Regtech and the future of compliance

Regtech solutions offer a way forward for dealing with the challenges of regulatory compliance, but there are some key issues.

The world of finance is constantly changing and, as a result of its increasing complexity, that pace of change feels greater with each passing year.

Enter Regtech – the management of regulatory processes within the financial industry through technology. The main functions of Regtech include regulatory monitoring, reporting, and compliance. Regtech solutions have become an essential tool for financial institutions wanting to stay on top of the game. These tools can automate compliance processes, increase data quality, and improve overall risk management. Budgets for them are continuously growing as is the appetite for human talent to help implement, calibrate and maintain them.

In order to deal with the complexity and pressure, financial institutions and regulators are increasingly upping the ante by incorporating AI-powered Regtech solutions to further enhance automated compliance procedures, improve outcomes and also to lower costs. Regtech has been widely adopted, but there are also significant challenges connected to it. These include data privacy issues, algorithmic risks, and unequal access to cutting-edge technologies.

Data privacy and security – a delicate balance

The need for security of data and the maintenance of privacy presents a significant challenge for the Regtech sector. Regtech tools must navigate the tension between having access to more detailed and more granular data, the security of that data as well as the need of meeting the stringent regulatory obligations around personal data protection. For example, some of the more powerful KYC screening tools used by financial institutions to prevent financial crime and money laundering.

Underpinning these are extensive databases containing sensitive personal information. The information can be so sensitive that it is not only a lucrative target for hackers intent on financial gain, but also for state sponsored actors whose intentions may be even more sinister.

The same is true, of course, for any tools that are utilised to supervise staff in financial organisations. These often capture information on users far in excess of that useful to ensuring compliance with internal and external rules and regulations. This information must not only be protected from external threats, but also from being abused internally. Former Barclays boss Jes Staley, in the news once again, notoriously used an internal security team to try to uncover a whistleblower at the bank.

His efforts were ultimately futile, but the bank was forced to pay a $15m fine as a result of his actions. The tools available to compliance departments now are far more powerful than those deployed in 2018 and it is only a matter of time before their inappropriate use is once again in the headlines. The bottom line is that the temptation to utilise this powerful machinery to retaliate or to stifle dissent can unfortunately sometimes be too strong for some of those in leadership positions.   

It is clear that strong security measures are going to be a key aspect of any Regtech tool, and those Regtech companies or technologies out there with the most robust security measures are likely to have a competitive advantage.

In addition, the deployment of Regtech tools within organisations will need to include the introduction of appropriate checks and controls, preferably policed by a robust and, most importantly, independent compliance function.

Algorithmic decision making – unintended consequences

The promise of Regtech is helping human operators deal with increasing complexity by streamlining operations and providing access to essential insight and data – filtering out the immense amount of irrelevant noise in the process.

However, there is an inherent tension here as well between the unambiguous certainty demanded by the regulators and compliance, risk and legal professionals, and the complexity of the algorithms underpinning the Regtech tools, which are often viewed with real scepticism by the end users. It does not help that these algorithms can sometimes result in totally unforeseen outcomes. The 2010 “Flash Crash” is a well-known example, in which high-frequency trading algorithms led to a trillion-dollar market decline in a matter of minutes.

This perception of Regtech as a sort of opaque tool, one whose inputs and outputs are understood, but whose internal operations are incomprehensible, is highly problematic and not only for the operator, but also for the Regtech vendor trying to convince end users of the utility of that tool.

A perception of Regtech as a ‘black box’ is only going to increase as the algorithms underpinning these tools become more complex and powerful, and particularly if any AI components are included as part of their workings.

Ultimately what seems to be missing from the regulatory / compliance ecosystems at the present moment is a specialist cohort of employees, let’s call them compliance technologists, who understand the inner workings of the tools and provide the compliance specialists and regulators with this essential information.

So while these cutting-edge technologies already do and will almost certainly increasingly be an essential tool assisting financial institutions and regulators in identifying and mitigating possible issues before they escalate into larger problems, trust is a key obstacle to more wide-spread adoption and utilisation.

Unequal access to Regtech solutions – leveling the playing field

Finally, another concern connected with the adoption of Regtech solutions is their impact on competition, inclusion and access. The high cost of the tools themselves and a lack of experience in implementing technology more generally means that smaller market players may struggle to adopt these. The result? A growing gap between large, well-funded institutions and their smaller counterparts.

Normally, differences in the size of market players in any given ecosystem are part and parcel of a healthy competitive landscape. However, the ability to remain compliant while doing business should not be reserved for the few who can afford cutting-edge systems. What then starts to happen, the regulations themselves and the regulators can start to stifle both innovation and competition. Access to Regtech, in effect, becomes a barrier to entry, the equivalent of having a ‘way in’ to the Royal courts of the not-so-distant past.

Both regulators and Regtech firms have a role to play in ensuring that even with the arrival of more powerful algorithms and AI in the compliance ecosystem the playing field remains level. One aspect of this could be that the solutions arriving on the market and approved by regulators are accessible, scalable and cost-effective.

In a nutshell, Regtech has the potential to transform compliance as we know it now, but there are challenges that must be overcome. To ensure that Regtech solutions are effective, equitable, and sustainable, these and other concerns must be addressed. A cooperative ecosystem between regulators, financial institutions, and technology providers seems vital to achieving this outcome. Such collaboration could mean the establishment of new standards, guidelines, and best practises for Regtech and its use by the financial industry as a whole.

What is not in doubt, however, is that Regtech does hold a promise to producing more efficient regulatory and compliance outcomes that counteract some of the overwhelming complexity and thus contribute to a safer, transparent, and inclusive financial ecosystem.

Lionel Fernandes is an Analyst on Global Relay’s future leaders graduate program