When you speak regularly about RegTech with both people at banks and startups, you can’t help but notice how the tide has turned over the last two years. In 2016 people would often shrug when asked about it, but 2017 certainly was a breakout year for RegTech. Sure, technology has been used for many years in one way or the other to support compliance and adhere with regulatory obligations but it wasn’t until last year that RegTech made it into the headlines and has really come to the awareness of boardrooms and decision makers.
There are a number of surveys on the subject and I take them with a pinch of salt as the numbers aren’t always straightforward, but the annual ThomsonReuters Role of Compliance survey found that 75% of all respondents reported a positive view of RegTech up from only 40% the year before. You can speculate about why that is but as I said: a lot of the people asked the year before simply had no clue about what RegTech is and what it does. So if you hold it with Winston Churchill and believe only in statistics that you doctored yourself, have a look at the following two graphs:
There first one is a 5-year graph for a RegTech keyword search from Google trends, i.e. how popular was the RegTech in terms of Google search. What it shows is that Google didn’t see much interest in the subject until about September 2016, when the numbers slowly started to build up and then took a big leap last year in late July.
If you look at the graph for the last 12 months though, you will also notice that from it’s all time high in November 2017 it has kind of hit a plateau. Sure, RegTech obviously isn’t a subject for the masses but it confirms that interest seems to have hit a bump.
Without overrating these numbers – there are certainly other important aspects regarding the popularity and growth of RegTech we will discuss further down below – it emphasizes that RegTech has made a break through into the general awareness of the financial world. We have also seen that it helps dealing with the large amount of existing and new regulations. However, we might well be at a turning point for RegTech, from the creation of attention and certain expectations to what lies ahead. RegTech adoption faces several obstacles and while the following is not a conclusive list, let’s look at the six key challenges and how these can be overcome.
Challenge No. 1: Legacy Systems
Whenever you do a quick poll amongst RegTechs about the biggest hurdles they face, people will always tell you about the difficulties they have dealing with outdated computer systems and software. The patchwork of existing IT systems that has grown and been amended over time often substantially delays project and service delivery if it doesn’t make it impossible altogether. Considering the initial cost of investing in new solutions as opposed to patching up existing ones as well as the complexity, scale and diversity of legacy infrastructure and existing systems within some financial services firms, some firms will continue to choose to invest in legacy systems rather than new technologies, as the FCA has pointed out aptly. While this might be the case, there may be a way around it and this is related to the second challenge.
Challenge No. 2: Mentality
When RegTech and financial institutions come together, it is sometimes a clash of cultures. Compliance historically has been perceived more as a burden for business rather than as an enabler, so investments in regulatory technology are often already off to a rough start. That is the reason why it is all the more important to use RegTech innovation to get the point across that compliance also offers opportunities for the business and the organisation itself. Not only to reduce the fines a firm has to pay, but also to improve processes, create new business opportunities and create an edge towards competitors.
For example, if financial institutions aren’t concerned about the threat that FinTech can pose to them, they should carefully consider what impact the arrival of big tech companies to financial services might have. Why? One of their main advantages is better, smarter data, the knowledge about their clients, and the insights traditional financial institutions have not harvested yet. RegTech solutions can address this point and it is critical to highlight it.
Then there is corral mentality that can sometimes be found with in-house IT teams that are not too keen about an outsider riding in like a knight in shining armour to rescue their bank from eternal doom.
It’s not just the mentality in banks though: I have seen and heard various examples about RegTech firms, too, where there wasn’t exactly the right mind-set to help adoption and implementation, sometimes expressed by overly concentrating on the RegTech and its technology. No matter how good the solution, RegTech firms need to focus on the needs of their clients and not on their own product; in order to be successful, RegTechs need to appreciate the different culture of large financial institutions as each organisation is different in the way it is structured and even how it approaches a specific regulatory initiative, so an approach that might work at one place doesn’t necessarily do so at another.
It is paramount for RegTechs to listen to the customer and though you might have developed something truly amazing, it is worth little if you don’t understand properly how it will help you clients. And this isn’t limited to technology: regulatory expertise is sometimes more important than the tech know-how as it can be the factor to decide about success or failure of a project. RegTechs need to demonstrate that they fully comprehend the regulatory implications and the problem they aim to address, but it isn’t uncommon to hear banks complain exactly about the lack of compliance expertise at RegTechs.
Challenge No. 3: Overcoming third party risk
The moment you outsource parts of compliance – and that is basically what happens in some RegTech solutions – a financial institution needs to have absolute confidence in their partners as new regulations extend much further than previously, take GDPR, for example, and the use and management of client data. The same applies to cyber risk: it is estimated that almost 2/3 of all data breaches can be linked to third-party vendors.
Anyone who has ever felt the frustration that stems from having to deal with supplier management rules at big banks knows what it means. In turn for RegTechs this means to give some serious thought about how they can make life easier for the financial institutions they want to call their clients. And for the financial institutions it means that they will need to consider whether some of these rules do not prevent them from taking advantage of the revolution that is happening out there.
Challenge No. 4: Cut through the Noise
RegTech is getting crowded. There are hundreds of firms listed in the PlanetCompliance RegTech Directory, so the “Field of Dreams” approach – build it and they will come – might not be the smartest strategy. It takes a long time to find the right people to speak to and even then decision makers often get bombarded to an extent that they can’t see the wood for the trees anymore. Sure, industry events and conference can be a way to find contacts, but decision makers often don’t find time to attend.
Another way that can help though to cut through the noise and stand out, is to promote your firm through the right channels and get engaged in the RegTech dialogue. Whenever I introduce myself as a member of PlanetCompliance, people often first think of the RegTech lists we publish and our social media presence across different channels. But the objective of PlanetCompliance isn’t all about social media though. It is rather a powerful tool to achieve our objective, to foster the communication and collaboration between all stakeholders – from RegTech firms to Financial Institution to Regulators to everyone interested on the subject, no matter the motivation. What it shows though is that other than a great product and a fantastic team (plus all the other ingredients for start-up success) it is very important to gain visibility and social media is a powerful tool for that. Qumram for instance did a fine job on that front that has certainly helped to get acquired and no wonder that people like Patrick Barnert, Lucy Heavens or Nicola Cowburn continue to do the great job there or elsewhere.
Challenge No. 5: Competencies
Competencies is another big one no RegTech can ignore. We already mentioned the frictions that can appear between staff at financial institutions and RegTech firms, but the latter are often surprised by the bureaucracy they encounter in banks and other big organisations. And even when they manage to get through to the right person, it doesn’t necessarily mean that they won’t have to start over in the next.
Similar issues appear elsewhere though: without anticipating the importance of collaboration, which we will get to in a minute, many RegTechs point out how useful projects with regulators can be. It is a very valid point and the following anecdote shouldn’t read as dissuasion from doing so as I strongly believe in the value of such projects. It is more along the lines of forewarned is forearmed: Someone recently told me that their firm had been working on a very promising project with a regulator but that at some stage the project came to a halt because another regulatory authority of the same country became involved. What followed was an obvious discussion about who would pay for what and how things should proceed that delayed the project for so long that it eventually had to be abandoned. Without giving away the names of the authorities, this happened in a European jurisdiction that usually is known for being overly complicated. However, if we now think the framework in the US with its dozens of institutions that have or could have something to contribute, it becomes apparent that bureaucracy and determining competencies should have a prominent place on a list of things to consider.
Challenge No. 6: Resources
And lastly, resources. Start-ups regularly underestimate the strain on resources and this is true for RegTechs, too. Especially in financial services, sales cycles are long and the period from contact to contract, i.e. the time from first contact and discussing a project to the approval and signing of agreements, can easily take between 12 to 18 months and sometimes even longer. Even the popular method of Proof of Concept (POC) can be very cost and time consuming. Bridging such stages without the right financial resources even a start-up with a brilliant idea, a great product and team, might find it challenging at times to make ends meet.
This in turn can lead to an approach to limit everything to a minimum and while I wouldn’t recommend going on a spending spree at an early stage of company development, the lack of regulatory expertise, for instance, will prove to be more costly eventually.
The positive news is that investment in RegTech is generally on the up and that is for good reason as RegTech has great potential.
As the governor of the Bank of England, Mark Carney has pointed out, global banks’ misconduct costs have exceeded $320 billion. Money that could have been spent better elsewhere.
JP Morgan has almost doubled the compliance and regulatory headcount to 43,000 within five years. According to a report from McKinsey, financial institutions allocate between 10 and 15% of their workforce to compliance, a level that is hardly sustainable in terms of cost of doing business. And despite the fact that some of the most challenging regulatory initiatives like MiFID II, PSD2 or GDPR have now been (at least in part) been implemented, an end of the wave of new rules and regulations is not in in sight. For instance, JWG estimates that over 300 million pages of regulatory documents will be published by 2020 and over 600 legislative initiatives need to be catalogued by a medium sized sell-side institution in order to have a holistic view of their rulebook.
Financial institutions have come to a point where they cannot through additional bodies at the problem as the cost of compliance for the overall business has already become such a burden that it is no longer feasible.
It is for that reason that traditional investors like VCs and Business Angels or new ventures like RegTechOpportunities, the first fund based on blockchain technology to invest in RegTechs, to pour significant capital in the sector.
According to a recent report, the spending on RegTech is predicted to reach $76bn by 2022, while others give even higher estimates. Only time will tell where exactly we find ourselves at that point, but the huge opportunity that is RegTech cannot be denied.
However, for RegTech to thrive, especially in an environment that is still driven by reluctant spending from financial institutions the reluctance to change is understandable. It is therefore all the more important to tick all the right boxes and have a convincing case for choosing a RegTech solution. Addressing the key challenges described above should help, but naturally there are other aspects that can help boost the adoption of RegTech. The trend towards more collaboration between RegTechs and financial institutions is a positive sign in that sense. Also, partnerships with other RegTech firms can be highly beneficial since banks cannot implement dozens of different solutions for each single regulatory task, so looking for synergies with other providers that might complement an offering is something every RegTech should consider.