Just like with fintech, the term regtech doesn’t do much to quicken your pulse. However, if you consider the trouble it could save us all in light of what unfolded after the collapse of Lehman Brothers in 2008, then you will appreciate its importance.
It was while being given a tour of Deloitte’s new blockchain lab in Dublin by the consulting company’s head of financial services, David Dalton, that it became abundantly clear to me.
Dalton was explaining how blockchain technology, for example, is being examined by a number of banks to ensure compliance reporting and create an indelible record of what is happening.
“Imagine if we had this in the banks in the lead-up to 2008’s financial crash,” I enthused. “Precisely,” Dalton replied. “It’s the black box effect.”
Blockchain is just one of a range of technologies that constitute the family of tools that make regtech possible, and financial institutions all over the world are eyeing the scene shrewdly.
What is regtech and why does it matter?
The UK-based Financial Conduct Authority describes regtech as the “adoption of new technologies to facilitate the delivery of regulatory requirements”.
In short, these technologies keep banks and other institutions up to speed with regulations that are designed to prevent the world witnessing or experiencing the calamities of the financial meltdown in 2008, which prompted the great recession.
Regtech leverages a panoply of technologies such as cloud computing, blockchain, big data analytics and artificial intelligence to facilitate regulatory compliance.
Not only can regtech increase efficiency and reporting with banks, stock brokerages, hedge-fund insurance companies and other financial-based industries, it can automate risk management and ensure organisations keep up to date with regulatory change.
The key driver is algorithms, used in association with data protection and cybersecurity technologies.
What are the regulations driving it?
Just as in 2008, many banks, brokers, hedge funds and asset managers are not fully prepared, partly due to a lack of in-house knowledge when it comes to new and more complex regulations.
Regtech can provide real-time transaction monitoring in order to address certain anti-money laundering and counter-terrorist financing regulations, for example.
The big regulation to watch is the Markets in Financial Instruments Directive (MiFID). This is the EU legislation that regulates firms that provide services to clients linked to “financial instruments” (shares, bonds, units in collective investment schemes and derivatives), and the venues where those instruments are traded. MiFID is now being revised to improve the functioning of financial markets in light of the financial crisis, and to strengthen investor protection. The changes are currently set to take effect from 3 January 2018, with the new legislation known as MiFID II. This includes a revised directive and a new Markets in Financial Instruments Regulation (MiFIR).
The other big shake-up is the second EU Payment Services Directive (PSD2), which could revolutionise the payments industry, affecting everything from the way we pay online, to what information we see when making a payment.
According to TransferWise, PSD2 will break down the bank’s monopoly on user data. It will allow ‘merchants’ – businesses such as Amazon – to retrieve your account data from your bank with your permission. That means when you buy something, they can make a payment for you, without having to redirect you to another service, such as PayPal or Visa.
For consumers who hold more than one bank account, the changes would also allow businesses, known in the legislation as account information service providers, to display all their account information in one place.
PSD2 will also require stronger identity checks when paying online.
Another regulation that will make some waves – not only for financial players, but for every conceivable business operating in Europe – will be the General Data Protection Regulation (GDPR).
The GDPR builds on the existing framework of the current data protection rules in the EU. However, it introduces changes in a number of key areas that will affect organisations of all sizes. Ireland’s Data Protection Commissioner, Helen Dixon, describes the arrival of GDPR as a game-changer but also warns that it could lead to a rapid escalation in civil actions taken against institutions of all kinds if their data is in any way mishandled.
GDPR has severe penalties for organisations that lose data – up to €20m, or 4pc of an organisation’s revenue. For example, Tesco Bank in the UK suffered a data breach last year. Under the GDPR regulations which come into effect in 2018, Tesco would have been fined up to €1.8bn.
While regulation tech for GDPR may not sit under the current fintech umbrella, the skill sets and technologies developed by regtech players could give the industry a broader purpose in the business world as GDPR makes its presence felt.
What is the market size for regtech?
Accenture reports that $5.3bn was invested into fintech in the first quarter of 2016. Such innovation and investment is also reflected in the development of new types of fintech, including robo-advisers, coloured coins and smart contracts, which we are likely to see more of in 2017.
Regtech’s share of this is hard to quantify but, in terms of investment activity, regtech start-ups have raised roughly $2.3bn across 317 deals since 2012, according to CB Insights.
A key indicator is how much banks are likely to invest in regtech. According to Deloitte, it is estimated that in 2014, banks in Europe spent €55bn on IT. However, what is most interesting is that only €9bn of this was spent on new systems. The balance was used to build on more systems to the antiquated existing technologies, and simply keep them going.
Regtech provides senior executives with an opportunity to introduce new capabilities that are designed to leverage existing systems, and data to produce regulatory data and reporting in a cost-effective, flexible and timely manner without taking the risk of replacing or updating legacy systems.
Who are the players to watch?
As a subset within fintech, regtech is one of the fastest emerging areas and there are a significant number of local and European players to keep an eye on in the coming months and years.
Examples of Irish-led regtech companies include:
Fund Recs, a Dublin and Waterford company, develops cloud-based reconciliation software for the Irish Funds Industry, replacing outdated enterprise software with a pay-as-you-go SaaS.
Gecko Governance, a Dundalk and Dublin-based firm, is a new regtech solution that easily allows fund managers to monitor and manage their regulation and compliance requirements.
Trustev, which was founded in Cork and acquired two years ago by TransUnion for $44m, provides online fraud prevention by scanning transactions in real time to determine whether they are real or not.
TradeFlow will drive down the costs experienced by banks and trading institutions as a result of delays in settling trades. In times of increased regulation and a focus on costs, TradeFlow is an innovative solution that brings increased clarity and efficiency to trade processing and operations.
Vizor is a software provider that enables the supervision of companies by a supervisory authority, such as a central bank, financial regulator or tax authority.
Corlytics develops software that analyses compliance risks in banks and financial firms, and enables global financial institutions to identify avoidable losses and fines.
AQMetrics provides automated risk monitoring and regulatory reporting in a single cloud-based platform.
Fenergo provides software solutions for investment, corporate and private banks to manage the regulatory onboarding and entity data management processes.
FundApps, founded in 2010 in London by Irish man Andrew White, monitors and reacts to regulatory change to provide automated monitoring services that alert users to issues via an intuitive web interface.
Examples of international players to watch are:
Silverfinch, led by financial services veteran John Dowdall, creates connectivity between asset managers and insurers through a fund data utility in a secure and controlled environment.
Onfido’s machine intelligence software has helped clients such as Morgan McKinley, JustGiving and Hassle.com to run background checks.
CheckRecipient is a London-based cybersecurity start-up founded in 2013, which checks that information is sent to the right person.
Credit Benchmark is another London-based regtech start-up that gathers credit risk estimates from leading global banks. The data is pooled and then anonymised to protect the banks that provide the information.
Elliptic identifies illegal activity on the bitcoin blockchain, as well as providing proof of identity for bitcoin users.
Trulioo uses data analysis and open APIs to enable instant verification of identities and addresses.
PassFort gives your business the tools needed to easily implement auditable risk-based systems and controls for anti-money laundering and know-your-customer (KYC) compliance.
KYC Exchange is a KYC data collection platform that allows financial institutions to manage all KYC-related documents in one secure place and stay compliant with regulations.
Cappitech is a cloud-based and multi-jurisdiction regulatory reporting hub servicing EMIR, Dodd-Frank, MiFID and ASIC regulations.
OSIS was set up in 2010 in the Netherlands by two former bankers to offer an alternative way for banks and investors to analyse credit risk.