Thomson Reuters has finished its third global survey of financial technology (FinTech) and regulatory technology (RegTech) in the context of compliance with financial regulation. The firm drew its data from respondents in compliance and risk departments in almost 400 financial service firms all over the world.

Senior managers in the spotlight

The part that RegTech is about to play (but does not play yet) in the holding of senior managers to account is a fascinating one that the report explores in some depth. Around the world senior manager accountability regimes are on the rise, with Singapore and Ireland announcing their policies recently. These regimes are, by and large, based on the British Senior Managers and Certification Regime (SM&CR) which allocates responsibilities to senior managers individually, with the expectation that they will take ‘reasonable steps’ to ensure that their firms comply with rules in their areas of business. It therefore follows that anything that causes a compliance breach, such as an IT failure, could well become a source of personal liability in future.

The United States does not have a separate regime for personal accountability but its regulators hold senior executives personally responsible for technology failures. In August last year, the Securities and Exchange Commission fined Aegon $97 million for failures that sprang from faulty algorithms that allocated billions of dollars in clients’ funds. Two top executives had to pay $65,000 and $25,000. The report also mentions TSB's IT meltdown in June of last year, adding that Paul Pester had to resign as CEO in September as a result of withering criticism from Parliament.

The involvement of boards in their firms' approach to FinTech and RegTech and insurtech has, at the same time, fallen. In 2017 15% of firms said that their boards ought to involve themselves more deeply; in 2018 this had risen to 28%. Once again, there was a parallel drop in boards being seen to be fully involved and consulted - the figure went down from 36% to 19%. This trend is echoed among "globally significant financial institutions" (a decline from 34% to 13%).

In the meantime, one-third (34%) of firms have invested in board-level FinTech skills to some extent, while another third (37%) want to but have not yet done so.

Firms in the Middle East and Australasia led the way when asked about their boards' involvement in their approach to FinTech, RegTech and InsurTech, with 40% of boards in the former and 39% in the latter being fully involved and consulted.

Skills needed!

The report admonishes the financial sector about grandiose RegTech-related plans coming to nought at firms that do not have people with the right skills. The text states: "The percentage of firms who identified their risk and compliance functions as needing to be more involved in FinTech, RegTech and InsurTech has more than doubled from 15% in 2017 to 32% in 2018. There has been a parallel drop in those reporting that their risk and compliance function is fully engaged and consulted in their firm’s approach to fintech from 37% in 2017 falling to 18% in 2018."

The percentage of firms that think that they need to invest in "specialist skill sets" (the report is riven with unnecessarily flowery language) for their risk and compliance functions, but have not yet done so, has almost doubled from 18% to 34%.

In the Middle East, 20% of firms are leading the way, having already acquired or trained people in their risk and compliance functions with more skills to keep abreast of FinTech, InsurTech, RegTech and "digital disruption." Regulators such as the Dubai Financial Services Authority (DFSA) and the Abu Dhabi Global Market (ADGM) have helped with new training and education schemes, digital "sandboxes" and events.

Allocations of capital

Firms expect to make wildly different amounts of money available for their RegTech operations over the next year. 31% say that the budgets will grow (38% in 2017, 35% in 2016) but 25% do not have separate budgets for that purpose at all (9% in 2017, 24% in 2016). Only 1% expect to reduce their budgets (12% and 7%), while only 12% expect them to stay the same (34% and 34%).

The take-up of RegTech

In 2017, 22% of firms reported that all their RegTech was being developed in-house compared - now it is just 6%. In parallel, in 2017, 26% said that all their RegTech was developed externally - this is now 13%. This seems to be caused by a rise in those firms that do not use any RegTech from 7% in 2017 to 23% in 2018. Thomson Reuters thinks that that at least some firms might have deployed RegTech before but had, for whatever reason, chosen to not to continue. A significant 14% of firms in 2017 and 4% of firms in 2018 knew not what they were doing on the subject, according to their own confessions.

The most potent message to come out of the report, iterated again and again in different ways, is this warning: "Firms cannot and must not leave FinTech, RegTech and InsurTech to their compliance or IT functions. All areas of the firm, the board expressly included, need to have the appropriate level of up-to-date knowledge and skills."

The involvement of compliance departments

Just over one-quarter (26%) of risk and compliance functions in Australasia have been fully involved in (and consulted about) their firms' approaches to FinTech, RegTech and InsurTech, in comparison with 18% of all respondents taken together.

It appears that in 2017 many firms had an inflated opinion of the depth of their compliance functions' involvement. Thomson Reuters asked them the question "do the risk and compliance functions have enough involvement with your firm’s approach to FinTech, RegTech and InsurTech?" Their answers were:

• Yes, fully involved (the survey sometimes uses the word "engaged") and consulted: 21% in 2016; 36% in 2017; 18% in 2018.
• Yes, some involvement: 42% in 2016; 44% in 2017; 41% in 2018.
• No, but need more: 20% in 2016; 15% in 2017; 32% in 2018.
• No, do not need to be involved: 16% in 2016; 2% in 2017; 2% in 2018.
• Don't know: 2% in 2017; 7% in 2018.

RegTech's effect on firms' compliance efforts

The elements of compliance and regulatory risk management that RegTech is most likely to affect have shifted between the years. Last year's respondents listed the top three areas as:

• The interpretation of regulations and their effect (21% in 2017, 2% in 2018).
• The implementation of regulatory change (16% and 6%).
• The 'capture' of regulatory change, whatever that may be (16% and 4%).

This year, and in descending order, firms expect compliance monitoring, onboarding/KYC3 and financial crime/AML/CTF/sanctions to be at the top. The firms in previous years no doubt had to contend with massive pieces of legislation such as the European Union's second Markets in Financial Instruments Directive, which came into force on 3rd January last year.