Since the 2008 financial crisis, regulators around the world have been reshaping the financial environment. Each year, compliance to the new set of rules leads to rising costs, and can be a burden to small and big players. RegTechs offer fully developed solutions to handle the requirements and help transform the regulations into opportunities.
The current regulatory environment is propitious for Regtech development, with more and more institutions facing tougher requirements each year on KYC, AML, reporting… The list is getting long and the budgetary impacts significant. In these tough times and with the support of regulators, Regtechs try to bring some fresh air thanks to their innovative solutions. Yet, changing things doesn’t come without its challenges, developing an innovative solution isn’t a walk in the park and implementing one may be a source of trouble too.
Compliance costs over the years
The number of individual regulatory changes has more than tripled in 5 years, reaching an average of more than 200 per day, according to a note by the Boston Consulting Group. The reasons for such an increase are various but well known, AIFMD, BASEL III… The pace at which these regulations are defined and enforced has been quickened since the last financial crisis, and complying to each new requirement is no easy task.
It is in these conditions that the adaptability of financial institutions has been live-tested, and the result isn’t always pretty : On KYC alone, a survey conducted by Thomson Reuters revealed that the average annual spending by financial institutions is above €50m. Meanwhile, another study by HIS Markit and Expand show that top Investment Banks & Asset Managers are expected to spend over $2bn in 2017 to meet MiFID II’s guidelines alone.
There exist a couple of catalysts among each entity that “help” reaching these heights :
– An outdated legacy IT system which may not provide the required flexibility, therefore considerably increasing the evolution cost for new required functionalities. Although, new major regulations such as MiFID II may only have quicken the already planned migration to a new system, artificially rising the cost of compliance.
– A lack of skilled compliance officer available to work on each topic, these resources can prove to be rare and as such, very costly.
– A very diversified offer of services, some specific offers may be targeted to very few clients and have to be reconsidered due to the new requirements, therefore impacting both the analysis cost and the turnover.
In order to limit compliance costs and given the process and system constraints, the solution often appear in the form of wobbly workarounds and manually done tasks. And this is exactly why Regtechs exist, to offer an alternative solution for every player.
RegTechs in a nutshell
A subcategory of Fintechs or a close cousin, Regtechs (Regulatory Technology) try to make the best use of our current technology to bring innovative solutions to regulatory compliance burdens.
Acknowledging the current situation, Regtechs offer ready-to-use solutions. Being cloud-based, agile and already fully developed, they often appear as a much better, cheaper and faster way of dealing with regulatory requirements than upgrading an outdated legacy system. The safety of these solutions is also guaranteed through data encryption, adding to the benefits in the balance.
There are more than 100 entities that are classified as Regtechs, and we can (arbitrarily) split them into 5 categories :
Regtechs, not Fintechs
We can underline two mains differences between Regtechs and traditional Fintechs :
– The scope: Regtechs target a much wider scope than Fintechs. Their offers are most of the time targeted at financial institutions, but non-financial companies often face the same challenges and can therefore benefit from these innovative solutions. Some Regtechs also directly target non-financial companies, for instance Ayasdi which developed a machine learning platform destined for financial institutions, pharmaceutical entities and governments.
– The business model: Unlike Fintechs, Regtechs don’t aim to compete, they try to find new ways of solving resurging old compliance issues. By replacing/transforming cost centers, Regtechs allow their clients to focus on their real business model.
Sponsored by authorities
Regtechs have been around for more than two decades, but have come under the spotlight only recently thanks to the sponsoring of a major actor in 2014, the UK Financial Conduct Authority (FCA).
Through project Innovate (oct. 2014) and the debut of its Regulatory sandbox in 2016, the FCA supported the development of hundreds of firms.
It started a positive trend among regulators around the world, now many of them have launched a similar project, such as the Monetary Authority of Singapore (MAS), the Australian Securities and Investment Commission (ASIC) or the Hong Kong Monetary Authority (HKMA).
The trend doesn’t seem to be on the downfall either, as earlier this year the Canadian Securities Administrators (CSA) announced the launch of a Regulatory Sandbox Initiative.
Of course this sponsoring isn’t selfless, regulators have a lot to gain from the emergence of Regtechs, especially in terms of transparency and monitoring. Indeed, helping the FIs better manage their compliance duty is always a good thing, but it’s even better when it means getting real-time access to the entity reporting information. Some Regtechs, like Vizor, even developed solutions targeted for Regulators, performing data analysis, compliance checks and allowing an extensive automation of the current process.
Tremendous challenges to overcome
This sponsoring by authorities is particularly welcomed considering the tremendous challenges that Regtechs must overcome :
– Overwhelming regulatory complexity
In only 6 years, more than 50.000 regulatory documents have been published7. Considering this, it can become tricky to build solutions without having its own army of compliance officers.
– Unrealistic timelines
Taking a look at the current EU regulatory framework, we can see that it’s all but simple. Regulations are being defined and applied by different bodies, each of them choosing their own timeline. As a consequence timelines are overlapping, and even often differ from one country to another for the same regulation. On top of that, there are regional specificities that will toughen again the work of Regtech who sight on selling their product on a global scale.
– No governing body
This freedom that results may be seen a bliss as it can boost innovation and simplify developments, yet it also has its downside. Standards often turn out to be very handy when it comes to managing risks, increasing credibility through certification and building up synergies. Right now, Regtechs can be seen as a diverse community of entrepreneurs solving regulatory issues, but with each of them working on a different desk and on a different level, leading to a lack of cooperation and increased implementation costs.
– A new threat: IBM Watson
IBM acquired Promontory Financial Group on September 29th 2016, and plan on using Promontory’s 600 regulatory professionals to improve Watson, its signature artificial intelligence program. Already well-known and trusted, It will now be trained on risk and regulation management. In other words and if successful, Watson will be able to fully automate compliance, offering an end-to-end solution that would be particularly appealing for international financial institutions. It will be tougher then, for the current Regtech community, to persist with its fragmented offer and limited acknowledgement.
A world of solutions
Despite all these challenges many RegTechs managed to come out of the woods, and over the years they successfully proved their ability to develop revolutionary offers. May they appear as quick wins or long lasting solutions, they began to reshape the way compliance can, could and even should be done.
Handling big data, and even more
Big data management and analysis is of course one of the core topics for Regtechs, so it’s no wonder that many interesting solutions can be found. Starting with the data consolidation issue, especially in a time of ever-growing reporting needs, we find AssetLogic which platform offer an efficient and secured way to manage your fund data.
There exist interesting partnerships between some Regtechs too, Cloudera and Privitar for instance, one offering an end-to-end management and analysis of your data, while the other ensure the privacy in the process. But big data analysis isn’t limited to the company’s own inventory, it goes well beyond with predictive analytics and that’s exactly what AlgoDynamix offers.
Last but not least, there are some that also perform behavioral modeling. A couple of Regtechs surf on this wave, among which Behavox, whose platform detects rogue activity and simplify the investigations by holding activity logs.
The end of reactive compliance
We tend to suffer from new requirements, and that’s due to the vicious circle of reactive compliance. How may one transform regulations into opportunities when he hardly complies in due time ? Well, that’s where Regtechs show their true potential, preparing the ground, reacting quickly to new requirements and even anticipating them.
While some solutions like Trulioo or Helm allow you to automate tasks done by compliance teams, such as ID/AML checks and regulatory watch, others such as Suade fully reshape the approach with a continuous monitoring of your compliance status. But Suade’s offer goes even further as to help ensure a cost-efficient compliance move, and conduct analysis to finally adopt a pro-active attitude towards regulations.
A lifebelt for small organizations
As regulations grow, small players may find it hard to meet every new requirements, eventually giving up their independence and merging/being acquired to reach a critical size where fixed and variable cost of compliance can be digested. Thanks to their integrated and adaptive offers, Regtechs offer ways to considerably reduce the “critical size” for those struggling to comply.
…And a first step into Blockchain
Blockchain technology is very promising, with its reduced costs, transparency and optimized processes. But its business-wide application can hardly be envisioned within the next 5 years.
Yet, some Regtechs such as GECKO Governance or Coinfirm already offer means of profiting from this new technology. May it be to manage more efficiently your portfolio of investment fund’s regulatory & compliance requirements, or to bring transparency and security to Blockchain transactions, the niche usage of Blockchain can surely assist you in your daily management.
Implementing a Regtech solution
Regtechs are true toolkits, allowing firms to do business more efficiently and in compliance with the different regulations. As you know, It’s always better to work with tools than without, but shiny tools can quickly become useless if not used properly.
The first steps, picking your Regtech
I hope that through what you’ve read so far, you’ve got the general idea on the topics covered by Regtechs. In that case, you can begin by defining the two following parameters :
1. Know your pain points and inefficient processes
Collecting feedbacks from your teams and analyzing your processes will simplify your search as it will give you a clear improvement target.
2. Know your limits
Is your budget limited? Are you looking for quick wins or for a more disruptive solution? You’ll find it all on the market, yet you still need to decide how far you’re willing to go.
Building the business case
Even when everyone feels it’s a good idea, it has to come down to numbers, and that’s where the trouble can begin. Indeed Regtechs won’t be an exception, their solutions will have to go through that step before being adopted.
By looking at the offers and their impacts, we can identify two types of Regtechs solutions:
– The quick wins
These solutions can be easily implemented and offer a direct visible added value to your business, the operational impact being limited to the scope and with minimum development required. It can be for instance a manual process being automated like identity & AML checks.
– The disruptive ones
Consisting of mid-long term solutions, their added-value is obvious but the profits aren’t near due to the initial implementation cost. They can completely reshape your processes, thus their operational impact is huge and the human resources impact significant. Implementing these solutions will therefore require an in-depth analysis and a full project management.
We may be tempted to go only for the first kind then, but limiting ourselves to quick wins would considerably reduce the intervention scope and therefore the potential gains. Also, if we start cumulating quick wins through different Regtechs – which I should remind don’t follow standards – it may even create an even more complex and inflexible system.
Acknowledging specific risks
Assessing the risks is a usual part of the business case process, but in this one it can be a bit more tricky due to some inherent risks of Regtechs:
– Data privacy in the Cloud
With new regulations such as GDPR, automating collection and analysis of personal data may violate the rules. This risk especially appear when the entity covers multiple jurisdiction, and when its processes are fragmented between an in house system and a Regtech solution. It must therefore be closely monitored.
– Concentration risk and the magnification of failures
Relying on a cloud-based solution to manage your data, especially compliance related ones, requires you to be extremely careful at how it’s handled, protected, and on the plan B because in the end you’ll be the one responsible before the regulators and the clients.
Knight Capital Group showed us how terrible the consequences of a failed deployment can be, by going bankrupt in only 45min in 2012. The point is, a simple error can be extremely far reaching, and in our case sending incorrect/incomplete data to the regulators might not end up well, especially if it goes undetected. But what could be the solution, an in-house control? Manual or automatic? At what cost? What about cyber threats? If we want to keep being able to work, do we need a local copy of the data already stored and backed in the cloud ?
There’s many questions that has to be answered when moving to such solutions, and you should make sure to provide an answer beforehand.
– New technologies = New regulations
Regtechs and their technologies are relatively new, their legal boundaries are still quite foggy and regulators may have only overlooked their risks so far. Nothing guarantees that the solution you’re adopting isn’t going to suffer from new requirements after a specific incident occurred for another client. One must keep a close watch and take all necessary precautions during and after the project.
Don’t build the legacy system of tomorrow
Bear in mind this a rapidly evolving environment, with new innovative solutions popping up at a very high pace. So when implementing a Regtech solution, you should make sure of not becoming too dependent, placing yourself in a situation where you wouldn’t be able to profit from future trends.
Internet of thing, cognitive computing, advanced robotics… There’s a lot of interesting things in sight and we’ve only scratched the tip of the Blockchain iceberg, so don’t forget to keep your flexibility high.
How can Initio help you manage the transition
Thomson Reuters (2016, Jun.), More Regulations and Fewer Resources Squeeze Financial Compliance
Teams, Thomson Reuters Global Cost of Compliance 2016 Survey Reveals
IHS Markit (2016), Counting the cost of MiFID II
Rozekrans R., Smit A. (2017, Jan.), Will regtech save us from regulations?, KPMG
European Central Bank (2016, May), Financial Stability Review
Sofia (2015, Dec.), 21 Hottest RegTech Startups That Are Defining the Industry, LTP
Robinson M. (2016, Mar.), The RegTech marketplace: in depth analysis, RECHTECHFS
Petrasic K., Saul B., Lee H. (2016, Sep.), Regtech rising: Automating regulation for financial institutions, WHITE & CASE
Arnold M. (2016, Oct.), Market grows for ‘regtech’, or AI for regulation, FINANCIAL TIMES
ComplyAdvantage (2017, Jan.), 5 Ways RegTech will Advance in 2017
Planet Compliance (2016), The PlanetCompliance RegTech Directory
Merrins O. (2017, Jan.), Regtech in 2017: the big sweep, BANKING TECHNOLOGY
Woods J. (2016, Jul.), Compliance in the Era of Automation: The RegTech Problem, TECHVIBES
Gulamhuseinwala I., Roy S., Viljoen A. (2016), Innovating with RegTech, EY
Kehoe L., Dalton D., Smith S. (2015), RegTech Is The New FinTech, DELOITTE
Shashoua M. (2016, Mar.), Golden Copy: ‘Regtech’ Challenges, WATERSTERCHNOLOGY
Luxembourg Institute of Science and Technology (2016, Jun.), How regtech can help regulation challenges
Portilla A., van Liebergen B., Silverberg K., French C. (2016, Mar.), Regtech in financial Services: Technology solutions for compliance and reporting, IIF
Bablon M. (2016, Aug.), Oubliez les FinTech, voici les RegTech !, SAB2I
Memminger M., Baxter M., Lin E. (2016, Sep.), Banking Regtechs to the Rescue?, BAIN & COMPANY
Imafidon C. (2016, Jun.), The spiralling costs of KYC for banks and how FinTech can help, ITProPortal
Burne K., Viswanatha A. (2016, Oct.), Bank Legal Costs Cited as Drag on Economic Growth, THE WALL STREET JOURNAL
Mulder JM. (2016, Nov.), RegTech is real and 120+ startups to prove it, LINKEDIN
Ranjane V. (2016, Oct.), Regtech: The Fintech Innovation at the Heart of Compliance Transformation, PROTIVITI
Bolton L. (2017, Mar.), It’s unanimous: We need a RegTech council, REGTECHFS
Den Hartog M. (2017,Feb.), Should you believe the hype on new IT trends?, CA TECHNOLOGIES
Skinner C. (2017, Jan.), 5 Banking Tech Trends for 2017, THE FINANSER
Tags: Big Data compliance Initio MiFID II RegTech