With all of the industry buzz around regtech, it’s no surprise that clients increasingly ask questions about its potential and how it can support their compliance program.
Some people even ask whether regtech can fully automate compliance workflows. It is important to put these questions about regtech and related topics such as automation and AI in financial services into context.
First, a quick definition: regtech is any advanced technology innovation that helps manage, monitor, and maintain compliance with financial regulations. Regtech providers offer solutions and suites of tools that support regulatory reporting, risk management, identity management, transaction monitoring, document management, statement delivery, and information security.
InnReg’s point of view on regtech is that it applies best in situations where a firm needs to process a high volume of transactions, at lower cost, at speed, and at scale. In Deloitte’s recent roundup of the regtech universe, identity verification and management represent one of the largest and most mature segments of regtech providers, second only to transaction monitoring and document management solutions.
For example, imagine a firm that has great traction in the market, and needs to onboard new users at a rate of thousands per week. Further, let’s consider this account validation process as needing to comply with well-understood Know Your Customer and Anit Money Laundering regulations. This scenario is well-suited for regtech.
Risk management is an interesting emerging area in regtech as well. It offers a lot of potential. Solutions that focus on risk management help firms detect and mitigate risk earlier than humans may be able to. In general, risk management regtech solutions rely on the ability to anticipate or detect changes based on patterns. Intriguing elements of the risk management segment include 1) providers that monitor regulatory notices and changes, 2) those that watch for emerging market risks, liquidity risks, portfolio risks, and similar internal or external threats, and 3) those that help spot suspicious trading or fraud patterns. The most compelling of these tools also help support scenario planning and stress testing.
However, the majority of InnReg’s clients experience challenges with regulation that currently go beyond regtech’s capabilities of at-scale processing and pattern-based inference. Before a firm is ready for the areas where regtech can benefit them, it needs a regulatory strategy. Regulatory strategies require complex decision-making and planning, especially for an innovative business model.
When a firm chooses to innovate significantly, there can be gaps between the way regulations are written and the way they need to be implemented. Regtech is not able to replace the complex legal review done by specialized legal counsel, or the crafting of a strategic regulatory approach. Regtech does not have the capacity to define compliance processes or manage approvals with government agencies such as the SEC and FINRA. Regtech cannot select the appropriate partners and vendors to provide the technologies that make up a compliance stack and then negotiate terms with them.
Compliance planning also helps identify likely sources of risk and appropriate mechanisms for identifying and responding to those risks. Again, regtech can help and serve as a high-value asset here, but only once the overall risk profile has been defined, and after the governance and processes for acting on risks have been put in place.
Even with true AI, which can learn and adapt like a human, the more strategic aspects of the compliance world still require a level of nuance and human judgment that automation cannot replace. In the short term, few regtech solutions have evolved beyond the use of foundational technologies such as distributed ledger/blockchain and simple machine learning.
In conclusion, it is important to keep these caveats in mind when reading some of the more enthusiastic industry press or attending regtech conference sessions. Regtech can act as a very helpful enabler of critical elements of a firm’s overall compliance approach, but it is not a replacement for compliance strategy and planning. There have certainly been fantastic leaps forward, but we are still several evolutionary steps away from supporting complex decision making. While the promise is real, the hype sometimes exaggerates it. The scenario of regtech handling compliance end-to-end from inception to execution seems still some time away.
If you have any questions we’d welcome you to be in touch to start the conversation.