Can regtech ease the burden of compliance?
With the massive amounts of regulations hitting the financial services industry in 2018, regtech is once again a hot industry topic. However, even though regtech was deemed the new fintech back in 2016 it has not scaled, as we would have expected from the initial hype. With a seemingly never-ending flow of regulatory requirements, how will the financial industry respond to the corresponds increasing cost and complexity?
Following the financial crisis, the global regulatory load has increased by near 500% from 2008 to 2015, and that is excluding major compliance hurdles banks are facing this year such as GDPR, PSD2 and MiFID 2. As a result, financial institutions are at risk of becoming less competitive as the cost of doing business due to regulatory compliance increase every year.
For US banks, estimates suggest that top tier banks are spending more than $1 billion a year on compliance, and in some cases account for more than 10 percent of the banks operating costs. For European banks, the industry average cost of compliance is estimated 4 percent of total revenue but is expected to rise to 10 percent by 2022. A survey conducted by Accenture substantiates this claim as respondents anticipate an 89 percent increase in compliance investment over the next two years. Just like Moore’s law for computing power, the same logic could be applied to the regulatory burden facing financial institutions where the operational burden of controlling regulations will double every few years.
Bain&Co estimate that governance, risk and compliance costs account for 15% to 20% of the total “run the bank” cost base of most major banks. In addition, future demand drives roughly 40% of costs for “change the bank” projects. As a consequence, efficiency gains are offset by increasing compliance cost, and potential investments in innovation will be suffocated by the cost of staying compliant.
A key challenge of today’s approach to compliance is that a majority of processes remains highly labor-intensive when even the most automated solutions are often incompatible with other systems and still depend heavily on manual inputs. At JP Morgan alone, the compliance headcount has nearly doubled from 23 000 in 2011 to 41 000 in 2016.
With this backdrop, the potential for regtech to revolutionize the industry should be obvious. Unfortunately, the difference between theory and practice is still significant in this field. Regtech is no silver bullet to lower compliance cost for banks, but rather a collective term describing a set of companies utilizing emerging technology to solve specific use cases such as machine learning for anti-money laundering.
According to a Deloitte analysis of 242 regtech companies, the regtech landscape can be divided into five general categories, where the majority of companies focus on solving one specific problem.
Compliance, which seeks to provide automated support to compliance, functions though regulatory watch and online libraries, keeping track of upcoming regulations and relevance for a given company as well as tools to manage compliance projects in an efficient way. In addition, provide tools to monitor the companies compliance status in near real time.
Regulatory reporting to enable simple and automated regulatory reporting.
Risk Management, which includes but not limited to: Scenario modeling and forecasting to facilitate regulatory requirements such as stress testing as required by for instance Solvency 2. Risk assessment to determine current exposure and asset qualities to compute capital and liquidity ratios. Risk reporting tools to enable simple and automated risk reporting.
Identity Management & Control to facilitate frictionless KYC-processes for customer onboarding as well as validate identity for anti-money laundering checks.
Transaction monitoring to enable companies to scan transactions through distributed technologies like blockchain.
CB Insights breaks down the regtech landscape into a set of different categories, including other heavily regulated industries such as healthcare and medicinal marihuana.
For Financial Services, CB Insights group regtech into 8 subcategories, including KYC/AML, Blockchain, Enterprise Risk Management, Operations Risk Management, Portfolio Risk Management, Quantitative Analytics, Reporting, Tax Management, and Trade Monitoring. For more details on the categories, check out CB Insights overview of the regtech landscape.
Even with a vast selection of potential vendors, there are still some barriers to regtech adoption by banks. Given the consequences of non-compliance, many banks stick to the old ways of managing regulatory compliance. A majority of regulations also follow national interpretations, making it difficult to provide standardized solutions across national borders.
The role of the regulators also play a part in terms of regtech, and countries, where the regulator plays an active part in promoting innovation around regulatory compliance, are staying ahead of the pack. Such as the FCA, which has expanded the regulatory sandbox to also include regtech as a natural extension to existing initiatives, and is proactively engaging with industry participants through a range of activities. As a result, the European regtech landscape is largely dominated by UK-based companies as shown below.
Even though regtech adoption remains relatively low compared to the excruciating cost of compliance, investors are pouring capital into the sector, investing approximately $5B across 585 deals into regulatory technology startups in the period 2012 – 2017. Among these investments, banks such as Santander, Barclays, and Goldman Sachs are also investing in regtech and have made investments in identification and background checking software, blockchain, and trade monitoring.
Given that the cost of compliance is a burden for most banks, and there are several companies out there out to solve these issues, where should one start?
Regulations are increasingly consisting of technical requirements, and at some point, legacy spaghetti will not scale in the face of the increasing complexity of the regulatory landscape. If existing infrastructure a challenge to stay compliant or data quality is poor due to several versions of the truth floating around in various systems it may be time to investigate a new approach to staying compliant.
The same goes for personnel requirements. If personnel cost related to risk and compliance growing faster than revenue growth due to an increasing amount of manual processes it may also be time to look for alternatives.
While many banks approach regtech based on complementing workflow and automating existing legacy processes, the future of regtech seeks to leverage new technologies in order to replace cyclical legacy processes that focus on a rear-view perspective with continuous monitoring and predictive analysis. In order to reap the benefits of the future of regtech, banks should aim to invent the future of risk and compliance instead of improving the past.