The digitisation of the compliance function – The RegTech landscape 

What sub-categories does RegTech have? 

The RegTech landscape, i.e. the available systems, processes and tools that support the digitisation of the compliance function, can be divided into a number of sub-topics. These sub-topics can be translated into the various components of the compliance cycle. The compliance cycle consists of: 

1. establishing the legal framework; 

2. conducting a risk analysis; 

3. putting in place management measures; 

4. monitoring the effectiveness of management measures; 

5. reporting on the degree of mastery; and 

6. determining follow-up if needed. 

  

RegTech’s most well-known sub-topics are: 

• LegalTech consists of software and processes that help detect changes in laws and regulations. In addition, technology can also help interpret the changes and perform a global impact assessment. LegalTech can thus help determine (changes in) the legal framework of a financial institution. 
• ComplyTech can be seen as supporting systems and software that help staff act in accordance with internal policies and procedures. ComplyTech thus helps implement and execute a financial institution’s control measures so that the company effectively mitigates its compliance risks. 
• MonitorTech looks at real-time mapping of exactly what is happening within a financial institution. Software can help systematically analyse all the data the financial institution has. Often this is too much data for the human brain to grasp and analyse. In addition, certain techniques can support the compliance function in recognising and predicting trends and patterns within the organisation so that timely action can be taken. MonitorTech thus supports in monitoring the effectiveness of the control measures a financial institution has in place. 
• ReportTech are software and processes that help with the accurate and timely reporting of data to regulators, for example. These include the securities transactions that have to be done on a daily basis by banks and investment firms, the credit overruns that have to be reported (and deregistered) to the BKR and the balance sheet information that has to be reported quarterly to the DNB/ECB. But it can also include software that takes care of reporting to the tax authorities. So ReportTech helps report on a financial institution’s level of control of compliance risks. ReportTech can also support compliance reporting. 
• DataExchangeTech: Financial institutions are increasingly interdependent in the sense that they need to exchange information. Systems and software that help exchange information between them are necessary for parties to continue operating efficiently. An example is that when a financial institution offers a packaged investment product from a provider to the customer, the financial institution has to provide a Key Information Document (or KID; a document containing information about the essence of the product) to the customer for it. The financial institution should then receive this KID from the provider and then provide it to the customer. When it comes to offering thousands of products (as a bank does), this involves an awful lot of information to be exchanged between them – which is impossible to carry out manually. DataExchangeTech does not address a specific part of the compliance cycle, but is necessary for adequate execution of operational processes and compliance with legal obligations. In short, DataExchangeTech touches all parts of the compliance cycle. 

Besides the above well-known sub-topics of RegTech, there are also RegTechs that focus on specific work such as risk management, transaction monitoring, regulatory reporting and identity management. In addition, there are RegTech solutions that focus on compliance in general. Ruler is one of the RegTech solutions that focuses on compliance overall by digitising the compliance cycle. By 2020, there are about 380 RegTech companies worldwide [2]: 

Why choose a RegTech solution? 

Efficiency

When you bring RegTech in-house as a financial institution, it can lead to savings in costs, resources and staff time. Ultimately, this creates significant efficiencies, reducing both (one-off) implementation costs and (ongoing) monitoring costs. Constantly looking for solutions to reduce costs is important, as increasing regulatory pressure means compliance budgets will continue to rise in the coming years. 

Predictions based on data 

Besides interesting cost savings, RegTech increases the quality of the level of compliance within a financial institution. This is because RegTech solutions can analyse and interpret large data sets faster and better than humans. This allows computers to make predictions based on historical data in a way that a compliance officer cannot (manually) mimic. 

  

Consistent compliance with laws and regulations 

Moreover, RegTech facilitates the implementation and monitoring of regulatory compliance for financial institutions that have invested certain mandates at a decentralised level. Where local entities of an internationally operating institution can usually interpret and implement legislative changes themselves, RegTech can help ensure their consistency – and thus quality – across the group. In this way, it avoids the need to reconcile process differences afterwards. RegTech can also ensure that not every business unit has to reinvent the wheel. For example, by automating decision models for the interpretation and impact analysis of new legislation. 

  

Taking over administrative tasks 

In addition, RegTech solutions can take many boring jobs off the hands of the compliance officer. This allows the latter to focus on more important matters, such as preventing incidents, advising the organisation on legislative changes and performing compliance monitoring. Moreover, a front-line employee does not need to be taken away from his core tasks (serving the customer) to deal with signalling, implementation and monitoring (‘run’ and ‘change’ activities). Indeed, that is where RegTech can help. This way, the compliance officer can refocus on overseeing compliance risks and – where necessary – deploying awareness and improvement plans. In doing so, he is supported by RegTech solutions that ‘administer’ and alert colleagues to deadlines. 

  

Overview and understanding of legal obligations  

Finally, RegTech can enhance employee focus by providing clear insight and overview of the legal obligations (the legal framework) for the relevant department and/or function. Certain RegTech solutions are able to map dependencies and insights between related regulatory topics and/or pathways. By linking these together, stakeholders gain insight into the impact that different regulations or legal standards (such as MiFID II, MiFIR, MAD II, MAR and PRIIPs) have on specific business units, entities within the group or even entire chains. This prevents colleagues from engaging in the same work unnecessarily. It also makes the steps taken by the financial institution more traceable. This results in a better audit trail. It also creates transparency in terms of the intertwining of legislation, loopholes and the financial institution’s compliance policy. Both transparency and traceability are necessary for adequate compliance management. 

What does it take to implement RegTech? 

To successfully implement RegTech, compliance and legal departments need to be open to technology. They need to see RegTech as an opportunity, rather than a threat (to their own function). For their part, financial institutions need to accept that they cannot develop and manage everything in-house. There are plenty of quality solutions available on the market. Making smart use of these will save money and allow direct deployment of best practices from the experts who developed the solution. Last but not least, financial institutions should embrace a unified and value-chain-based approach, rather than continuing to focus on the fragmented autonomy of business lines and legal entities. 

Despite all the benefits of RegTech, how and why RegTech is chosen are incredibly important. Choosing a specific RegTech solution and implementing it should be done carefully. Financial institutions should critically analyse the offerings in the market and will need to determine which RegTech solution can best meet their demand. A risk analysis – especially focusing on the continuity risk and the possibilities for further development – should be carried out before proceeding to purchase the RegTech solution. After all, there needs to be the right ‘fit’ between the financial institution and what the RegTech solution can and promises to be able to do in the future. Without that ‘fit’, RegTech can cause more harm than gain. On top of that, RegTech needs to be adequately implemented in the financial institution’s processes to be of sufficient benefit. 

What is the future of RegTech? 

Translating data into insights 

Financial institutions process massive amounts of data every day. Data is often called ‘the new gold’, but without the means to translate this data stream into insights, data is worth nothing. RegTech helps make data actionable. By processing data with RegTech, an organisation can gain real-time insight into its performance and risks. This way, the financial institution can immediately apply the brakes or take action. This no longer needs to be done after the fact like ‘before’. 

  

More efficient data processing 

Technology and data can therefore help demonstrate on a real-time basis that the organisation is compliant with laws and regulations; even when the regulator explicitly requests it. As RegTech becomes increasingly capable of adequately processing large amounts of data, financial institutions can start reducing the amount of data they collect. The information needed to be compliant with laws and regulations often overlaps. By efficiently classifying and processing information, it can begin to serve multiple purposes[3]. 

The efficient and correct management of data by a financial institution is therefore crucial. It is not only European regulations that impose increasingly stringent requirements on data collection, processing and retention. Worldwide, countries are taking measures to reduce the risks involved. After all, reducing the amount of data collected also reduces the risks involved in data retention. Think, for instance, of the increasing number of cyber attacks, which also do not spare financial institutions. 

  

Recognise trends and patterns

Besides processing data more efficiently, financial institutions are increasingly using data to paint a picture of what is coming at them. Through artificial intelligence and other advanced analysis techniques, data is used to identify trends and patterns. In turn, they can use these trends and patterns to respond to developments early [4]. 

  

Compliance officers with data skills  

The future of RegTech and digitising the compliance function therefore lies in adequate data management. The compliance function no longer requires purely legal staff, but compliance officers with a broader vision and open attitude towards innovation and data use. In time, however, a broader vision and openness will not be enough. Compliance officers will have to be trained even more generically and will also need knowledge and skills in data modelling, data analysis and underlying IT systems. Only in this way will a digital compliance function be successful and will financial institutions have the flexibility to anticipate changes. Not only in laws and regulations, but also in data management and technological innovations that can support this. 

Ruler: digitising the entire compliance cycle 

In 2014, we launched our own RegTech solution Ruler. Ruler is an application that has digitised the entire compliance cycle. This allows Ruler to support the compliance function in its day-to-day operations and reporting. 

Technically, Ruler does not need to be implemented. Via www.ruler.nl, a user can log in with their login details and get started right away. In terms of organisational implementation, Ruler does need some attention – just like any RegTech solution. Ruler works with different profiles (permit types), departments and users. Beforehand, it is useful to think about how and in what way Ruler can provide the most added value to the organisation. Which (group) entities will use Ruler? Which departments should be included in Ruler? And which users will be added to Ruler? Are these only the employees from the second-line functions (the compliance function and risk management function)? Or does the financial institution intend to place responsibility where it belongs; with the first-line staff who are primarily responsible for compliance risk management? If both first- and second-line staff use Ruler, it must be determined who needs which user rights. This depends on the activities of these employees. 

From our experience, informing and training employees on how to use Ruler is important. Every employee should be taken through the possibilities of the technology for his or her function, as well as the best practices on how to use Ruler. To help with this, our consultants can conduct workshops in line with employees’ functions. 

Want to know more?

The increasing popularity of RegTech will further digitalise as well as improve the quality of the compliance function. The compliance officer retains control, but is provided with better information that allows him to make better decisions. Want to read more about the digitalisation of the compliance function? Then read the other two articles in the series: 

• The digitisation of the compliance function – Data-driven compliance 
• The digitisation of the compliance function – Compliance by design & default 

Want to know more about how Ruler can contribute to the efficiency of the compliance function at your financial institution? Our consultants are happy to think along with you. Read more about Ruler‘s features, or request a free demo.

If you want to read more articles from our Risk & Compliance consultants, you can subscribe to our monthly Risk & Compliance newsletter.