Global banks have to deal with an increasing variety of regulatory requirements and changes, and compliance can be challenging. Thomson Reuters – whose regulatory intelligence feed monitors 900 regulatory bodies – estimates that the number of regulatory changes that a bank needs to deal with on a daily basis has increased from 10 in 2004 to 185 in 2018. This trend can be expected to continue given the continuously evolving financial services industry.
Regtech has registered strong growth in the last few years with support from regulators and a realisation that expanding compliance teams is not the most effective way to meet regulatory requirements. According to Frost & Sullivan estimates, the regtech solutions market is expected to be worth US$6.45 (£5) billion by 2020. Some of the regulations that are expected to impact the financial services industry include Markets in Financial Instruments Directive II (MiFID II), General Data Protection Regulation (GDPR), Revised Payment Service Directive (PSD2), and Insurance Distribution Directive (IDD).
Escalating risk of non-compliance
The constant evolution of the regulatory environment increases the risk of non-compliance. In the last few years, the focus on regulations and compliance has increased substantially and banks have paid large penalties amounting to hundreds of billions of dollars for non-compliance. Providers will also closely monitor developments such as Brexit to create relevant solutions. At least some of these regulations are expected to have a global impact. For instance, GDPR deals with the use of personal data in the European Union (EU) and European Economic Area (EEA), allowing residents more control over personal data. However, companies outside of the EU who have customers within the EU will also need to comply. With strong penalties for data breaches, which can be 4% of global revenue or EUR €20 (£18) million, which is higher, a focus on deploying adequate experts and technology to ensure GDPR compliance is increasing.
Regtech service providers are launching products to deal with specific regulations. For instance, Collibra, which offers a data governance platform, has updated its solution with a GDPR Accelerator. It enables clients to use a phased approach to prepare for and comply with GDPR. Another example is that of Pontus Vision, a London-based Regtech firm. It launched Pontus Vision GDPR to enable fast compliance for financial service firms that struggle to deal with historical data management. The company worked with the UK Government to develop this solution.
Regtech capabilities across the board
Customisable solutions are essential, as companies may encounter unique challenges based on the scope of their operations and current circumstances. The large amount of structured and unstructured data present in silos creates complexities that can be better managed by solutions powered by data analytics and artificial intelligence (AI). Israel-based MinerEye launched an AI-powered solution, MinerEye Data TrackerTM that enables safe and compliant cloud migration of data. Adopting the ‘compliance by design’ approach, it effectively and continuously identifies, organizes, tracks and protects data. Similarly, Irish law firm McCann FitzGerald has collaborated with Neota Logic, an AI-driven platform company, to develop a GDPR Gap Analysis app. The new app assesses the level of GDPR compliance and identifies areas of high risk.
Another regulation that is a core focus for banks is PSD2; this requires financial institutions to allow third party providers to access consumers’ accounts (with consent). The launch of innovative products by fintech companies will help them to garner greater market share. For banks to take advantage of PSD2, they must explore new business models. It will also lead to greater collaboration between incumbents and fintechs. German service provider figo helps banks to introduce innovative products and services. Consorsbank, a BNP Paribas brand, launched its multi-banking service with figo technology. It allows customers to add their accounts and deposits with other banks, and enables the management of all finances in one place. figo also launched its RegShield solution to handle PSD2 relevant processes and licensing requirements for fintechs and incumbents. This license-as-a-service (LaaS) solution can help to create PSD2-compliant customer processes and prepare reports for audits.
AQMetrics received approval from the Central Bank of Ireland (CBI) in January 2018 to operate a MiFIDII Approved Reporting Mechanism (ARM). Enforced in January 2018, MiFID II aims to offer better protection for investors and increase transparency of various asset classes. The comprehensive regulation with more than 1.4 million paragraphs of rules, the AQMetrics platform will be able to report transactions directly to all European regulators.
Companies will find it increasingly difficult to deal with regulatory complexity. Human resources and traditional systems cannot meet the tough standards of compliance set out by these regulations. The paradigm shift in the regulatory environment will mandate a digital-first approach – and the future of the regtech industry will be driven by solutions that draw on the ‘compliance by design’ philosophy.