In the years that followed the 2008 financial crisis, governments and financial regulators attempted to put in place a system that would ensure there would be no repeat, no sequel to the misery that the banking industry wrought on society through the kinds of risky practises that had been allowed to occur, even encouraged, to engage in. New regulations such as Dodd–Frank were introduced across the US and Europe to improve risk controls, maintain capital, and create a more transparent financial sector, to varying degrees of success.
It may be up for debate whether anything has actually changed as a result of new regulations, but there can be little argument that they have been one of the central challenges for banks over the last decade. Global demand for regulatory, compliance, and governance software is expected to reach $118.7 billion by 2020, up from roughly $80 billion today. Much of this is spent on staff capable of keeping them on the right side of the rules, which are constantly being tweaked and require careful monitoring. According to Martin Arnold of the Financial Times, ‘Big banks, such as HSBC, Deutsche Bank, and JPMorgan, spend well over $1 billion a year each on regulatory compliance and controls. Spanish bank BBVA recently estimated that on average financial institutions have 10 to 15% of their staff dedicated to this area.’ Andres Portilla, IIF’s managing director for regulatory affairs, meanwhile, notes that. ‘For many years post-crisis, the only growing area of personnel, of hiring, in banks was in compliance.’
It would seem, however, that this boom is coming to an end. Technology is increasingly being used to simplify compliance and save banks from a complex, time-consuming, and costly activity. Regulatory Technology, or RegTech, is described by the Financial Conduct Authority as ‘a sub-set of FinTech that focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities.’ It started life as a fairly niche subset of the FinTech ecosystem, going without significant investment from Venture Capital while money flooded into the rest of the sector. However, this has all changed, and it is now among its most promising and exciting areas, driven primarily by developments in the field of Artificial Intelligence (AI) such as natural language processing (NLP) and machine learning. It can monitor compliance and regulatory obligations more easily, more accurately, and more efficiently than humans, and investment levels have risen as a result. In November 2016, CBinsights estimated that $2.3 billion had been raised in funding rounds for RegTech companies that year, a record for investment in the technology. And this is only set to rise.
Central to its evolution is AI. According to a recent report by The Institute of International Finance about RegTech in financial services, machine learning ‘can identify complex, nonlinear patterns in large data sets and create more accurate risk models.’ In a recent Baker McKenzie survey of senior executives from financial companies, 49% said they expect their firms to use AI for risk assessment within the next three years, 29% that their firms will apply AI to learn more about their clients and to prevent money laundering, and 26% anticipate AI will help with regulatory as well as risk and compliance issues.
RegTech can be applied in a number of ways, one of the most important of which is monitoring communications. Increasingly, internal guidelines stipulate that firms store all client communication, including those made on WhatsApp, Facebook Messenger, and even voice. In order to satisfy such requirements, firms can either somehow integrate and monitor various communication channels or migrate account managers to controlled messaging environments. This is being made easier primarily through machine learning’s improved ability to analyze reams of unstructured data.
Unstructured data is all data that does not fit into relational databases. This includes videos, powerpoint presentations, company records, social media, RSS, documents, and text. Machine learning is valuable for the analysis of structured data, but indispensable when it comes to its unstructured counterpart because of the differences in scale. A human being simply cannot compute that amount of data. Dave Copps, CEO of Brainspace, makers of unstructured data analytics and eDiscovery software that uses machine learning, notes that, ‘Before, all we really did with unstructured data was search, get a load of documents together and hack at it with keywords. Technologies like Tableau and Quickview were always good for looking at structured data, but those that tried to use unstructured data were really just taking it out and putting it into structured data platforms. Once you pull words out of a document, you destroy their context. So, say you’re analyzing resumes. If you take the Java out of a software developers CV, you don’t know if that’s only in there because the person has said ‘I suck at Java.’ What we’re doing is, rather than just analyzing words, we’re looking at the whitespace between the words - the context.’
In a bank, this has tremendous implications. It allows you to analyze the communications in essentially real time, which allows you to identify culprits and prevent malfeasances. Qumran is also focused on the issue, developing technology that allows voice recordings to be transferred into searchable data. This has further uses in areas such as market surveillance. RegTech is now at a scale that even IBM Watson has seen its potential, acqui-hiring Promontory’s 600 employees – many of whom are former government regulators – to help ’accelerate IBM’s development and machine training of cognitive solutions for risk and compliance. This includes solutions for tracking constantly changing regulatory obligations, expectations and control requirements (Sybenetix), as well as solutions that address specific compliance needs, such as financial risk modeling, surveillance, anti-money laundering (AML) and Know Your Customer (KYC).‘
Another area RegTech is increasingly being used is cybersecurity and, in particular, data privacy. Financial firms are increasingly working with external vendors that operate outside of the firm’s firewall, and regulations concerning cybersecurity provisions and vendor obligations mean that financial institutions bear responsibility to secure their systems. Alyne is a startup that has developed tools to qualify the cybersecurity protocols of vendors to financial services companies, technology which can also be used by insurance companies in order to assess cybersecurity insurance underwriting risks.
The obvious consideration is how regulators feel about so much of the compliance process being automated, which naturally brings with it its own set of problems. In November 2015, the Financial Conduct Authority, a key regulatory agency in the UK, issued a ‘call for input’ on developing RegTech. Subsequently, the IIF formed a regtech working group in response. The FCA has also warned that banks must accept responsibility for partnering with RegTech firms and monitoring their risk management. RegTech isn’t going anywhere, and as AI improves, it is only going to get better, but financial institutions must be careful not to let it run rampant, as if it goes wrong, they will still be held responsible.