It’s been estimated that regulatory compliance costs more than $70B annually worldwide for financial services firms. Historically, compliance has been manual-intensive and burdened by old systems and processes at even the large and established financial companies.
"Much of the projected growth in compliance demand will derive not from meeting new compliance requirements but in replacing tedious manual effort with faster, better and more cost-effective technology"
RegTech, a catch-all term denoting the use of the latest technologies and analytic science to better manage issues around KYC/AML, identity management, fraud detection, cybersecurity and other areas holds transformative potential within compliance, governance and regulatory reporting.
Bloomberg estimates that global demand for RegTech will be nearly $120B by 2020. Many dozens of technology startups have come up in various parts of the world to avail of this growth.
Yet the field of RegTech is beset by challenges, both for incumbents and startups. Incumbents are faced with a fragmented and largely untested set of options from solution providers whose own stability may be in doubt, and constrained by their own legacy infrastructure. How are incumbents to adapt quickly, smoothly and inexpensively to RegTech?
The challenges for a startup are equally daunting: the sales cycle is long and uncertain and subsequent integration is bespoke. All the while, technology and data science investments are incurred upfront, so the vendor could run out of money before it can scale. It is no surprise to see startups change their business model multiple times during the process.
Core Principles for Success
For incumbents, the key focus needs to be the customer. In a world where travel, hospitality, media, entertainment, retailing and even automobiles are being upended by digital and mobile, banks and other financial institutions are recognizing they are not immune to such trends.
Customers expect financial transactions to be conducted faster, more conveniently and at lower cost. At present, compliance requirements such as KYC, EDD, fraud and AML checks can be onerous and time-consuming. Rather than just taking an existing process and moving it online, compliance should be completely redesigned to make the customer journey simple and painless.
With account opening, for instance, the customer could provide their basic background information digitally along with an e-authorization, while application programmer interfaces (APIs) can access reliable third-party databases to validate their identity. Such information can be stored and retrieved in the appropriate form for compliance and reporting. The key is to create a flexible “data lake” that serves the growing need to serve the customer digitally, and which can also be tapped into for regulatory compliance.
However, simplifying the customer journey should not be at the expense of managing risk exposure for the institution. RegTech can enable this in several ways, again without excessively inconveniencing the customer.
For example, back-end triangulation of customer information from multiple external databases can lower the risk of fraud. AI can be used to flag possible money laundering activity. Transactions associated with a customer across different business segments at a bank can be recorded on a blockchain. The blockchain functions as a source of immutable truth that can be regularly analyzed to identify potential employee misconduct.
On the supplier side, large established technology vendors have the advantages of deep pockets and scale but may be disadvantaged versus startups in nimbleness and innovation. A business process built around early identification, acquisition and integration of the most promising RegTech solutions would benefit them greatly.
For startups, it is not enough to simply build better technology – given the lengthy sales cycle, they also need to have robust business models and effective distribution strategies in place. They should consider partnering with other vendors (or consolidate with them) to provide holisticregulatory compliance solutions to their financial services customers.
Institutional Change Management
It has been remarked that RegTech is as much or more about institutional change management than it is about technology. This is certainly true for incumbents. Much of the projected growth in compliance demand will derive not from meeting new compliance requirements but in replacing tedious manual effort with faster, better and more cost-effective technology.
As this transition occurs, compliance needs to remain closely coordinated with digital services, CRM, risk managementand IT to ensure their requirements are properly addressed in the context of meeting customer needs and managing risk.
RegTech – New Business Models?
Despite all such efforts, the premise – and promise – of RegTech may be delayed beyond what its predictions are for 2020 and later.
It is apparent that new RegTech business models have to emerge. These can be of technology aggregators who offer up a menu of best-of-breed compliance technologies, say, for fraud management, AML detection, identity authentication, KYC, cybersecurity, GDPR, etc. Their role will combine curation and responsibility for fast and flexible deployment suited to the totality of customer needs.
Incumbent financial services companies who invest heavily in technology to replace older manual compliance methods will also find themselves in an advantaged position. They can profitably deploy or license to others RegTech systems initially built to meet their own compliance requirements. BlackRock’s Alladin and Goldman’s SecDB offer precedents in other contexts.
It remains to be seen if more sustainable RegTech business models will arise. It is high time to be thinkingdeeply about this.