The regtech sector is maturing as firms regularly look to it to help with the heavy lifting related to regulatory compliance. It’s clear that regulatory demands are increasing, and technology is providing the solutions. What are the challenges that firms face, and what can they do to mitigate the risks and make the best use of the very credible tools on offer?
Industry context
During the pandemic, some regulations were relaxed or delayed to ease the burden on already stressed businesses, but the current polycrisis of global risks is mounting pressure on the regulator. Regulation is getting more stringent and is affecting more participants, like Consumer Duty, European Market Infrastructure Regulation (EMIR) Refit, the Digital Operational Resilience Act (DORA) or T+1 Settlement to name a few.
There are demands for better transparency and growth in services that verify identity, prevent money laundering and tackle fraudsters. And with fraud on the rise and becoming more sophisticated, representing 40% of all offences in England and Wales alone (by far the most common crime), we need to find ever better solutions to combat it.
For businesses of all sizes, predicting, preparing for and implementing regulatory change is an ongoing challenge. It’s likely that your board and risk management team are already discussing and monitoring an array of current risks and compliance to keep up with ever-changing legislation. You can see why the regtech industry continues to grow, despite a downturn in fintech in general, and the pace is picking up.
Managing complexity
Firms face multiple challenges in areas of compliance, not least of which is the low risk tolerance around straying from regulations. Few firms manage to look ahead and establish a long-term regulatory strategy. In order to achieve this, it’s essential to know your systems, their risks and dependencies (especially with third parties). This means being data-driven and knowing data usage and patterns.
Regtech is a data-driven industry with regulators and firms basing their decisions on data and as such, it is dominated by the data challenges of observability, traceability, auditability, reliability, accuracy, timeliness and security. To operate as a data-driven organisation, firms must aim to continuously measure and evidence their compliance states. Transparency in data lineage and accountability is a key regtech ingredient, with the added challenge of managing data, its quality and volume.
Most regtech vendor integrations present a data mapping challenge between the firm’s internal model and the vendor’s (or regulator’s). To mitigate this problem, model standardisation is a common approach that avoids bilateral integrations and instead presents a logical data model with a central format. Moreover, most firms’ legacy systems lack flexibility. But using third-party data providers requires significant trust - and controls. Like for internal systems, the process to produce this data must be controlled and associated risks understood and mitigated.
Firms themselves are also constantly changing as they seek new opportunities and their regulatory function must similarly flex to monitor these changing compliance needs. But firms should not only scan the regulatory horizon but also brainstorm about what criminals (who don’t have to deal with bureaucracy or budget cycles) might come up with next.
Mutualisation of efforts
To help manage the complexity, it could be a good idea to mutualise efforts between vendors and industry consortia, but this doesn’t often happen in practice. Aside from sharing and effective anonymisation of data being complicated, players that have solved some part of the problem are not always willing to share their solution. For many, the business of compliance and use of regtech provides a significant competitive advantage that firms are eager to protect. If you’ve leveraged a compliance project to deliver optimised capital costs or better internal reporting, why would you want to share it?
Even internally, firms face many hurdles with sharing effort. Regional differences across jurisdictions may require different data in different formats. There’s also the issue of the interpretation of regulation leading to different approaches, which makes it difficult to share or compare technical solutions.
One example of collaboration, however, is the Bank of England and FCA’s Data Collection Transformation plan, an initiative to make data collection more efficient: “Regulators get the data they need to fulfil their mission, at the lowest possible cost to industry.”
Priorities in digital transformation
Most organisations have a buy-before-build policy for regtech but recognise the need to set solid foundations for their data platform in order to integrate vendors. Due to the overlap of some regulations and the regional differences, some mutualisation – to reduce the number of controls, for example – is possible but could be missed with a buy-before-build approach.
To cost-effectively comply with regulations, improve observability, deliver excellent customer experiences and achieve rapid time-to-market of new products, while achieving financial targets, there are many digital transformation priorities to consider. In no particular order, these include:
- Cyber data security, which often links to data culture practices.
- Observability in real time to detect patterns; act and inform stakeholders quickly; fix and improve data quality with feedback loops.
- Transparency to trace back alerts to the regulatory text; provide evidence of compliance (or lack thereof) to drive priorities.
- Automation opportunity – artificial intelligence (AI) and natural language processing (NLP) machine learning (ML) present ways to simplify and automate.
- Minimising the number of controls – overlaps of regulations mean that complying with one control can cover parts of other regulations.
Regtech has embraced AI with success for a while now. For example, to reduce false positives in fraud detection systems and in the provision of more relevant alerts. These models are improving rapidly and are able to perform a variety of NLP tasks. These range from answering questions in a conversational manner, generating and classifying text, to translation from one language to another. Large language models (LLMs) are also natively polyglot and can look across multiple languages, provide better transcripts for training and surveillance and take in data from multi-channel sources – visual, audio and written. Exciting times!
What does the future hold?
In the not-too-distant future, real-time data will mean profound changes in ways of working and in processes, habits and procedures. One example is perpetual Know Your Customer (KYC) monitoring and refreshing based on a trigger change event (instead of periodic calendar review).
We expect table stakes will include:
- A single customer view, providing an aggregated, consistent and holistic representation of individual customers in one place.
- AI assistance in decision-making and prediction.
- Optimised data collection, such as ‘don’t ask twice’, and only for the relevant/missing information.
- Consistency/harmonisation of regulations across regions and interpretation by participants.
Help is at hand
As a leading global technical solutions partner in financial services with excellent market expertise, we can help firms manage and build regulatory solutions. We assist with the foundation setting of core system strategy and modernisation. Our clients rely on us to help with the technical selection, evaluation and integration of commercial off-the-shelf (COTS) software and services. Examples include the clarification of AI claims and the impact of integration when a client’s data science expertise is still nascent, or with the supply of synthetic data when privacy issues are paramount. We are also here to help with the implementation of new regulatory initiatives and to tackle any existing regulatory backlog.
Compliance might not have traditionally been seen as providing a competitive advantage. However, the technology that is used to achieve it can go way beyond the starting line of the regulation. In a world beset by multiple crises, firms can mitigate the risks and obligations that come with compliance and reap the benefits.