Financial services regulation has expanded at an astounding rate since the financial crisis—and so has the cost of regulatory compliance. What was once a negligible expense has become a material component of banks’ annual spending.

The Promise of Regtech

Hence the emergence of regtech. Over the past five years, hundreds of startups have begun to apply digital technology—including APIs, artificial intelligence and robotic process automation (RPA)—to the now numerous and burdensome tasks required to comply with regulations. Regtech promises not only to cut the cost of compliance processes, but also to improve effectiveness to make them quicker and more reliable, reducing hassle for customers and lessening the risk of costly compliance failures.

But the potential of regtech extends beyond making compliance more efficient. The data and analytic techniques that satisfy regulators’ demands can also deliver commercially valuable insights about customers and markets. Used properly, regtech can become a source of competitive advantage.

Coming of Age

Five years ago, the broader fintech sector was capturing the imagination of investors and board rooms. But regtech was viewed as a niche enabler of client-facing solutions and not its own investment category. Fast-forward to 2018, and regtech is coming of age. As with other areas of fintech, progress has been led by startups. Between 2013 and 2017, $5 billion was invested in regtech startups through 585 deals. Thirty-three deals invested another $533 million in the first quarter of 2018, according to Fintech Global.

This investment means that the regtech is almost sure to continue advancing.

Value of Pattern Recognition

Some progress has been made in using RPA and pattern recognition technologies to improve the detection of internal and external financial crime cases. Biometrics are also facilitating the so-called Know Your Customers processes. We expect rapid progress in other areas of regtech, transforming regulatory compliance and wider risk management over the coming years.

But this progress won’t just happen. Bringing about this transformation and realizing the benefits that regtech offers will require banks to change their people strategies, augmenting current competencies with the new skills in data and advanced analytics. They will need to become more agile in the way they work and more collaborative, both internally and with third parties, including the regulators, technology suppliers, and even their competitors.

The Regulatory Burden Continues To Grow

Increased financial sector regulation was always likely to follow from the financial crisis. But few could have estimated the extent of it. Ten years on, the wave of new regulation shows little sign of abating (see Exhibit 1). These new regulations concern not only capital and liquidity requirements—the issues arising directly from the crisis—but consumer protection, money laundering, data access, privacy, cybercrime and much besides. Complying with these regulations and adapting to their strategic implications has become the major preoccupation for CROs, CCOs and the broader C-suite.

Exhibit 1: Increasing Regulatory Burden

Explosion in Staff and Paperwork

The most direct and obvious effect of this growth of regulation has been on the complexity—and, as a result, the cost—of compliance. While headcount in customer-facing roles has been declining, the number of bank staff working in compliance and control roles, which are usually high-paid, has exploded.

Oliver Wyman estimates that between 10 percent and 15 percent of financial services employees are dedicated to compliance and risk management, with much of their effort devoted to wading through regulation-related paperwork. Since 2008, investment banks’ spending on compliance and control has tripled. In a recent article, the Financial Times estimated the compliance costs of the banking industry globally to be $780 billion, in part because of inconsistencies in national regulations.

Compliance failures have also become expensive. In the last 10 years, the sector has paid $321 billion in fines and penalties, according to CB Insights. And this doesn’t count the negative effect of fines on a firm’s reputation and on shareholders’ confidence.

Robots to the Rescue

Over the same period that the regulatory burden has grown so rapidly, great advances have been made in robotic process automation and information technology. Data storage has become much cheaper and artificial intelligence techniques for learning from data, heralded for decades, are finally delivering results.

It is a happy coincidence. Applying this “digital” technology to regulatory compliance promises to significantly reduce costs, while simultaneously making compliance processes faster and more reliable. Many of the tasks now performed by slow, error-prone and expensive human beings can instead be done by machines.

Know Your Customer

For example, the Know Your Customer process is already being expedited at some banks by using new ways of checking customers’ identities, including retinal and other physical sources of information. Real-time analytics are being used to improve the speed and accuracy of checks for financial crime and money laundering. And semantic analysis of the communications of staff with high compliance risk, such as those responsible for the Libor scandal, is helping to reduce banks’ compliance risk.

Such advances are set to continue over the coming years. We expect regtech to help transform financial sector regulatory compliance by:

1. Allowing more efficient methods of sharing information.
2. Driving effectiveness by closing the gap between intention and interpretation.
3. Simplifying data, allowing better decision-making and enabling cognitive automation.
4. Allowing regulation and compliance processes to be looked at differently, proactively.

Identifying Money Launderers

However, the most profound change could come from the digitization of regulation itself. In principle, financial regulations could be written into supervisory systems that banks simply plug into. Compliance would be built into bank processes, and adaptation to regulatory change would be automatic.

The data and analysis required to satisfy regulators’ demands is also valuable for making business decisions. For example, they can be used to identify not only customers who are potential money launderers or fraudsters, but who are likely to default on loans, run large deposit balances or otherwise behave in ways conducive or detrimental to the bank’s profits.

This technology can also help a bank understand where “macro risks” are emerging—for example, from political or economic developments in countries where it has exposures—thereby informing not only tactical but strategic decision-making.

Changing the Face of Banking

Banks cannot rely on the technical progress of startups alone. Adopting regtech and getting the most from it will require banks to make progress of their own.

They will need to improve their data environments, which still impede the use of advanced analytics. This will usually entail moving data to the cloud. The information security protocols of most cloud service providers comply with the leading regulatory frameworks. And they allow for the rapid scalability and reconfiguration required for effective use of regtech.

Adopting regtech will change the kind of work done at banks (see Exhibit 2) and, with it, the kind of staff they need. The many standardized and relatively low-level roles now employed in compliance and control will need to be replaced by data scientists and systems engineers, the latter being acquired either by recruitment or retraining.

Exhibit 2: How Regtech Will Change the Compliance Workload

Banks will need to collaborate more effectively, not only with the specialist firms that supply the technology, but with the wider industry. Acting alone, banks can use regtech to reduce their compliance costs. But the greatest gains will be delivered by digitization of regulations themselves and their integration into the fabric of financial services.

Moving toward this goal will require an unprecedented collaboration between banks and their regulators, not only on their data interfaces but on the nature of banking regulation itself.