RegTech: How technology can revolutionize compliance

February 11, 2020 | Myron A. Mallia-Dare, Brandon Meyer

Highly regulated industries, such as the financial services industry, have faced ever increasing regulatory compliance obligations. Technology, such as artificial intelligence (AI), that can be utilized to innovate the manner in which these organizations operate can lead to additional challenges for regulatory compliance and the regulatory environment can drastically impact innovation in these sectors.

Regulatory compliance is a critical consideration for both start-ups and established organizations seeking to drive innovation in the financial services industry. Developing solutions and business strategies with compliance in mind will reduce the risk of potential fines and penalties and allow for the development of a viable solution.

To assist organizations in meeting these ever-growing compliance obligations, RegTech solutions are being developed that can be utilized to provide transparent, faster and more efficient methods of reporting and ensuring compliance.  This article will focus on the potential benefits offered by RegTech solutions for highly regulated industries, particularly the financial services industry.

What is RegTech?

RegTech is a general term for new and innovative technologies designed to enable businesses, such as banks and credit unions, to more easily meet their regulatory compliance obligations.  Some of the benefits of the application of RegTech can include: (i) the ability to efficiently navigate complex regulatory burdens and process enormous amounts of dense data, and (ii) the reduction of risk flowing from human errors which could result in severe administrative fines.

RegTech has flourished due to a developing body of complex national and international regulations which often require the monitoring, evaluating and reporting of vast amounts of information.

The legal landscape

Industries such as insurance, food and drug, oil and gas, mining, securities, telecommunications, energy, fisheries and forestry, and financial services (among many others), operate within a highly regulated environment which can be complex to navigate. Governments establish regulations with the intention of protecting the public from potential risk. This is particularly evident in the financial services industry where we have seen an increase in regulations impacting this industry as a reaction to the 2008 financial crises. Yet, overregulation can stifle innovation and create barriers to entry for emerging companies, such as FinTech organizations, due to the crippling expense required to comply with these regulations.

The adoption of disruptive technologies, such as AI, in the financial services industry has led to the need for governments to develop new regulations to address the impact of these technologies.

Jurisdictions have diverged on how to address changes in the industry, including those driven by technology. This divergence creates significant obstacles for cross-border products and services or organizations who look to enter new markets. For example, organizations have differing compliance obligations with respect to data protection laws in Canada versus the European Union. Therefore, organizations must ensure that their compliance programs meet the relevant requirements of each jurisdiction in which they operates. RegTech solutions can be utilized to assist in the development of jurisdictional compliance frameworks.

While some financial services companies have pre-emptively invested in technology to help keep up with the bourgeoning field of regulations, many don’t have the time or extra resources to focus on technology that would help them address the new regulatory burdens, so have instead turned to using manual processes to address the frequency and volume of the new reporting requirements. This approach can be onerous and causes valuable human resources to be expended unnecessarily. Manual processing is also typically less accurate than if completed by RegTech.

RegTech applications

While there are numerous opportunities for RegTech to assist with compliance, five of most promising applications of RegTech are the following:

  1. Compliance. RegTech that can be used to review all relevant regulations and report on the potential impact of such regulations to the user, including jurisdictional data privacy laws.
  2. Risk Management. RegTech solutions that conduct scenario analysis and risk monitoring on internal business operations through the use of big data analytics to identify and evaluate these risks.
  3. Identity Management And Control. RegTech that has been developed in response to Anti-Money Laundering (AML) and the Know Your Customer (KYC) obligations regarding client identity authentication. The Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) has also established various other obligations requiring regulated entities to conduct analysis and provide seamless reporting. RegTech can be used to efficiently conduct customer onboarding and monitoring activities and will allow for greater transparency.
  4. Regulatory Reporting. RegTech that is utilized to assist in the generation and distribution of reports and information required by regulators. RegTech solutions can assist in data sharing between regulated entities and regulators and enables faster processing of vast amounts of data required to prepare these reports.
  5. Transaction Monitoring. RegTech that monitors financial transactions for suspicious activity quickly and with a high degree of accuracy by leveraging the benefits of distributed ledger through Blockchain technology and cryptocurrency. This type of RegTech also aids with much of the required FINTRAC compliance obligations.

The operational benefits gained from RegTech will depend on the specific solution being used. RegTech that creates reports through automation of the processes required to generate these reports (e.g. data collection, aggregation and report generation) could lead to a significant reduction in expenses and time required to prepare these reports. In addition, if this information is available in real time, organizations can react to any issues sooner than if the reports were to be generated at a later stage.

Barriers to RegTech adoption

Despite the promise, certain RegTech solutions are in their infancy, thus issues to adoption still exist. One such issue is pricing. For certain applications, it is unclear what the true cost saving are or what value is generated by the RegTech Solution. Therefore, developers may have difficulty in communicating the value of the solution or selecting the appropriate pricing model (e.g. a fee per record generated vs a monthly subscription fee). In addition, the cost of developing a tool to meet the ever-changing regulatory landscape may mean that developers will have difficulty in recouping the ongoing maintenance fees associated with building and maintaining the RegTech solution.

Another concern is the potential for large-scale errors caused by minor issues with RegTech solutions – especially a solution that is one-size fits all and used widely in the marketplace. For example, if a RegTech solution fails to address a change in reporting requirements, this could lead to its customers failing to meet their regulatory requirements. If this same problem is replicated multiple times in the same customer, or widespread across multiple customers, then the losses could be significant. RegTech providers and customers will need to consider these risks when negotiating terms of the agreement and ensure that these risks are addressed through the apportionment of liability between the parties, indemnities and requirements for insurance.

Due to the potential sensitivity of the data being collected and processed, ensuring that the data is being adequately protected is critical. The potential risk to both the customer and RegTech provider of a data breach can be significant. Customers should therefore conduct the appropriate due diligence on both the solution and provider to ensure that this risk is mitigated. RegTech providers should also ensure that they have the appropriate cybersecurity policies and procedures in place to protect themselves from both financial and reputational risk.

Conclusion

RegTech offers many benefits to organizations operating in regulated industries. While we have addressed some barriers to adoption, the opportunities offered by adoption of innovative technologies that can assist in meeting an organization’s regulatory requirements are significant.

The manner in which RegTech is supported and integrated into the current regulatory structure will play an important role in navigating both the developmental and implementation stages.

Developers of RegTech solutions should look to engage regulators directly and take advantage of regulatory sandboxes to assist in ensuring compliance. With cautious and thoughtful integration into the current regulatory environment, RegTech shows major promise in reshaping the way that companies interact with the growing body of regulatory oversight.

Disclaimer

This publication is provided as an information service and may include items reported from other sources. We do not warrant its accuracy. This information is not meant as legal opinion or advice.

Miller Thomson LLP uses your contact information to send you information electronically on legal topics, seminars, and firm events that may be of interest to you. If you have any questions about our information practices or obligations under Canada’s anti-spam laws, please contact us at [email protected].

© Miller Thomson LLP. This publication may be reproduced and distributed in its entirety provided no alterations are made to the form or content. Any other form of reproduction or distribution requires the prior written consent of Miller Thomson LLP which may be requested by contacting [email protected].