Following the 2008 Global Financial Crisis, regulators and policymakers set out to prevent future similar financial crashes. The initiative, however necessary and noble, had unintended consequences, exponentially increasing the compliance burden of financial institutions, increasing the industry requirements and making it difficult for it to serve consumers as intended. Enter Regulatory Technology or RegTech.
RegTech refers to the companies and technology built to assist Financial Institutions with compliance. It includes automating and improving existing processes by using technology to perform regulatory monitoring, reporting and compliance, both efficiently and effectively.
To honor RegTech’s coming-of-age, we thought it fitting to start 2017 with a clear understanding of what RegTech is, and what it’s not. With that in mind, last week we hosted our first webinar of the year “RegTech 101: Implementing a RegTech Solution in your Organization” – bringing together the expertise of three notable professionals, who guided us on a walk down RegTech lane:
- Oscar Jofre, CEO of KoreConX and Worldwide FinTech Influencer
- Juan Lozada, AML/CTF Compliance expert and former Assistant US District Attorney
- Lisa Dawson, Compliance Officer and Expert on Risk Mitigation Strategies and former FinCen Analyst
The focus point during the webinar was how to manage a RegTech solution implementation.
Key aspects that drive a RegTech implementation:
- Risk mitigation: the risk that comes from unplanned shutdowns of the system due to lack of maintenance, or its inability to cope with the velocity, volume, and variety of data your business receives daily.
- Revenue generation: with a better user experience enabled by an omni-channel solution, a smoother onboarding process, and lower time-to-transact, making your product a better, more attractive option.
- Cost savings: not only from compliance, but also by reducing maintenance costs, and gaining from operational efficiencies.
The transition from manual processes to automated ones will bring about a series of organizational obstacles that need to be overcome to successfully implement your chosen RegTech solution.
Technology implementation projects are specific to each organization. But, in general, there are four common hurdles that most organizations will face while implementing a RegTech solution:
- Legacy systems
- Regulators and applicable regulations
- Support from Management
When we talk about legacy systems we are referring to the existing core information technology systems. These are mostly characterized by siloed information and different internal applications that have problems integrating with each other, making it hard for different departments and business units to share and consolidate data.
This is a much larger problem for traditional financial institutions (FIs), than it is for FinTech companies. Traditional FIs have sometimes hundreds of disparate systems that have grown independently through decades, whereas FinTech organizations are basically starting from scratch, and both can -and are faster to – adopt new technologies.
Updating your core technology – specifically for compliance, risk management, and regulatory reporting processes – is a project that needs to be carefully planned since you can’t just turn-off these operations, even if just momentarily.
The whole process starts with an update of your regulatory assessment, to fully understand what you need from your RegTech solution(s); this assessment will guide you through the process of normalizing your data – agreeing on a single taxonomy is key to the success of the implementation process.
“No matter the size of the institution, you want to start by looking at your risk assessment, to help you prioritize the needs or new or improved services for your business. Regulators will want to know how you’re managing your overall risk” – Lisa Dawson
Let’s put this into perspective, one of our clients, a traditional regional bank, has been investing heavily in online and mobile banking. This transition changed their requirements for fraud prevention and risk mitigation, as they were facing the challenges of the online world. Their core banking solution couldn’t provide the real-time analysis that is fundamental for account fraud prevention and transaction monitoring in their new banking applications.
An independent solution to cater the different needs would have been very inefficient for their risk team. They moved forward with a plan to unify the fraud prevention technologies; this meant investing in updating their core banking to have all banking applications to use common systems such that the fraud strategies could inform all aspects of their banking applications. Their compliance team is now planning to use the same core information to inform their transaction monitoring processes, and enhanced due diligence.
Today we are quickly approaching the point where if you don’t bring down silos of information, if you don’t integrate your data across business units, and if you don’t adopt specialized technology for certain complex functions, you will lag behind the competition and won’t be able to meet the regulatory compliance demands. Which leads us to the second hurdle.
The Regulatory Environment
Regulators are expecting policies and procedures to account for today’s challenges, as these are the only ones that will be able to rise to the ocassion when it comes to facing the financial crimes threats of this time and age.
Much of the focus of Regulatory Agencies worldwide is moving from an enforcement focus to a prevention approach that features an ad-hoc framework, by which the compliance and risk management program, through predictive analytics, can detect and stop suspicious activities.
Regulators understand the role technology is playing to level the field between criminals and law enforcement, RegTech is then the bridge between reactive supervision of financial activities and proactive and preventive real-time monitoring.
This is the argument supporting initiatives such as the Regulatory Sandbox by the FCA in the United Kingdom; it isn’t only about facilitating an innovation friendly environment, but also to tackle compliance, risk, and fraud problems from the same side of the fence. The solutions that come out of these efforts are an integrative approach, that benefit both the players and the game.
“Regulators will start moving more towards the middle, from strict inflexible enforcement -motivated by the need to prevent money laundering and fight terrorism; to a point where they allow FinTechs and Financial Institutions to evolve, adopt new business models, and start competing at a global level. Promoting collaboration across all the players in the ecosystem” – Juan Lozada
We can draw clear examples from two industries we work closely with: Internet Lending and Virtual Currencies. Internet lenders have adopted financial risk scoring mechanisms that are innovative and adapted to the online world. By the time some of them became commercially active, they were ahead of regulators — but not for long.
Regulators understood the role of technology and the risks of online account generation, financial risk scoring on thin credit files, global accessibility, and focus on the same technology capabilities that enabled their models to craft regulations online lenders are now needed to conform to.
On the other hand, virtual currencies – initially heavily abused for illegal activities, partially because of the user anonymity – has now grown into an industry where commercially viable businesses are fully compliant with global AML regulations. Monitoring the blockchain has become an integral part of the transaction monitoring activities expected by regulators. Both examples show regulators taking advantage of the technology to push forward a more proactive model.
Support from Management
New technology initiatives will have to pass the ultimate test, that is, approval from Senior Management and Executive Team. The newer the technology, the more rigorous the approval process. In terms of technology solutions for compliance, the approval committee will be more keen to support the implementation of integrative technology that helps bringing down silos of information, and integrate data across business units.
“The customer is shared across the entire organization, so you want to look for solutions with which you can – not only bring down silos – but also share valuable data across functions – Look for a solutions that facilitates shared dollars across business lines” – Lisa Dawson
RegTech should be introduced as a strategic investment, changing the view of compliance from a cost to a core competency generating business value, remembering that the customer is shared by both business and compliance functions, and the data gathered from one side can inform the processes of the other and vice-versa; the true value of data depends on the context.
The main argument here is: data integration and a modern technology infrastructure to prevent fraud and money laundering will generate long-term business benefits, apart from obviously lessening the risk of enforcement actions.
Without a doubt, all of our successful clients have had a strong buy-in from the executive team. From the smallest organization to the largest. Of course, not all projects are equal, and not all business requirements are the same.
We have saved the best for last.
The point of scalability is that it spans beyond geographic expansion. A scalable solutions also takes into consideration the challenges of regulatory requirements, both in terms of new and existing regulations; as well as the logistic aspects of data infrastructure and management.
Since the beginning we have emphasized the importance of thinking globally from the get-go. There is absolutely no argument for a regional solution, because this will not scale as you expand your products or geographies; and even without physical expansion, just by accepting a wider customer base, you will need to comply with global requirements, and abide by rules set by different regulators.
A solution that is not only omni-channel, but also omni-jurisdiction will provide your customers with a seamless experience through your brand, and prepare your organization for organic growth.
Beyond global scalibility, you have to consider the degree of flexibility you need to deal with the reality of the current regulatory environment: new legislations being approved by a gamut of worldwide regulators, a regional Court’s ruling to change the interpretation of already existing regulatios, or even just a minor change in the regulatory reporting cycle.
A scalable solution must be agile enough to respond quickly to this challenges, while still ensuring continuos compliance.
“RegTech is at the core of business disruption. FinTech, InsurTech, Digital Banks, none of these would be possible without fundamentally changing how the compliance element is dealt with. The difference between RegTech now and a few years ago, is we are no longer constraining the way we look at compliance processes, we are at the very beginning of an integrative global approach, in which scalability is not a nice-to-have-feature, it’s a requirement” – Oscar Jofre
Additionally the adoption of common taxonomies across functions within the organization along with how to leverage the aggregated data for better business, compliance and risk management will impact how you store and use data. Whatever plan you adopt will require you to handle much larger quantities of data and this requires thought.
We have been servicing FinTech and financial institutions since we started few years ago. The ability to leverage historical data depends on our capabilities to handle and analyze large quantities of data in real time.
Machine learning can provide great insights and facilitate predictive analytics but only when it has enough data to learn from. Our data store grows continuously, and we facilitate our clients growth because we can manage large quantities of data. An organization building these functions internally has also to prepare for the data growth requirements.
We know, from experience, that tech modernization processes can seem daunting, but in reality a RegTech implementation is a project, that in order to be successful needs clear goals, planning, and an experienced competent team; but in this case it will ultimately go back to choosing the right solution for your organization.