By Phillip Mann – International Banker
The aftermath of the global financial crisis brought with it a dramatic shift in focus towards the regulatory-compliance aspects of the financial-services industry. As the regulatory burden for financial firms has since grown in both weight and complexity, the cost of following new and more stringent rules has risen substantially.
Firstly, there’s the plethora of fines that have been handed out to the biggest names in the banking industry; since 2008, regulators have imposed more than $300 billion in the form of such penalties. Then there’s the sheer onslaught of new regulations that has been imposed on banks, which has meant that they must now put in place a slew of back-office compliance systems across the entire breadth of jurisdictions in which they operate. As such, firms have been forced to spend vast sums to ensure their compliance systems are sufficiently capable of withstanding this onslaught. Tier One banks are estimated to be spending more than $1 billion a year on compliance-related costs, while $270 billion per year is being spent by the industry as a whole. In addition, thousands of compliance and risk specialists are being hired in order to ensure that the new regulations for their businesses are being interpreted and followed correctly; major Spanish lender BBVA (Banco Bilbao Vizcaya Argentaria), for instance, recently indicated that financial institutions are devoting between 10 and 15 percent of their total staff to such positions.
Given the sheer weight and numbers of the new requirements, such expense seems increasingly easy to understand. The United Kingdom, for example, will see regulations being put in place by a slew of bodies at various dates that include the Financial Conduct Authority, the European Banking Authority, the European Securities and Markets Authority, the Prudential Regulation Authority, the Pensions Regulator, Her Majesty’s Revenue and Customs and HM Treasury. With a greater demand for transparency from such authorities, moreover, the role of technology in meeting requirements is now becoming crucially important. As is the case with the ongoing fintech revolution, which seeks to comprehensively transform the more antiquated aspects of the financial-services world via greater digital innovation, a similar need for technology to disrupt the largely laborious and cumbersome infrastructure of compliance has now emerged. The emergence of “regtech” (regulatory technology) is now gradually satisfying this need.
At its core, regtech involves using new technology to more effectively meet regulatory requirements. It has emerged as a force thanks largely to the rapid development of fintech, which is proving to have a remarkably disruptive impact on financial services. And in a similar manner to how fintech is disrupting the financial world, we are now seeing regtech triggering an overhaul of compliance processes in order to produce efficient, cost-effective and innovative responses to regulatory demands. That said, regtech is being increasingly perceived as a distinct and separate beast to fintech, one that is now scaling new heights, thanks largely to the unrelenting rise in compliance costs. As defined by Alan Meaney, CEO of cloud-based reconciliation software firm Fund Recs, “RegTech is another example of an industry that is being changed rapidly by software. There has been technology used at various levels in the Regulatory space for over 20 years. However, what the new RegTech label recognises is that the gap between software and non-software enabled services has widened significantly.”
Regtech has grown at a brisk pace over the last couple of years, ever since the former UK Chancellor George Osborne expressed his support for new technologies “to facilitate the delivery of regulatory requirements” to the financial-services sector. Indeed, the space is being amply supported by regulators, especially in the UK, where the Financial Conduct Authority (FCA) has been instrumental in bringing the concept to the fore. In October 2014, the regulatory body launched Project Innovate, an advice hub that helps businesses to introduce innovative financial products and services. This was then swiftly followed up by the announcement of plans to establish a regulatory sandbox to support businesses looking to safely test new innovations; and by the second quarter of 2016, the FCA Business Plan was predicting the crucial role that technology—regtech included—will play in ushering in an era of innovation and cost-effective solutions for the financial sector.
Today, the FCA continues to promote the regtech industry by engaging with industry participants via partnerships with financial institutions and accelerators, and by providing clarification on what is required of regtech companies to comply with UK regulations. For instance, it publishes a centralised web page that contains published material, such as consultations and discussion papers, while time-stamped handbooks are also at hand.
Last year, the Institute of International Finance identified seven distinct areas within compliance and regulatory reporting that have the potential to be improved upon by the introduction of regtech solutions:
Risk-data aggregation: required for capital and liquidity reporting and for stress testing, and is currently inhibited by antiquated IT (information technology) infrastructure and “definitional issues”.
Modelling, scenario analysis and forecasting: required for stress testing and risk management. Due to the greater requirement from regulators to run such analyses, the computing power and intellectual capacity must be significantly boosted.
The real-time monitoring of payments transactions: this area is currently experiencing a bottleneck due to payment systems producing incompatible transaction metadata of poor quality, which in turn severely limits the potential to detect money laundering and terrorism financing.
Identification of clients and legal persons: which has become mandatory under know-your-customer (KYC) regulations, and which could be enhanced through the use of fingerprint and iris scanning, as well as blockchain technology.
Monitoring a financial institution’s internal culture and behaviour: this normally requires scrutinising employee conduct through their use of e-mails and spoken word. Automating this analysis would improve compliance efficiency.
Trading in financial markets: the regulatory requirements pertaining to such activity includes margins calculation, choice of trading venue, choice of central counterparty and assessing the impact of a transaction on the institution’s exposures. Automation of such measures would vastly improve the efficiency of both compliance and trading.
Identifying new regulations: automating the interpretation of new regulations for a particular financial institution could reduce the overall amount of human resources currently being devoted to this task.
In response to such shortfalls, therefore, increasingly diverse and innovative solutions are now being brought to market; and there appears to be no limits regarding the lengths to which firms will go to integrate the latest technology. Having failed the US Federal Reserve’s stress tests, for instance, Citigroup decided to employ the help of machine-intelligence software company Ayasdi to ensure that is passed the tests the following year. Ayasdi’s system uses topology, a sub-field of mathematics that studies shapes, to observe data patterns and identify potential relationships.
Indeed, risk-data aggregation and management is one of the main areas in which technology is being significantly updated. It’s an area that largely involves the collection and analysis of information related to capital and liquidity, and which is used when running models and reporting to regulators. The specific technologies being utilised to improve data aggregation and management, both within institutions and between the institution and regulator, include cryptography, cell-level security, data ingestion, blockchain and information-sharing technology. Suade, which was founded by former Barclays and Nomura bankers, is just one example of a regtech firm operating in the field of risk-data aggregation. The company has set up a platform to help banks adjust their balance sheets to ensure they stay in line with the latest regulatory requirements. Modelling and data analysis, meanwhile, are receiving a boost from increasingly sophisticated methods of data analytics and machine learning—techniques that are also useful for organising large volumes of structured and unstructured data.
Another rapidly growing regtech area relates to identity verification, in which the process of signing up new bank customers is being made more secure, user-friendly and efficient. Innovative solutions such as data mining, biometrics, natural language processing and visual analytics are all playing their parts in improving the client-onboarding process. Vancouver-based Trulioo is one of the most successful examples of a new identity-verification-focused regtech company. It uses more than 200 data sources to provide individual identity verification in its GlobalGateway product, which in turn provides identity verification for more than 4.5 billion people in more than 60 countries to enable banks to meet their know-your-customer (KYC) requirements. Indeed, Trulioo believes GlobalGateway offers the widest coverage in the market and “provides a reliable and trustworthy way for businesses to evaluate new and existing users through one single API”.
Blockchain could also end up being particularly useful in achieving a range of regtech solutions. Given the technology’s most appealing properties of providing an immutable, transparent and secure ledger, regulators are likely to benefit from being able to access all documented information on the ledger, which in turn provides them with a comprehensive and permanent financial audit trail. This would be especially pertinent for reporting-related compliance, which could end up being almost entirely replaced by distributed ledgers; while the current centralisation of trade clearance and reporting may also be eliminated in favour of decentralised solutions. This is likely to become a reality once the blockchain projects themselves succeed in achieving scalability in transaction processing—an endeavour that is being increasingly explored by the space’s leading projects at present.
According to research by EY, the adoption of regtech solutions is set to grow significantly, and will “contribute to increasing volumes of data around regulatory compliance and will enable more granular reporting standards, scenario analytics and horizon scanning with the capability to generate better insights for senior managers”. EY also sees the space firstly being occupied by small, disruptive regtech firms—similar in nature to the fintech start-ups—that will then lead to widespread adoption by the leading players in the market; before regtech eventually reaches a critical mass, at which point it will be deeply integrated into firms’ business strategies.
As is the case with fintech, therefore, one can expect financial institutions of all sizes to adopt regtech solutions with increasing frequency during the coming months and years. This is likely to lead to a reduction in overall compliance costs through automating and simplifying business processes, which should lower the need to perform manual checking. The technology will also deliver scalable solutions, allowing speed and efficiency to be achieved, irrespective of the scale of the regulatory requirements. So, for those firms with one eye on the future, considerable opportunities to improve how compliance works in their businesses are now presenting themselves. And as for the regtech space itself, one can envision only a bright future characterised by significant growth ahead.