Since the global financial crisis struck in 2008, the volume of regulatory changes and announcements has increased by a staggering 492%, according to The RegTech Report from BI Intelligence.
It is no wonder that companies struggle to keep up. In banking alone, one in five executives admits to taking risks with sensitive data in order to meet regulatory demands, research from data management solutions provider Delphix shows.
The regulatory and reporting burden is going to get heavier too. Brexit is likely to trigger changes to existing rules and regulations, as well as generate a raft of new ones. It makes for fertile ground for the emerging regtech solutions providers.
Imran Gulamhuseinwala, EY’s global fintech leader and author of the report Innovating with RegTech, says: ‘More stringent requirements within increasingly dense data landscapes and the rapidly evolving fintech sector have led firms, technology providers and regulators to focus on new technologies to meet regulatory challenges, with the objective to drive down costs, yield efficiencies and disrupt the norm of conventional regulatory compliance.’
The Financial Conduct Authority (FCA) has recently stated it intends to encourage and support the development and use of these innovative technologies. In fact, the financial services regulator’s 2016/17 business plan states that regtech will be crucial to enabling more efficient and effective regulation and compliance. ‘Both the FCA and Prudential Regulation Authority emphasise the importance of using tools and systems to identify, establish and monitor mandatory controls that should be inherent in the future,’ says Gulamhuseinwala.
Regtech vs legacy tech
Regtech solutions aim to help businesses satisfy regulatory requirements in a more streamlined and effective way than their existing capabilities will allow them to.
‘The key difference between traditional compliance solutions versus the regtech solutions is agility,’ says Lory Kehoe, director in Deloitte Ireland’s financial services consulting practice and author of RegTech Is The New FinTech report. ‘While traditional solutions are robust and designed to deliver on your specified and “locked down” requirements, they can be inflexible and may require development or reconfiguration for enhancements or changes.
‘Also, the traditional incumbent vendors’ commercial models are typically aligned to multiple module purchases, meaning that the full benefits of a solution will only be realised when using multiple modules or bolt-ons of the preferred platform.’
‘The objective is to drive down costs, yield efficiencies and disrupt the norm of conventional regulatory compliance’
Regtech solutions, on the other hand, are cloud-based and scalable, can be deployed remotely, and offer to solve a specific problem. ‘They can elicit clean, accurate, secure and timely data that can be sliced, diced and scrutinised in whatever format the regulator or other stakeholders require,’ says Kehoe. ‘This is a very pertinent technological advancement, especially when considering the financial services sector’s heavy reliance on legacy-based systems, some dating back to the 1960s. It’s estimated that in 2014 banks in Europe spent €55bn on IT. However, only €9bn of this was spent on new systems; the balance was used to bolt on more systems to the antiquated existing technologies and simply keep the old technology going.’
Is the old technology destined to bite the dust, then? ‘Companies can move away from rigid enterprise risk management systems once the adopted regtech solutions are stable,’ Gulamhuseinwala says.
Tools and benefits
Regtech automates regulatory compliance – for example, through the use of robotics to perform routine monitoring and testing, thereby driving down compliance costs.
‘In a process like customer onboarding where costs have risen significantly, the application of regtech can identify and augment critical data through the use of advanced analytics,’ says John Harvie, director at global risk and compliance consultancy Protiviti. ‘It can remove manual checking and reduce the need for the application of human judgment.’
Regtech can also enable the capture of compliance breaches. Harvie says: ‘In advice-based investment, for example, advice is often recorded and physically reviewed by first and second-line oversight functions, which is a time-consuming and very imperfect process that can only capture a small sample of compliance breaches. However, there’s a regtech solution that records and analyses the conversation in near real-time, automatically identifying breaches.’
Regtech solutions are also gradually being deployed across the industry to help prevent fraud. EY’s 2016 global fraud survey found that since employees are reluctant to raise concerns, company data can act as the key to identifying instances of potential misconduct. Yet currently only 50% of the fraud survey respondents use specialist monitoring software – whether in the form of traditional or innovative fraud detection tools – to identify fraud risks. Gulamhuseinwala says: ‘Current regtech fraud prevention solutions can identify gaps, issues and trends in financial crime, while future solutions will be orientated to behavioural profiling and behaviour-driven risks to indicate potential misconduct.’
Kehoe admits that regtech is not a panacea for all compliance and risk challenges, given the importance of subjectivity and the numerous other factors that must be considered. ‘However, it works well for heavily quant-based obligations, information-based obligations, risk identification and management tools,’ he says.
In the longer term, regtech is also expected to allow seamless submissions to regulators. ‘Future regtech platforms will also be used to interpret regulations, including upcoming changes, but a key challenge is to first build a converged regulatory risk and controls management framework,’ adds Gulamhuseinwala.
When businesses are considering an investment in regtech, Kehoe recommends that they first review their existing compliance risks and requirements as well as their existing regulatory technology. ‘Don’t discount the capabilities of powerful solutions, which have been proven to overcome operational challenges,’ he says. They should also have a clear understanding of any upcoming regulatory and reporting requirements that will impact their business.
Against this background, businesses should then identify areas that could benefit from regtech solutions, such as the automation of controls or the capture of more meaningful management information from big data. ‘Next, they should assess the impact of implementing a regtech solution – for example, the impact of integration across a number of legacy systems – evaluate any cultural and infrastructure challenges, and determine if they have skilled resources to test, pilot, deliver and manage change,’ Gulamhuseinwala says. ‘They should also discuss their plans to embed regtech solutions with the regulator.’
There is also the question of which specific regtech solution to choose, bearing in mind this is a rapidly evolving area. ‘The world of artificial intelligence and analytics around which much of regtech revolves is changing fast, and new architectural models are being developed all the time,’ says Harvie. ‘For example, there’s now a move away from apps to bots, which will in turn interact with other bots to create a new ecosystem. Providers are getting much more adept at integration, but organisations need to be careful to choose the technology that will work best for their business.’