Robotic Process Automation for Risk and Compliance

Ajay Katara , Zeeshan Rashid


March 20, 2018

Robotic process automation (RPA), a new technology that uses software “robots” to mimic human behavior and automate certain business processes, has been trending across industries as a new way to drive cost efficiencies, and reduce manual efforts and remediation efforts. Because they have a relatively large amount of manual, repetitive processes, often governed by regulatory and audit requirements, banks, in particular, have been quicker to adopt the technology. The risk and compliance function, which is constantly grappling with meeting stricter compliances and tighter deadlines, has also started looking at RPA to increase efficiencies. There are, however, challenges to consider challenges when deciding to adopt efficiently leverage RPA.

Assessment and Qualification Criteria for RPA
RPA is best suited for processes which are low on exception, documented, manual and repetitive in nature. Generally, banks define or adopt an RPA assessment framework for choosing and identifying the right candidates for the technology. These accelerators are detail out the entire process, efforts involved and also the potential return on investments that will be realized after an RPA implementation.

Some of the key qualifying criteria are:

  • Rule based. In the near term, RPA is ideally suited for rule based tasks like copying and pasting data, comparing data, and moving data from one system to another system. Emerging cognitive RPA concepts incorporate machine-learning techniques.

  • Structured inputs. RPA can understand and process the structured data given in a particular format like Excel. Currently it is not advanced enough to understand unstructured inputs.

  • Low exceptions. RPA is most beneficial for standardized processes that have a minimal number of exceptions or variations.

  • Stability of the process and underlying applications. Stability of the underlying process and the applications are a key factor to be considered when implementing RPA systems.

Key Risk and Compliance Use Cases
Risk and compliance RPA adoption can be primarily seen in the areas of risk monitoring, risk controls and risk reporting. The specific use cases that are currently seeing a lot of RPA adoption across banks include:

  • AML alert investigation. Most aspects of the processes for researching and resolving anti-money laundering alerts are manual or semi-automated in nature and are therefore conducive for RPA.

  • KYC onboarding. During the know-your-customer onboarding process, connecting disparate data from many internal systems and external sources is a challenging task. This is another area where RPA can be effective. For example, these robots can collect and retrieve data from regulatory agencies such as the SEC and law enforcement agencies like the FBI and Interpol and support the onboarding process. Some banks have implemented RPA on KYC process like document gathering and validation.

  • Internal and external reporting. In many banks, the process of data gathering and creating internal and external regulatory reports is very manual in nature. Daily liquidity coverage reports and delinquency reports, for example, are often prepared manually in banks and can be automated through RPA.

  • Limit management. In the limit management process, the limit breaches or violations are reviewed and closed by risk officers. As the resolution involves manual assimilation of data from many sources and manual analysis to arrive at decisions, cognitive RPA solutions can help in the limit management process through the use of RPA for data assimilation and machine-learning techniques to help with the decision-making process.

  • Reconciliation. Reconciliations occur at many levels in banking and also form a key precursor in internal and external management information reporting. Most of the processes in the reconciliation process especially in the area of data gathering and preparation are manual in nature and are potential applications for RPA.

  • Stress testing. Comprehensive capital analysis and review (CCAR) stress testing processes involve the aggregation/netting of multiple lines of business revenue and expenses for reporting and forecasting. Line items in FRY 14 reports need to be forecasted based on the economic variables provided by the Federal Reserve. Most of the processes involved in reporting and forecasting are typically manual making a good candidate for RPA

Taking a Cautious Approach
While the expectations are high for RPA adoption in risk and compliance functions, there are certain uncertainties that are making banks tread with caution before fully adopting the technology. For example, the lack of formal or defined requirements from regulators on use of RPA technology for automation and the fact that many banks still have manual processes that are not very well documented or stable is a concern. In addition, many banks are still in the process of putting in place an enterprise-wide RPA adoption and a governance framework.

In terms of current adoption levels, banks are still in early stages of RPA adoption, as the technology is still evolving. Current strategy is mostly revolving around implementation of point-based RPA solutions and this is expected to continue until the concept becomes stable with proven benefits for risk and compliance. Though banks are running large number of proof of concept scenarios, the conversion into actual production cases is only about 20%. Going forward, we expect banks to take a more measured approach. As point-based solutions will be effective only in the near term, integration with natural language processing techniques and machine-learning solutions will likely accelerate RPA adoption in the future.
Ajay Katara is a domain consultant with the risk management practice of the banking and financial services (BFS) business unit at Tata Consultancy Services. He currently leads the BFS risk practice’s portfolio on regulations and robotics process automation.
Zeeshan Rashid heads the risk and compliance practice in the United Kingdom and Europe at Tata Consultancy Services.