Brexit. Donald Trump. FATCA. World politics are changing faster than ever and will no doubt have an impact on regulatory policies. And, in the postmodern era we seem to have entered into, its likely that the pace of these political and regulatory changes are only going to accelerate in the future.
Larger enterprises may be able to weather ongoing regulatory changes better because they typically have legal teams on hand to analyse and advise them on new situations and mountains of people to throw at problems. And small mom and pop shops can likely fly under the radar, continuing to skate by while doing the absolute minimum, because there is a blind faith that getting caught in an audit is much lower.
But for the fast-growing and mid-sized organisation (the true drivers of employment growth in today’s global economy), these new paradigms and rapidly changing regulations will make their life more difficult and expose their businesses to risk. Before going further, I should state that I’m referring to mid-sized organisations as having $25 million to $1 billion in revenue, likely privately-held with accelerated growth… the next Uber, if you will. Growth aspirations, moving the business forward, international expansion, going public, expanding your brand, or appeasing demanding investors – these are valuable tradeoffs they may not be able to focus as much upon because they’ll be continually challenged with investing in legal resources. That’s where Regtech can provide the necessary, technology-based support.
Regtech – Compliance as a Service
Almost everyone has heard of Fintech: technology used to drive and scale financial exchanges between entities. Spawning directly from Fintech is Regtech. Because the greatest risk to a business is its money, using software to add financial controls is the natural path. Regtech is essentially compliance and best practices in a box managed by a third-party, and in the dynamic situation we’re in, it’s crazy – if not impossible – to execute using standard brute force.
Perhaps the most compelling aspect of cloud-based Regtech is the potential for “always up-to-date” compliance, which is invaluable in an unstable global situation. Adding an aspect of automation to compliance is also critical. If left only to human beings – who go on vacation, get sick, and make “human” errors – the necessary diligence required could get overlooked or processes could end up backlogged, grinding progress to a halt. Organisations are better positioned with Regtech-based controls in place to maintain a high operating standard while scaling efficiently and using their talent to grow and innovate.
Regulatory responsibility – can’t put it on banks
We’ve traditionally relied on banks to provide most basic financial services (accounts, checks, wire transfers, currency management), but extensive regulatory compliance (except for areas that directly affect bank operations) may be an operational firewall that banks are not motivated to provide unless that business is a Tier-1 client. First, regulations are very dispersed. Sifting through each rule effectively takes time to align to each organisation. Next is that there is a real danger of “feature creep” where compliance becomes more involved as processes are unearthed. There’s a thin profitability margin for providing this type of client service at scale and operational processes are not usually cost-effective for “non-tech” organisations like banks.
That’s where Regtech can blossom. Much like how more advanced Fintech is solving mobile payments, personal investing, supplier payments, etc., Regtech can bring the entire operational side to a manageable, scalable platform. It could solve 80-90 per cent of the issues that all businesses face, and the rest can be managed as they happen, but are not nearly as daunting.
Considerable focus in Regtech is around Knowing Your Customer (KYC) policies to determine if they’re acceptable to work with. In an increasingly digital and global world, many partner transactions are happening without the benefit of a physical handshake, so the most recent KYC data is imperative. If a sketchy entity is suddenly sanctioned by the US Treasury’s OFAC because of a money laundering violation, the company needs to keep a daily AML monitor on that information and block payments being sent to that entity.
Alternatively, the Regtech provider is charged with keeping those rules and databases updated and does so for all its clients from a single codebase. And even if that person passes the initial sniff test once, Regtech can be there for subsequent transactions to ensure a lifetime of compliance with that individual.
There are also the multitude of database services that gather information about email addresses that are used to phish and spoof, much like a malware detection system, that developers can use to limit attempts into denial of service, identity thievery, or hacking attempts. A business trying to do this on their own, doesn’t have the effective, real-time “crowd” intelligence that’s required to secure its digital borders.
Opening global opportunities
As a mid-size company, it’s critical to be vigilant for the next major market you can expand into. A globally-aware Regtech solution can also act as an enabler technology providing entry into new markets.
Here’s an example. Tax compliance is kind of Regtech 101, but often it’s focused on only on the country of origin, not cross-border. Regtech can help. For example, a company’s finance department may no longer need to know the intricate tax ID validation rules in Brazil. They can rely on a Regtech provider to offer the correct best practice to meet requirements for operating in that country, whether it’s collecting tax forms, validating VAT IDs, calculating necessary tax withholdings from payments, or generating the necessary reports that governments require.
Likewise, let’s say tax reporting requirements are enacted or changed. If it’s a multi-national organisation, there are other tax regulations it may need to comply with. A Regtech provider can enable new processes quicker to support those laws and dramatically reduce the risk and audit exposure to their clients.
If the business has a subsidiary or business unit in a different country, it needs to comply with that country’s regulatory rules. Which jurisdictions will have what regulations associated with it? What transmission laws are in place? Regtech solutions can play a key role in identifying the changing requirements based on the business’s global business structure. Or even in the present day, there are remittance challenges associated with every country that Regtech offers to automate by understanding the banking challenges.
Integration is the key
To be truly effective, Regtech and Fintech should work hand-in-hand. The compliance “shield” is weaker if there are more gaps or manual intervention required, and risk is greater if money is involved. Technology is driven by rules so it’s a natural fit. But if the Regtech systems that manage the rules do not also tie into Fintech systems that control the money, the burden falls on a fallible human being to ensure compliance. In that case, it’s just a list of rules, not an actionable, auditable, configurable system connected to real financial controls.
That’s why Regtech must be deeply integrated into key systems, focus on internal controls and banking access, and have extensive reporting capabilities that tie into backend operational systems (e.g. ERP).
Chen Amit, CEO and Co-Founder, Tipalti
Image source: Shutterstock/violetkaipa