Regtech is the new kid on the block. It is a blended buzzword, which refers to the new breed of agile regulatory technology that empowers firms to better understand and manage risks, while also streamlining the regulatory compliance process.
Sitting under the fintech umbrella, there is nothing new about the concept of regtech, however past attempts to digitise the compliance and risk process have focused solely on cost reduction and operational efficiency. Instead, regtech has much to offer in terms of mitigating risk across the board – operational, reputational and financial.
With budgets under pressure, and with increased penalties for inappropriate conduct – not only fierce fines, but even senior executive jail sentences in extreme cases – new generation regtech is purpose-built to protect the business, from the ground up. The popularity of regtech has been fuelled, in part, by digital transformation. The requirement for so-called ‘digital border control’ in today’s always-on world warrants its place, front and centre, of any risk mitigation strategy.
Digital transformation projects have been triggered by the advent of the digitally native millennials, and increased client demand for anytime, anywhere self-service. In dynamic digital environments, which are highly personalised, it is especially important to record exactly what every customer saw, in order to protect the firm from claims of misconduct or non-compliance.
However, going digital can prove challenging, when trying to marry the business growth and customer satisfaction needs of the business, with the requirements of compliance and legal teams. Regtech offers the only viable solution for resolving this dilemma.
All regulations have customer protection at their core, and the requirements of the regulator are very clear. Digital record-keeping is viewed through the same lens as phone calls, email and paper correspondence.
For regulatory and risk purposes, firms must record all interactions, and retain them for the statutory period, in order to prove compliance beyond any doubt. If unable to evidence exactly what a customer saw and did via its digital channels (web, social and mobile), then the firm is exposed to risk. All digital activity and interactions must be captured and retained for up to seven years, in easily accessible form, to comply with a mass of global regulations, including Europe’s Markets in Financial Instruments Directive (MiFID II), SEC 17a-4, and the Federal Financial Services Act (FFSA).
Financial firms will continue to face increasing regulation. In 2015-16 an average of 200 international regulatory changes and announcements were recorded daily. If all the financial regulations in force today were printed and stacked, they would reach the dizzy heights of the Eiffel Tower. By 2020 the height of this stack will triple, predicts PJ Di Giammarino, head of the independent analyst JWG Group. Compliance teams face a monumental task, tracking, analysing and executing this volume and complexity of regulatory change.
Combine this with increased personal liability of senior executives, who may find themselves paying the price personally for the non-compliance or misconduct of their firm… there has never been greater focus on accurate and efficient record-keeping.
In the wake of recent political, economic and market events, it is impossible to foresee the specifics of regulatory changes coming our way. However, with three-quarters of financial firms expecting focus on regulatory risk management to rise this year, it is essential to make ‘agility’ a must-win battle. Only then can you accommodate regulatory change in the future, with minimal effort and cost.
The typical response has been to throw people at the process, in an attempt to keep pace with regulatory change. Over the last two years, new hires at the world’s three largest banks have increased compliance staff by 6,600. However, there is growing recognition that firms can gain greatly by leveraging technology. Not only to reduce costs and increase efficiency, but also to inject agility, and to free up compliance talent to focus on forward-looking requirements (rather than simply reacting to challenges and disputes as they arise).
Technology-based point solutions implemented in the past, which were designed to address the specific requirements of each individual regulation, are simply not cutting it. Whatever the regulation, whatever the change, your compliance team must be ready to adapt, and this is only feasible using modern-day retch solutions that were purpose-built for compliance.
Document and content control
The days when it was possible to archive your company’s web site once daily, so that you could prove what a visitor was exposed to when visiting you online, are long gone.
For many firms, your corporate website or client portal is becoming the customer’s channel of choice for checking policy and procedure documents, or to execute transactions. The propensity for online content to change minute-by-minute has significantly increased risk.
What if a policy document that failed to contain the correct disclosures was incorrectly posted on your website, for just a few minutes, before being corrected and replaced? What if a customer made an investment decision based on that document? If you are not monitoring and archiving document and content changes on an ongoing basis, you can never be certain which version of the document your customer saw, which significantly increases your risk of non-compliance.
Employee behaviour governance
Use of digital channels is not restricted to customers, of course. All your staff use your digital platforms, for various purposes, and many have legitimate access to client identifying data. Unfortunately, every business is exposed to the risk of fraud from within, or data leakage (both intentional and accidental). The only way to identify your wolf in sheep’s clothing is to monitor all digital activity, and put a regtech system in place that alerts your forensics team in real time, to suspicious behaviour or transactions.
Strategies for mitigating risk, through regtech
- Do nothing. From a technology standpoint, legacy systems cannot satisfy compliance or conduct risk requirements. With aging technology, there is no certainty that all digital activity is captured. If the interaction that could send your chief executive officer (CEO) to jail is not captured, you (and they) are grossly exposed. Furthermore, any analysis of captured interactions relies on human interpretation of log files to reconstruct them, which is error-prone, time consuming and lacks context. By continuing to use legacy technology, in an attempt to create an indisputable audit trail for compliance and risk purposes, you are creating chinks in your compliance and risk armoury.
- Automate your current process. A common approach, with two fundamental flaws. First, when simply automating your existing processes, you run the risk of digitising badly structured manual processes, and embedding inefficiency into your framework. Second – assuming your existing processes are sound – your gains will be limited to cost savings and operational efficiency. While these savings may be significant, you will achieve little in terms of mitigating risk beyond where you are today.
- Apply best practice to compliance and risk mitigation. This is where modern regtech solutions become really interesting, as your digital initiatives roll out. Pioneers in the regtech space are now recording every mouse movement, tab click, keystroke, screen rotation and finger swipe, to provide an exact rendition of a customer’s interaction, or an employee’s digital behaviour. Playback is in movie-like form, so the compliance team, a regulator, or an attorney can see exactly what a customer or employee saw, at any moment in time. Records are retained in compressed and tagged form, providing client-oriented search and far greater accessibility. This approach represents a progressive shift towards a client-centric operating model, which is a driving force for most financial institutions.
- Apply best practice to mitigate risk and drive business value. This is the panacea that retch has transformed into reality. Forward-thinking financial firms are now looking to leverage spend on compliance and risk, to drive innovation. They are converting the vast amounts of behavioural big data, collected and retained for compliance and risk purposes, into smart data that offers actionable insights. They are using these insights to drive client retention and revenue generation initiatives, and support customer lifecycle analysis.
While the cost of doing nothing might appear attractive to some financial organisations, most are coming to realise that the inherent risks associated with legacy technology are too high to bear.
Simple process automation can be beneficial, although no company has ever achieved sustainable success through cost-cutting and process efficiency alone.
Success comes from customer acquisition and revenue growth, which regtech can deliver in abundance – in addition to mitigating risk and ensuring compliance – when data-driven insights are used to improve customer satisfaction.
Tim de Knegt, treasurer for the Port of Rotterdam, discusses how he is looking to bring more value to the Port's clients using blockchain.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.