A new phrase has crept into the lexicon in recent times — “regulatory technology”, or, more simply, “regtech.” Like many neologisms that emerge on a wave of hype and marketing spin, the phrase is defined poorly currently, but it is rapidly being attached to a disparate range of new business models, technologies and business-change projects that at first glance can appear a little incongruous.
The difficulty is seeing through the marketing rhetoric to gain an appreciation of the confluence of ideas underpinning the range of regtech offerings that gives them substance. There is a need to understand emerging thinking from a business perspective, to identify evolving trends more broadly. More important, however, is the need to translate all of this into practical and pragmatic action and to understand how ideas can be brought together and applied to real-world business problems.
Regtech has reached the point where business leaders need to sit up and consider their next actions and test the waters or risk being overtaken by competitors operating in the same industry that are facing the same challenges.
What Is Regtech, and Why Is It Important?
Protiviti adopts a relatively broad definition of “regtech.” From our perspective, regtech is the innovative application of technology and new business concepts to the challenges firms face in managing regulatory risk and compliance.
The escalating cost of regulatory compliance is a key driver for innovation, and the most costly element is the level of human capital applied to the issue. An example of this escalating expense is the $2.2 billion spent by one leading bank on regulation and compliance in the first nine months of 2015, an increase of 33% year-on-year. Non-compliance is even more expensive, with financial institutions in the U.S. paying out more than $160 billion in fines for non-compliance over the last five years. Any innovation that has a possibility of putting a dent in these costs is worth understanding better.
Regtech and innovation go hand-in-hand. Finding areas where innovation can cut through increasing levels of regulatory complexity and where it can replace the fallibility of human activity is critical. This is the regtech frontier. Regtech is not a specific and well-defined set of technologies and innovations — the “tech” part of “regtech” is simply the enabler. Individual technologies provide new and interesting capabilities that can be brought together in novel ways to tackle issues previously solved through a range of traditional techniques and human endeavour.
The truth is that none of these techniques is perfect. They all have their flaws and imperfections. Combining them is helpful in terms of the delivery of an outcome where the primary goal is ensuring compliance; however, this is at the expense of armies of people processing information and making myriad decisions in an increasingly complex regulatory landscape.
Existing businesses have been built over time, and the way they address risk and regulatory compliance is ingrained in their systems, policies, processes, procedures and controls. These are very rarely swept aside and are reinvented with the advent of new or changing regulations. Changes are applied piecemeal over time, adding to the level of complexity. It becomes increasingly difficult to take on board further change without making processes more rigid or more costly.
Innovation dissects problems and inherent flaws within the traditional techniques to find new ways to deliver the same outcomes for reduced cost which are more flexible and less prone to human frailties.
To help identify regtech technologies, it is worthwhile, considering the range of techniques currently employed, to address the challenge of regulatory compliance in a large corporate entity. A non-exhaustive list of these techniques includes:
- Process Standardisation — Forcing all transactions through well-defined, prescriptive and rigid processes to ensure that all the right boxes are ticked.
- Pooling of Expertise — Organisational structures which concentrate technical knowledge and experience within well-defined areas so that valuable and expensive capabilities can be shared and applied sparingly, while the costs of maintaining and retaining this expertise are carefully managed.
- Corporate Bodies of Knowledge — Expressing policies, procedures, culture, behaviours and controls in the form of written documentation so that tacit knowledge can be captured, codified and retained to provide corporate memory.
- Training and Accreditation — Techniques to transfer essential information to individuals participating in business processes to ensure that they are aware of relevant regulations and their individual obligations.
- Quality Control and Assurance — Recognising the inherent fallibility of people and processes and building in additional checks and balances to increase the likelihood that an organisation is complying with relevant regulations to spot exceptions.
- Structured Data Collection — Capturing a limited set of key data points to provide
an authoritative data source and to act as a definitive record of transaction.
- External Validation — Enhancement or comparison of data with curated sources of information from outside the organisation to support decision making.
- Audit Trails — Evidence gathering and documentation to prove that processes and rules have been followed.
These techniques are so ingrained in the psyche of business and best practise that they have been applied as the default response to regulatory compliance challenges across a number of industries and at all scales of organisation.
Innovative technologies can also be applied to this set of challenges alongside the need for regulatory compliance. Organisations which are positioned to better understand and manage their business risks in a cost-effective manner are able to both outpace and outprice their competition.
The business case for regtech is even more easily made where the technologies being deployed are applied to a range of business risks, not just the challenge of regulatory compliance.
Beyond Regtech to Risktech
Before identifying the range of technologies which can help to address regulatory challenges, it is worthwhile standing back a little from the “regtech” phrase to give it wider consideration. Regtech specifically addresses regulatory risk — i.e. the risk that a business may not be fully complying with all relevant regulations and legislation across all of its dealings with customers, suppliers and other counterparties. This is only one aspect of risk management that needs to be addressed by businesses on a day-to-day basis. There is a whole range of additional risks that need to be assessed and addressed when undertaking a business transaction. For example:
- Credit risk — If I am lending money to a customer, how certain am I that the customer will repay the debt based upon the agreed terms?
- Fraud risk — How do I determine that the customer I am engaging with is genuine and isn’t in the process of undertaking a criminal act which could lead to a loss?
- Acquisition risk — How do I ensure that a customer doesn’t decide to buy from a direct competitor after I have spent a lot of time and effort vetting and assessing the customer?
- Defection risk — How do I ensure that my customers don’t begin to move to my direct competitors because they are simply much easier to interact with?
- Execution risk — How do I ensure that my high degree of reliance upon people and manual data entry within my complex business processes doesn’t lead to issues and an increased level of risk?
The list of technologies associated with regtech solutions will develop over time. There is, however, a set of technologies and innovations that have already reached a point where they are robust enough to have real-world applicability. No single technology or innovation provides the entire answer. The skill lies in selecting the right individual components to address key elements of a problem. Solutions may require the combination of a number of distinct innovative approaches in order to develop a flexible and agile business platform, integrated with current line of business systems.
The current technologies demonstrating the most promise in relation to regtech and risk management fit into the following broad categories:
- Cognitive Systems & Artificial Intelligence — The ability to capture and apply human knowledge and experience.
- Data Analytics — Analysis of high volumes of structured and unstructured data to identify patterns and provide business insight.
- Machine Learning — Inference of business rules from analysis of large sets of data.
- Robotic Process Automation — Replication of human interaction with computer systems via existing user interfaces.
- Speech Recognition — Real-time translation of spoken language into a form that can be interpreted by software based systems.
- Natural Language Processing — The ability to infer context and meaning from human language.
- Biometrics — The identification of an individual based upon recognition of physical and behavioural characteristics.
Why Has Regtech Gained Prominence?
A number of factors have led to the increasing use of technology in relation to regulatory compliance.
Technologies previously confined to the academic sphere have begun to spin out companies and products which are now being applied to real-world problems. Most notably, these include various forms of artificial intelligence and data analytics.
The world has entered a digital age. The rapid and almost ubiquitous deployment of smartphone technologies across the globe has put sophisticated technology in the hands of consumers. Businesses can now anticipate that a large proportion of their customer base will have access to video cameras, geolocation systems, fingerprint recognition technology and instantaneous connectivity to people and information across the globe. The ability to utilise biometrics on a large scale has leapt dramatically through the use of smartphone-based technology. Consumers now expect businesses to be able to take advantage of this new environment in the way they engage with their customers.
The adoption of cloud-based technology has put enormous computing power and scalability in the hands of even the smallest of companies, providing cost-effective ways to quickly try new ideas and to pay for processing and data storage based upon usage as opposed to up-front capital investment.
Off the back of the financial crisis, financial technology, or fintech, firms have picked apart the business models underpinning a variety of banking- and insurance-related products. They have fundamentally reimagined business models by starting with a blank sheet of paper and questioning everything they do from a customer and value perspective. This includes solving regulatory challenges in a novel way by applying the latest thinking and a range of new technologies. These organisations are consequently more agile; they are configured to adapt quickly to change from both a market and a regulatory perspective.
A combination of these factors, along with a number of wider digital transformation and economic trends, has focused attention on regtech as a topic, which is continuing to gain traction.
What Action Is Required?
“Regtech” does not refer to the implementation of technology to simply play with the latest set of toys. Regtech is providing real-world solutions for today’s high-cost business problems in areas that cause the biggest issues in terms of business agility and competition. Our list of regtech solutions extends to around 80 suppliers, with new solutions being identified on a frequent basis. It is true to say that many of the technologies Protiviti is tracking in this space are leading edge; however, adoption rates for successful solutions are climbing rapidly as early business cases are verified through proof-of-concept launches followed by rapid deployment.
The world of artificial intelligence and analytics around which much of regtech revolved is changing fast with the advent of new deployment models. A shift from apps to bots is creating the opportunity to string together a range of new capabilities to increase the level of automation within processes which were traditionally the preserve of human operators. Combining human capabilities with autonomous agents can provide a massive uplift in productivity accompanied by greater certainty that regulatory obligations are being fulfilled. Despite all the points noted above concerning the power of technology, individual technologies must not be seen as magic bullets. There is still a need to address people- and process-related issues in parallel. Technology deployed within existing processes must work alongside human operators. Businesses still need to rely upon human interaction and empathy to manage customer relationships and to spot exceptions that need a degree of flexibility and human ingenuity. Organisations need to be careful to choose the right technologies and to consider their impact on the business. Considerable skill is needed to access existing expertise within the organisation and to undertake the required knowledge engineering to match human capabilities with automation.
Investment risk needs to be carefully considered. Selecting the right business problems to solve and the business processes with the greatest opportunity for improvement is fundamental to success. Identifying the technologies that should be considered and which have the best chance of making a significant difference is critical when considering where and how to invest.
To survive and thrive, businesses need to carefully assess their options; invest time, effort and resources in the activities most likely to deliver value; and be prepared to learn quickly from failures as well as rapidly capitalising on every success. Facing the future with confidence is a trait which all organisations need to develop in our rapidly changing world.