Technology empowers people and businesses to stay constantly “switched on” in a rapidly changing environment, and we are increasingly reliant on it. Increased mobile use, the rise of social media, and growing digitization has led to an exponential increase in the amount of data available. Of the data currently available, more than 90 percent was created in the last five years alone. This has enabled big data analysis and the use of machine learning and artificial intelligence to generate insights that were not previously possible.

In addition, competition in the financial services industry has increased significantly with the rise of financial technology (fintech). Many new business models are emerging from both fintech and incumbent financial institutions to address changing customer preferences.

Meanwhile, banks have faced an unprecedented level of regulatory scrutiny since the global financial crisis. Despite spending billions on regulatory compliance remediation programs, many financial institutions have been fined heavily and are still struggling to comply with regulatory requirements, resulting in the advent of regulatory technology or “regtech.” Regtech is defined as “the use of new technologies to solve regulatory and compliance requirements more effectively and efficiently” as per the Institute of International Finance.

Regtech in Asia

The regtech landscape is rapidly evolving and covers a wide range of possible services, ranging from those specific to industries such as financial services and health care, to cross-industry services such as vendor risk management, cybersecurity and identity/background checks.

The regtech industry is still relatively fragmented globally, with a large number of small-scale players and no dominant player in the market or even the region. While most regtech firms are based in the U.S. and Europe, they are beginning to expand their reach into Asia. For example, American Express plans to export KYC regtech to Asia after its success in Australia, which led to reducing client onboarding times in half after adopting Simple KYC’s cloud-based technology platform as reported by The Australia Financial Review.

Local players are also starting to appear in Asia. Notable startups include Fintellix, an Indian firm that leverages existing data infrastructures to manage local regulatory reporting rules; Cynopsis Solutions, a startup from Singapore that specializes in transaction monitoring to combat money laundering and terrorism-related financial activities; and KYC-Chain, a blockchain-based customer onboarding platform.

Singapore is leading the Asian regtech space and hosts numerous regtech players such as Datarama, which provides a risk management platform to make compliance-driven due diligence more efficient and affordable. Singapore-incorporated Otonomos uses blockchain technology to change how companies are incorporated, administered, and funded. Separately, the Singapore Exchange (SGX) recently launched a “Members’ Surveillance Dashboard,” which allows data related to market misconduct to be reported, including details of alerts from SGX’s own surveillance system.

Citibank, OCBC and DBS have recently launched chatbots in Singapore. Citibank and DBS each have a chatbot on their Facebook pages that answers customer inquiries, and OCBC has two chatbots—one that does home loans and another for internal human resource purposes.

India is catching up, too. Bangalore-based Signzy, for example, provides an online contracting solution that uses technology, including biometric signature and blockchain, to complete the entire online digital trust system. The India FinTech Forum is currently running an annual competition to recognize emerging fintech innovations in the Indian ecosystem, and a shortlist of 20 fintechs have been chosen to pitch.

There are multiple risks in the financial world. Will new technology work? What are the risks related to client data and confidentiality? How secure is it from cyber risks?

Regulatory Approach to Regtech

The rise of regtech in recent years has not gone unnoticed by regulators. The Financial Conduct Authority in the UK was the first to respond by launching the first regulatory sandbox in 2015. The concept of a “sandbox” is to create a safe space for firms to experiment with new technologies before getting final approval from the respective financial regulators or authorities and offering them to customers.

As with the launch of any new business or technology, there are multiple risks in the financial world. Will the new technology work? What are the risks related to client data and confidentiality? How secure is it from cyber risks?

The creation of a regulatory sandbox not only allows firms to experiment freely within a controlled environment, it also allows the regulator to get a better understanding of the new technologies and possible applications. More importantly, it helps the regulator avoid burdening the new business with overly restrictive regulations before an actual launch.

The regulatory sandbox approach is gaining traction and is now spreading globally. It is in various stages of development and implementation in countries such as the U.S., Switzerland, Australia, Hong Kong, Singapore, Malaysia, Thailand and the UAE.

Beyond just setting up regulatory sandboxes, regulators should also consider the possibility of using some of these regtech technologies themselves to potentially supervise the financial sector more effectively. For example, they could apply big data analysis and machine learning to information collected from banks and identify potential emerging risks, or they could create cross-firm data that all firms could leverage.

The Indonesian government is setting an example by opening the country’s ID card database to financial institutions for KYC purposes. ID cards in Indonesia are already used as the basis for issuing passports, driving licenses, tax documentation, insurance policies, land rights certificates and for biometric data. Thus far, more than 190 financial institutions and service providers have signed up to access the ID database for KYC purposes.

What Can Organizations Do?

While regtech is rapidly growing, there are a number of key challenges that financial institutions, fintechs and regulators need to overcome with regard to successful implementation.

First, firms need to have a clear strategy with regard to the use and application of regtech and think about digitization more holistically while designing customer journeys and new product offerings, for example. Firms also need to be careful in evaluating opportunities—efficiency cannot come at the cost of compliance or customer experience. Additionally, they must be aware of new emerging risks as a result of increasing digitization and interconnectedness.

Second, regulators should aim to streamline or simplify rules where possible while ensuring that security is not compromised. Various regulatory jurisdictions have different requirements for data security and privacy, as well as restrictions on the sharing of information across institutions or national borders.

While regulators in the region are encouraging the proliferation of regtech within their respective national borders, they should also look to have regular dialogues across the region to enable the application and adoption of regtech solutions across borders. This will lead to data harmonization and will enable more powerful insights to be generated through greater pooling of available data and applications.

Not addressing these issues will make it difficult for regtech to achieve its full potential.

*A version of this piece first appeared in Banking Insight December 2017 – AICB.