Ever since the global economic crisis of 2008, the financial services industry has become entangled in an ever-increasing web of regulation. Few would argue that increased control is unnecessary, following a crash that cost the global economy somewhere between $60trn and $200trn. But the drain on businesses is immense.
The number of rule changes that global financial institutions must track on a daily basis has trebled since 2011, to an average of almost 200 per day*. Meanwhile, banks like HSBC have quadrupled their compliance head count to around 7,000 people in less than 10 years, at a cost of around $1bn globally. You get the feeling that there has to be a better way.
No surprise then that the software industry has stepped in, seeing the smorgasbord of regulation as an opportunity to carve out a whole new category of technology solution: RegTech. According to the FCA, RegTech applies to “new technologies developed to help overcome regulatory challenges in financial services” and with $2.3 billion of venture capital funding flowing into the sector*, you can see why tech entrepreneurs like the label.
But in a sector with so much complexity, to what extent is RegTech solving the real compliance issues facing financial services? Can we really hope for a future where the web of regulation is untangled for good?
In an attempt to answer this question, Altus surveyed 35 of its own financial services clients to understand the different stages of a typical regulatory programme and the work and time involved in each. We found that dealing regulatory change typically involves six distinct stages:
Monitor the output from regulators
Review the content and decide whether it affects the business
Impact analysis to understand the parts of the organisation which need to change
Planning, building and implementing the necessary changes
When looking at the time involved in each phase, the findings were even more enlightening, with around 40 per cent of the effort focused on the first three stages. That means unravelling and understanding the changes needed takes almost as much time as actually implementing them. This is the key area where RegTech is needed to help speed things up.
So, what are the options?
At first glance, the solutions on offer don’t appear that promising. RegTech Markets, a leading commentator on this topic, has divided the field into eight distinct areas, including financial crime (27 per cent), market integrity and transparency (16 per cent) and risk analysis and calculations (13 per cent), many of which are new takes on existing ideas, rather than fundamentally new concepts.
That’s not to say some of the new technology isn’t exciting. Using biometrics and AI to validate identity, or behavioural analytics to detect fraud, is pretty cool but, ultimately, they are still point solutions to deal with particular regulations.
The bigger challenge for established financial services players is how to cope with the continuous flow of new regulations, within an already complex environment, where legacy technology is so engrained in the system. This is the area of RegTech dealt with by so-called ‘change and regulatory intelligence’ – and this is where things get interesting.
While big data and biometrics have been grabbing the headlines, quiet but steady progress has been made by a range of solutions which focus on improving the process of managing regulatory change. Here are just a few examples of how technology is easing the burden at each of the key six stages:
Monitor: Notifications about new regulations are now able to detect changes automatically and cover a much broader spectrum of regulatory areas, so professionals will always hear when something relevant to them is released. JWG, for example, has deployed its RegDelta service to analyse over half a million pages of regulation, while Thompson Reuters goes even further with its Regulatory Change Management service which provides content from 750 regulators globally.
Review: The power of machine learning is enabling searchable rule books to pinpoint and interpret the regulatory changes relevant to a particular organisation or individual, eliminating the need to trawl through reams of compliance materials. Corlytics, developer of the FCA’s Intelligent Handbook, deploys ‘trained models’ to help understand and interpret regulatory texts. In a similar vein, Waymark is using its Wayfinder AI tool to work out the meaning of regulations and policies, to save compliance teams valuable time.
Impact: As well as understanding new regulation, RegTech also needs to analyse its impact on financial services organisations. Some solutions, like Axiom, are now doing this by linking regulation to a firm’s policies and controls, to automatically see the impact at this level. CUBE combines a similar capability with automated monitoring of global regulation and Covi aims to go even further by integrating the way a firm manages risk and compliance into its core processes.
Plan: One of the biggest challenges for large established organisations is to understand their own operations and technology landscape in a way which allows the impact of regulation to be readily understood and planned for. Ultimately the rules apply to actual business activity and firms need a robust model of their business which describes this and the technology that supports it. We are beginning to see a few examples which offer the potential to bridge the gap to real operations and technology, enabling a joined-up approach to planning change across silos.
Build and implement: Having made the necessary changes to embed the right controls in systems and processes, the final step is to ensure those controls continue to perform consistently and reliably. Unfortunately, this step is often neglected but a new breed of systems, such as TrackMyRisks, is emerging to manage the complex task of staying on top of the full spectrum of policies, procedures and controls.
Self-service – the future of regulation
Today RegTech is addressing issues in how firms currently deal with regulatory change, but, if we look further ahead, there is potential for a more fundamental shift in how regulation works. That means looking through the other end of the regulatory telescope, to the role played by regulators themselves, led by the FCA, and the format in which they deliver regulatory information.
The FCA is already taking the first step by restructuring its handbook into something a computer system can understand, adding repeatable shape and introducing meta data and tagging to facilitate data-driven solutions. This is a welcome development that will make RegTech solutions all the more effective, but it can only take us so far.
What lies further down the road is the development of regulation that is fully executable and testable by machines, with no human intervention. In fact, the FCA announced last year that it is starting to explore the feasibility of this approach, with a focus on the challenge of creating unambiguous rulesets that can consumed directly by machines. Regulators have generally steered away from very prescriptive rules of this kind, preferring principles-based, general definitions of good practice. Making this shift therefore won’t be easy.
However, if this obstacle can be overcome, the implications for managing the data mountain will be enormous, creating a more active regulator, that is integrated into the financial services system, rather than observing from the outside. It would of course require inordinately better data management, most likely involving some kind of distributed ledger technology, not to mention a whole host of new skills capabilities, with data scientists and programmers replacing the compliance brains we’re used to seeing at the FCA.
It’s a scarcely imaginable vision of the future, given the compliance spaghetti we find ourselves in today. But if technological development continues apace, who knows where we’ll find ourselves in 15 or 20 years’ time. And for the moment, a less intense regulatory headache is within our reach, with some seriously impressive solutions already on the market. With the right deployment of automated monitoring, AI-based interpretation and an engineered model of financial services business, the industry can become more compliant and more efficient, sooner than we might think.