Announcing its official arrival in a major report this year, the Institute of International Finance sums up RegTech as “the use of new technologies to solve regulatory and compliance requirements more effectively and efficiently.”
As such, RegTech differs from FinTech in several ways - a key one being that rather than looking to disrupt the financial services market, it aims to solve existing (and future) problems faced by larger, more traditional companies. That also means it’s really nothing new. As Deloitte acknowledged in another key report this year: “the marriage of technology and regulation to address regulatory challenges has existed for some time with varying degrees of success.
Increasing levels of regulation and a greater focus on data and reporting has however brought the RegTech offering into greater focus thereby creating more value for the firms that invest in these solutions.”
The key point being, increasing levels of regulation means increasing costs. Bain & Co estimate that governance, risk and compliance now account for 15–20 per cent of total ‘run the bank’ costs, while recruiters Morgan McKinley have seen a 10-15 per cent increase in compliance salaries over the past two years. So it is serendipitous that new technologies such as Artificial Intelligence, cloud computing and interoperability-enabling APIs have arrived simultaneously, offering much more effective and efficient ways to manage transactional compliance activities, negating the cost of investment.
If FinTech was primarily about enabling a broader range of financial transaction methods, or modernising the more traditional sales transaction-flows, then RegTech is about ensuring that all these new and existing sales channels can be operated compliantly, by scrutinising the transactions that flow through them.
Drowning in data
Like FinTech, there are many different sectors and subcategories still emerging within the evolving RegTech market, but the common theme across them all is undoubtedly data.
- Compliance Quality Monitoring, Anti-Money Laundering (AML), Surveillance and Fraud Detection means understanding your transactional data
- Identity Management, Customer Identification Programmes (CIP), Customer Due Diligence (CDD) and other ‘Know Your Customer’ (KYC) activities require gathering and interpreting data about your customers alongside third party sources
- Regulatory Compliance Software, Regulatory Reporting and Controls Automation turn regulations into data schemas, checklists and workflows
- Cybersecurity, Data Privacy and Communications Monitoring involves analysing the data coming into and leaving your company from a security perspective
- Risk Management, Capital Analysis and Stress Testing means predicting future trends based on your historic data
But as Deloitte states, “Data is meaningless unless it is organised in a way that enables people to understand it, analyse it and ultimately make decisions and act upon it i.e. by creating consumable information.”
2016 therefore saw a broad emergence of RegTech suppliers who, in various shapes or forms, either provided or re-purposed data, aggregated data from multiple sources, or provided tools to analyse large and complex data-sets.
As we move through 2017 I expect to see more RegTech vendors blending internal company data with externally sourced public and private data. This will help cut the time it takes to manually match regulatory processes, client identities and their financial behaviours with the publications, consumer identity and financial transaction trails that need to be acquired from third parties.
For RegTech that assists with KYC, AML and Regulatory Compliance this is key, as these are areas where no individual organisation is an island, but must efficiently inter-operate with both their regulators and with their partners who supply identity and third party transaction data.
I also anticipate that more of the RegTech solutions that enable manual data analysis will increasingly become machine learning systems, which help automate manual compliance reviews.
As the complexity and breadth of data grows, and as the machine learning systems required to process that data become more complex, so more ‘RegTech as a Service’ companies will come to the fore - each with specialised systems and personnel, and each with a remit to use and operate data across multiple organisations.
UK organisations spearheading data interoperability and RegTech as a Service initiatives include Suade, who help understand, manage and respond to industry regulation - and in doing so are pooling knowledge across their client base to define an open standard data schema they call ‘FIRE’ for management and reporting against regulatory standards.
Contego, Onfido and Passfort also offer a variety of ‘Know Your Customer’ activities as service platforms, which aggregate and analyse data from across in-house systems with third party identity and transactions sources - and I’m sure will increasingly blend KYC and AML learnings and models from across their client base.
Our RecordSure solution is also in this category as we use Artificial Intelligence to comprehend what advisors and customers are talking about, identifying each subject of conversation and its applicability to regulatory compliance or customer insight, in order to help automate manual reviews.
Whilst as we operate ‘as a service’, our machine learning techniques can blend knowledge and models from across the spectrum of our various clients’ products, as well as from sources ranging from product brochures through to regulator and financial institution websites and publications.
RegTech for the capture and analysis of conversations around the financial transaction will become even more pronounced in 2018 when new EU MiFID II regulations come into force, which require all types of financial firms (even small independent advisers) to record client conversations that could lead to a transaction, for governance and compliance purposes.
The aim is to establish more robust governance requirements to ensure that financial firms promote the interests of clients and the integrity of the financial markets. According to the Financial Ombudsman, the majority of complaints about investment products centre on conversations that occurred during a product sale, and an audio recording is the most accurate method to capture exactly what was discussed.
However, the rules do not only apply to phone calls. Emails, faxes, video conferencing, SMS, instant messaging, mobile apps and website interactions will all need to be monitored too. There are also new mandates for accurately recording what happened in face-to-face conversations that resulted in a transaction.
The new rules (which will still be enforced as the UK will not leave the European Union before they are introduced) mean that many more companies and individuals will be required to collect and store customer conversations, but the recording requirement is only one aspect. Firms will also be expected to actively use the recordings for ongoing compliance monitoring.
The most successful RegTech firms will therefore not only help firms record, store and be able to instantly retrieve their recordings - but also turn those conversations into valuable data which can be used to create valuable business and customer insight, in addition to meeting their regulatory requirements.
Despite being born out of the financial crisis, RegTech is by no means limited to financial services, as many more industries are now subject (and are likely to be increasingly) subjected to regulatory and legal scrutiny. At RecordSure we have recently started providing services to the public sector, for example, and we expect to continue moving into more industries in 2017 and beyond.
If 2016 is the year that RegTech arrived, then 2017 is the year that it will start to rapidly expand in new directions, enabled by the increasing power to capture and analyse a wealth of both internal and third party data sources, using bulk storage and artificial intelligence techniques in the cloud - with vendors combining both specialised technology with specialised domain and data analysis skills to progressively offer ‘RegTech as a Service’.