Improving compliance in financial content with a headless CMS

As financial institutions seek new revenue opportunities, they must also keep up with changing regulatory responsibilities. By adopting a content management approach known as “headless”, they can embed essential compliance procedures into their content production process to improve how they communicate with customers.

Michael Andrews

Published on Oct 12, 2020

Improving Compliance in Financial Content with a Headless CMS

Financial content must comply with a range of regulations covering product marketing and consumer rights. Content plays an important but sometimes overlooked role in the digital transformation of banking, insurance, investments, payments, and other areas of financial services. Financial institutions have focused extensively on the opportunities as well as compliance risks associated with the management of customer data. They also need to consider how their published communications should evolve to enhance both compliance oversight and efficiency.

Risks associated with poor regulatory compliance in financial content

Compliance teams sometimes operate in a silo that is separate from the work of sales, service, and product management teams developing customer-facing content. An article in American Banker notes that “product development, sales, and servicing are frequently divorced from compliance ownership. Regulatory excellence is a quality component of financial products and services and should be treated as such. But the bankers in charge of product business lines have historically avoided regulatory matters, preferring to leave such issues to the compliance experts.” 

When compliance responsibilities are separated from the rest of content operations, the risks of compliance problems or failures are heightened. These risks include both enforcement actions by regulators as well as reputational damage in the eyes of customers and investors.

While the specific applicable compliance requirements will vary by product and by country or region, some general principles apply to content pertaining to all financial products. All financial institutions have a fiduciary duty to prevent consumer harm. They must ensure that content will not be construed as predatory or deceptive marketing. An institution’s representations and omissions can be deceptive if they are misleading, would reasonably be misinterpreted, and are material. 

Common problem areas in financial content include:

  • Transparency on fees
  • Complex or unintelligible product information
  • Advice and risk disclosures
  • Cross-jurisdictional issues
  • How personal data will be handled

Recent guidance from the US Office of the Comptroller of Currency (OCC) provides an example of the expectations of regulators toward content: “Sound bank processes for marketing and disclosures typically include:

  • Communicating accurate and understandable information to customers
  • Maintaining appropriate internal controls over the development, modification, and deployment of marketing and advertising materials
  • Reviewing materials for clarity, compliance, and accuracy
  • Testing consistency among disclosures, marketing materials, sales calls, and the way operational systems function in delivering products and services”

As we can see, regulators place a priority on content accuracy, the ability of readers to understand the content, and the content’s consistency. Moreover, regulators expect financial institutions to maintain a process to deliver those outcomes. 

Compliance depends on having a solution that provides support across all phases in the content lifecycle:

  1. Planning and compliance processes (anticipating and preventing potential compliance problems)
  2. Assurance of work in process (correcting potential compliance problems before they are public)
  3. Monitoring and checking completed or published work (following up on published content to ensure it remains compliant)

How content management influences compliance

The wrong content management system can hinder an institution’s marketing and service operations’ compliance with financial regulations.

Compliance is a complex area that is constantly changing. Content management systems need to be able to accommodate and adapt to these requirements. Compared with traditional content management approaches, headless content management offers greater flexibility to deal with different process stages when developing financial content.

The right headless CMS, utilizing microservices, APIs, and cloud delivery, can be configured to address diverse and fluctuating requirements to deliver Content as a Service (CaaS). A CaaS-oriented CMS readily integrates with other IT systems, tools, and services necessary to support compliance and can be configured to fit the specific requirements of the financial institution. It employs the same basic technical perspective that’s used in Insurance as a Service (IaaS), Banking as a Service (BaaS), and similar next-generation fintech services. CaaS is an especially good fit for financial institutions that are adopting services-driven business architecture

Make sure you can respond to changes in requirements

Rules and regulations relating to financial content undergo constant change. The rapidly developing field of RegTech has emerged to help financial enterprises keep up to date with these changes. According to one analyst, RegTech enables the “power of machine-readable regulations and obligations” and can take advantage of “machine learning and other types of AI in the context of augmented intelligence—where advanced technology solutions are combined with human knowledge and professional judgment.” 

Financial institutions should not try to automate anything that’s subject to change if it is a burden to update their setup. Many web CMSs are difficult to reconfigure after they are implemented. Headless CMSs are agile in orientation and allow teams to deploy changes quickly. If content processes depend on systems other than the CMS to provide critical data or logic, financial institutions will also want to consider how quickly those can be updated.

While content compliance can’t be fully automated, technology choices in content management can reduce the need for manual processes by improving:

  1. Integration of different activities
  2. Visibility into different steps and statuses
  3. Capabilities to perform instant checks of content at scale 

Provide writers with guidelines so they understand compliance requirements

Content processes should prevent common problems before they reach compliance or legal review to reduce rework and improve efficiency. 

The first step is to set expectations about compliance requirements for writers creating marketing content. It’s important to choose a CMS that allows the financial institution to embed compliance guidelines into the authoring interface. 

The authoring interface should include the ability to present a content brief that outlines what authors need to do or consider when creating content. The brief can include a checklist of dos and don’ts associated with compliance requirements, which can be automatically included when writers begin working on a specific type of content.

When the content is structured, the authoring interface can embed guidelines for authors, which can present instructions and requirements for individual sections of the content. For example, a section that covers recommendations for customers might include detailed guidance on what the copy should and shouldn’t say. Writing guidelines can include links to references that provide more detailed information. Embedding this guidance within the authoring interface will reduce errors and improve the consistency of the copy. 

Check writing prior to legal or regulatory review

Writers should be able to identify and mitigate basic problems before their drafts reach compliance review. Where possible, they should be able to perform checks that will flag potential problems in the content they are drafting, so these can be corrected before the content proceeds further.

A simple check that can be performed within the CMS is assessing the clarity of the writing, which is especially important for content discussing procedures and obligations. API-ready tools can check if the content conforms to plain language standards, evaluating readability, vocabulary, and sentence structure. Such tools can incorporate an enterprise-specific style guide so that approved terminology is used.

A more sophisticated check will assess the text and other content using “cognitive services” to evaluate what is being discussed in the content and spot potential violations. Such services draw on machine learning, text analysis, and natural language processing to understand topics and intents associated with the text. They can be used to identify text that contains messages that are not compliant or to detect the absence of text mentioning provisions that are required. These kinds of text analyses extend the capabilities of widely used approaches such as the stop words and keywords that are applied in spam filters and content moderation tools. They are more sophisticated in that they evaluate concepts rather than simple phrases. Given the active developments in the field of RegTech, off-the-shelf API-delivered compliance monitoring services will likely become more available. For now, financial institutions may choose to develop custom tools to integrate into their CMS until comprehensive plug-and-play options are more widely on the market. Custom approaches will need piloting to validate their effectiveness in flagging potential compliance issues. 

Draw on one source of truth

Enterprises will want to avoid the common situation where teams keep “writing the same thing over and over again,” as one senior content manager at a major financial institution confided at a recent conference. They need one source of truth. A headless CMS promotes the reuse of content so that statements are created only once and used consistently.

By structuring content into modules, a headless CMS can reduce the amount of writing needed by focusing on the creation of reusable content building blocks. Financial institutions can have an approved library of statements and assets to incorporate into their content. The structuring of information and messaging into predefined, standardized parts improves efficiency and consistency. Larger content can be composed of smaller pieces that have been approved already. If any part requires revision due to either product or regulatory changes, only the part that changes will need a fresh compliance review. 

A headless CMS also facilitates the management of third-party content. Financial institutions can integrate third-party content from trusted legal and financial information providers and government regulators. In cases where the financial institution is using marketing content from other firms, they need to be able to review this content for compliance, since they are responsible for its accuracy once they publish this third-party content. Through APIs, a headless CMS can ingest third-party content for compliance review and revision if required, providing full control over externally sourced content.

Provide a unified view of workflow

Compliance review should be an integrated part of the content development process—not an activity that happens outside of it. Everyone needs to be on the same page, seeing what revisions and comments have been made. The CMS provides a repository for content used by product managers, customer experience, and sales. Some financial institutions use separate systems for compliance reviews, which creates a silo in content production. Those involved with compliance, risk assessment, and legal review also need direct access to the repository.

To remove silos in the content review process, compliance review staff should:

  1. Have access to the CMS.
  2. Find the CMS easy to use—no special training is required.
  3. Be able to communicate comments to writers and other compliance staff within the same CMS. 

A CMS that’s used by all allows everyone to understand the status of items that undergo review and track where delays occur. It will allow content operations to become more efficient at producing compliant content. 

Tag regulatory exposure using a taxonomy

The applicable regulations will depend on the country and the products. In many cases, there will be multiple laws and regulations governing a financial product. For the US banking products, for example, these may include:

  • Equal Credit Opportunities Act
  • Anti-Money Laundering/Bank Secrecy Act
  • Truth in Lending (Regulation Z)
  • Privacy of Consumer Financial Information (Regulation P)

Financial institutions need to know where statements in their content touch upon particular regulations. By structuring content according to its purpose, different kinds of statements can be tagged to indicate applicable regulations. The CMS’s content taxonomy can cover relevant laws or regulations and specific rules or sections within them. Tagging content items with such a taxonomy is especially effective when published communications follow standard structures. Institutions can use the taxonomy to indicate the regulations associated with specific content type so that writers don’t need to need to add this information manually.

Taxonomy tagging is beneficial for:

  1. Monitoring current content production
  2. Auditing published content
  3. Providing a comprehensive risk profile of consumer-facing content

Provide a preview of the content

Financial institutions have a duty to ensure that consumers will notice any statements that materially affect them. How content is presented should be consistent, and there should be no risk that staff will change designs in ways that conflict with compliance requirements. A headless CMS separates the content creation process from design decisions. This separation means that the design that presents the content will stay consistent. It removes the possibility that marketing or other staff drafting the content will also change the design in ways that could be non-compliant. 
Compliance staff will expect to see how content will appear in context to ensure it is not misleading, especially when new designs, new platforms, or new forms of content are involved. Financial institutions must ensure their disclosures are easy to notice and read. In the United States, the Federal Trade Commission has a “four Ps” standard relating to the prominence, presentation, placement, and proximity of marketing representations, omissions, acts, and practices. 

Many CMSs, both web CMSs and headless ones, don’t provide a good preview of draft content. As part of the authoring experience, a headless CMS should provide a preview of the content that can be accessed by anyone who needs to see it. offers a special feature called Web Spotlight that provides a preview of the content in its context that compliance staff can utilize. 

Provide versioning for comparison and auditing

Compliance staff also need to be able to compare how content has changed, to make sure that revisions are consistent with the compliance requirements in effect when the content is publicly available. 

The CMS should allow for the comparison of different versions of content items, highlighting the differences between them by indicating additions and deletions. It should also capture all past changes so that compliance staff can audit what content said at a given point in the past.

Schedule updates and auto-expiration

A financial institution’s content planning process should include a process for how to respond to changing financial regulations. The content calendar can capture tasks that will be necessary when changes in regulations will impact future content or content that’s been published. Product teams and compliance staff can coordinate the roadmap for product communications and regulatory changes and make sure these are scheduled. In cases involving changes that widely impact products, updates can be prepared in advance and scheduled for publication once the new rules are in effect. Some rules may require existing content to be taken down; these can be scheduled to auto-expire.

Unify your content processes

Compliance depends on the coordination of many activities and people. No single activity or solution will guarantee compliance. 

The content management system should support an end-to-end process that can supply always-current content that satisfies regulatory requirements. Marketing and customer experience staff should at all times have up-to-date and reliable messages and information to provide to customers. Compliance needs to be embedded in the content management process instead of being an activity outside of it. With the right CMS to support their creation and review processes, financial institutions can deliver appropriate content efficiently and dependably. 

Subscribe to the newsletter

Stay in the loop. Get the hottest updates while they’re fresh!