Regtech proving attractive as financial services firms battle regulatory complexity
- Summary:
- Financial services firms need new approaches to innovation so as to better understand compliance responsibilities.
Innovations in this segment can be applied in a range of highly regulated communities such as healthcare, pharmaceuticals and telecommunications, but financial services is currently the main playing field for startups developing specific offerings. Spanish bank BBVA said in a report on regtech:
The business opportunity is clear, but companies are also realising that a better understanding of what drives a market’s regulatory framework is key to successfully disrupting it. Regtech can be a big game changer for the incumbents – both banks and regulators.
Given that financial services is an environment of complex regulation, regtech could be attractive to companies as it holds the promise of simplifying compliance operations and reducing the considerable compliance burden.
According to the RegTech Association, ventures will typically apply their offerings to the following clusters:
Identity verification - this includes know your customer (KYC) procedures, anti-money laundering (AML) screening and detection;
Transaction monitoring - systems in this area can support activities such as employee behaviors surveillance, fraud and suspicious transactions monitoring;
Risk management - here, regtech systems support risk data aggregation for capital planning and liquidity reporting, as well as modeling, scenario analysis and forecasting with stress testing;
Regulatory reporting - technology geared specifically at data management that is mandated by regulations and reporting adjustments;
Compliance - regtech offerings here would include monitoring and tracking the current state of compliance against upcoming regulations, as well as real-time margin computation.
But when it comes to actual implementations, the pace of regulatory change has meant that the sector’s response has generally lacked any strategic approach, typically resulting in a series of piecemeal actions, according to Andrew Yuille, Head of Risk Business Solutions at Thomson Reuters.
Yuille highlights other negative impacts stemming from increased regulation:
The impact of compliance has had little positive impact on customer experience, for example leading to increasingly onerous, time consuming and costly customer on-boarding processes.
Beyond avoidance of regulatory enforcement, which is clearly important, compliance operations also have limited positive impact for shareholders.
There is potential offered by machine learning, behavioral analytics, blockchain and digital identity - and many such initiatives to improve regulatory compliance currently are at proof of concept stage and could prove useful in future. But bringing regtech initiatives closer to reality is more complicated that it may seem, according to Yuille. He says:
In many cases, early stage businesses developing these solutions don’t comply with the approved vendor selection criteria.
Being able to validate a decision to adopt any regtech system - or make changes to existing systems - with the regulator is an essential step to adoption, says Yuille.
There are also wider regulatory challenges to several regtech solutions from privacy regulations that will require a more co-ordinated approach at national and international levels.
Despite these complexities, Thomson Reuters has been able to set-up a number of co-innovation regtech initiatives with customers and partners through its open platform.
These projects, according to Yuille, can enable solutions for a particular regulatory challenge - often at a national level - an example being TRAC, a tool launched a year ago to enable Singapore banks to comply with regulations against use of trade finance in money laundering.
Immediate opportunities for user organizations within regtech can also be found in areas such as simplification of customer on-boarding, regulatory change management, mapping controls hierarchies and risk modeling. But considering an adaptation of existing tools to meet those needs could also be a valid solution, says Yuille.
There are many examples where firms have recently invested in implementing capabilities that make ‘rip and replace’ unattractive and therefore filling gaps between those systems is often more attractive along with systems that wrap existing systems to provide a single view of risk across all these.
Thomson Reuters has a user case of extending existing systems to cover areas that could be potentially addressed by new ventures. It worked with SAP to add checks for corruption, fraud and sanction breaches to its existing enterprise resource planning (ERP) systems.
Beyond the need for regulator validation and the co-ordinated approach required from startups, key challenges from the startups' standpoint include knowing what policies are required from the user, as well as applying best practices across a number of areas including change management, business continuity, information security and cloud management.
Regtech providers also have to be able to demonstrate benefits to clients and additional challenges related to that, according to the chair at Australia-based RegTech Association, Julian Fenwick, include gaining an overview of the actual user process and obtaining test, or training data, from the client.
According to Fenwick, another pitfall seen in regtech collaborations with user organizations is that venture founders may be experts in one area and a single technology to address specific issues, but may not consider the wider ecosystem and processes that buyers require.
Adopting a holistic approach is also a key point IT decision makers should keep in mind when trying to engage with regtech vendors, says Thomson Reuters’ Yuille.
Any of these systems solving for regulatory compliance will involve working with a wide group of stakeholders across the business, for example heads of compliance and risk, the audit committee and so on. And many times, the drive to adopt regtech systems comes from compliance budget holders.
My take
Changes in regulations is not the only issue that regtech tries to address, but also the tsunami of new rules unleashed since the financial crisis of 2008. According to Thomson Reuters, the number of regulatory events - changes in regulation or events such as important speeches/bulletins from regulators - targeting financial services rose from around 8,000 in 2008 to 61,000 in 2016.
As a result of this dramatic increase in the amount of new rules, the compliance burden became a lot heavier - and spending rose accordingly, as regulated entities rushed to keep up with the demands of regulators in the face of costly enforcement actions for non-compliance. Failing to deal with regulations is expensive business indeed: data from Boston Consulting Group suggests that banks worldwide have paid $321 billion in fines over the last decade for failing to deal with a number of events from money laundering to terrorist financing.
As Yuille points out, the response to these developments from IT departments has been to start work needed for compliance as and when needed, without much of a strategy. This could be at least partly linked to his final point that often, budgets to invest in such systems are not owned by the technology department, with the usual IT-business disconnect possibly playing a role.
This creates opportunities to newcomers offering potential solutions to issues that organizations may be desperate to solve. In such scenarios, a more prudent approach could be to look at the existing IT portfolio to try and re-purpose existing analytics tools for the various areas related to compliance, instead of chasing the latest and greatest in regtech coming from startups as well as big tech suppliers. But to make that possible, users will need a better plan than looking for quick fixes every time a new regulatory challenge arises.