Regulatory compliance is a costly and time-consuming activity. The spread and variety of information that must be tracked, collated and reported on is vast and it seems that the burden increases year on year. In addition, regulated firms are required to track and interpret the ever expanding universe of new regulation - in many cases across multiple jurisdictions.
The sum total of this is that, in 2015, 68% of businesses reported to the CBI/PwC Financial Services Survey that regulatory compliance would be a factor that would limit business expansion over the next twelve months.
In that context, the fact that RegTech has grown as a standalone industry over the past twelve months should not be a surprise. However, what has surpassed many people's expectations is the speed of that growth and the strength of the market generally.
In the past twelve months the FCA joined as an active participant in developments. In this role, it has hosted a number of roundtable meetings and published Feedback Statement 16/4 'Supporting the development and adopters of RegTech'. FS16/4 sought to explore the FCA’s role as facilitator in the development of the RegTech sector generally and to understand how it could foster innovation and technology to better assist the firms it regulates in complying with the regulations. That, of course, wasn't the only involvement of the FCA in the previous twelve months. The launch of the "regulatory sandbox" has been well-received, giving financial services businesses a safe space to test new products, including those dealing with regulatory compliance.
On top of that, the last year has also seen London Fintech Week's headline focus of innovation in RegTech, the RegTech Summit Europe took place (including our RegTech Masterclass) and numerous other events with RegTech at the heart of the issues, bringing together solutions providers with some of the biggest names in the financial services industry.
It is clear from these trends that a number of opportunities exist for technology focussed enterprises to offer new solutions to the age old compliance burden for regulated financial services firms. In particular, providers of solutions in the big data, cloud computing and machine learning sphere are ideally placed to assist regulated firms (and regulators) – through the automation of risk management, regulatory reporting and the operation of internal compliance processes.
These opportunities are also relevant to the numerous in-house solutions that are being developed and implemented in larger financial services organisations. But with these opportunities come a number of challenges and risks. It is, therefore, important that providers (whether in-house or independent) and regulated firms understand those challenges if solutions are to be successfully implemented and integrated.
- Interpretation – ensuring that the product is based on a “correct” interpretation of the relevant regulations, whether in the UK or elsewhere, is the key criteria. Product developers are adept at building a solution for any problem. However, identifying and communicating the essence of that problem is not always straightforward. Especially, in a regulatory context where the text of the applicable rules can be open to a variety of interpretations and subject to a number of guidance papers.
- Regulatory oversight – an obvious consequence, of purporting to offer regulated firms a solution to their compliance burden, is the potential scrutiny of the solution by the relevant regulator. This may not be through direct contact with the solution provider. It could also be as a result of the regulated firm being required to demonstrate that its systems and processes are fit for purpose. Because of this, RegTech providers and regulated firms should ensure they have adequate policies and contractual agreements in place to cover liabilities arising from this process.
- Taking responsibility – for solutions that involve the use of algorithmic decision-making, for example, the speed with which decisions can be made and outcomes can be reached has obvious positive consequences. But what happens when something goes wrong and that speed causes an error to be replicated many thousands (or millions) of times? Providers utilising high-speed algorithmic decision-making should ensure they have adequate protection in place through appropriate systems and appropriate insurance policies in the event that something does go wrong. This responsibility will need to be clearly apportioned in contractual documentation between RegTech provider and regulated firm client.
- Handling data – regulatory reporting is one of the most burdensome aspect of regulatory compliance. In the financial services context, a solution proposing to handle certain reporting requirements may well involve the processing of personal data and, in some cases, sensitive personal data. Both the solution provider and regulated firm will need to be aware of the obligations involved in such processing and should ensure appropriate data protection policies in place.