Here comes RegTech — a new field in technology that ensures that companies, especially tech firms, act in accordance with implemented government rules and regulations.
The first time we came across the term RegTech was when our team was deliverin Python development services to Clear Minds – an investment platform that acts like a digital adviser for people who are willing to make a profitable investment for the long run. During the final stages of development, in May 2018, the GDPR came out.
If you’re lucky enough to have never dealt with GDPR, I will briefly summarize what it is. It’s a regulation created by the EU that forces companies that work with customers’ personal data – in our case, tech companies – to protect their customers’ data. Namely, they cannot disclose it to third parties, and must even delete it if a customer asks them to. GDPR is the reason why your email boxes were recently bombarded with new Terms & Conditions and Privacy Policies of all the services you were using or subscribed to.
Like many other companies, we faced a problem with storing personal data. Not only had we to study the law itself. We also had to understand how it would affect Clear Minds and what we had to do to comply with the regulation. And we weren’t alone. In this article, I’ll describe RegTech and how it helps solve issues related to compliance with government regulations.
What’s wrong with regulations?
The problem is that (1) GDPR is only one of the hundreds of other regulations that companies have to comply with. And (2) new regulations appear faster than companies can analyze them and take corresponding action. Hiring additional legal staff and forming a compliance department isn’t something that all tech companies can afford, never mind startups.
Of course, many firms decided to ignore the regulation – but hey, GDPR fines can be up to €20m and 4% of a company’s annual revenue. I doubt that anybody who’s sane would take such a huge risk. Although non-compliance to any regulation may result in huge fines, some companies still think “Well, I don’t care.” That’s a big no-no. Usually, breaking government regulations or even single-time malpractice will result in huge fines, then scandals, and eventually a trial. CB insights made a terrific compilation of 2017 headlines that illustrates the problem:
After many failed attempts to ignore the fact that companies really have to comply with multiple regulations, the tech world found itself in a situation where they had to focus on the paperwork rather than build technological solutions. And that’s when Regulatory Technology comes into play.
Regtech — an effective compliance solution
Regulatory Technology (a.k.a. RegTech) is any technology that aims to standardize regulatory processes, create unambiguous interpretations of the regulations, and most important – automate the compliance process. To characterize the RegTech industry, Deloitte has analyzed around 150 RegTech companies and identified 5 main categories of Regulatory Technology.
- Compliance. AI and machine learning can perform regulatory compliance activities such as searching for new or reviewed regulations, reporting, and sharing the impact of changes with the stakeholders. AI algorithms can be trained to automatically perform these tasks, with appropriate reviews at key decision points made by the compliance officers.
- Risk management. Some RegTech solutions can continuously monitor risks. That is — they learn to identify insecure situations based on predefined data. In the financial sector, RegTech solutions use advanced analytics and big data to predict entire market changes and mitigate similar risks. After all, machines are far better with numbers than people.
- Identity management and control. The Know Your Customer (KYC) process covers the client identity authentication and screening processes. It’s common to perform it the old-school way, manually working with documentation, but RegTech developers rely on advanced data aggregation and analysis tools. Again, AI and machine learning can expand the scope of the KYC process by gathering information from multiple sources that usually requires hours of searching and ultimately may be never found.
- Regulatory reporting. Few people enjoy drawing up reports, and even fewer actually make them. This work is what you have to do, whether you’re a clerk or a high-ranking executive. People tend to make errors in reports, and this results in unclear or incorrect data. Robotic Process Automation (RPA) makes data management processes work without employees being involved, so the result is correct data reported on time.
- Transaction monitoring. This is the process of monitoring financial transactions that go through banks, online shops or other financial institutions to identify suspicious activity and flag it as illegal. There’s normally a separate department in a bank that performs this work. They have certain standards regarding what should be considered suspicious. Like the previous point about reporting, RPA can analyze and monitor transactions faster and more accurately than any professional.
As you see, most solutions, regardless of the category, utilize RPA, Big Data Analysis, AI and Machine Learning.
How to use RegTech in practice
In this part, I want to give you some concrete RegTech examples and explain how they help businesses. Despite the areas that Deloitte has identified, most solutions are cross-industry and comprise several technologies that solve a set of problems in a particular industry. However, I have compiled a list of five companies that best fit each of the categories above.
Continuity is a US service that provides regulatory compliance services. The system monitors the US Federal Register and, depending on the client’s business area, interprets changes to the regulations that apply to the client company. So instead of hiring a huge compliance department, a company can use Continuity to save staff time. Moreover, Continuity offers a Unified Compliance Management System Model. You just schedule compliance tasks, and the compliance management process becomes automated.
Provenir is a risk analytics system that integrates with, as the founders claim, “virtually any structured and instructed data source quickly” and creates risk analyses based on preset parameters. By data source, they mean that they can operate with Twitter, Facebook, Salesforce and many other tech giants. The great thing about Provenir is that it can be used in a variety of different industries, from e-commerce websites to banks. By the way, HSBC is their largest client.
IdentityMind provides a platform that performs a KYC process: it finds, maintains, and analyzes digital identities, which together allows companies to identify a person, perform regulatory identification, and detect and prevent identity fraud. For commercial businesses, it means fewer frauds and protection from money laundering. They also have a base of 20 partner companies that provide data, services, and technology to support larger operations with data.
Luxembourg is famous for two things: it’s one of the smallest European countries, and it has an excellent economy. It’s no wonder that Luxembourg is the home to Regis-TR — a RegTech development company that offers a reporting system for all kinds of trade transactions for various assets in the EU. Their reporting system is compliant with three regulations: EMIR, FinfraG, and SFTR. The company plans to create an ecosystem where clients will be able to report their data to only one entity at a time and not violate any requirements in different jurisdictions.
Feedzai, as its founders describe it, is an “AI platform to fight financial crime.” Simply put, it detects fraud in omnichannel commerce by offering banks and commercial businesses payment processors protection. They use historical and behavioral analysis of data to identify whether a transaction is potentially suspicious or not.
As you see, RegTech isn’t something vague and unclear. It’s just that the entire RegTech industry is B2B, so consumers are unlikely to ever come across it.
RegTech is software that help companies, primarily FinTech ones, comply with established regulations. Most solutions rely on the continuous utilization of AI and machine learning to exclude human error from regular processes like reporting and risk management.
The RegTech market isn’t stable, since governments tend to establish new regulations every year, based on technological progress. Think about the crypto market. Ten years ago, nobody attempted to regulate it. Over the last 3 years, governments have been trying to figure out how to control it. This clearly demonstrates that the RegTech is just starting to develop – and the more regulations that hit the books, the more solutions we’ll see.