The UK’s Financial Conduct Authority has been described as the 'torchbearer' among regulators that wish to promote IT in financial compliance, while the US Securities and Exchange Commission might be about to push cryptocurrency firms into British hands by threatening regulatory repression, to the profit of RegTech companies. This article reviews other trends in this new arena.

Regtech, a word that practically nobody used in 2014, is on the rise all over the world. Hundreds of start-up businesses are associating themselves with the word, although of course there is nothing new in a company employing some software to help its compliance effort.

According to Opimas, the regtech space only pulls in 5% of the total IT 'spend pool,' but that is going to change. Its recent survey says that banks all over the world spent nearly US$100 billion on compliance last year, with RegTech spending expected to reach $80 billion by 2020. Meanwhile, regulatory spending on talent and consulting has increased due to many banks being unable to automated processes.

The report also says: "Within the FinTech arena, there will be three major areas of focus in the next two years: Blockchain, artificial intelligence and technology focused on regulatory compliance, commonly referred to as RegTech.

“Banks have had to contend with waves of new regulations that were then subject to rapid change and reinterpretations. As a result, it has been difficult for banks to automate many of these processes, and they have had to rely on heavily manual processes. Banks have been forced to hire hundreds or even thousands of compliance and risk professionals to fulfil their regulatory obligations pertaining to data management, activity monitoring, transaction reporting and such.

"In the next two years, we expect to see a greater emphasis on automating as many of these functions as possible. This will lead to a reduction in staff by 2018."

Additionally, banks often employ external consultants to ‘patch up’ areas where they are at risk of not complying with regulations.

Opimas adds: “This [compliance] spending increase will begin to plateau in 2020 as banks learn how to automate new regulations and improve their existing IT capabilities with respect to compliance and control.”

Opimas also thought that more than 90% of RegTech spending would go on data management, risk management tools and regulatory reporting and compliance tools.

In another survey, GlobalGateway (owned by Trulioo) was ranked first place for the second year running in the verification/identity checks category of this year’s RegTech Performance Report, published by Market Fintech Ltd.

The ones to watch

Among the British “regtech startups to watch,” according to Computer Business Online, are Onfido (background checks using machine learning); DueDil (collator of registry data, trademarks and financial reports) and Percentile (software for risk officers at capital market firms). Entrepreneur.com’s list of 15 “RegTech Investors Every Fintech Startup Needs to Know” consists of Octopus Ventures (which recently entered RegTech by leading the investors in backing the US-based open banking platform Token, which raised $15.7 million in a Series A funding round in April); SeventySix Capital (which apparently invests in a regulatory and compliance platform for the cannabis industry); Summer Capital (invested in Sybenetix and its compliance monitoring software for banks, asset managers, hedge funds, and regulators); Carrick Capital Partners (investor in Bay Dynamics, which tackles cyber risk); EQT Ventures; Insight Venture Partners; JMI Equity; Aquiline Capital Partners; Sageview Capital; Accel Partners; Warburg Pincus; HarbourVest; Digital Currency Group; TTV Capital; and Balderton Capital (investor in ComplyAdvantage).

Crypto opportunities

RegTech might be about to invade a new area of finance. The crypto-coin world is no stranger to heavy-handed American regulators, with the New York Department of Financial Services leading the way by imposing its own heavy-handed ‘bitlicence’ on crypto firms in 2015, triggering off a massive exodus to the Isle of Man. In its original iteration, and in true New York establishment style, the licence exempted banks until a storm of outrage precipitated a volte-face on the part of Ben Lawsky, the regulator’s ambitious superintendent of the day.

Now the US Securities and Exchange Commission has weighed in, telling initial coin offering (ICO) firms that they have to submit to its regulation. ICOs are more numerous at the moment than IPOs (initial public offerings) and the entrepreneurs behind them have been travelling hopefully so far, claiming in their ‘white papers’ and on their websites that the coins have no inherent value, the better to convince regulators that they need no regulation. Just last week the SEC issued an investigative report that warned market participants that offers and sales of digital assets by ‘virtual’ organisations were subject to the requirements of the federal securities laws. It added, somewhat unhelpfully, that it was going to assess everything on a case-by-case basis.

The UK is already ahead of the US in equity crowdfunding, an activity that the ICO resembles, and (according to some commentators) could take over in the ICO area as well. When FinTech is regulated, RegTech is never far behind and new products are likely to appear to cater to this part of the market.

Indeed, MLex reports that cryptocurrency companies based in Asia are increasingly turning to regtech companies to help them conduct background checks on their clients as they find themselves under increasing scrutiny from securities and anti-money laundering regulators. This is in the absence of regulations that insist on the issuers of ICOs being obliged to do ‘KYC,’ although this seems to be on the way in some jurisdictions, especially the US (as we have seen) and Singapore.

Disruptive technology

Juniper Research, based in Basingstoke, has in the meantime revealed its 'top 10' technological phenomena that it thinks will 'disrupt' the fintech industry in 2017 and 2018. Number one is the open application programming interface, led on by the European Union's second Payment Services Directive; number 3 is the chatbot that converses with consumers; but number 2 is RegTech.

Juniper believes that financial firms are about to take up RegTech in a significant way, with cost-related and time-related savings ultimately benefiting consumers. It sees RegTech as a source of 'security' for firms that will, it thinks and probably hopes, change the ways in which people approach the ever-more complex compliance, regulation and reporting aspects of business, vastly reducing time constraints and improving the accuracy of their efforts. Since it has become available through pay-as-you-go cloud software, RegTech is economical for both service providers and clients.

The research found other software-related phenomena such as robotics and automation, invisible payments and blockchain, to be hampered by “lack of adoption and limited regulatory agreement.”

Who's offering what

When it comes to recent regtech deals, BearingPoint’s Abacus/DaVinci regulatory reporting platform is now available in FinTech Group’s product portfolio. FinTech Group serves more than 200,000 private clients. BNG Bank has been another customer for BearingPoint, but not on the private client front.

LGT, the private banking and asset management group owned by the Princely House of Liechtenstein, has chosen Wolters Kluwer’s OneSumX to provide its regulatory reporting and risk software for its Asian operations, especially in Singapore and Hong Kong. One SumX uses a single source of data and includes the firm’s Regulatory Update Service which is maintained by Wolters Kluwer experts who actively monitor regulation in approximately 50 countries, helping to keep the whole thing up-to-date.

Some big banks have announced that they are experimenting with regtech software, but the nature of that experimentation remains murky. Robo-advisors are also using RegTech to check the backgrounds of prospective clients during the ‘take-on’ phase. KYC Chain has gained a reputation for innovation by letting the users of its platform manage their digital identities by means of blockchain technology.

Don't forget...

Despite its promise and glamour, RegTech still has a long way to go before it accounts for a mature part of the 'fintech' software market. Readers are advised to remember Jan Hagen of RFS Group's famous six pitfalls of regtech automation.

1. It is only too easy to automate for the sake of it. Financial firms that want to benefit from 'first mover advantage' are often overcome by hype from vendors. There is no imperative for them to automate their know-your-customer controls or other compliance efforts, so they ought to avoid being swept along, losing sight of objectives and requirements without a very thorough assessment of needs. Wholesale automation is never the right approach to take. Firms should be rational about their reasons for automating their regulatory efforts and be able to explain this to their regulators.

2. It is tempting to automate to replace people when they leave, or even to lay people off to be replaced by software at the behest of the finance department. When automating anything to do with financial crime compliance, however, there must be a better rationale than that.

3. A firm should not automate too quickly. Firms often want to realise the benefits of automation quickly but they ought to do whatever their project managers say, taking a test-and-learn approach.

4. A firm should not automate too much. In financial crime RegTech, the industry is a long way from establishing best practice. No vendor offers an all-in-one package.

5. If a firm does not understand the entire workflow, it is going to be in trouble. Many organisation processes have evolved over time and may now be inefficient, taking unnecessary steps or doing other things for historic reasons only. To automate them wholesale would be folly.

6. Do not automate without understanding the algorithms. Break the process down into a series of rule-based steps first. At any time, the regulators can ask why the firm has taken the steps it has. Inaccurate data going in will give rise to spurious results coming out.