RegTech boundaries or an attempt to define the nature of regulatory technology and its limitations
I am not a big fan of buzzwords and hashtags. When I first came across the term RegTech, I was sceptical at first, too. Then I got intrigued though. Not that my opinion of flashy expressions had changed. But I saw a chance to use the momentum that this new sector created to solve an issue that had bothered me and other people in my profession for some time. Compliance has always been perceived as a roadblock by the business side of financial institutions and the inflation of compliance headcount and its weight on doing business has done little to improve its standing. The huge fines of the past decade may have increased its importance but rather out of fear of getting into trouble than out of the understanding that being compliant could actually lead to a more profitable and better organisation.
RegTech is an enabler and here lies the great opportunity of it as it goes beyond pure regulatory compliance. We could also talk about the bright future of RegTech, growth rates of more than 50% per year or the twenty fold growth in market value over the next six years. The value of such estimates is difficult to establish though as it is not clear what exactly is measured here. You see, defining RegTech is no small task.
RegTech – a definition
What is RegTech then? The UK’s Financial Conduct Authority in the early days defined it as a subset of FinTech, others have dubbed it as “FinTech’s little brother” and Deloitte famously called it the “new FinTech”, somewhat missing the point. The FCA quickly learned that its original definition was not entirely adequate and nowadays speaks of RegTech as it “applies to new technologies developed to help overcome regulatory challenges in financial services”.
I would go as far as saying that it applies to all forms of Regulatory Technology and as such any activity that helps dealing with regulatory obligations and compliance. I keep compliance in there even though you could think of it as the adherence to standards, regulations and other requirements, which sounds fairly close to the aspect of regulatory obligations though it isn’t. Because in my view it is not only about complying with regulatory requirements but making the process of dealing with such as well as the organizational procedures easier, more efficient, less costly or simply better. And if I were entirely accurate (as I should) I should add something about the business enabling element of RegTech but for the sake of the argument, let us focus on the traditional elements of RegTech that are at the center of the RegTech conversation.
The first question mark then must be on the use of innovative technologies, an element that, for instance, Nick Cook, the FCA’s Director of Innovation and at the same time great promoter of RegTech and pretty much the perfect example of what RegTech and FinTech firms would like to see from a regulator, stresses repeatedly. He and other making the argument that the definition of RegTech only applies to those solutions applying innovative technologies like data analytics, artificial intelligence, or blockchain. While I’m a big fan of spreadsheets and despite extensive prevalence in the use of Excel in Compliance departments, I agree that this is an inappropriate instrument for dealing with the regulatory reality. It should also be clear that when we talk about real RegTech firms, we talk about those that kind of revolutionise the approach towards compliance with rules and regulations. In my opinion, however, it is important not to be fixated on this aspect. To start with many of these technological advancements go back a good deal and are not as innovative as we would like to believe. With regard to artificial intelligence you just need to remember that computers were already learning checkers in the 1950s. Algorithm are not a recent invention either and cloud computing stems from virtual computing, which was already applied in the 90s, but even Amazon Web Services, arguably the biggest cloud computing platform saw the light of day in 2006. It is more the application of these services that is so astonishing and makes real RegTech possible, so if you look at how these “old” concepts are used by ground breaking firms, you have to admit that it is pretty innovative.
On the other hand, there are more than a few companies springing up that try to jump on the bandwagon by branding their solution with some cool sounding technology – blockchain is a prominent example in the RegTech world as well. The same holds true for those incumbents that seek to “reinvent” themselves by upgrading their existing offering by adding AI or Big Data analytics without adding any real value. A rose is a rose is rose is a rose.
RegTech in Financial Services
RegTech is often discussed only with regard to its use in financial institutions. At most, the conversation makes its way to the other side of the table to include the use by the regulator itself: SupTech aka RegTech for Regulators. Since authorities face similar issues as financial institutions in terms of large amounts of data or poor data quality, they have to take advantage of such solutions to supervise an increasingly complex industry. As such, SupTech describes the solutions and services that improve on the management and execution of the regulatory process as in reporting and monitoring, for example.
But RegTech should not be limited to financial services only and in fact it isn’t: other heavily regulated industries offer more ways to capitalise on the potential of RegTech. Insurance has many similarities with financial services and is equally under pressure from new regulations, some specific to the insurance industry and others such as regulations that have a cross-sector impact like GDPR.
Looking beyond the obvious choices, healthcare presents a significant opportunity for the right solutions: a report by the American Hospital Association found that hospitals and other healthcare providers spend nearly $39 billion a year in the U.S. alone solely on the administrative activities related to regulatory compliance. Telecoms, Automative, Energy, and Rail, Ship and Traffic or Fishing are other regulated industries that are relevant to RegTech solutions. And then there is Petrol and Gas, an industry that with 25,482 restrictions is the heaviest regulated industry according the McLaughlin-Sherouse List of the 10 Most-Regulated Industries.
Limiting the scope of RegTech to financial services distorts the true potential of the sector and any estimates regarding the potential growth in market value needs to consider this – even if the numbers for financial services RegTech are already impressive.
Drawing the line on relevant industries seems relatively easy in comparison to any effort to categorise the various RegTech solutions to bring some order to the RegTech universe. We discussed this topic a number of times, mostly in relation to our own RegTech Directory, but we admit that it can be done in different ways. We have chosen to limit it to eight different categories that cover a number of different subcategories, with overlaps across them and solutions that could fit into different ones, to give it a structure that is easily understandable and comparable, but I understand why someone might want to do it differently.
Still it was an interesting conversation I recently had a FinTech event when I provided an introduction to the industry and explained the different categories to establish a basis for the following discussion. Afterwards, I was approached by the member of the audience who questioned whether Cyber Security (as a form of Data Protection) should be included as a field of RegTech. The purpose of cyber security, after all, was to protect systems against unauthorized access or attacks. That at least was his argument. While that certainly is true, cyber security measures are also based on regulatory obligations like GDPR and the desire to protect the reputation of a (financial) institution, which sits right in the core of regulatory compliance.
Certainly, cyber security does not necessarily equal RegTech and not all RegTech solutions focus on cyber security, but it is an important element.
The RegTech Opportunity
You might say this is all semantics and question the value of such contemplations. I think though that it is necessary to analyse and discuss these matters to have a proper conversation about RegTech and its potential, one that goes beyond the buzzwords, one that focuses on the real opportunity of RegTech. Too often it is reduced to cost saving, the prevention of hefty fines, or replacing spreadsheets with funky new technology. It is then only an extension of the traditional compliance conversation that can only argue that it has to be done, a necessary evil to abide to the rules, but disregards the enormous business value RegTech can add: the insights structured data can give into an organisation and the business opportunities this creates; the foundation it is for the reputation and image of a company that in an increasingly transparent society no longer is a question of choice; and the chance it presents to create a paradigm shift and to transform the way we were doing business in an entire industry. Like many things regarding regulation, defining the boundaries of RegTech neither is a simple task.