In a world of ever increasing regulatory and reporting requirements, new technology can help firms better understand and manage their compliance risks
This article was first published in the March 2017 China edition of Accounting and Business magazine.
Since the 2008-09 global financial crisis, the volume of regulatory changes and announcements has increased by a staggering 492%, according to The RegTech Report from BI Intelligence.
It is no wonder that financial services companies are struggling to keep up, while compliance costs are rising. A recent LexisNexis Risk Solutions study has found that these costs have increased over the past two years and that financial institutions in Asia now spend an estimated US$1.5bn annually on anti-money laundering compliance alone. Regulatory reporting, customer risk profiling and account onboarding are cited as the most challenging aspects of compliance screening operations in the region.
‘In Asia Pacific, we also have the added complexity and cost for pan-regional financial institutions that have to contend with diverse crossborder regulations,’ says Judy Vas, EY’s regulatory leader of financial services for Asia Pacific.
The regulatory compliance and reporting burden is going to get heavier, too. The region’s regulators are stepping up the pressure by intensifying reporting requirements and moving more aggressively to address governance failures. Currently, reporting regimes in Singapore, Hong Kong, Indonesia, Malaysia and India are all undergoing updates or enhancements.
This is fertile ground for the emerging sector of regtech solutions providers, a spin-off from fintech. Imran Gulamhuseinwala, EY’s global fintech leader and author of the Innovating with RegTech report, says: ‘More stringent requirements within increasingly dense data landscapes and the rapidly evolving fintech sector have led firms and technology providers to focus on new technologies to meet regulatory challenges, with the objective to drive down costs, yield efficiencies and disrupt the norm of conventional regulatory compliance.’
The regulators are encouraging the development and use of these new technologies. Hong Kong’s Securities and Futures Commission is launching a pilot project with 20 banks to monitor and detect systemic risk using regtech, with a view to implementing new systems. ‘In Singapore, the Monetary Authority of Singapore [(MAS)] has been supporting industry workshops on real-time risk analytics, compliance tools, fraud detection, insider trading, transaction monitoring and automated regulatory reporting, and advocating the need for application programming interfaces [(APIs)],’ says James Phillips, Lombard Risk’s global head of regulatory strategy.
In fact, last November the MAS was first to launch several APIs on its website, giving financial institutions open access to such datasets as exchange rates, interest rates, and credit and charge card statistics. The institutions can use the APIs to minimise costly manual data entry.
Regtech aims to facilitate the delivery of regulatory requirements in a more streamlined and effective way than firms’ existing capabilities. ‘While applying technology to the regulatory process is not new, this is about next-generation technologies that can be used to increase efficacies, agility and transparency of financial regulations in a data-rich and analytical manner,’ Vas says. ‘While standard compliance offerings are typically designed to address very specific regulatory mandates and require additional technical expertise to modify or enhance, regtech solutions pride themselves on being agile. They enable the extraction, intelligent analysis and presentation of reports from standardised data to meet financial regulation in near real time.’
Unlike incumbent vendors’ traditional commercial models, regtech solutions are not provided via platforms and often costly bolt-ons. ‘They are delivered through cloud-based technologies, allowing for cost savings, greater utilisation and flexibility, as well as remote maintenance and management,’ Vas says.
So, is the old technology destined to bite the dust? ‘Firms can move away from rigid enterprise risk management systems once the adopted regtech solutions are stable,’ Gulamhuseinwala says.
Driving down compliance costs
Regtech enables automation of regulatory compliance, for example through the use of robotics to perform routine monitoring and testing, thereby driving down compliance costs.
‘In a process like customer onboarding where costs have risen significantly, the application of regtech can identify and augment critical data through the use of advanced analytics, it can remove manual checking and reduce the need for the application of human judgement,’ says John Harvie, director at global risk and compliance consultancy Protiviti.
Regtech can also enable the capture of compliance breaches. Harvie says: ‘In advice-based investment, for example, advice is often recorded and physically reviewed by first- and second-line oversight functions, which is a time-consuming and very imperfect process that can only capture a small sample of compliance breaches. However, there’s a regtech solution that records and analyses the conversation in near real time, automatically identifying breaches.’
Regtech solutions are also gradually being deployed across the industry to aid prevention of fraud. EY’s Global Fraud Survey 2016 has found that since employees are reluctant to raise concerns, company data can be the key to identifying instances of potential misconduct. Yet currently only 50% of survey respondents use specialist monitoring software, be it traditional or innovative fraud detection tools, to identify fraud risks. Gulamhuseinwala says: ‘Current regtech fraud prevention solutions can identify gaps, issues and trends in financial crime, while future solutions will be oriented to behavioural profiling and behavioural driven risks to indicate potential misconduct.’
In the longer term, regtech is also expected to allow seamless submissions to the regulators. ‘Future regtech platforms will also be used to interpret regulations, including upcoming changes, but a key challenge is to first build a converged regulatory risk and controls management framework,’ Gulamhuseinwala adds.
When considering investment in regtech, Gulamhuseinwala recommends that firms first carry out a top-down assessment of their existing regulatory compliance risks and technology. They must also have a clear understanding of any upcoming regulatory and reporting requirements that will impact their business.
Against this background, firms should then identify areas that could benefit from regtech solutions, such as automation of controls or more meaningful management information to be gained from big data. ‘Indeed, they should place regulation at the core of the value chain and consider how regtech could help them move beyond simply reporting on data for compliance to using that data for competitive advantage,’ says Bas Heijnen, managing director at Synechron Business Consulting, Singapore.
Next, they should assess the effect of implementing a regtech solution: for example, ‘the impact of integration across a number of legacy systems, any cultural and infrastructure challenges, and if they have skilled resources to test, pilot, deliver and manage change’, Gulamhuseinwala says. ‘They should also discuss their plans to embed regtech solutions with the regulators.’
There is also the question of which specific regtech solution to choose, bearing in mind that this is a rapidly evolving area. ‘The world of artificial intelligence and analytics, around which much of regtech revolves, is changing fast and new architectural models are being developed all the time. For example, there’s now a move away from apps to bots, which will in turn interact with other bots to create a new ecosystem,’ says Harvie.
‘Providers are getting much more adept at integration, but organisations need to be careful to choose the technology that will work best for their business.’
Iwona Tokc-Wilde, journalist
"The objective is to drive down costs, yield efficiencies and disrupt the norm of conventional regulatory compliance"