Highly regulated industries like the financial services industry have faced ever-increasing regulatory compliance obligations. Technology, such as artificial intelligence (AI), that can be utilized to innovate the manner in which these organizations operate can lead to additional challenges for regulatory compliance, and the regulatory environment can drastically impact innovation in these sectors.
Regulatory compliance is a critical consideration for both start-ups and established organizations seeking to drive innovation in the financial services industry. Developing solutions and business strategies with compliance in mind will reduce the risk of potential fines and penalties and allow for the development of a viable solution.
To assist organizations in meeting these ever-growing compliance obligations, RegTech solutions are being developed that can be utilized to provide transparent, faster, and more efficient methods of reporting and ensuring compliance. This article will focus on the potential benefits of RegTech solutions for highly regulated industries, particularly the financial services industry.
What is RegTech?
RegTech is a general term for new and innovative technologies designed to enable businesses to more easily meet their regulatory compliance obligations. Some of the benefits of the application of RegTech include: (1) the ability to efficiently navigate complex regulatory burdens and process enormous amounts of dense data, and (2) the reduction of risk flowing from human errors that could result in severe administrative fines.
RegTech has flourished due to a developing body of complex national and international regulations that often require the monitoring, evaluating, and reporting of vast amounts of information.
The Legal Landscape
Industries such as insurance, food and drug, oil and gas, mining, securities, telecommunications, energy, fisheries and forestry, and financial services (among many others) operate within a highly regulated environment that can be complex to navigate. Governments establish regulations with the intention of protecting the public from potential risk. This is particularly evident in the financial services industry where we have seen an increase in regulations impacting this industry in reaction to the 2008 financial crisis. However, overregulation can stifle innovation and create barriers to entry for emerging companies, such as FinTech organizations, due to the crippling expense required to comply with these regulations.
The adoption of disruptive technologies like AI in the financial services industry has led to the need for governments to develop new regulations to address the impact of these technologies.
Jurisdictions have diverged on how to address changes in the industry, including those driven by technology. This divergence creates significant obstacles for cross-border products and services or organizations that look to enter new markets. For example, organizations have differing compliance obligations with respect to data protection laws in Canada versus the European Union. Therefore, organizations must ensure that their compliance programs meet the relevant requirements of each jurisdiction in which they operate. RegTech solutions can be utilized to assist in the development of jurisdictional compliance frameworks.
Although some financial services companies have pre-emptively invested in technology to help keep up with the burgeoning field of regulations, many don’t have the time or extra resources to focus on technology that would help them address the new regulatory burdens, so they have instead turned to using manual processes to address the frequency and volume of the new reporting requirements. This approach can be onerous and causes valuable human resources to be expended unnecessarily. Manual processing is also typically less accurate than RegTech processing.
Although there are numerous opportunities for RegTech to assist with compliance, five of the most promising applications of RegTech include the following:
- Compliance. RegTech can be used to review all relevant regulations and report on the potential impact of such regulations to the user, including jurisdictional data privacy laws.
- Risk Management. RegTech solutions that conduct scenario analysis and risk monitoring on internal business operations through the use of big data analytics to identify and evaluate these risks.
- Identity Management and Control. RegTech that has been developed in response to Anti-Money Laundering (AML) and the Know Your Customer (KYC) obligations regarding client identity authentication. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has also established various other obligations requiring regulated entities to conduct analysis and provide seamless reporting. RegTech can be used to efficiently conduct customer onboarding and monitoring activities and will allow for greater transparency.
- Regulatory Reporting. RegTech is utilized to assist in the generation and distribution of reports and information required by regulators. RegTech solutions can assist in data sharing between regulated entities and regulators and enable faster processing of vast amounts of data required to prepare these reports.
- Transaction Monitoring. RegTech that monitors financial transactions for suspicious activity quickly and with a high degree of accuracy by leveraging the benefits of distributed ledger through blockchain technology and cryptocurrency. This type of RegTech also aids with much of the required FINTRAC compliance obligations.
The operational benefits gained from RegTech will depend on the specific solution. RegTech that creates reports through automation of the processes required to generate these reports (e.g., data collection, aggregation, and report generation) could lead to a significant reduction in expenses and time required to prepare these reports. In addition, if this information is available in real-time, organizations can react to any issues sooner than if the reports were to be generated at a later stage.
Barriers to RegTech Adoption
Despite the promise, certain RegTech solutions are in their infancy; thus, issues related to its adoption still exist. One such issue is pricing. For certain applications, it is unclear what the true cost savings are or what value is generated by the RegTech solution. Therefore, developers may have difficulty in communicating the value of the solution or selecting the appropriate pricing model (e.g., a fee per record generated versus a monthly subscription fee). In addition, the cost of developing a tool to meet the ever-changing regulatory landscape may mean that developers will have difficulty in recouping the ongoing maintenance fees associated with building and maintaining the RegTech solution.
Another concern is the potential for large-scale errors caused by minor issues with RegTech solutions, especially a solution that is one-size-fits-all and used widely in the marketplace. For example, if a RegTech solution fails to address a change in reporting requirements, this could lead to its customers failing to meet their regulatory requirements. If this same problem is replicated multiple times in the same customer, or widespread across multiple customers, then the losses could be significant. RegTech providers and customers must consider these risks when negotiating the terms of the agreement and ensure that these risks are addressed through the apportionment of liability between the parties, indemnities, and requirements for insurance.
Due to the potential sensitivity of the data collected and processed, it is critical to ensure the adequate protection of the data. The potential risk of a data breach can be significant for both the customer and RegTech provider. Customers should therefore conduct the appropriate due diligence on both the solution and provider to ensure that this risk is mitigated. RegTech providers should also ensure that they have the appropriate cybersecurity policies and procedures in place to protect themselves from both financial and reputational risk.
RegTech offers many benefits to organizations operating in regulated industries. Although we have addressed some barriers to adoption, the opportunities offered by the adoption of innovative technologies that can assist in meeting an organization’s regulatory requirements are significant.
The manner in which RegTech is supported and integrated into the current regulatory structure will play an important role in navigating both the developmental and implementation stages.
Developers of RegTech solutions should look to engage regulators directly and take advantage of regulatory sandboxes to assist in ensuring compliance. With cautious and thoughtful integration into the current regulatory environment, RegTech shows major promise in reshaping the way that companies interact with the growing body of regulatory oversight.
This article was published on Business Law Today on March 20, 2020