It is hard for an innovative bank executive to convince his main board to take on a piece of regulatory technology or RegTech. When at last he does, the sales cycle is a long one and his career depends on the success of the adoption. The consequences of installing inappropriate software can be problematic not just for him but for the bank also. Why, then, is 'RegTech' popular?

The accountancy firm of Deloitte has dubbed RegTech, the use of IT to fulfil (or help a financial firm to fulfil) regulatory rules, "the new FinTech." The word first popped into the consciousness of compliance officers in 2015-16 and the phenomenon sprang out of the FinTech movement. Some say that it evolved directly from the new intake of IT people in financial services who noticed in passing that regulation was, technologically speaking, still in the Dark Ages. The result has been an explosion of regulatory software on the back of the FinTech boom. The new technology that FinTech offers (artificial intelligence/AI, blockchains, 'voice' and mobile technology) is, by and large, the same that RegTech uses.

Golden promises

People use the term 'RegTech' to mean both IT for use by regulators and IT to enhance the compliance process at banks. Advocates believe that it can remove the dilemma of whether to make compliance good but expensive or cheap but compromised. Digital technology, according to them, really can give a bank something better, faster and cheaper all at once.

One lure of RegTech is its ultimate ability to make the compliance process less expensive at a time of spiralling costs. The price of employing compliance people is sky-rocketing. In the UK a bottleneck has formed at the bottom end of the British compliance job market in the last year or so and salaries have therefore risen stupendously. Such is the demand that young people are able to obtain compliance jobs while still studying for their diplomas. Somebody with 0-1-2 years' experience can earn anything between £30K and £45/50K in London, whereas before it was £25-40K, and people with two years' experience are now touching £50-55K. Anything that can relieve companies of the cost of accessing such scarce resources must be welcome.

Then there is the relief that RegTech may offer to smaller firms in financial services. RegTech is less of a necessity for the large global banks because they tend to spend only 2-3% of annual turnover on compliance. For banks in the middle range, it is often claimed that compliance costs hover around 7-8%. For very small banks and independent financial advisors, the figure is more likely to be 10-11%, if not higher. The further down the food chain one goes, the more pressing the need for the right RegTech – which many see as a great leveller.

This is not to say that large firms are not investing heavily in RegTech in an attempt to save money in the long term. Accenture, the management consultancy giant that used to call itself Andersen Consulting before the Enron scandal prompted a name-change, said earlier in the year on its Finance and Risk Blog: "Despite continuing volatility in the marketplace, we expect 2019 to be an important year for RegTech [with a] continued emphasis on cost reduction. Some large banks are spending as much as $500 million annually on KYC and customer due diligence programmes; RegTech solutions can help control these costs."

Bumps in the road

The question to answer, then, is not why RegTech is booming, but why financial institutions are not adopting it universally, wholeheartedly and at a faster pace. Apart from the Spanish banking giant BBVA or Banco Bilbao Vizcaya Argentaria, whose headquarters are in Bilbao, and a few other notable exceptions, most banks are still not enshrining as much new financial technology (artificial intelligence/AI, blockchains, 'voice' and mobile technology) in their many and varied offerings as they might. According to ComplyAdvantage, "brakes on technological progress are endemic throughout the banking system, especially if banks are being sold a product which requires fundamental change to the service they offer."

Regulators are evolving but have still not learnt how to set up eco-systems that promote advancements in RegTech into which IT firms can come and go as they please. This, many believe, is the way forward rather than regulators creating architecture and imposing it from the top down. Jo-Ann Barefoot, the co-founder of Hummingbird RegTech in Washington DC, speaking in a radio interview last year, outlined this vision for the future.

"We at Hummingbird have advocated a move towards an open-source regulatory framework that might begin to move us on to platforms where the regulators essentially put out the standards for what it takes to meet their requirements for auditability and fairness. Then they could start to let the rest of the world innovate in the way in which people make apps for the iPhone. And, through that, [they could] develop rapid learning, instead of having the rigid regulatory processes we have today that are so formal and so slow and back-and-forth.

"They're built to be slow and careful for a good reason. I'm a former bank regulator. I really empathise with the regulator's situation. We're going to have to work out how to speed it up and still have people overseeing things appropriately. I think part of it is just knocking down the walls and allowing people to start to collaborate in more platform environments with more open standards that just make it easier for them to learn from each other."

She went on to say that regulators themselves do not have the correct skills yet: "Broadly speaking (and there are exceptions developing) they are going to need data scientists, people who understand machine learning, AI and distributed ledger technololgy. They have trouble attracting people because the pay that they offer is not lucrative and also people have this incorrect idea that these are boring problems." Harry Chetwynd-Talbot of the recruitment firm of Hedley May recently expressed the same problem in a different way: "Regulators are often competing against higher compensation, more varied career progression and a perception of more dynamic and exciting cultures offered by those they regulate."

Another problem is that the step from FinTech to RegTech is not as brief as a layman might suppose. In software and systems engineering, a "use case" is a list of actions or event steps typically defining the interactions between a role (known in the Unified Modelling Language as an actor) and a system to achieve a goal. The actor can be a human or other external system. Even though FinTech and RegTech use the same technology (AI, blockchains and so forth), their "use cases" are very different from one another.

On the supply side, it is often difficult for entrepreneurs to spot potential investors and solicit capital from them for RegTech enterprises. Many venture capitalists are looking for sectors where they can obtain speedy gains, and RegTech is obviously not one of these. RegTech start-up deals are being closed all the time, with capital market RegTech appearing to lead the way, but investors know that the sales cycles are far longer than those associated with normal business-to-customer (B2C) start-ups and one business recently likened the whole capital acquisition process to "swimming through treacle."

As we have said also, it is a daunting task for someone at a bank to sell the idea of taking on FinTech to his superiors and it is, if anything, probably even more daunting for him to do so with RegTech.

Regulatory innovation

Although banks compete with one another fiercely, regulators (at least internationally) do not. They therefore ought to be collaborating on this exciting new venture, but they are not doing as much as they might.

In all areas of RegTech, Britain stands clear of the field. ComplyAdvantage describes the Financial Conduct Authority's approach to RegTech-related innovation as "daring" and this is the consensus among IT people around the world. The FCA's RegTech Group contained only seven people at the last count, but they had active help from hundreds of people because, for several years, the private sector has been placing the exertise of its data scientists and AI experts at its disposal. Regulators and IT people in the UK are always talking to each other about how to redesign the compliance process.

The Americans, by contrast, lag behind. There are some very good RegTech firms in the central United States, but the regulatory environment is nowhere near as welcoming as the UK's, perhaps because of jealousy between the many competing federal and state regulators and their overlapping responsibilities. Arizona set up a "regulatory sandbox" in March last year but it is a far cry from the much older British one, largely because instead of offering start-ups a respite from having to obey the full panoply of investor-protection rules straight away, the Arizona Consumer Fraud Act guides all products and services offered in the sandbox and any product offered there must comply with all statutory limits and caps in Arizona law that relate to financial transactions. Last summer, for the first time, regulators from six American agencies visited London to attend one of the FCA's hackathons or "TechSprints," all of which feature eclectic groups of bankers, tech firms, coders, academics and so on. Some US regulators have data scientists on board – the federal Securities and Exchange Commission has 100 – but they appear not to be using them strategically in the British manner.

Europe (outside the UK) and Asia are also quite advanced in RegTech, with Singapore making enormous efforts to become the leader in Asia. British and American RegTech firms and financial institutions like to experiment with RegTech in Asia, testing it out there and repatriating whatever results are successful back to their headquarters at home.

Ingenious Albion

Participants at the FCA's gatherings occasionally work miracles. At one TechSprint, the participants worked tirelessly together to map an FCA regulatory rule directly to a financial institution's data. Oliver Burrows, the chief data officer at the Bank of England, said to a reporter: "This is about communication between regulators and firms. The challenge here was – can you make this a straight-through process? Can you make it machine-readable, model-driven, machine-executable? What we've got here now is a rule that's been ingested, been made machine-readable, you change the rule, it flows all the way through and we saw it happen. It took 10-12 seconds."

Many people at these gatherings speak of the "Fourth Industrial Revolution," which is the title of a book of middling quality by Klaus Schwab, the founder of the World Economic Forum. In it, he argues that the forthcoming digital revolution is different in scale, scope and complexity from any that have come before. Characterised by a range of new technologies that are fusing the physical, digital and biological worlds, it affects all disciplines, economies, industries and governments. RegTech, everyone agrees, is part of that revolution. It is still, however, in its earliest stages.