Financial institutions lost $16.9 billion to account takeover and identity fraud in 2019 alone, and the shift to online financial services during the pandemic only exacerbated the problem.
At the same time, the 60 percent jump in compliance costs and risk management spending since the 2008 financial crisis has left retail and corporate banks with little discretionary funding.
New technology to alleviate those compliance burdens — commonly known as “RegTech” — has emerged as one compliance solution financial firms might consider. And since Deloitte reports that the industry has grown from 150 RegTech firms to more than 400 in the last four years, clearly the financial sector is considering it quite a bit.
What is RegTech? Why is RegTech important? How could the new technologies arising from this sector benefit your organization? Continue reading for your primer on the regulatory technology industry that’s set to reach $22.2 billion by 2027.
What is RegTech?
RegTech, also known as regulatory technology, is any technology that helps organizations meet compliance obligations set by regulatory institutions.
Regulatory technology relies on artificial intelligence (AI) and machine learning (ML) to automate routine tasks within compliance departments. That helps those functions to stay abreast of regulators’ ever-changing rules and to reduce the time associated with operational risk and compliance processes, as well as compliance costs.
What Is RegTech in Banking?
In the financial services industry — which has seen a 500 percent increase in regulatory changes since 2008 — a bank might use a RegTech software-as-a-service (SaaS) to help satisfy the regulatory compliance requirements of the U.S. Securities and Exchange Commission (SEC) or the Financial Industry Regulatory Authority (FINRA).
Two specific areas where RegTech can be helpful are Know-Your-Customer (KYC) rules and anti-money laundering (AML) compliance obligations. RegTech can use AI and ML to verify customers’ identities and monitor transactions and identify potential cases of fraud.
Other RegTech Applications and Industries
RegTech’s applications do extend beyond helping organizations meet their regulatory obligations within the financial services industry. Several other fields rely on regulatory technology compliance solutions:
- Government, legislation, and supervisory agencies (SupTech)
- Environmental, health, safety, and quality assurance
- Vendor risk management
- Identification and background checks
- Information security and cybersecurity
- General compliance management
How RegTech Works
RegTech works by automating repetitive tasks: monitoring transactions, risk, and regulatory changes in real-time; generating reports; and by alerting compliance staff of potentially fraudulent activity.
Such automation allows compliance personnel to focus on high-value work instead. That augments their roles and increases efficiencies within the organization, while helping it stay compliant with its regulatory obligations.
Many of the same technologies powering FinTech, or financial technology, drive RegTech:
- Artificial intelligence (AI)
- Application program interface (API)
- Big data and analytics
- Cloud computing
- Machine learning (ML)
- Smart contracts
- Voice and text recognition
The capabilities of RegTech compliance solutions can include regulatory reporting, risk management, regulatory monitoring, identity management and control, compliance, and transaction monitoring.
How Do FinTech and RegTech Differ?
The difference between FinTech and RegTech is that FinTech is a financial technology and RegTech is regulatory technology. Perhaps the most well-known example of FinTech is the Bitcoin blockchain technology, but really, you use FinTech every time you send a payment or make a purchase via an app.
Some view RegTech as a subset of (or even response to) FinTech, because the digital transformation FinTech drove in the financial services industry produced new and greater risk. RegTech, they say, arose in response to that change.
Data breaches are one of the biggest and most publicized problems that have plagued the financial services industry, with 1,244 breaches and more than 446 million records exposed in 2018 alone, according to the Identity Theft Report Center (ITRC).
Why Is RegTech Important?
RegTech is important because it can help reduce the cost and time of meeting regulatory compliance obligations for organizations. To give you an idea of the scope and complexity of compliance departments’ work, there were approximately 220 regulatory revisions to keep track of every day in 2020. Moreover, regulators have issued more than $345 billion in regulatory fines since 2009.
For instance, complying with Know Your Customer (KYC) and anti-money laundering (AML) accounts for a large portion of the estimated 15 to 20 percent of the operational costs spent on governance, risk, and compliance (GRC). But KYC and AML duties are highly routine, and ripe for automation.
Some RegTech compliance solutions can automate and streamline customer onboarding processes, potentially reducing the time and compliance costs associated with such tasks by 30 to 50 percent, according to Deloitte.
Problems and Solutions in RegTech
Fulfilling KYC and AML financial regulation requirements faster and with less expense isn’t the only area of regulatory compliance where regulatory technology holds promise.
The RegTech universe has grown substantially in the past four years: today there are more than 400 RegTech companies offering an array of compliance solutions that can bring quantifiable savings to an organization. Common uses of RegTech include regulatory reporting; risk management; identity management and control; compliance; and transaction monitoring.
In the area of compliance, for example, there are communications compliance platforms that automate and coordinate the full communications compliance lifecycle. These AI-powered compliance platforms can help organizations overcome key problems in the domain of financial compliance: market abuse; record-keeping; comprehensive investigations; and e-commerce and trade surveillance.
The result? A surveillance process up to 50 percent more efficient in time and compliance costs.
Big data analytics, real-time reporting, and the cloud can drive automated data distribution in regulatory reporting. Some SaaS regulatory technology solutions, for example, can alert banks, investment brokerages, and insurance companies of regulatory reporting changes in real-time, so they can meet their reporting obligations and stay compliant.
Such regulatory technology solutions can offer potential savings on time spent meeting regulatory obligations and compliance costs.
RegTech solutions in risk management harness the power of big data and analytics, as well as voice and text recognition, to augment incoming risk data with regulatory risk analytics and intelligence.
Compliance teams can easily visualize, plan, and prioritize monitoring and compliance tasks in the platform’s peer analysis and workflow tools, so they can quickly gauge the organization’s exposure to regulatory risk. Some risk management SaaS platforms can offer potential time and cost savings on regulatory processes.
How Does RegTech Fit Into GRC?
As FinTech and RegTech drive more financial services in the future, banks and non-bank financial firms alike must reconsider how they evaluate financial risk.
The financial sector must continuously monitor its security controls to keep data sets safe and secure. ZenGRC’s ERM solution equips fintech companies with real-time insight into potential threats.
Furthermore, when evaluating vendors, ZenGRC provides financial firms with a central repository to store their reviews and track vendor responses to security questionnaires to ensure third-party compliance.
With ZenGRC’s risk management solution, financial institutions are equipped with all the tools they need to do a gap analysis, create business continuity plans, implement a risk framework, and determine what additional criteria they need to consider to mitigate risk.
For more information on how ZenGRC empowers financial institutions, request a demo.