The financial services industry has been traditionally quite conservative against disruptive innovation. During the last few years, this has completely changed based on the advent of the financial technology (FinTech) movement, which is rapidly transforming financial processes and institutions. FinTech’s momentum is reflected on recent figures about FinTech investments and the number of FinTech startups. In particular, over $23 billion of venture capital and growth equity has been invested on FinTech innovations during 2011-2014, while $12.2 billion was allocated in relevant investments in 2014 alone. Furthermore, a recent McKinsey & Co study revealed that the number of FinTech startups in 2016 reached 2000, from approx. 800 in 2015.
One of the main challenges faced by FinTech enterprises concerns the regulatory environment, under which they and their clients operate. This environment is generally unstable, as new regulations are frequently introduced, while older regulations are regularly updated. At the same time, FinTech innovators have to consider and adhere to a large number of standards and regulations, such as the General Data Protection Regulation (GDPR), the 2nd Payment Services Directive (PSD2), the electronic identification and trust services (eIDAS) Regulation, the MiFID II (Markets in Financial Instruments Directive (2004/39/EC) and the 4MLD (The Fourth Anti-Money Laundering Directive).
Regulatory compliance is a key prerequisite for the practical deployment of FinTech innovations. Therefore, FinTech innovations are not only driven by changes in market conditions, consumer behaviors (e.g., the use of mobile devices, the adoption of digital lifestyles) and technological evolution (e.g., the rise of blockchains and smart contracts), but by changes in the regulatory environment as well.
In this context, FinTech stakeholders must be able to adapt and fully leverage leading-edge technologies, while at the same time understanding the impact of regulations on their innovative products and services. This has given rise to a new wave of FinTech applications, which deal with regulatory support, compliance and regulations-related experimentation. These applications are commonly characterized as RegTech.
The importance of regulatory compliance has led to the emergence of regulatory compliance offerings as part of the FinTech portfolio of many enterprises, including several RegTech startups. RegTech products and services facilitate financial institutions and FinTech innovators in their compliance efforts. Moreover, they form the basis for testbeds that facilitate experimentation.
From a technological perspective, RegTech applications leverage state-of-the-art ICT technologies such as BigData Analytics and AI, in order to audit applications for regulatory compliance and assess relevant risks. In this context, they have also processed data in ways that have never done before. This is the reason why RegTech is no longer a small part of FinTech, but rather an entirely new industry which leans on the global FinTech ecosystem.
Characterizing the regulatory part of any FinTech application as RegTech leads to an abuse of the term. To avoid this abuse and misuse, it’s better to characterize as RegTech those applications that are developed with a primary purpose of supporting financial organizations in their regulations information management and compliance efforts. The most prominent categories of such applications are the following:
- Regulatory Compliance Applications: The primary purpose of these applications is to support banks and financial institutions in being compliant to mainstream regulations. Their functionalities include the gathering of regulatory data, mapping corporate policies to regulations, sharing data with regulatory authorities and more.
- Identity Management Applications: The most prominent example of identity management applications are the ones that support the well-known “Know Your Customer” (KYC) procedures. As another example, some Identity Management applications cope with anti-money laundering sanctions and anti-fraud screening.
- Risk Management Applications: Prominent examples of such applications are the ones that identify and assess market risks, as well as the ones dealing with mitigation of cyber-crime and cyber-security risks.
- Financial Crime Applications: This set of RegTech applications includes systems for fraud detection, market abuse detection, money laundering identification and financial terrorism mitigation.
Understanding Regulatory Sandboxes
In addition to the above applications, financial organizations are recently deploying regulatory sandboxes that help them ensure compliance of their FinTech applications. In particular, regulatory sandboxes are specially configured IT environments, which enable innovators to develop and deploy their applications in a way that ensures their adherence to applicable regulations. As such regulatory sandboxes can be also considered an instance of RegTech infrastructure.
Sandboxes offer various APIs that innovators can use to access data from banking and finance systems. The data that are returned when calling these APIs are either real-life anonymized data or simulated data featuring the same structure as the real data. In the case of real-life data, anonymization (and other mechanisms) is employed to overcome privacy barriers and adhere to data protection mandates. On the other hand, simulated data feature the same distribution of numeric values as their real counterparts, yet they do not correspond to information belonging to real customers. The APIs of a regulatory sandbox is designed in-line with regulatory mandates such as PSD2 in the case of payment applications. This means that they require proper authorizations for accessing specific pieces of information while revealing only the required information to the various stakeholders’ roles.
As an example, a sandbox API for payments should be able to provide access to data about customer accounts, including information about transactions and balances. The API would return either real anonymized data or simulated data where account balances follow similar distributions as the real data. Moreover, the API would require proper authorization (e.g., username and password) to allow access to the data i.e. authorization leading to a stakeholder role that can access the data.
The development of regulatory sandboxes is particularly challenging and requires the active involvement of financial institutions, regulatory experts, FinTech innovators and in several cases regulators as well. Hence, assembling a proper team for building a sandbox is very difficult. It also becomes more complex, when cross-border interactions are involved, as this is likely to complicate the applicable regulations and subsequently the production of a compliant design and implementation.
Originally a part of Fintech, RegTech is nowadays evolving as a new industry, which brings its own unique value to financial organizations. Specifically, by lowering the barriers of regulatory compliance, RegTech becomes a key to avoiding regulatory fines and/or damage to brand image. Financial organizations and FinTech innovators can no longer afford to ignore RegTech applications. Rather they should plan to deploy the RegTech applications that boost their compliance. They should also pursue the establishment and use of regulatory sandboxes, which will allow them to ensure that their innovations are aligned with the regulatory environment. RegTech is certainly more than a buzzword and has evolved into a trending application in the FinTech world.