RegTech – a buzzword used commonly over the last year in FinTech and Finance – but what is it, who is it for and what does it do? Should you implement it? Do you need it? Just some of the dozens of questions I’ve been asked over the last six months and I thought I’d do a quick beginner’s guide as there are very little of those out there. And as to how to pronounce it – it’s Reg as in Peg, not your Great Uncle Reg who’s worth a fair wedge. Minor pet hate, I’ll get back to the point …
RegTech has in fact been around (if not in buzzword, but in application form) for quite some time and is only going to get broader in its applicability and automation. It is in truth a myriad of different solutions all aiming to reduce the burden on banks of holding large amounts of data and delivering regulatory compliance. As we all know, Compliance is the backbone of banking and banks in breach of regulations this face serious penalties. These regulations are what keep our data and our money safe, so being in breach is a bank’s worst nightmare. It’s why, despite branches becoming more scant and customer call centres being outsourced, you see compliance departments that are headcount-heavy and on the increase. Banks simply won’t take the risk of falling foul of regulations. Great, right?
Well – not really. Because until RegTech entered Stage Left, all of this was completed by isolated systems, not natively built for compliance, pieced together by human intervention and then filed with the regulators. Only a handful of key core systems prevented compliance from being broken and it allowed for great chinks in the banks’ armour as can be seen with all of the court cases in the last few years. For those ‘dark individuals’ within banks who wanted to try and work their way around compliance and take their chances, they were able to find a way of doing so.
So, enter RegTech. From mere compliance report filing (itself becoming more onerous by the day) through to the highly sophisticated regulation of deals and buy-side/sell-side monitoring in the markets, to behavioural analysis of teams and predictions of weak factors and platforms that offer things like MiFID II, GDPR, PCI and PII compliance by design, RegTech covers a multitude of areas right across the banking spectrum and can greatly reduce a banks’ collective headache by automating a great deal, sometimes all, of the requirements. It takes away dependency on human factors and it removes the ability of persons trying to break protocol, making the whole process smoother and stronger. Furthermore, it also makes sense of a bank’s vast lakes of data and allows new services to be delivered to the customer. For more details, you can look to the FCA’s handbook for guidance on what tools are used for monitoring compliance: https://www.handbook.fca.org.uk/handbook/SUP/1A/4.html
In my view, compliance needs to start with design, whether you’re a bank or a FinTech. If you design your processes and your products with compliance baked-in, you’ll already be ten steps ahead of where you were previously. Carry that throughout all of the operational service of your products, through all of the processes and through to the back office and you’ve just improved a hundred-fold on where you were before. Not to mention that once implemented, when regulations change, compliance with them is a tweak to the tools already in place.
Of course, there will always be humans trying to break processes, operate outside of the system entirely and generally find ways around – and for that reason, you will always need human headcount in your compliance department, keeping a watchful eye. However, to reduce the burden on them and the risks that they face – RegTech is a prayer, answered.
FINkit® is PCI compliant and the toolchain and developer environment FINkit comprises means that all products built are, by nature, compliant. It is ‘RegTech-Ready’ and the outputs of a product can be tailored to produce evidence and file compliance reports.