RegTech refers to technological solutions that streamline and improve regulatory processes. In contrast to FinTech’s inherently financial focus, RegTech has the potential to be applied in many regulatory contexts, both financial and otherwise. Further, while FinTech growth has been fueled by start-ups, RegTech has emerged in response to top-down institutional demand arising from the exponential growth of compliance costs.1
The Evolution of RegTech
In the 1990s and 2000s, institutions encountered increasing regulatory challenges as they became more global, catalysing the development of large compliance and risk management departments. By the 1980s, financial technology was being employed to facilitate risk management as finance itself became increasingly reliant on IT systems. Financial engineering and Value at Risk (VaR) systems became embedded in major financial institutions,2 and would ultimately prove to be among the major contributing factors to the GFC.3
By the beginning of the 21st century, the financial industry as well as regulators suffered from overconfidence in their ability to apply a quantitative IT framework to manage and control risks.4
Regulator overconfidence manifested in the unduly heavy reliance of the Basel II Capital Accord on internal quantitative risk management systems of financial institutions.5 This false sense of security was brutally exposed by the GFC, which ended the first iteration of RegTech, RegTech 1.0.
Another illustration of RegTech 1.0 is the monitoring of public securities markets. Regulators rely upon trade reporting systems maintained by securities exchanges to detect unusual behavior.6 The GFC exposed the limitations of these systems – they cannot shed light on transactions that occur off the exchange.7 Regulators around the world reacted by mandating the reporting of all transactions in listed securities, regardless of where they took place. Such reporting requirements will have to be met with enhanced regulator IT systems to analyse the reported information – an enhancement which is part of the next stage of RegTech’s development.
Ultimately, RegTech 2.0 has emerged in response to post-GFC regulatory requirements. These waves of complex regulation have drastically increased compliance costs,8 and regulatory fines and settlements have increased 45-fold.9 Adding to rising costs is the increasing fragmentation of the regulatory landscape. Despite attempts to establish similar post-crisis reforms, regulatory overlaps and contradictions between markets are not uncommon and financial institutions have unsurprisingly looked to RegTech to optimize their compliance management.10
RegTech provides the foundation for a shift towards a proportionate, risk-based approach – a RegTech 2.0 – underpinned by efficient data management and market supervision. AI and deep learning are just two examples of new technologies that demonstrate the potential for automating consumer protection, market supervision and prudential regulation.11
RegTech 2.0 primarily concerns the digitization and datafication of regulatory compliance and reporting processes. Not only does it represent the natural response to the digitalization of finance and the fragmentation of its participants,12 but it also has the potential to minimize the risks of the regulatory capture which occurred prior to the GFC.13 Regulators in the US, UK, Australia and Singapore have already begun attempts to develop a fresh regulatory approach that caters to the dynamics of the FinTech market.14
Examples of fertile areas for RegTech development include: (i) application of big data approaches, (ii) strengthening of cybersecurity and (iii) facilitation of macroprudential policy. With respect to big data, regulators are starting to consider technological solutions for the management of AML/KYC information produced by industry participants, notably suspicious transactions reports. Strong IT capabilities to analyse the data provided are paramount if regulators are to achieve the underlying objectives of such requirements.
Cybersecurity represents one of the most pressing issues faced by the financial services industry and further underscores the necessity of continued regulatory development.15 The shift towards a data-based industry is inevitably accompanied by a rising threat of theft and fraud.
Macroprudential policy offers yet another promising ground for RegTech. It ultimately seeks to soften the severity of the financial cycle by utilizing large volumes of reported data to identify patterns and changes over time.16 Central banks are making progress in identifying leading indicators of financial instability17 in the form of data ‘heat maps’, which alert regulators to potential problems identified through quantitative analysis and stress testing large volumes of data.18
These early efforts indicate the probable move of RegTech into macroprudential policy. This occurs against the backdrop of regulators continually identifying the need for ever more data.19
The additional reporting requirements that this generates for institutions drives the need for refinement of RegTech processes and the establishment of centralized support services to manage not only the data, but the formats required. Risk data aggregation requirements have been established by the Basel Committee (in ‘BCBS 239’) which encourage institutions and regulators to focus on near real-time delivery and analysis.20
What’s Next for RegTech: RegTech 3.0?
RegTech 3.0 is our term for the future of RegTech. The FinTech sector is shifting its focus from the digitization of money to the monetization of data, making it necessary for new frameworks to accommodate concepts such as data sovereignty and algorithm supervision.
The data-centricity underpinning the evolutions of both FinTech and RegTech represents the early stages of a profound paradigm shift from a KYC to a KYD approach. As this unfolds, regulators must invest heavily in the development of proportionate, data-driven regulation to deal effectively with innovation without compromising their mandate. One important aspect is the design of core elements of financial ecosystems in order to leverage technology to achieve major regulatory objectives of financial stability, financial integrity, financial inclusion and balanced development – a path an increasing number of countries are choosing to follow.21
- Institute of International Finance, RegTech: Exploring Solutions for Regulatory Challenges 2, no. 1 (2015).
- Joe Nocera, ‘Risk Management – What Led to the Financial Meltdown’, New York Times, (2009), http://www.nytimes.com/2009/01/04/magazine/04risk-t.html
- Andreas Krause, ‘Exploring the Limitations of Value at Risk: How Good Is It in Practice?’, Journal of Risk Finance 4, no. 2, (2003): 19.
- Felix Salmon, ‘The Formula that Killed Wall Street’, Significance, 9, no. 1, (2012): 16.
- Staffs of the International Monetary Fund and The World Bank, Implementation of Basel II – Implications for the World Bank and the IMF, (2005), http://www.imf.org/external/np/pp/eng/2005/072205.htm#s2
- The Board of the International Organization of Securities Commissions, Technological Challenges to Effective Market Surveillance Issues and Regulatory Tools: Consultation Report 14-15 (August 2012).
- United States SEC Commissioner Luis A. Aguilar, Shedding Light on Dark Pools (Public Statement), (18 November 2015), http://www.sec.gov/news/statement/shedding-light-on-dark-pools.html#_edn5
- Jeff Cox, Misbehaving banks have now paid $204B in fines, CNBC, (2015),
- Piotr Kaminski and Kate Robu, A Best-Practice Model for Bank Compliance, McKinsey, (2016), http://www.mckinsey.com/business-functions/risk/our-insights/a-best-practice-model-for-bank-compliance
- Eleanor Hill, Is RegTech the Answer to the Rising Cost of Compliance?,(2016), FX-MM, http://www.fx-mm.com/50368/fx-mm-magazine/past-issues/june-2016/regtech-rising-cost-compliance/
- Maryam Najafabadi, Flavio Villanustre, Taghi M. Khoshgoftaar, Naeem Seliya, Randall Wald and Edin Muharemagic, ‘Deep Learning Applications and Challenges in Big Data Analytics’, Journal of Big Data 2, no. 1 (2015).
- Global Partnership for Financial Inclusion, G20 High-Level Principles for Digital Financial Inclusion 12, (2016), http://www.gpfi.org/publications/g20-high-level-principles-digital-financial-inclusion
- Douglas Arner and Janos Barberis, ‘FinTech in China: From The Shadow?’, Journal of Financial Perspectives 3, no. 3, (2015): 23.
- ASIC, Fintech: ASIC’s Approach and Regulatory Issues 10-12 (Paper submitted to the 21st Melbourne Money & Finance Conference, July 2016); ASIC, Further Measures to Facilitate Innovation in Financial Services (Consultation Paper No. 260, June 2016).
- Financial Stability Oversight Council, FSOC 2016 Annual Report (2016).
- International Monetary Fund, Financial Stability Board and Bank for International Settlements, Elements of Effective Macroprudential Policy,(2016).
- BIS Committee on the Global Financial System, Experiences with the Ex Ante Appraisal of Macro-Prudential Instruments, CGFS, Paper No. 56, July 2016.
- International Monetary Fund, Financial Stability Board and Bank for International Settlements, Elements of Effective Macroprudential Policy, (2016).
- Financial Stability Board and International Monetary Fund, The Financial Crisis and Information Gaps: Second Phase of the G-20 Data Gaps Initiative (DGI-2) – First Progress Report (September 2016).
- The Basel Committee, Principles for Effective Risk Data Aggregation and Risk Reporting, (2013).
- See Douglas Arner, Ross Buckley and Dirk Zetzsche, FinTech for Financial Inclusion: A Framework for Digital Financial Transformation (Alliance for Financial Inclusion, September 2018).
This is an edited extract from The REGTECH Book: The Financial Technology Handbook for Investors, Entrepreneurs and Visionaries in Regulation, edited by Janos Barberis, Douglas W. Arner, and Ross P. Buckley (Wiley, August 2019).