The Road to Regtech 3.0

Douglas W. Arner, Janos Barberis and Ross P. Buckley—all senior academics at universities in Hong Kong and Australia—say their paper, Fintech, Regtech and the Reconceptualization of Financial Regulation, seeks to "expose the inadequacy and lack of ambition of simply digitizing analog processes in a digital financial world."

According to the authors, "The development of fintech, the rapid developments in emerging markets and the recent proactive stance of regulators in developing regulatory sandboxes represent a unique transition from one regulatory model to another."

This model is Regtech 3.0: data-centric, real-time, and in line with the technological transformation that has occurred in financial markets. But is the sector ready to accept and achieve this lofty aim?

Regtech in its Infancy

Ashley Smith, senior vice president at Silverfinch, a regulatory data hub for the buy side and insurers, says regtech is still in its infancy, but is evolving as a discipline.

"There have always been solutions built for regulations. That isn't the innovation. The innovation is drawing synergies and forming strategic responses to regulation, making it a specific discipline rather than, say, merely the reporting of compliance or legal teams. Regtech companies are drawing disparate elements together in a strategic response," Smith says. Silverfinch tracks different regulations, "feeding our pipeline for our clients with new regulations coming in, logically slotting them alongside the ones we have already built. This kind of approach hasn't happened before. Solutions have been bespoke and siloed until quite recently," he adds.

Currently, it's difficult to say where regtech startups are focusing their efforts. Easing client onboarding is a big focus for some, while blockchain and data visualization are also emerging as technologies intended to "re-weaponize compliance as a business function," says Leda Glyptis, a director at Sapient Global Markets. The report authors say that Know Your Customer (KYC) and Anti-Money Laundering initiatives are a particular focus for regtech spending and development within major financial institutions, as well as in technology providers and advisory firms, so most regtech solutions focus on KYC compliance, supporting the perception that interest is turning to a data-centric approach to compliance.

For technology to bring down costs and streamline the system, both sides need to do it, operating off the same kind of data infrastructure
Imran Gulamhuseinwala, EY

A chief data officer (CDO) for a tier-one investment bank says that for him, regtech is about being able to trust his data: "For me, the whole basis of regtech—and data governance, full stop—is data lineage. If I can track the lineage in an efficient way [and] track the impact of the data, I don't particularly care about how many regulations exist. I know there are a lot of them and I know there will continue to be more," he says.

Regulatory change projects consume around half of his bank's IT spend, the CDO says. The bank's goal is automation using the data dictionaries it is building—not just to meet the demands of regulatory change, but to achieve efficiencies in general.

"It's about getting the automation through our processes internally correct with canonical schemas, single taxonomies. Then I don't care how many touchpoints there are outside the bank: if I have a consistent view inside, it's a simple ETL transformation out the door," the CDO says. "If I have a single, canonical schema and data dictionary in my company, and a series of ever-growing reporting requirements, I have to transform that standard into any number of external ones. If there is a vendor that could take ownership of all those external transformations, I'd only have one to one."

Playing in the Sandbox

The academic report says the main challenge of regtech is regulators' own inability to handle and process the amount of data generated as a result of technology and automation. UK regulator the Financial Conduct Authority (FCA) seems cognizant of that fact, the report says, and has initiated a number of projects to develop the sector. Imran Gulamhuseinwala, global head of fintech at EY, says this collaborative aspect is what makes regtech more than just a buzzword.

"It's more than a marketing term because you need both regulator and bank to work to a standardized process and data models. If a bank were to use technology to try and improve its processes around regulation, it would get some of the way there. If a regulator did that on its side, it would get some of the way there. But for technology to genuinely bring down costs and streamline the system, both sides need to do it, operating off the same kind of data infrastructure. That is the big difference: regulators are willing to work with regtech [providers] to help the institutions they are regulating reduce the cost of regulation."

The UK's Financial Conduct Authority has a mandate to support the regtech sector

Last year, the British government gave the FCA a specific mandate to support regtech. In response, the regulator has funded some 300 companies, held roundtables with industry participants and organized hackathon-style "TechSprint" collaboration events. The FCA has also created a "regulatory sandbox," billed as a safe testing environment for products and services, where companies will not incur any penalties if they do not meet FCA standards.

Regulators elsewhere are looking at similar approaches. A spokesperson for the Australian Securities and Investment Commission says it is currently consulting on a proposed sandbox licensing exemption.

Even the Bank of England has a Fintech Accelerator. "It is specifically designed to... show the BoE where its technology could be used to reduce the cost of regulation for the bank itself. At the moment, they have their first cohort in. They want to create very specific milestones to help these companies to produce proofs of concept. If the bank likes a PoC, it puts it out in the market for tender, and the firm that has been through the process gets to say that the BoE is a marquee client, which is very important for some of these smaller firms," Gulamhuseinwala says.

Getting to Regtech 3.0

With vendors, banks and regulators agreeing that Regtech 3.0 could reduce costs, bring efficiency and lay the basis for a real-time, data-centric regulatory framework, the next step is getting there.

One possibility is blockchain, says Thomas Bull, a director in EY's fintech practice. "The idea of a shared or distributed ledger in which multiple parties are able to have real-time visibility of transactions on that ledger opens up the possibility of the regulator itself becoming a node in that network," he says, adding that the possibility of such a solution is some years off.

Leda Glyptis, director, Sapient Global Markets.

A more immediate example would be real-time reporting, suggests Gulamhuseinwala. "Historically, regulators have asked for quarterly submissions from a regulated entity—a small number of pages filled in essentially by hand. The supervisor would read it, come back with queries, and then put it in a filing cabinet," he says. "With regtech, the way the regulators can now work is to say, 'Give me all your data: Not just the data that I specifically ask for, but lots and lots of other data. I will generate my own report off the back of it, and find out what I think is insightful. And give it to me in real time.'"

A regulator could therefore manage the data it gets far more quickly, and become much more responsive.

Sapient's Glyptis says a change in the regulatory tone has cleared the path for this evolution. "The regulator has moved away from regulating the regulated entity to regulating the activity. This seems like a subtle shift, but it's major. If you look at quite a lot of the regulation that has lately caused immense investment in the banking world, it is all focusing on very different specifics. But it's all regulators saying ‘We are looking at the activity that is being undertaken and the purpose for which it is being undertaken. And we will look at the best way your business can be delivered.' And this means that new technology is expected to be used," she says.

These developments will have a significant impact on business areas, forcing firms to examine how they will make money now and in the future, and how they must change to be "business-viable and compliant" at the same time, she says. "These new conversations mean that the compliance functions and the business functions within banks are having brand new conversations with each other. And regtech needs to find its place in these conversations. Because of how it has evolved, it doesn't necessarily have a seat at the table yet."