Evidology Systems “QED” platform provides the missing sustainable data linkage between regulatory texts, standards and policies, control frameworks and the artefacts produced by organisations that need to demonstrate compliance. Their linkage can operate in real-time and react to changes both from the regulator and regulated sides of the fence. Below is our recent interview with Rupert Brown, CTO and founder of Evidology Systems:
Q: You say Evidology is a second generation RegTech solution, why is that?
A: We are not reusing or repackaging existing technologies/methodologies such as Workflow or Big Data or pretending that the answer is a “digital transformation programme” or “driving a cultural change agenda”. Many so-called regtech solutions in the marketplace, that we have encountered, are rather marginal improvements to existing processes or in some cases just brighter lipstick on a pig.
Q: Is Evidology unique?
A: We believe so – all of our “critical friends” across the banking, engineering, security and defence sectors state they have not seen anything similar and enthusiastically support the basic premise of the product.
Q: What do you do that is different?
A: We provide a visual structural metaphor that defines a sustainable argument for compliance and organisational accountability rather than producing a fog of weakly linked text paragraphs or a “smart” marketing style slide deck intended to camouflage real business issues.
Q: What advantages do you provide to clients?
A: We believe the visual metaphor we use is easier for clients to understand – (“Lego, not Lawyers”) and that we can visually show “3 Lines of defence” rather than talk about them as an abstract construct.
Our models also have deterministic behaviour and provide quantitative measures of risk based on their structure rather than so-called “opinion”.
Q: What do you think are the reasons for so many businesses failing compliance?
A: The most common one is “what can you get away with” – it is perceived to be cheaper to pay lawyers to firefight.
Another is not understanding that most principles-based regulations are technology agnostic and believing that just having bought the “right stuff” is all that is needed rather than checking the design, configuration and operational requirements.
Q: Are firms unaware of the implications of regulatory requirements or is the technology available failing?
A: GDPR has focussed minds on the implications of failure because the sanctions available to the regulator are both draconian and quantified in the regulation rather than the “plea bargaining” that has occurred in some other major high profile compliance cases e.g. HSBC’s Money Laundering case in Mexico. The notion of “tech” being a magic bullet on its own is sadly still pervasive and there is a tendency to forget the old adage that a fool with a tool is still a fool.
Q: How does QED work and why is it different?
A: QED is founded on the philosophy of “Argumentation” dating back to the Ancient Greeks and then evolved by a number of leading laywers in the 1930s and 1950’s. QED does not rely on tech for tech’s sake – we have recently seen the Blockchain hype bubble burst and we expect a similar fate for AI/NLP in our marketplace because the discovery/reasoning toolsets do not have enough contextual data to make reliable recommendations when applied to principles-based regulations rather than well-specified, product-based ones.
Q: What is the business impact you foresee QED will be making in the regulatory space?
A: We hope that it will be a major catalyst for transforming the current tech marketplace, which is little more than an archipelago of isolated products into a series of interconnected real-time high volume supply chains much like the evolution of the reference data industry in Financial Services over the past 30 years.
Q: How can these principles be applied to different industries and regulations?
A: At its heart, QED is agnostic to industry sectors or regulatory/standards bodies.
Q: Why did you launch QED now? Do you believe it is a turning point for the industry?
A: Whilst GDPR was probably our primary catalyst for breaking cover, much of the development of the product was based on experiences in trying to govern design and operational deployment challenges in Financial Services IT prior to and after the crash of 2008. We now are attracting significant interest from the UAV and Autonomous Vehicle space where a complex set of standards/regulations are being evolved to ensure personal safety rather than financial security
Q: You mentioned your “Argumentation Engine”, can you explain what you mean by this?
A: At the heart of a product is both a portable & scaleable data model that is versionable and journaled to track changes within itself. We also have a number of input and output translation tools to generate Business Process and Completeness/Constraint Analysis models (e.g. segregation of duties). Finally, we have a suite of statistical analysis functions that quantitively analyse the model to advise users on complexity/effort/risk of particular compliance approaches.