As the cost of compliance continues to rise, financial institutions are coming under increasing pressure to find technological solutions and develop a winning digital strategy that must maintain agile awareness on both fronts.

For anyone unfamiliar with the financial industry, a simple reference to “regulations” doesn’t convey the vast web of compliance demands these institutions face. In the aftermath of the 2008 economic crisis, a growing thicket of regulations and requirements have put banks of all sizes under siege. The sheer number of federal governing groups keeping a watchful eye on this rapidly evolving industry is daunting. Robert Half Management Resources director Richard White describes the current climate: “As soon as a bank passes one test, it may face another test right around the corner.” Financial institutions have no choice other to invest in the necessary resources to survive within this increasingly complex regulatory environment, but the cost of compliance threatens to become overwhelming.

What the Challenges Look Like

A brief and incomplete list of fintech regulations from federal-level agencies with oversight powers includes:

  • The twice-yearly “stress tests” required of larger institutions by the Dodd-Frank act.
  • The search for money-laundering by the Financial Crimes Enforcement Network, as part of the USA Patriot Act. Steep fines that can reach into the billions of dollars are levied on institutions that don’t comply.
  • The Federal Reserve’s Comprehensive Capital Analysis and Review (CCAR), which can result in disastrous drops in share prices if an institution is found to be undercapitalized.
  • The Financial Industry Regulatory Authority (FINRA), which imposes an extensive set of rules regarding transparency and validity of transactions. Fines associated with violations can run in the billions.
  • The Office of the Comptroller of Currency (OCC), which regulates fair access to banking and enforces the Bank Security Act. These requirements constitute another potential source of fines for noncompliance.

Cyber Security

In addition to federal financial regulations, government entities at various levels are rapidly deploying regulatory responses to widespread occurrences of cyber crime. The New York Department of Financial Services, for example, has recently proposed a new set of regulations for financial entities, requiring that they institute specific cyber security measures to protect the consumer and the industry.

New Field of “Regtech”

As we’ve repeatedly seen across all industries, the growth of an organizational pain point catalyzes the development of a squadron of innovative tech-based solutions. The various digital approaches to managing the complex layers of financial compliance demands has been dubbed “regulation technology,” or regtech. Investopedia defines regtech as consisting of “the group of companies that use technology to help businesses comply with regulations efficiently and inexpensively.”

New Fintech Options Increase the Need for Regtech

While Regtech may have had its origins in the proliferation of federal regulations, its reason for existing has been intensified by the overall growth of financial technology. As legacy banks and other institutions have been slow to enter the digital age and provide a streamlined experience, numerous startups have moved into the financial space to provide a friendly customer experience. These fintech companies, which are free from brick-and-mortar expenses and many of the onerous regulations imposed on traditional banks, are causing concern in the regulatory sector. Hacks and data breaches are symbiotically thriving in conjunction with the growth of online financial service providers, and only the new regtech tools are equipped to mitigate these hazards. The combination of unprecedented growth in digital financial products, together with the intensifying landscape of regulations, has been another force that has engendered the arrival of regtech.

Cloud Computing Is the Engine Behind Regtech

Until the digital age, the act of regulating financial institutions was limited by the human inability to compile and examine vast amounts of consumer data. In many cases, the true state of bank operations remained murky because there simply weren’t enough hours in the day for employees to gain an adequate overview of an institution’s position. Cloud computing, with its troves of big data that can be instantly analyzed, has facilitated much deeper insight into the granular operations of any institution. Furthermore, predictive analytics enable data from an individual institution to be examined in the light of numerous related regulatory failures. This method of recognizing risk before it becomes non-compliance — especially since it doesn’t rely on massive numbers of fallible human operators — results in greater security and substantial financial savings for banks.

Benefits of Regtech

Overall, regtech is an agile collection of innovations that are organically able to meet ongoing challenges. Regtech tools provide institutions with the ability to monitor their transactions in real time, flagging irregularities as soon as they occur. Financial regulations are different for every country, and regtech is capable of responding in a discrete manner depending on an institution’s geographic location, applying the appropriate national or regional requirements across the globe. These systems also match actual activity with expected trends, identifying outliers and generally eliminating the need for traditional retrospective audits. Some regtech providers also offer tools for keeping track of individual employee actions, as well as creating audit trails, establishing access protocols and helping banks to submit required reports.

Innovative technologies such as cryptography, blockchain and machine learning have shown to be particularly promising in tackling these regulatory challenges.

RegTech Is a Key Tool for the Largest Financial Institutions

The Global Systemically Important Banks (G-SIB) is a list of the 30 banks most crucial to the world’s economic stability. These institutions are, by the nature of their foundational status for the global economy, subject to a greater degree of regulatory scrutiny. Financial giants on this list such as Citigroup, Bank of America and Wells Fargo are identifying regulatory and compliance categories that would benefit from regtech solutions. The Institute of International Finance (IIF), a worldwide association of over 500 members in 70 countries, reports in 2016 that “financial institutions have a primary responsibility for supporting regtech development, most importantly by creating IT and risk infrastructures that are capable of integrating these new solutions.” Their regtech initiative identifies specific “bottlenecks” in compliance and regulation, and discusses solutions that are best adapted to each one.

These are three of the major issues that the IIF sees as potentially benefitting from regtech solutions:

Challenge: The Need for Risk Data Aggregation

Financial regulations are increasingly driven by data, amplified by greater granularity and frequency. Well-structured information is needed for reporting of capital and liquidity, as well as for stress-testing. The ability to share this information is currently hampered by unstandardized nomenclature and obsolete IT systems.

Regtech Solutions: Machine Learning and Cryptography

Machine learning and artificial intelligence can generate algorithms for data mining, organize large datasets and create effective ways to turn raw data into relevant information. Cryptographic technologies ensure rapid, secure transmission of information between qualified users, including regulators and users across jurisdictions. Cryptography enables institutions to share information between and within institutions, while remaining compliant with rigorous data protection regulations.

Challenge: The Need to Verify Identity

As more financial transactions take place remotely, the U.S. Financial Crimes Enforcement Network responded by creating new “Know Your Customer” (KYC) requirements. These requirements include the use of multiple identification of clients through the analysis of different informational sources. The KYC rules apply to all “customers,” including those that are complex legal entities, and the rules require that any person with at least a 10 percent ownership share in the entity must be identified.

Regtech Solution: Biometrics and Blockchain Technology

Biometrics provide affirmative identification for individual customers, and this technology brings speed and reliability to the identification process. Blockchain and distributed ledger technology (popularized through the Bitcoin platform) is a system to enable the quick validation of transactions securely and efficiently through cryptography. This removes the need for a centralized authority for identity verification.

Challenge: The Need to Monitor Payments in Real Time

As millions of individual banking transactions take place every minute around the globe, a mismatched assortment of payment systems leads to slowdowns and confusion at the interface between incompatible recording systems. Banks are required to identify and flag suspicious transactions based on metadata and report illegal transactions in real-time, but lack of a global payment standard means that different systems generate different meta data.

RegTech Solution: Machine Learning and APIs

Application programming interfaces (APIs) exist for the purpose of allowing different software systems to communicate with one another, and they can bring clarity to automatic sharing of data with regulators. Machine learning also adds value to compiling payment data, because it’s able to interpret unstructured data outputs, such as the identification of payments beneficiaries.

New Technology Brings New Hazards

Because the need for regulatory compliance management solutions is so strong, new data systems are springing up rapidly. However, any new channel for transferring information can also open up unforeseen vulnerabilities. One recent example of a new system opening doors for cyber crime occurred in Bangladesh, where attackers used the international financial messaging system SWIFT to steal $81 million from Bangladesh Bank. In the wake of this theft and several similar ones, U.S. banking regulators have instituted even more requirements. Thus, banks of all sizes must engage in a balancing act to ensure that technologies that promise new efficiencies are also safe and reliable.

As the cost of compliance continues to rise, financial institutions are coming under increasing pressure to find technological solutions. However, the stakes are high when it comes to choosing the best tools and systems to meet regulatory requirements. Opening the wrong digital door can be costly. Digital strategy consulting firms are stepping forward to provide guidance to the finance industry in choosing the best regtech platforms. Fintech regulations and technology will both continue to evolve, and a winning digital strategy must maintain agile awareness on both fronts.