Is RegTech the future of compliance?

Strings of lightsToday’s customers demand more options, more creative solutions, greater flexibility and faster responses from banks and other financial institutions. Survival and success for financial institutions in this new world requires that they operate with intelligence, agility and speed to keep up with evolving customer preferences and technologies. Consequently, more and more customer interactions and financial transactions are going digital (e.g., online and mobile payments, customer onboarding and account opening).

Yet, while digital interactions present an opportunity for innovative business services, they also yield new challenges, such as stress on back office operations or increased regulatory scrutiny. Largely automated interactions generate more data to analyze, demand higher volumes of sample testing, and expand the compliance burden. To create a flawless customer experience, the back office has to keep up as well. From a regulatory perspective, prevention requirements are stringent. In fact, thanks to the exponential increase in regulatory demands over the past decade, large organizations today may have numerous, different areas of compliance to consider.

In response to these new challenges, financial institutions have taken action. For example, after tentatively approaching technology-based solutions, regulatory compliance functions are now embracing new technologies with full speed. This has led to the advent of RegTech, a new generation of regulatory technology.

RegTech, or Regulatory Technology, is the use of technology to facilitate the delivery of regulatory requirements. RegTech uses new technologies such as machine learning, low code and artificial intelligence to help financial institutions meet the challenges of regulatory monitoring, reporting, compliance and risk management, while driving down compliance-related costs and enabling a fully compliant experience for their customers.

Matching technology with regulatory requirements is not new idea, but it has become a more pressing need lately and will continue to be so in the future. Levels of regulation are on the rise for financial institutions. To address this, they can use technology to automate report and data collection to address regulatory requirements.

RegTech advances the compliance function Getting compliance right is the baseline for any bank, as it creates the net advantage of avoiding potentially disabling fines and penalties, such as those enforced since the banking crisis of 2008 by the Office of the Comptroller of the Currency (OCC) and U.S. Securities and Exchange Commission (SEC). Institutions with anything less than a robust regulatory compliance risk function have suffered reputational damage, with mixed rates of present recovery. RegTech can change the look of these compliance requirements in the future.

To achieve efficiency, risk and compliance management leaders are embracing RegTech to streamline processes, automate activities, and push their digital agenda. What’s more, banks are struggling under higher costs, mergers and acquisitions and more competitive environments. As a result, they are challenged to deliver strong returns to their shareholders and require superior productivity throughout their organizations, including in regulatory compliance.

What are some of the priorities in this area?
  • First, standardized and structured data is the most important step in enabling RegTech solutions. Data needs to be available and accessible.
  • Second, the application of data analytics is foundational. For example, banks gain the ability to evaluate risks in real time by embedding big data and risk analytics into revenue-generating activities. Deploying big data and other alternative data source approaches bolsters compliance and supports specific end purposes.
  • Third, digitalization of the risk and compliance function will follow, empowered by the use of low code work-flow automation, robotics process automation, and advanced analytics (including machine learning and artificial intelligence).
Chart: Foreign derived intangible income deduction
In addition, digital business models can allow banks to reimagine risk management frameworks that incorporate non-financial compliance requirements (see Figure 1). Digitization is a far-reaching concept and hence, digital business models include advanced analytics, cloud-based IT systems, machine/deep learning and new technologies (e.g. AI, robotic processes, low code and blockchain), as well as other capabilities related to providing services to customers, such as mobile and other channels. These can also encompass risk-in-real-time (RIRT) capabilities, which include know your customer (KYC), customer due diligence (CDD), enhanced due diligence (EDD), transaction surveillance and authentication, and anti-money laundering (AML) technologies. While on their own, digital business models do not ensure the digitization of the risk function, they do enable it because they drive the expansion of risk management.

Is RegTech the future of compliance?

Applying RegTech to smart compliance testing One area that would benefit from RegTech is compliance testing. Testing is, of course, critical to an effective compliance program. Adequate sampling is crucial to cover all the key areas of the population (e.g. customers, transactions), and proper sample sizes are necessary to establish the predictive strength of the testing. Too large a sample is unnecessary and a waste of resources, but too small a sample will not yield good predictions. This sweet spot is hard to hit with manual processes.

RegTech provides the opportunity for intelligent testing to create efficiencies and produce a more consistent, reliable way to mine data and detect anomalies than with manual testing. When adopted as part of an overarching enterprise-wide digital transformation strategy, technology can provide more accurate and consistent, long-term testing results and predictions. These can be achieved through the adoption of automated tools, such as Watson, IBM’s AI platform for business as well as a low code platform. Nevertheless, it is vital to note that financial institutions purchasing and using such tools must design their own strategy and customize these intelligent algorithms to yield the best results for their enterprise.

Managing the cost of compliance The cost of compliance is not to be overlooked. When asked recently to rank the cost of adhering to regulations, surveyed banks identified the following as particularly significant drains on resources:

  • Stress tests — 78% say the cost of compliance is “very high or high”
  • Capital requirements — 62% say the cost of compliance is “very high or high”

Additional major compliance areas — including anti-money laundering, liquidity coverage ratio, the Volker rule, supplementary leverage ratio and living wills — ranked somewhat lower in terms of cost but still represent drains on the bottom line.

RegTech provides a key opportunity to manage the cost of regulatory compliance, as it grows in step with institutions overall data strategies. Efficiency is achieved in three stages:

  • Stage 1: Consolidating risk and compliance within the same governance and operating model
  • Stage 2: Achieving efficiency by streamlining processes, automating activities and exploring new technologies
  • Stage 3: Integrating risk management into the business for real-time responsiveness

Cost challenges for financial institutions have increased significantly due to the dynamic nature of the regulatory environment. New reporting demands and new categories of compliance have required institutions to gather new data, develop new analytics approaches and, at times, substantially expand their compliance investment. Once in place, RegTech tools offer an antidote to the ever-changing regulatory environment through their design flexibility, providing the agility to adapt as new requirements are put in place.

The ultimate opportunity for efficiency lies in linking RegTech solutions to cross-enterprise platforms and the organization’s overall data strategy. A comprehensive data strategy should not plan for one-point-in-time solutions that create operational silos, but rather for integration with existing and future systems. It should fit in the broader digital transformation cycle of the enterprise as it changes and adapts. Finally, such a data strategy requires securing specialized talent, which needs to be developed and identified in-house, hired, or outsourced by leveraging a third-party provider.

The path forward The path forward for financial institutions is no longer a linear one. Instead financial institutions need to focus on piloting small projects that will help them explore new technologies and figure out pros and cons that apply to their own particular business needs. This holds true for RegTech as well, where it might be tempting to just acquire and implement a solution just because another financial institution has had success with it, only to discover that it is not the right solution for your organization.

Instead, piloting a technology implementation on a small scale – e.g. a technology that improves workflow in regulatory reporting – is a safe approach because risks are limited and new risks unlikely. It is also a quick and efficient way to explore new technologies and their possible long-term return on investments. For such pilots, new allies are available, such as small fintech startups. For example, large banks in particular have already taken the first step in leveraging partnerships with fintech startups to enhance their customer service.

Financial institutions need to take a close look at innovative new offerings in the RegTech space. There are a variety of firms that can offer solutions to financial institutions, including many small fintech startups working on innovative technology solutions that have unique value propositions and can easily integrate into existing governance, risk and compliance platforms.

Yet, these RegTech pilots are easier to put into practice for those institutions that have a high digital quotient. An institution’s digital quotient is the extent to which processes, information, data and activities are in digital form. So, first step towards future RegTech adoption is to assess and improve your institution’s digital quotient, while continuously communicating the results to your C-suite, ensuring it understands the importance of building your institution’s digital quotient. Leaders need to support the significant operational and cultural changes that come with becoming an automated enterprise. This is critical to your success.

Questions to ask to assess your digital quotient:

  • How many processes and activities are digitally accessible?
  • How much data is available?
  • How much conversion work is needed?

RegTech, as well as the overall fintech revolution, represents a long-term change in the industry. The only successful way forward is to focus on the big picture and plan for the adoption of interrelated technologies. The integration of RegTech solutions within existing technology platforms will become a force multiplier for the compliance function and enable financial institutions to compete and lower the overall cost of compliance.