The regtech space is in for a major shake-up, with the FCA‘s new Consumer Duty regulations coming into effect in two months. This presents an opportunity for financial institutions to adopt a new approach to compliance and regulation.
Throughout May, we’ll be examining the past and present states of regtech and compliance, highlighting lessons learned that will shape the future of the sector.
It’s all well and good talking about regtech in its current state, but the best conversations are had when discussing how it was able to reach this state and the impact it has had. Especially when you take into account how quickly the sector evolves. For years, compliance and regulation in fintech has been changing, but it was only catalysed by the pandemic.
While the demand for fintech may have slown down, the evolution of regulations has not. With this in mind, we reached out to the industry to find out about the latest standards and developments in regtech and the impact they have had.
The market slowdown hasn’t stopped hefty fines from being issued
With declining demand for fintech and regtech, you would be forgiven for thinking this would mean a more lax approach was being taken to enforcing regulations. After all, a declining market often means less resources to spend on compliance. However, according to Andrew Robinson, chief security officer and co-founder of 6clicks, and AI powered GRC platform, this was certainly not the case.
He explained: “The seventh and latest release of the Thomson Reuters Regulatory Intelligence (TRRI) report mentions a slowdown in the marketplace for fintech and regtech over the past two years. Particularly by larger banks. Nonetheless, during the same period regulators issued significant regulatory fines for money laundering and recordkeeping failures.
“However, the macro trend of increasing regulation targeting all industries will continue to put pressure on compliance teams and they will continue to look to software to do more with less. This is clear for global issues like cyber security, and privacy as it is for the management of crypto assets and AML in the financial sector.”
Combining risk and compliance
Robinson then went on to explain how businesses will deal with evolving regulations, stating they “are looking to take a risk-based approach to increasing compliance requirements. They will be looking for software that combines both risk and compliance. I have no doubt artificial intelligence and machine learning will also have a role to play as both a subject of further regulation and a solution for managing increasing regulation.
“Whilst we’ve seen regulators of the financial sector become routinely active in enforcing regulation and privacy regulators at least intermittently (reactively), proactive reporting and enforcement related to privacy as well as the cyber security of critical infrastructure will become the norm over the next two to three years.
“In the cyber realm, the international standard for information security (ISO/IEC 27001) was updated in 2022, expanding its focus to include privacy and cyber security. A new version of the NIST Cyber Security Framework is currently in the works. Then there are many new sector- and region-specific standards creating an opportunity for standards harmonisation in this domain.”
Capitalising on AI and ML
Farnoush Mirmoeini, co-founder of KYC Hub, the AML provider, explained to The Fintech Times what measures are being introduced to ensure everyone is compliant. The importance of tech in doing so cannot be understated. She said: “With global money laundering fines surging by 50 per cent last year compliance comes into focus more than ever.
“The requirements for new ways to cope with both risks posed by criminals’ use of new tech (e.g payments, open banking, crypto) as well as new global regulations and increasing cost of compliance, means that there would be a heightened need for innovation in the regtech industry. From the regulatory side, the AML agenda for 2023 in Europe will be dominated by the creation and powers of the EU’s anti-money laundering authority (AMLA).
“AMLA will power law enforcement agencies to use advanced technologies, such as artificial intelligence and machine learning, to detect and prevent financial crimes while also requiring financial institutions to implement more comprehensive AML compliance programs, including customer due diligence, ongoing monitoring, and reporting suspicious activities.
“Meanwhile in the US, The Financial Crimes Enforcement Network (FinCEN) has released guidance for financial institutions on beneficial ownership reporting requirements, which aim to help identify the individuals who control and profit from a legal entity. The guidance provides clarity on certain key issues related to beneficial ownership reporting and highlights the importance of maintaining accurate and up-to-date information.”
Identifying and stopping bad actors
Unfortunately, as compliance standards evolve, so do fraudsters’ efforts to overcome them. Luckily, the rapid development of technology has meant organisations have more at their disposal to identify bad actors.
These are the views of Edward Lee, chief compliance officer at Templum, the alternative asset trading platform. He said: “Part of what we have seen during and post-pandemic was greater momentum in adopting more technologies to screen out bad actors to protect firms and investors. For example, there is greater usage of technology that automates the onboarding process, like collecting investor identification documents.
“In the past, they may have been only reviewed or retained for the record. Still, it’s becoming more common to use vendors that scrutinise these documents more rigorously, evaluating them based on things like fonts, templates, signs of tampering, security features and image integrity.
“What this means to marketplaces is that there will be a more stringent vetting of investors to ensure that more bad actors will be caught. Then technology can be used to prevent their access tools like IP and device restrictions as well as tracking how many applications have come from any one device.”
Applications in the real world
It is easy to get caught up in the world of finance when talking about regulation – how organisations and investors alike must be compliant. However, Louis Lancaster, head of governance, of regtech Credas, explains the impact regtech is having on other sectors, like the property sector: “Identity Verification has been widely adopted across finance, legal, and property to help businesses improve their customer due diligence and onboarding.
“Until now though the market and the vendors who operate in it haven’t fallen under regulation or much scrutiny themselves. The forthcoming Data Protection and Digital Information Bill though sets out legislation for this area including a central register. It’s likely the bill will build upon the current beta version of the UK Digital Identity and Attributes Trust Framework, which sets out standards for these vendors.
“The Department for Science, Innovation, and Technology, who manage the framework, is currently running adoption sprints with regulatory and supervisory bodies such as HMRC, SRA, and FCA for them to better understand the framework and consider issuing guidance to their respective members on the use of regtech for transactions such as property buying/selling.”
Automation can’t completely replace the human touch
In an ever evolving world of regulation, automation is becoming an absolute necessity. However, according to Claire Huddleston, the marketing director at Clear Junction, organisations can’t completely omit humans from the process: “Regtech has grown to become not just a luxury but a business necessity. This has helped mature many projects in the space: after a successful pilot program for digital regulatory reporting, the Bank of England and the FCA in the UK are now putting their Transforming Data Collection (TDC) plan into action.
“This innovative initiative will help companies manage their data collection and shows the tangible effects of regtech so the hope is, this will encourage wider industry adoption of similar solutions. As we push for better standardisation, we’ll continue to see the regtech space develop. Namely with artificial intelligence for identity verification and for know your customer (KYC) and anti-money laundering (AML) compliance.
“However, we must be aware that even with these advances, regulation still requires a human touch, and businesses shouldn’t anticipate cutting their staff instead of technology. Regtech should be seen as a way to provide a digital framework which eases workload. Preventing financial crime at scale obviously needs data and tools to analyse operations, but the crucial part is how people interact with the findings.”