Increasing levels of regulation and more challenging regulatory expectations are having significant operational impacts on firms requiring people, process and technology based solutions.
Regulation and compliance rules are changing all the time, which can create challenges for firms to understand, implement and embed the new requirements. For banks, innovation has been hindered by strict and ever-changing regulation. Whereas for firms operating within the Fintech space, a lack of guidance and tailored regulatory framework has stalled their ability to flourish.
But the changing regulations and evolving compliance rules are not just the realm of the finance sector. Online gambling, shipping, transportation and air-travel have all been plagued by cumbersome regulation which has meant increased business costs, slower customer service and more complex operations. Moreover, as of May 2018, many other businesses and organisations in Gibraltar will be subject to the EU General Data Protection Regulation (GDPR) which will affect every EU based organisation that processes the personal data of EU residents. The GDPR will come into force before the UK and Gibraltar leave the European Union, and the government has already confirmed that the regulation will apply, despite Brexit. The GDPR requires organisations to develop clear policies and procedures to protect personal data, and adopt technical and organisational measures appropriate to identified risks.
This is where Regulatory Technology (RegTech) is coming to the rescue! RegTech has emerged as a hot topic in financial services and beyond. While some have defined RegTech as a tool to improve efficiency and effectiveness, others describe RegTech as a phenomenon, a global paradigm shift and a strategic opportunity that will help companies successfully execute their business models in the context of a safe and sound global financial system.
Not only will RegTech help firms define standards and guidelines to provide more certainty when purchasing new technology capabilities, it will also free up large sums of operation and capital expenditure that businesses are currently using to ensure ongoing compliance maintenance and demonstrating compliance during an audit. By adopting technology, firms will be able to view their compliance on a continuous and real-time basis and will essentially be able to deliver this process faster.
However, the complexity, scale and diversity of legacy infrastructure and existing systems within firms make the implementation of new technologies challenging. Moreover, the RegTech market is still in its early stages and few documented case studies exist to demonstrate return on investment (ROI).
Right now, we’re seeing four broad categories of technology enabling RegTech innovation:
Tech-enabled process efficiency refers to capabilities that streamline business processes. Examples include robotic process automation, intelligent automation, and self-learning systems for intuitive tasks.
Data sharing and aggregation makes decades of stored data available to all of a firm’s business lines. This includes refurbishing old data, automating the data collection process, and applying “big data” capabilities. Also included are secure networks and application programming interfaces (APIs) that allow financial institutions to share proprietary data.
Data-driven insights result from the application of advanced analytics to massive sets of data in support of a range of compliance activities. Intelligent automation and predictive analytics fall into this group. So do tools that monitor structured and unstructured compliance data in real time.
Platforms, such as real-time databases and Software-as-a-Service cloud systems, make up the final category of RegTech innovation. With the application of distributed ledger technology (DLT), platforms may soon house records of anti-money laundering, “know your customer,” transaction reporting, and other compliance activity.
As we move through 2017 we expect to see more RegTech vendors blending internal company data with externally sourced public and private data. This will help cut the time it takes to manually match regulatory processes, client identities and their financial behaviours with the publications, consumer identity and financial transaction trails that need to be acquired from third parties. For RegTech that assists with KYC, Anti-Money-Laundering and Regulatory Compliance this is key, as these are areas where no individual organisation is an island, but must efficiently inter-operate with both their regulators and with their partners who supply identity and third party transaction data.
Already, numerous online gaming companies in Gibraltar are using the services of RegTech providers in their customer onboarding process. Acting as technology-scouters for various companies, we have also advised financial firms in finding the right RegTech provider for their needs.
Complex regulations mean that many firms still do not feel comfortable adopting new technology. Larger enterprises may be able to weather ongoing regulatory changes better because they typically have legal teams on hand to analyse and advise them on new situations and mountains of people to throw at problems. However, smaller firms are likely to be unfamiliar with the technology and the compliance requirements, and should therefore seek specialist expertise from an experienced advisor in order to gain the greatest benefits from RegTech.