A quick look at of some of the terminology associated with emerging technology and its application to governance, risk, and compliance. Instead of organizing this glossary alphabetically, we’ve started with the simplest terms before moving to more complex ones.
Blockchain: A storage and transfer protocol for assets that is the architectural backbone of Bitcoin and other virtual currencies. It is a decentralized, distributed digital ledger that can track any digitized asset (securities, deeds, media, intellectual property, etc.), recording and verifying transactions across a large network of computer “nodes.” The distributed nature of the system facilitates secure online transactions while ensuring that no single bad actor in the network can tamper with the rules, timing, and execution of a given transaction.
Cloud: Common vernacular for offsite, decentralized storage arrays used to park, share, retrieve, back up, and manage data. Similar to personal data storage options with increased resiliency, scalability, and security features. Data and core mission-critical systems can be managed, in a virtual desktop environment, and served, largely off-premise.
Sandboxes: Nickname for real-time production environments in which new technology can be securely put through its paces, experimented with, and pilot-tested by institutions, providers—and even regulators—while mirroring, but never directly affecting, real-time operations.
Software-as-a-service (SaaS): Subscription-based software offerings wherein all upgrades, updates, and patches are seamlessly provided by the chosen vendor. SaaS offerings stand in contrast to the more traditional “product,” in which a customer pays a one-time fee to purchase and host the software outright (but has to pay for next-generation upgrades). SaaS solutions are often hosted in the cloud.
Advanced data analytics: Also known as “Big Data,” it focuses on gathering enormous amounts of information to use for predictive analytics (where the next breach might occur, for example), and behavioral analytics (potential employee fraud, etc.). A subset of these solutions is compliance analytics, wherein data can be used to detect and predict otherwise-hidden red flags. Common applications include reviews of know-your-customer, anti-money laundering, and beneficial ownership.
Robotic process automation (RPA): The automation of repetitive tasks and business processes that mimic such mundane activities as logging into a system, entering data, viewing online data sources, and copying and pasting data across multiple media, systems, and departments. Processes automated through RPA must be rules-based and will typically only input into structured data formats, such as spreadsheets and databases. Compliance uses include combing through systems to identify data for regulatory filings and testing for compliance with company policies.
Artificial Intelligence (AI): A “suitcase term” that unifies multiple tools, it is essentially a broad way to describe machines performing narrow cognitive tasks. AI complements process automation by taking unstructured data and—beyond the capabilities of robotic process automation—putting it into a structured format. It can deal in more sophisticated data models to help enhance decision-making processes. Among the areas this technology can assist with: anti-money laundering alerts, know-your-customer data monitoring, beneficial ownership data collection, financial crimes investigation, liquidity risk management, and keeping pace with regulatory change.
Machine learning: An application of artificial intelligence. Compliance applications include enhanced monitoring for such activities as insider trading or Foreign Corrupt Practices Act red flags (by, for example, “digesting” data in related corporate databases and expense reports). Through coding and repetition, this technology can “learn” how to perform and complete specified tasks, making on-the-fly decisions and recommendations without specific programming.
Behavioral analytics: In the financial sector, it is the functionality to comb through corporate data, in-house and external communications, trade records, and other data to identify risky activities, individuals, counterparties, or other entities.
Natural language generation/processing: Subsets of the core technologies referred to as AI. They allow for programming that picks through massive legal contracts to flag concerns, reads transaction histories, automatically drafts a Suspicious Activity Report for bank compliance, and more.
Data visualization: As part of an AI approach, it is the displaying of data in more digestible visualizations (including charts and data fields) that allow, in the case of compliance, a fast and relatively easy way to analyze big data collections and unstructured data.
Vendor risk management: Not a new term or practice, but it does take on added importance in the digital era as companies can be held liable for the inaccuracies of their third-party assisted data collection and application. Better use of automation can help monitor for potential vendor risks, contract and code violations, and ensure compliance with contractual agreements and frameworks. Guidance from the Securities and Exchange Commission, Office of the Comptroller of the Currency, and Federal Reserve outline third-party and vendor requirements on the company contracting those services.
General Data Protection Regulation (GDPR): Enacted in May 2018 to harmonize rules across the European Union’s member states, GDPR’s 99 articles replace the EU’s previous Data Protection Directive from 1995 and are already having a global impact. The law makes any company—even those outside the European Union—liable so long as it offers goods or services to individuals in the European Union or if it monitors the behavior of EU citizens. Whereas the former Directive applied only to data controllers (those who collect and own the data), the GDPR jointly holds liable data processors (essentially, third-party vendors).
Cyber-security: The ability to protect and secure data. It takes on even more importance with the growing prevalence of automation and data analysis.
Regulatory technology (RegTech): Applies automation to the task of adapting procedures, policies, and controls to meet ever-evolving regulatory demands, most often those that flooded into financial institutions in the aftermath of the Financial Crisis and the Congressional remedies of the Dodd-Frank Act. Similar solutions assist with blockchain governance, business process management, and policy management.
Financial technology (FinTech): Companies using proprietary metrics and methodologies to conduct bank-like offerings and services (including non-depository lending) online, untied to traditional geographies or physical branches and, until recently, without the need of a federal charter. The Office of the Comptroller of the Currency recently authorized special-purpose charter applications.
This glossary was compiled by Staff Writer Joe Mont; Editor Jaclyn Jaeger; and contributor Anthony Dell, a compliance futurist.