Regulation can be a double-edged sword. On the one hand, it is needed so that everyone operates in the same manner, and it creates trust and safety in the industry. While, as one government whitepaper put it, businesses are regulated “to deliver better outcomes for the economy, society and the environment”.
Yet at the same time, many would argue that there is a danger of regulation hindering businesses to develop new innovative solutions. There’s no arguing that regulation is critical, yet when rules restrict innovation, they are in danger of denying companies the ability to deliver those better outcomes.
Clearly, there needs to be a balance. Both businesses and regulators need to find ways to not just coexist, but work together to create a fair, balanced environment that capitalizes on opportunities and ensures a safe and secure environment. Ultimately, the world is becoming more regulated, not less. In the past few years we’ve seen the introduction of the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) on the west coast of the USA. Gartner predicted back in early 2020 that “by 2023, 65 percent of the world’s population will have its personal information covered under modern privacy regulations”, up from 10 percent at the time.
The digital reality of business
It’s clear therefore that regulation needs to reflect the reality of business today. A study found that “92 percent of organizations think they will feel a negative impact if regulators fail to evolve within three years”, highlighting fears that increased regulation equals diminishing opportunities for innovation.
But what do we mean when we say reflecting the reality of business today? First and foremost, we mean digital business. Covid-19 has massively accelerated global digitalization. McKinsey estimated that, in some instances, companies have leapt forward seven years.
Regulation needs to keep pace with that rate of change. More than that, just as the world is in the midst of major digital transformations, so too must regulators contend with their own disruption.
They have to face an exponentially rising flood of information, which will only increase as businesses invest in digital technologies constantly generating data. They need to keep abreast of a more privacy literate public, and they need to find ways in which information can be safely shared in ways which support regulation while also enabling cross-industry innovation (such as Know Your Customer).
The rise of regtech
Ironically, just as technology is the disruptor of regulation, so it can be the solution. The rise of Regtech gives both regulators and the businesses they oversee the opportunity to develop and use solutions which ensure compliance without compromising innovation.
Now, with so many different industries regulated in a variety of ways, and technology itself posing different challenges to those sectors, there is a vast array of Regtech solutions on the market. Yet within that, a number of core themes are emerging which apply to a significant number of organizations and their compliance needs.
1. Biometric security
We live in a world where fake IDs can be bought for as little as €50, and they’re often good enough to fool human agents. With passports, driving licenses and other forms of facial ID still required for a variety of verification checks, there is clearly a need to develop more sophisticated ways of confirming identity, particularly in areas such as anti-money laundering and KYC.
Biometric security uses biological identifiers, such as fingerprints and selfies, to verify that someone is who they say they are. It removes the need to remember passwords or log-in details and is extremely hard to falsify. Banks are already introducing voice-recognition for telephone banking, while other forms of biometric security can check and detect holograms (such as those inserted into passports) and optical variable inks that fraudster don’t have access to.
2. Onboarding verification
In a near-contactless, increasingly remote world, customers are more likely to be onboarded virtually than face-to-face. As well as making it hard to verify who a potential customer is, the pandemic-driven explosion of remote working makes it more challenging for employees to access the right tools if they’re offsite.
It’s creating the perfect circumstances for a spike in fraud. In identity fraud alone, the three-month period between March and June 2020 saw a 231 percent increase in similarity fraud, a 180 percent increase in fake ID usage, and a 75 percent surge in social engineering, according to the IDnow Identity Fraud 2021 trend report.
To combat that, businesses are increasing their use of onboarding verification tools and techniques, which combine artificial intelligence and biometric security to confirm genuine customers are accepted while fraudulent attempts are rejected. Not only does this improve security by augmenting human agents, but by handing over much of the process to technology, the overall onboarding experience can be accelerated.
3. Automating compliance
In a number of sectors, regulatory reporting is a resource-intensive cost of business. In finance alone, $270 billion per year is spent on compliance and regulation, about 10 percent of operating costs.
Yet much of the time, the data being gathered and shared with regulators is standard information. By automating compliance processes, businesses can gather the necessary data quickly and in a format that meets regulatory requirements. It can even be linked with other processes, such as onboarding verification, so that data is automatically fed into reporting systems as it is captured through the onboarding process.
There’s also an opportunity for regulators to automate how they gathered, analyze and approve company submissions. In doing so, turnaround times would be significantly accelerated – rather than businesses handing over documentation and waiting weeks for approval, both they and regulators would know in days or even hours if they were compliant.
4. Regulation change management
Rules change. One only needs to look at the introduction of GDPR and CCPA to see how our use of technology is changing how personal information needs to be stored, used and secured. The introduction of those regulations caused much handwringing and concern across many industries, yet future regulatory changes, whether completely new or updates to existing legislation, should not be as drawn out.
Why? Because both regulators and the regulated should be moving to a point where any change in the rules is automatically processed and incorporated into their operational practices and procedures. For instance, in an automated regulation change management operation, a regulatory change on what information a business can capturing during an onboarding process would immediately adjust the onboarding verification systems in use, with limited human input and real-time application. At the same time, regulatory reporting requirements would be updated, so that the changes would take effect instantly.
This would cut down on the resources required to implement changes at both the regulator and business ends, improving efficiencies and effectiveness without increasing costs.
The future regulator is digital
These are just a handful of trends that the digitalization of regulation is helping drive. It is disruptive, certainly, yet it is the only way both regulators and regulated organizations can ensure that everyone follows the rules while capitalizing on the opportunities around them. It will forever be a balancing act between compliance and innovation, but with regtech it should be a line everyone can walk.
Roger Tyrzyk, Country Manager for UK, Ireland, Malta, and Cyprus, IDnow