid-19.html • https://www.infosys.com/industries/financial-services/white-papers/Documents/robust-compliance-systems.pdf • https://www.accountantsdaily.com.au/business/13831-ey-flags-10-banking-risks-to-look-out-for • https://www.ey.com/en_cy/news/2020-press-releases/01/ey-non-financial-risks-remain-significant-for-banks • https://rdc.com/kyc-aml/blog/sixth-anti-money-laundering-directive-6amld/ • https://www.austrac.gov.au/business/how-comply-and-report-guidance-and-resources/amlctf-programs/enhanced-customer-due-dili- gence-ecdd-program

Trend 3: Mitigating financial risks of climate change • http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf • https://www.newsweek.com/rising-seas-could-cost-world-14-trillion-year-2100-1006823 • https://www.nytimes.com/2019/01/29/business/pge-bankruptcy.html • https://www.unenvironment.org/news-and-stories/press-release/130-banks-holding-usd-47-trillion-assets-commit-climate-action-and • https://www.responsible-investor.com/articles/how-can-financial-institutions-deliver-on-the-paris-agreement • https://www.finextra.com/blogposting/18548/why-financial-institutions-must-heed-the-climate-change-risks • https://www.wsj.com/articles/banks-take-first-steps-on-climate-risk-evaluations-11560538782 • https://www.dw.com/en/climate-change-eu-bank-to-stop-fossil-fuel-lending/a-51258876 • https://www.bloomberg.com/news/articles/2020-02-14/rbs-plans-to-cut-fossil-fuel-loans-be-climate-positive-by-2025 • https://www.sciencedaily.com/releases/2018/09/180924112802.htm • http://unepinquiry.org/wp-content/uploads/2018/07/Climate_Change_and_the_Cost_of_Capital_in_Developing_Countries.pdf • https://www.finextra.com/blogposting/18651/managing-climate-change-risks-key-actions-for-financial-institutions • https://www.reuters.com/article/us-australia-climatechange-banks/australia-plans-new-bank-stress-tests-to-assess-climate-change-im- pact-sources-idUSKBN2042BC

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 29 • https://www.fsb-tcfd.org/about/ • https://www.reuters.com/article/us-climate-change-market-risks/u-s-regulator-homes-in-on-climate-risks-to-u-s-markets-idUSKBN1YF2D5 • https://www.channelnewsasia.com/news/world/united-nations-fight-climate-change-covid-19-12667340 • https://in.reuters.com/article/us-australia-climatechange-banks/australia-plans-new-bank-stress-tests-to-assess-climate-change-impact- sources-idINKBN2042BC • https://www.reuters.com/article/us-usa-fed-climatechange/fed-has-a-role-in-combating-climate-change-risk-powell-says-idUSKBN1ZT031 • http://www.lse.ac.uk/GranthamInstitute/news/chinas-green-finance-strategy-much-achieved-further-to-go/ • https://www.pinsentmasons.com/out-law/analysis/financial-regulators-focus-on-climate-change-risk • https://www.bankofengland.co.uk/climate-change

Trend 4: Rising digital adoption in GRC • https://www.marketsandmarkets.com/Market-Reports/enterprise-governance-risk-compliance-market-1310.html • https://www.cxotoday.com/press-release/ai-as-a-service-big-data-rpa-to-transform-grc-within-enterprises/ • https://assets.kpmg/content/dam/kpmg/us/pdf/2020/01/integrated-grc-program-bwise-kpmg.pdf • https://www.chartis-research.com/operational-risk-and-grc/enterprise-grc-solutions-2019-market-update-and-vendor-landscape-11001 • https://www.metricstream.com/grctv/role-of-artificial-intelligence-in-GRC.htm • https://www.metricstream.com/technology/grc-cloud.ht

Trend 5: Uptake in integrated digital credit risk management solution is rising • https://www.iif.com/Portals/0/Files/content/Regulatory/11062019_iif_ey_global_risk_survey_2019.pdf • https://www.prnewswire.com/news-releases/taiwans-first-digital-bank-implements-fully-integrated-kamakura-risk-management-solu- tion-301030161.html • https://home.kpmg/xx/en/home/insights/2020/03/covid-19-financial-instruments-2b.html • https://www.mckinsey.com/industries/financial-services/our-insights/banking-matters/the-strategic-implications-of-cecl • https://www.ey.com/Publication/vwLUAssets/ey-ecl-model-of-ar-and-contract-assets-under-ifrs-en/$FILE/ey-ecl-model-of-ar-and-contract- assets-under-ifrs-en.pdf • http://www.experian.com/business-services/customer-risk-assessment.html • https://zest.ai/article/zaml-fair-our-new-ai-to-reduce-bias-in-lending • https://www.ifc.org/wps/wcm/connect/2e1c27bd-2fdd-45be-a82f-7ca00bc3ce78/session_4_florentin_lenoir_lenddo_heure_14h00.pdf?- MOD=AJPERES&CVID=lNSUUcu • https://futurism.com/an-ai-completed-360000-hours-of-finance-work-in-just-seconds

Trend 6: Increasing adoption of AI capabilities to fight financial crime • https://amlabc.com/aml-updates/aml-software/danske-bank-teradata-deploy-ai-to-monitor-fraud/ • https://www.finextra.com/blogposting/14485/to-truly-transform-kyc-and-aml-operations-adopt-ai-and-ml • https://www.globenewswire.com/news-release/2018/04/16/1471718/0/en/HKEX-Deploys-Nasdaq-SMARTS-Machine-Learning-Technolo- gy-for-Market-Surveillance.html • https://www.niceactimize.com/blog/explainable-ai-the-next-frontier-in-financial-crime-fighting-595/ • https://www.finextra.com/blogposting/16050/ai-and-ml-in-financial-services-compliance-management-use-cases-for-fis • https://www.reuters.com/article/us-hsbc-ai/hsbc-partners-with-ai-startup-to-combat-money-laundering-idUSKBN18S4M5 • https://www.finextra.com/blogposting/17389/key-ingredients-for-implementing-successful-holistic-trade-surveillance • https://www.jpx.co.jp/english/corporate/news/news-releases/0060/20180319-01.html • https://www.finextra.com/pressarticle/73470/hong-kong-stock-exchange-deploys-nasdaqs-smarts • https://www.therealizationgroup.com/portfolio/the-future-of-trade-surveillance/ • https://www.workfusion.com/customer-spotlight/standard-bank/

Trend 7: Leverage cloud-based managed service offerings to combat financial crime risk • https://www.niceactimize.com/cloud/cloud-overview/ • https://www.niceactimize.com/blog/financial-crime-managements-broken-system-is-ai-the-answer-585/ • https://www.niceactimize.com/blog/exploring-rpa-in-financial-crime-investigations-from-hype-to-reality-589/ • https://www.niceactimize.com/blog/automating-aml-is-not-a-pipe-dream-were-already-halfway-there-591/

30 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited • https://www.infosysblogs.com/cards-and-payments/2018/04/why_i_called_it_fraud_world_of.html • https://www.infosys.com/newsroom/press-releases/2020/strategic-partnership-financial-crime-solutions.html

Trend 8: LIBOR transition remains a key priority • https://www.isda.org/2018/02/01/ibor-global-benchmark-transition-roadmap-2018/ • https://www.bis.org/publ/qtrpdf/r_qt1903.pdf • https://www.pwc.ch/en/publications/2019/How-to-approach-your-LIBOR-transition-web.pdf • https://www.jdsupra.com/legalnews/the-heat-is-on-regulators-step-up-73811/ • https://www.lexology.com/library/detail.aspx?g=4d7ff561-4c78-4c0a-adfd-17b92d6211f5 • https://www.luxoft.com/blog/cbeer/ibor-transition-a-technology-perspective/ • https://www.moodysanalytics.com/regulatory-news/mar-27-20-fca-communicates-no-impact-of-covid-19-on-libor-transition-date • https://www.ey.com/en_in/ibor/how-to-address-the-legal-and-contractual-challenges-of-ibor-transition • https://assets.kpmg/content/dam/kpmg/ie/pdf/2019/07/ie-ibor-reform-transition-new-risk-free-rates.pdf

Trend 9: Continued focus on FRTB implementation • https://www.dtcc.com/-/media/Files/Downloads/WhitePapers/FRTB-White-Paper.pdf • https://iflrinsight.com/articles/325/big-banks-take-lead-in-frtb-compliance • https://www.risk.net/regulation/6830531/the-light-at-the-end-of-the-tunnel • https://mondovisione.com/media-and-resources/news/eba-publishes-final-draft-standards-on-key-areas-for-the-eu-implementation- of-th/ • https://www.icmagroup.org/Regulatory-Policy-and-Market-Practice/Secondary-Markets/secondary-markets-regulation/fundamental- review-of-the-trading-book-frtb/ • https://www.bloomberg.com/professional/blog/2022-market-risk-odyssey/

Trend 10: Regulatory reporting solution market is growing rapidly • https://www.marketwatch.com/press-release/regulatory-reporting-solutions-market-top-companies-report-covers-global-industry-break- down-share-growth-trends-and-forecasts-20202025-2020-05-15?tesla=y • https://www.infosys.com/industries/consumer-package-goods/documents/overcome-regulatory-reporting-challenges.pdf • https://www2.deloitte.com/content/dam/Deloitte/us/Documents/regulatory/us-banking-regulatory-outlook-2020.pdf • https://www.apra.gov.au/changes-to-reporting-obligations-response-to-covid-19 • https://www.finextra.com/blogposting/15134/why-regulatory-reporting-continues-to-be-an-achilles-heel-for-fis • https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/publication/2020/regulatory-reporting-covid-19.pd- f?la=en&hash=8B7DC0B5B5B0B5563ADCBE54E45FE32A5B561527 • https://www.regulationasia.com/regulatory-reporting-an-approach-for-smaller-banks/ • https://assets.kpmg/content/dam/kpmg/hu/pdf/ten-key-regulatory-challenges.pdf • http://www.wolterskluwerfs.com/onesumx/commentary/mounting-regulatory-reporting-pressure-in-Asia-Pacific.aspx • https://www.prnewswire.com/news-releases/finastra-gears-up-for-sftr-with-regulatory-reporting-as-a-service-300912383.html • https://suade.org/regtech.html

External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 31 Infosys contributors

Rajneesh Malviya Ashok Hegde Amit Khullar Senior Vice President, Financial Services Vice President, Financial Services Head, Risk and Compliance, Financial Services

Each contributor mentioned below is a consultant in the risk and compliance area.

Abhisek Bhowmik Anurag Kantak Pratik Das Anjani Kumar Navdeep Gill Mohammed Fayyaz Memon Makarand Dilip Halde Nitesh Singh Kartik Jariwala Naveen Kumar Srivastava

Producers Samad Masood Sharan Bathija Infosys Knowledge Institute Infosys Knowledge Institute London Bangalore

32 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 33 About Infosys Knowledge Institute The Infosys Knowledge Institute helps industry leaders develop a deeper understanding of business and technology trends through compelling thought leadership. Our researchers and subject matter experts provide a fact base that aids decision making on critical business and technology issues. To view our research, visit Infosys Knowledge Institute at infosys.com/IKI

34 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 35 For more information, contact [email protected]

© 2020 Infosys Limited, Bengaluru, India. All Rights Reserved. Infosys believes the information in this document is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of other companies to the trademarks, product names and such other intellectual property rights mentioned in this document. Except as expressly permitted, neither this documentation nor any part of it may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, printing, photocopying, recording or otherwise, without the prior permission of Infosys Limited and/ or any named intellectual property rights holders under this document.

Infosys.com | NYSE : INFY Stay Connected