Tue, May 28, 2019

Regtech on the Rise

Technology is increasingly being integrated into supervision and compliance as regulators and firms respond to digital disruption.
Download the Report

For some time, technology has driven certain core aspects of the financial services industry, such as trading and online banking, but its adoption in regulatory compliance has been more muted. This is rapidly changing, however. Interestingly, regulators are playing a key role in accelerating that shift: As regulators become more proactive in adopting technology in their supervision of the industry, firms are having to evolve their compliance functions accordingly.

For Regulators, Competition and Moore ’s Law

Until recently, regulatory agencies have generally not been seen as technology innovators. But in many ways, they are now responding as firms have been to the fast-moving and dynamic forces unleashed by digital disruption. Consider the progression of EU Anti-Money Laundering Directives. While nearly 12 years elapsed between the adoptions of the third and fourth directives, the fifth directive followed just a year later and the sixth directive is already on the drawing board. The need to account for technologies such as virtual currency platforms and e-money is a contributor to this acceleration. Regulation is thus following its own version of Moore’s Law.

The adoption of technology by regulators is also driven by the fact that regulators operate within a market and are subject to its forces. Just as investors increasingly factor in the quality of a financial institution’s compliance when deciding where to invest, investors, financial institutions, and corporations all consider the strength of a jurisdiction’s regulation when deciding where to do business. In the EU, for example, jurisdictions have been effectively competing with one another as UK-based institutions consider locations for their post-Brexit EU headquarters. Regulators thus have an incentive to be seen as technologically progressive.

The use of technology also sends a clear message regarding regulatory priorities. In Hong Kong, the emphasis on creating a more supervised environment for corporations has bled over into Hong Kong’s handling of the financial arena; the Securities and Futures Commission has not only greatly expanded the Business Risk Management Questionnaire but has also signaled that it will be using algorithms to analyze the responses and identify inconsistencies and other red flags. 

For Firms, Strategy, Budgeting, and Support

Against a backdrop of technology-powered supervision, firms are looking to integrate technology into their compliance, identity management, reporting, and other functions. However, firms will undercut their adoption of regulatory technology if they view technology as a “black box” solution that can simply be inserted into existing regulatory processes. This siloed approach often leads to underperformance–if not outright disenchantment. Better results are more likely when firms begin by examining their overall regulatory workflow. Mapping the dependencies of various tasks, inputs and outputs, and the relationships between processes and controls and requirements will help firms locate bottlenecks and inefficiencies. Some of those bottlenecks and inefficiencies will be best resolved by technology, while others may require data remediation, new procedures, or new staff competencies. The importance of creating a holistic strategy can be seen in our survey results; creating a data strategy linking technology workflow, and compliance is the most frequently named substantial challenge to regtech adoption. And because developing a strategy first will help more clearly define the requirements the technology must meet, doing so may well address the second-most frequently mentioned challenge: finding technology that delivers as expected.


Investors, financial institutions, and corporations all consider the strength of a jurisdiction’s regulation when deciding where to do business.


Of course, technology initiatives do not need to lead to full-blown digital transformations. Most firms–and particularly smaller and mid-sized firms– will have to segment their adoption of regulatory technology over time. Two approaches can provide a useful framework for doing so. Technology solutions for regulatory elements that are common across jurisdictions lend themselves to pilot programs in one jurisdiction that can then potentially be scaled across the organization. Once that scaling has taken place, the firm can address the next component on the list. Technology upgrades to KYC requirements, for example, can be followed by AML requirements and then archiving and monitoring. Alternatively, firms can prioritize based on risk, attacking the most problematic areas first. Doing so, however, may require more experience in and resources for technological implementation, depending on where those risks lie.

 Regulatory Technology

Three Common Missteps

However firms develop their regtech strategy, they need to ensure that there are sufficient resources and support within the organization for implementation. In our work with clients, we have noticed three areas that can be particularly challenging. The first is budgeting. There is a tendency to establish the budget for new technology first and then assume that the solution can be made to fit that budget, rather than identifying a range of solutions based on specific needs, researching total cost of ownership for each, and then making an informed decision about the most appropriate level of investment. When the budget is determined first, it almost always turns out to be unrealistic, starting the process on a rocky path and forcing a series of no-win tradeoffs as the implementation unfolds.

Second, implementing digital solutions shines a bright light on data integrity; regtech is only as good as the data fed into it. Many firms lack customer and transaction data that is clean, current, and consistent across customers, products, and jurisdictions; data quality was mentioned as a major challenge by one-third of survey respondents.

The third challenge we see involves culture, training, and support. Especially if the introduction of new technology is part of a larger rethinking of processes and workflow, it is critical to create buy-in along the way not only from firm management but also from those whose day-to-day work will be affected by the change. Once the implementation is underway, it may be months before everyone is comfortable with the transition. Remember that, in the beginning, the new processes may well seem cumbersome to those skilled in the old methods. It is thus critical to provide ongoing support to reinforce the cultural shift.

At the end of the day, of course, technology is only a tool, even when it is deployed in the most strategic manner. That tool needs to be wielded by those skilled in its use and in the support of a larger, robust compliance program.

Financial Services Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.

Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.

Regulatory Advisory and Assurance Services

Within our Regulatory Advisory and Assurance Services, we assist financial services firms in a range of engagements across our suite of subject matter expertise.