The rise of RegTechs: Can AI really make compliance less risky, boring and expensive?

A new breed of fintech firm is promising to make compliancy a breeze: Regtechs use Artificial Intelligence and machine learning to help companies make sense of their data and alert them to security risks or law breaches. Are their offers a viable option for the global financial services sector or is in-house the way to go?

Risk management and regulatory compliance evoke many emotions in the financial services industry: fear of the consequences of non-compliance, irritation at some of the requirements and exasperation at the unending stream of new regulations. So it comes of no surprise that a new breed of IT Startups called RegTechs garner a lot of attention – and investments – with their promise of getting the job done using machine learning and artificial intelligence (AI). In 2016, a KPMG study shows that venture capitalists invested over USD 994 million globally into this emerging sector, a 70 percent increase over 2015’s USD 582 million.

The problem that RegTechs promise to tackle is huge: a Thomson Reuters survey of financial services companies showed that more than half expected their compliance costs to increase significantly in 2018, mainly due to new laws and regulations, such as the General Data Protection Regulations (GDPR). AI might be able to help, says EOS Holding’s Compliance Officer Sibylle Weingart, even if in her view it is not quite there yet: “These systems are self-learning. It could happen – and faster than we might expect, especially for standardised processes. Google Translate is a good example – it has made progress in leaps and bounds”.

New kids on the financial block.

AI and machine learning might be good at tackling the huge quantities of data that flood an organisation. But this won’t help when that organisation doesn’t even know what data is has. The lack of transparency in IT landscapes in many organisations pose a compliance risk – and internal risk is not even half of the problem, as has been seen in the recent case of Cambridge Analytica and Facebook.

Many RegTechs are actually spin-offs of FinTech, that breed of Startup which initially helped banking and insurance tackle the digital revolution. However, FinTechs such as Paypal soon began to compete with the old-style services and even to outstrip them. It was only a matter of time before these FinTech companies began to be faced with some of the same regulatory and compliance issues as traditional financial services. Not surprisingly, technology was seen as the answer and RegTech was born.

Fintech Innovation alone will not do the job.

So, what does the industry want from Regulation Technology? Mainly to help them make sense of what they have. Pretty much every regulation requires that information be complete, accurate and meaningful, and it is here that RegTech can really come into its own. Technology can distil huge amounts of data into ‘dashboards’, which make decision-making and regulatory oversight much simpler. For example, unusual transactions can be identified more easily, helping an organisation to cope with its Anti-Money-Laundering (AML) processes – something every AML officer will applaud in light of the penalties they face for non-compliance.

When it comes to Know-your-customer (KYC) requirements, Weingart sees great potential in blockchain technology: “KYC may become easier for all companies working in the financial industry sector, because blockchain could potentially lead to a type of completely decentralised and digitalised ID, which will allow to identify business partners securely and reliably without the necessity to have copies of documents.”

How to implement RegTech in an international organisation.

So, how does an organisation go about embracing RegTech? EOS is a very heterogeneous organisation. Finding group-wide solutions means taking into account the requirements of the individual business, which can be a slow business. And a broad-brush approach doesn’t seem feasible. “We are looking at using modular IT tools, focusing on the essentials and where these systems could add value”, Weingart says. “This is not RegTech per se, more the co-ordination of compliance and risk management across the wider group. “

One of the areas that EOS is working on is business partner screening: “We rely on a provider with whose services we can apply artificial intelligence with self-learning search engines and individually adaptable search parameters. We find it much easier to obtain information on potential business partners – and spend much less time doing so. Technology can help do away with the boring stuff, which is good for staff morale and it can enable us to work faster. But, at the same time, we have to make sure that our people are behind us and don’t feel overwhelmed; otherwise the new systems won’t gain the necessary acceptance."

Good project management is key to RegTech implementation.

Compliance is not just a process; it is also a mind-set – part of the cultural DNA of an organisation. Sibylle Weingart believes that people, not IT or AI, define the culture: “We have a corporate culture based on a strong set of ethical principles. The tone from the top is as important as the efforts of all employees throughout the organisation. Everyone at EOS really commits to walk the talk.”

Relinquishing control over a key process to an IT system is a significant risk. Part of the challenge lies in the design of the systems. Someone has to understand the regulatory and compliance issues in order to build them into the algorithms and code. Someone needs to bring together the processes, policies, documentation and data to underpin the systems. Someone needs to be able to look at the outputs and know that they are reliable and – most importantly – make sense, continuously.

But who is that ‘someone’? How many senior managers are also IT experts? The key here is a good project management, Weingart says, “Our different Compliance and Legal Specialists are working hand-in-hand with IT.” One example of this cooperation is a project that aims to reinvent debt collection management – while ensuring that all processes stay up to date with legal requirements.

There is no turnkey solution for compliance.

As Ms Weingart is quick to point out, EOS is not a financial services company in the stricter sense, such as banks or so called systematically financial institutions with their multitude of transactions. So IT platforms here don’t have to be quite as complex, which just goes to show that there is no one-size-fits all approach. Every company should be cautious and choosy about the areas which may be addressed by RegTech solutions. KYC processes could certainly be supported as well as AML processes in general. Mapping internal and external audit issues with regulatory findings is a no-brainer. Any area which can be standardised without loss of data integrity is ripe for RegTech and will most probably return the (not inconsiderable) investment many times over. As a result, RegTech has the potential to be so much more than FinTech’s little brother.