Regulatory technology or “regtech” is a relatively new sphere in financial services. Using information technology, it enables implementing and enforcing of regulatory standards across the financial sector. Financial institutions are increasingly engaging with regtech companies to digitize their three lines of defense or “3LoD” functions to ensure regulatory compliance including timely, accurate and cost-efficient reporting and monitoring.

In this first part of a two-part interview, BRINK Asia spoke with Subas Roy, partner, RegTech, Digital Risk and Compliance at Oliver Wyman and chairman of the International RegTech Association, about the key considerations, costs and benefits, and other emerging regtech trends in Asia.

BRINK Asia: What are the benefits of digitizing risk and compliance processes?

Subas Roy: I think it is also important to look at why digitizing risk and compliance functions and processes are critical for the future of the financial sector. There are three key rationales. First, if you look at the state of financial services since the global financial crisis of 2008, we have evolved into a very complicated financial regulatory framework based around consumer protection, economic stability and reputational integrity. There are lots of new regulations across the world, and we see that the cost of control and compliance have gone up at least three times during this period. It is very difficult to comply with every piece of applicable regulations considering increasing costs, conflicting requirements among these regulations, timing and reporting obligations.

Second, demographics are playing a big role, and we are going through a fundamental shift toward digital. Between 15 years ago and today, the base is so different and also the expectation from the consumers has undergone a sea change. Digitization is now everywhere—everything needs to be faster, quicker, cheaper and more reliable, too. The digital reception has played a big role in terms of why we need to change the way we have delivered our risk and compliance obligations and keep it this way. If we want to provide faster, better, cheaper and more responsive services to our consumers, how can we run on age-old risk and compliance functions? We need to ensure that apart from changing the frontline in the customer journey, the depth and breadth of our business practices, including key processes around risk, regulatory compliance and governance, also need to be upgraded and linked to new customer journeys and experiences.

Fintechs have been offering new financial platforms—for example, real-time payments or opening up the retail banking sector by enabling sharing of customers’ data among traditional and newer banking organizations. In addition, there are new bank types catching up with legacy banks, making it imperative for banks to respond. Traditional banks are trying to adapt, and if they don’t, they stand a chance of losing out to new competition.

These are the three fundamental strategic reasons why digitizing risk and compliance are very important.

BRINK Asia: Why make those changes?

Mr. Roy: I think there are six key reasons why this is important. First, there are new types of uncertainties and risks (outside traditional risk capabilities—for example, cyber). Digital compliance was not really considered before. If you look at the financial crisis, it was conduct risk failure, but we didn’t have conduct risk before that.

The second is the impact of digitization—this is changing the workforce, so how can you maintain risk and compliance processes? The processes to perform risk management are going to change, and processes are now automated.

Increasing regulatory complexities is the third. Many regulations now demand for complex financial and behavioral information being monitored and reported against. The banks and other financial institutions are caught unprepared and also torn apart between conflicting priorities, often plunged with ongoing regulatory scrutiny and/or investigations.

Fourth is the urgent need to shift to a customer-centric view. The traditional way of performing reviews were product-centric. Still today, banks ask for the same pieces of information from customers repeatedly; however, with digitization coming in, this is going to be a critical impediment to continued business success. By means of using digital modes, you have the desired information in one place. So moving to a customer-centric view is not only beneficial for customers but also beneficial for financial institutions.

Banks are just like any other business on the high street and need to play a special customer protection role to repair and regain trust.

Data analytics convergence is the fifth one—data analytics, artificial intelligence and advanced algorithm models need to be incorporated into the existing ways of working to achieve some of the objectives already described. Point of caution, though, if you are utilizing advanced algorithms and models, do ensure algorithm risks are appropriately managed.

The sixth reason is that trust is moving away from traditional financial institutions. Banks and wider financial sectors have enjoyed quite an uninterrupted trust quotient before the 2008 financial crisis, for instance, we would know bank managers as people with repute in our societies, but that has disappeared since then. Today, banks are just like any other business on the high street and need to play a special customer protection role to repair, regain some of that trust.

BRINK Asia: What are some of the costs associated with compliance?

Mr. Roy: I think there are four different areas of costs attached to compliance and the wider risk function that are applicable to Asia as elsewhere. The biggest costs include:

1) Cost of fines and penalties—almost all big financial institutions have been tarnished by not only reputation but also in the form of big fines that they have paid.

2) The cost of compliance to new complex regulations. Dodd Frank is a huge compilation of regulations—about 1,300 pages, and we are talking about creating a compliance regime around that. General Data Protection Regulations or GDPR are, again, a big basket of regulations. Therefore, the banks can be in a very tight scenario because they need to comply with all new regulations, parts of which are even contradictory.

3) Tools and technology—because compliance and risk need to respond to these regulatory changes; you have to go out and buy some tools to manage financial crime software. These are very expensive purchases considering banks have spent millions in terms of buying and maintaining compliance systems.

4) Finally, the cost of the workforce is a major one—you also have very expensive compliance and legal professionals that are hired by banks. Therefore, you not only have the cost of employing new people, but you also have the cost of employing some very expensive and knowledgeable people. This new line of cost that you see coming up arises from the need to retrain these people in using new and advanced technologies that define advanced analytics.

BRINK Asia: What are the costs associated with noncompliance?

Mr. Roy: Apart from fines and penalties that I talked about, the wider cost is financial and reputational. Recently, a European bank was fined more than 776 million euros ($890 million) for failing to design appropriate controls over their financial crime and transaction money from checks. The cost of that failure is not only the fines and penalties, but also reputations and the lack of robust controls in terms of anti-money laundering. Danske Bank was criticized heavily in terms of how it was conducting business. They were warned by the German Ministry and Deutsche Bank, with even the European Union warning them. The whole reputational damage and risk is immense. So apart from spending millions on remedial efforts, the reputational impact is huge, too.

BRINK Asia: In terms of digitizing these processes and adapting to the regulatory changes, what are some trends in this area in Asia?

Mr. Roy: Particularly in the last 12 months, we are seeing some big trends coming into the Asian continent. In Singapore, for example, the regulators are taking an active approach to ensuring consumer protection through market conduct, data privacy and responsible trading regulations with the intention of driving digital compliance.

In Hong Kong, we are seeing the Hong Kong Monetary Authority taking positive steps to regulate the market and boost innovation. In the case of Australia, they are keenly ensuring that they have decent conduct regulations as well as good governance. Although gradual, Asia is actually working up to the digital risk and the digitizing of risks in financial services. Asian countries are now geared to respond with appropriate regulations.

Asia does have an advantage over the U.S. and Europe, because, although they were the first to announce market regulations about 10 years ago, I think what might have gone wrong is that they introduced too many regulations and therefore just clogged the markets. Asia can learn from that and have regulations that are not overburdening for companies. Regulations can be introduced in a flexible way so that these not only help market growth but also regulate emerging risks.