What is regtech? Regulatory Technology is an emerging field that applies new technologies to manage the administration of regulatory requirements, and is considered a subset of fintech (technologies that make financial activities more efficient).
Here’s how John Dwyer, senior research analyst at Celent, explains the growth of regtech. “By harnessing technology to improve and optimize a financial institution’s ability to comply with its regulatory requirements and automate the regulatory compliance process as much as possible, regtech has the potential to bring huge benefits and cost savings to the investment management industry,” he said in a Q&A with SimCorp Journal.
What’s Driving the Growth in Regtech?
The union of regulation and technology is not new, but several factors are increasing pressure on the financial services industry (and many other industries) to adopt new ways of doing business — especially as it relates to managing regulatory data and reporting. Those factors include:
1. A Proliferation of Regulations
In the U.S. financial sector alone, regulatory bodies include the Federal Reserve Board, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Commodity Futures Trading Commission, the Financial Industry Regulatory Authority, the Securities and Exchange Commission, along with state-specific bank, insurance and security bodies. Each entity has a specific purview and set of requirements that enable them to act independently of one another even though they may be working to accomplish similar objectives.
2. The Rising Cost of Compliance
Not surprisingly, keeping up with these ever-changing compliance requirements is an uphill battle. To meet them, companies must invest in personnel to understand and manage compliance, update operational processes to stay in compliance and embrace new technologies to keep up with changing data and reporting requirements.
The costs of compliance have become so onerous that the Mercatus Center of George Mason University reports, “On a macroeconomic scale, the buildup of regulation has slowed economic growth by an average of 2 percentage points, according to a study published in the Journal of Economic Growth.” In fact, it costs an average of $6,000 to onboard each new client, depending on their risk rating and country’s regulations.
3. The Drive to Avoid Regulatory Fines
In October of 2019, the Financial Industry Regulatory Authority (FINRA) fined BNP Paribas $15 million for failing to develop an enhanced due diligence (EDD) program that could detect suspicious penny stock and wire transfer activity. In 2018, FINRA fined Morgan Stanley $10 million because its AML program failed to meet the requirements of the Bank Secrecy Act.
These two cases are just the tip of the iceberg. Roughly $26 billion in fines has been imposed specifically for non-compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in the last decade, according to research by Fenergo.
Regtech Offers New Solutions
To get a handle on rising compliance costs, a range of new regtech solutions are entering the market. These technologies address different types of regulatory needs. Some technologies are focused specifically on making compliance more efficient, for example, cloud-based software programs that automate aspects of compliance.
Some are focused on monitoring financial transactions, for instance, programs that do a real-time analysis of blockchain transactions and the customers behind those transactions.
Other regtech firms are sprouting up around regulatory reporting (e.g., platforms that extract data from scanned financial documents) and risk management (e.g., risk analytics tools that detect disruptive events in global financial markets and anticipate price movements).
Still other solutions focus on digital identity management and control — a key component of KYC and AML compliance. Jumio, for instance, works with the financial industry to combine AI, face-based biometrics and ID verification to ensure the digital identity of customers matches their real-world identities.
The Intersection of Regtech and Identity Verification
In addition to the regulatory agencies mentioned earlier, the financial industry must also comply with mandates around customer identity verification. KYC policies, for instance, require businesses to show “reasonable due diligence” in ascertaining and retaining the essential facts concerning every customer. Are they really who they say they are?
A Sampling of Compliance Mandates Related to Identity Verification and Management
Customer Due Diligence (CDD)
Know Your Customer (KYC)
Anti-Money Laundering (AML)
5th EU Anti-Money Laundering Directive (5AMDL)
Children’s Online Privacy Protection Rule (COPPA)
California Consumer Privacy Act (CCPA)
Initial Coin Offerings (ICO)
Payment Card Industry (PCI)
Health Insurance Portability and Accountability Act (HIPAA)
The old paradigm of asking customers to confirm something they know, have or are can no longer be counted on to provide a high level of assurance that a customer’s online identity matches their real-world identity. That’s because organizations rely disproportionately on the first two categories — what people know or what they have. Unfortunately, things you know, like passwords and security questions, can be easily gleaned from the internet, the dark web or social engineering, and ‘things you have,’ such as a cell phone or SIM card, are increasingly problematic.
Banks and other modern enterprises are increasingly turning to biometrics for identity verification and authentication. They’re using biometrics alongside more traditional ID verification to strengthen their defenses against online fraud, maintain compliance with AML and KYC and to build trust in their online ecosystems.
Regtech focused on online identity verification, therefore, should tie a digital identity to an authenticated government-issued ID and further corroborate it with biometrics (e.g., a selfie and certified liveness detection). This powerful combination of verifying who someone is, binding that person to face-based biometrics and further securing the transaction with certified liveness detection, allows financial institutions to operate more securely in the digital world.
If there’s one thing we can be sure of, regulations are not going away. Regtech, therefore, will continue to be a requirement of organizations operating in the digital world. To learn more about technology that can help you more efficiently meet your regulatory requirements around identity verification, we invite you to explore Jumio’s AI-powered identity verification technology.