RegTech: A Roadmap for Compliance Technology
The term “RegTech” broadly refers to any technology that supports regulatory compliance. Yet precisely what that encompasses can be ill-defined and misunderstood. Perhaps that is because compliance has traditionally been supported by manual processes. Many core compliance functions – interpreting new regulatory obligations, defining and administering policies, completing filings and declarations – require human judgment and do not immediately lend themselves to automated solutions.
The use of technology to solve compliance challenges is therefore relatively nascent, at least outside the more obvious use cases (such as communications record keeping, electronic submission of filings, document archiving, etc.). However, many emerging fields of technology (including cloud architectures, big data, machine learning and artificial intelligence) are pushing the boundaries of what technology can accomplish. Although regulatory compliance will always be a function led and directed by people, technology is finding new ways to support those efforts and make processes more efficient and effective.
In order to get a better understanding of the challenge and develop a roadmap for compliance technology, firms first need to take a step back and answer three key questions: i) what problem is RegTech looking to solve; ii) how can technology address those problems; and iii) why is it important?
What Problem is RegTech Looking to Solve?
A recent research study conducted by Cordium and Aite Group identified the key compliance workflow challenges facing buy-side firms today.
Cybersecurity ranked at the top of the list. This is understandable given the complex technical challenges that it poses. However, it is not an area that one immediately associates with RegTech. That is because it has only recently come under direct scrutiny of regulators.
Examinations of firms’ cybersecurity policies and practices were once a unique occurrence. But they have now been fully integrated into the SEC’s regular exams. Meanwhile, significant (and extra-territorial) cybersecurity obligations contained in the EU’s General Data Protection Regulation (GDPR) are due to come into force shortly. In fact, regulators across all jurisdictions are responding to the growing threat of cyberattacks by taking a much more active role in mandating IT security best practices.
Beyond cybersecurity, other compliance challenges highlighted by the report include surveillance and record keeping, AML and KYC checks, regulatory alerts, issue tracking and case management, as well as policy management, employee attestations and reporting. These are all workflows in which technology can play a key role by helping firms store accurate records via scalable infrastructure, query pertinent information, reconstruct events through a proper audit trail, and support administrative processes such as document management and attestations.
How Can Technology Look to Solve Those Challenges?
When it comes to “how” RegTech is looking to solve compliance challenges, our research identified a number of core technologies that are underpinning most solutions in this space. At the top of the list was cloud. This is logical given most systems’ need for scalability, availability and speed of deployment. Importantly, the popularity of cloud-based technologies also suggests firms have overcome initial reservations relating to information security, particularly as the technology matures and enables more granular controls to meet requirements relating to data sovereignty, encryption and access controls.
Data management and analytics were other technologies highlighted by our research as crucial in supporting RegTech. This corresponds to the increasingly data-intensive compliance obligations facing firms. From best execution and market abuse monitoring through to expense management – an increasing number of compliance obligations require the ability to analyze large volumes of data and detect potentially anomalous behaviour that could be a sign of non-compliance.
It is also important to note the value of emerging technologies such as artificial intelligence, machine learning and natural language processing. While they are still nascent, and only a minority of firms are looking to deploy them at present, they can hold the key to supporting compliance experts in a wide range of functions – from monitoring transcripts of conversations to comparing different versions of regulatory texts and looking to isolate any changes.
Why is it Important?
The reason that RegTech is establishing itself as an important component of most firms’ technology roadmaps is that it delivers a number of benefits. Scalability is certainly one of those. As firms’ compliance obligations have grown and become more complex, so too have their need to reduce reliance on time-consuming manual processes.
RegTech not only brings the promise of process automation but also standardized methodologies. By ensuring firms can define required workflows, monitor and track progress and keep auditable records, RegTech allows firms to bring greater consistency to their compliance operations. It also allows them to optimize those operations to be more effective and efficient, freeing up time for compliance officers to focus on the most value-added tasks.
The task at hand is clearly not an easy one. Issues such as a lack of data standards and potentially conflicting obligations across jurisdictions add to the complexity of any technical solution. But the stakes are high. Perhaps the most obvious reasons that RegTech has grown in importance is its ability to reduce operational risk. Given the mounting cost of non-compliance, technology can play a vital role in mitigating the risk of regulatory fines.
With a better understanding of compliance workflow challenges (which technologies can best address those challenges) and the benefits they are looking to attain, firms will be better placed to prioritize their tech spend and develop a roadmap for compliance technology that offers the most immediate ROI.