Research

The GR3C research is founded on over 6 years of multi-disciplinary, multi-institutional research on semantic technologies to help solve problems in governance, risk and compliance in the GRC Technology Centre. GR3C researchers are now focused on leveraging significant IP generated to collaborate with industry in fostering innovations in RegTech. Two spinout companies are planned, while several industry engagements are planned.

Natural Language Processing and Machine Learning

The challenge of querying unstructured data as text is both an industry need and commercialisable value proposition. The GRC3’s research focuses on unpacking regulatory texts using NLP and ML. Dr Selja Seppala is the GR3C’s Marie Skłodowska-Curie Career-FIT Research Fellow will be applying NLP and Machine Learning in conjunction with EI client Governor Software to make the FCA Handbook and other regulatory glossaries machine readable.

The Financial Industry Regulatory Ontology (FIRO) (AI)

The Financial Industry Regulatory Ontology (FIRO) is an ontology model composed of relevant and interlinked ontologies in the financial industry regulatory domain. These interlinked ontologies are also called modules. FIRO captures regulatory vocabularies, compliance imperatives and rules based into the Description Logic-based Web-Ontology Language or OWL-DL. Basically, the objective of FIRO is to enable efficient access to, and smarter consumption of, the wide and complex spectrum of legislation and regulatory rules governing the financial industry globally. One of its major use cases is regulatory horizon scanning. Here it is proposed as FIRO+ in a RegTech Council initiative with major global banks and RegTech firms. FIRO forms the basis for our AI-based research on regulations.

Mercury Regulatory Compliance Interpretation Methodology and Mercury XML/RDF Representation Language

These innovations are currently positioned as open standards. They are commercialisation ready in the sense that all it requires is a software application to be developed around them.

The SmaRT Approach to Unpacking Regulations

Making Laws and Regulations SmaRT using RegTech (SmaRT) is an EI Commercialisation Fund projects. SmaRT’s Mercury-based regulatory natural language is expressed in Structured English (SE) according to the SBVR standard from the Object Management Group and stored in a vocabulary and rulebook. Thus, the SmaRT human- and machine-readable vocabulary and rulebook provides a standardised, scalable, and systematic approach to capturing regulatory imperatives in a knowledge base that overcomes the limitations of current ad-hoc proprietary solutions, which see financial institutions effectively ‘reinventing the wheel’ in terms of understanding regulatory imperatives, and developing related governance policies, risk management strategies, and compliance reporting solutions, whenever new legislations are published or regulations applied to the industry. SmaRT draws on our NLP research and incorporates FIRO and the Mercury Ontology enable AI over content.

SmaRT has already been tried and tested as part of the RegTech Sprint, sponsored by the UK Financial Conduct Authority (FCA) in participation with major G-SIBs and RegTech firms. The second initiative was with the RegTech Council, again with major G-SIBs. Both involved the participation of Irish RegTech companies Corlytics and Governor Software. A 6-month Pilot with the Bank of England, FCA and 8 major international banks has been in play since June 2018. These projects have evolved and major global banks based in London are now taking these to the next level. The FCA adopted SmaRT to redraft its Handbook, while Linklaters has deployed SmaRT in a pilot study. Other major law firms are now interested as a result. This research is enabling the following:

  • Regulatory agencies to perform Digital Regulation
  • Law firms to perform Digital Law & legal knowledge management
  • Financial institutions to perform Digital Regulatory Compliance and related Digital Data Governance.

Operational Risk: Financial Industry Operational Risk Ontology (FiORO)

The Financial Industry Operational Risk Ontology (FiORO) helps address several problems in financial services organisations. Briefly, its primary purpose is to enable the systematic identification, assessment, management, mitigation and regulatory compliance reporting of operational risks (OR) in a financial services organisation. As a knowledge base, it also facilitates knowledge sharing around operational risks and hence may also be used for staff training and regulatory compliance. It will ultimately contribute to the development of ‘predictive’ operational risk analytics.

A new research strand is planned on CyberRisk.

Conduct Risk Research

This research stream has generated a potential university spinout called CRedo—Conduct Risk Evaluation and Diagnostic for Organisations. This is currently being funded under the Enterprise Ireland Commercialisation Fund. The key elements that continue to draw industry attention are as follows:

  • Conduct Risk Model

The Financial Stability Board’s (FSB) recently called for a common language or taxonomy with which to manage Conduct Risk and address what many have termed the ‘Tower of Babel’ problem in dealing with this category of Operational Risk. The Conduct Risk Model covers the four primary domains of interest to regulators viz. Wholesale, Retail, Third Party and Personnel Conduct Risk. It will become clear from the discussion of the model’s architecture that the CRM meets the criteria outlined by the FSB for a taxonomic model for conduct risk. The primary use case for the CRM is that it provides a comprehensive taxonomy with which to classify, analyse, and report on conduct risk.

  • Conduct Risk Diagnostic System (CRDS)

The Conduct Risk Diagnostic System (CRDS) is currently an Excel-based prototype application that is relatively advanced in its development. The CRDS builds on the Conduct Risk Model in that it presents users with features and capabilities to diagnose, assess and model their exposures to the various categories and sub-categories of conduct risk. It is based on the Conduct Risk Survey Instrument which measures from an organisational perspective the degree of exposure to conduct risk under the various categories identified by regulators in the US and the UK-EU. The overall approach in developing this application is based on the UK HM Government’s Information Assurance Maturity Model (IAMM) and ICT Strategy Combined Assessment Model. The EDM Council’s DCAM—the Data Management Capability Assessment Model—also informs our approach.

  • Conduct Cultural Assessment Model (C-CAM)

The Conduct Cultural Assessment Model (C-CAM) helps address one of the greatest challenges facing the financial industry—that is, cultural change in conduct and across organisations. The pace of change here has been glacial, for several reasons, despite the increase in regulations and the increase in fines and penalties. One reason of this is the absence of a suitable application for comprehensively and scientifically assessing the organisational culture that is responsible for misconduct at all levels and across business lines. Regulators on both sides of the Atlantic are particularly interested in changing organisational culture where conduct of business is concerned. Thus, financial enterprises of all shapes and sizes across the industry are required to exercise due diligence in bringing about cultural change. However, they lack the means to scientifically measure or assess the dominant culture and the various sub-cultures that exist in all organisations, either in particular business units, geographical areas, or social groupings and communities of practice. I intend to build on existing studies on organisational culture such as, for examples, The Salz Report, and the GLOBE Study, and research on Risk Culture in the financial industry, and build on these using the various dimensions of the Conduct Risk Model to develop the Conduct Cultural Assessment Model or C-CAM.

ComplianceGraph: A Visual Editor for Business Governance Risk and Compliance (GRC)

ComplianceGraph addresses the core problem of how an organisation, financial or otherwise, can visualise and understand the impact of regulations on its business activities—business model, strategy, policies, functional activities, people, processes and technologies. This is a significant issue for both business and risk managers and is a need currently not being met in the marketplace.

Research on Regulatory obstacles to Financial Innovation

GR2C PI, Professor Tom Butler, is a member of the European Commission Expert Group on “Regulatory obstacles to financial innovation” (ROFIEG) and is using the R&D findings of the GRCTC research to inform the commission’s future policies on regulatory compliance and the use of semantic technologies and standards in future innovations.