FSV RegTech Opportunity 080517 - TechMarketVie › assets › FSV_AV_RegTech... ·...
Transcript of FSV RegTech Opportunity 080517 - TechMarketVie › assets › FSV_AV_RegTech... ·...
1
Analyst: Richard Johnson TECHMARKETVIEW
WWW.TECHMARKETVIEW.COM
EMAIL: [email protected]
FinancialServicesViews REGTECH – A BIG NEW OPPORTUNITY
MAY 2017
FinancialServicesViews OPEN BANKING AND PSD2
OPEN BANKING AND PSD2 | 2
©TechMarketView 2017
RegTech In this latest report in TechMarketView’s fintech series, we delve into “regtech” which has become an increasingly hot topic over the past 18 months. There is a big market opportunity here, at a relatively early stage of development and this therefore represents an important area of opportunity for SITS providers.
Introduction – the problem to be solved Simply stated, regtech means the application of technology to help meet regulatory requirements. Whilst this is occurring in many highly-‐regulated sectors such as healthcare, environmental protection, food & drug, it is the financial services sector applications with which the term is primarily associated.
There is certainly a problem to be solved here. The Global Financial Crisis showed up major failings in the regulation of the globalised financial services industry, with the Basel committee a leading advocate for change. They determined that the complexities of the inter-‐connectivity between banks that had developed over the previous decade meant that banks had been unable to efficiently quantify their exposure to the collapsed Lehman Brothers. This has led to a major global regulatory initiative to identify “systemically important” financial institutions and those that are “too big to fail” at a national level, and to apply thorough stress testing and monitoring of collateral, exposure and risk. At the same time, local markets have taken steps such as the UK “ringfencing” approach, and in the US the 2,300-‐page Dodd-‐Frank Act, to limit the potential knock-‐ons of casino-‐banking failures to consumers.
It is not just the GFC-‐fallout that is driving the volume of regulation. There has been a global tightening of anti-‐money-‐laundering (AML) and know-‐your-‐customer (KYC) activity to counteract fraud and terrorist financing. In Europe, the regulatory agenda also involves transformational initiatives aimed at promoting competition and protecting consumers, in the areas of Open Banking (see our recent report) and data protection (with the forthcoming General Data Protection Regulation).
Business Insider estimated that from the 2008 financial crisis through to 2015, the annual volume of regulatory publications, changes, and announcements increased a staggering 492%. The result is that financial institutions have had to invest significantly in systems and people: in the UK, KPMG estimate more than 80% of banks’ technology budgets for the past five years have been spent on addressing regulatory requirements, mitigating litigation and streamlining. The subject of regulatory spending crowding out other important transformation initiatives has often been a feature of FinancialServicesViews research, see here for our 2016 Market trends and Forecast report.
2016 macro factors such as Brexit and the Trump election may swing the pendulum away from global regulatory co-‐ordination, but there is no sense of a downturn in the volume of regulation for banks to grapple with.
Banks are already investing heavily in transformation programmes to reduce costs and increase efficiency and agility to adapt to the digital revolution, which is also seeing revenue streams come under pressure from new competition.
Could the costs of regulation (both in terms of direct cost, and the opportunity cost arising from the diversion of planning and change capability) make the whole business model look unsustainable?
The technology opportunity The post-‐GFC crisis has coincided with some key technology trends which offer the potential to provide solutions to the regulatory challenge:
Digital device ubiquity: connected, biometrically-‐capable, powerful portable computers in most consumers’ hands
Cloud and the API economy: data can be stored and capability rented more cost-‐effectively than ever before, making it easier for specialists to develop and distribute their products, and for banks to leverage third parties
Data analytics and machine learning: enables insights to be extracted from huge volumes of both structured and unstructured data, even including voice and images.
FinancialServicesViews OPEN BANKING AND PSD2
OPEN BANKING AND PSD2 | 3
©TechMarketView 2017
Fundamentally, it is these technology trends which are driving the regtech sector, creating opportunities for
new and existing SITS providers.
RegTech in action The traditional regulatory lifecycle for a financial institution involves:
Influencing: Many banks, and indeed some of their suppliers, get to participate in the shaping of forthcoming regulation through working parties and consultation exercises. It is a major challenge to represent the bank’s position holistically in deciding what to submit, because the commercial, technology and strategic dimensions each have their own contexts and it is hard to orchestrate key parties for “hypothetical” discussions.
Interpretation: What do these new regulations mean and which parts of the business do they apply to? This can be extremely complex to work out, as products and processes have been shaped by historical regulations and the new ones do not always come with backwards compatibility guarantees!
Internal process impact: Which processes are impacted and how?
Implement controls: To make the necessary changes
Reporting internally and externally.
In working through these stages, multiple problems arise:
Lack of expert staff capable of interpreting and analysing the regulation
Constraints on IT/change capacity leading to spreadsheet models, manual re-‐keying and reporting, rather than integrated system solutions
Backwards looking view/post-‐event controls
Tickbox exercises
Slow and inflexible outcomes
Poor data quality and architectures
and these are all areas where regtech innovators are emerging with solutions.
Working with the established providers of regulatory solutions There is a thriving community of established providers of regulatory solutions, despite many of the larger financial institutions having built bespoke systems to meet their individual requirements.
Among the specialist providers in the UK market we have written extensively about Lombard Risk Management and its portfolio of regulatory reporting and collateral management tools and Fidessa, which provides compliance tools in a broader services-‐based offering for traders in equity and derivatives markets. Larger companies have also established positions in terms of the provision of regulatory utilities (DXC, Accenture, Capgemini, etc.) and CGI with its Protect the Bank offering to provide enterprise-‐wide services to manage risk and fight financial crime as well as generating cost and scale efficiencies by consolidating the numerous regulatory activities within a broadly-‐based financial services institution.
Pure business process outsourcing organisations also provide resources for the larger institutions to meet their regulatory obligations, although this is generally for dealing with large customer populations taking standard products and services (e.g. Capita, Computershare, Equiniti, Genpact etc.).
Other companies have worked closely with the regulatory authorities to support their activities and to enable them to reduce their reliance on the “rear-‐view mirror” as they monitor market activities. Notable among these are Sopra Steria (supporting the FCA with MiFID2) and Cognizant, making strong recent advances with institutions such as the FCA and the Financial Services Compensation scheme.
FinancialServicesViews OPEN BANKING AND PSD2
OPEN BANKING AND PSD2 | 4
©TechMarketView 2017
Start-‐up activity targeting several areas of the regtech scene
There is also a lot of start-‐up activity in regtech, with some of the key sub-‐sectors and examples of businesses (including some Little British Battlers and others which demonstrated at the recent Finovate conference) being:
KYC/AML compliance: Use of new techniques for remote KYC (Know Your Customer) and AML (Anti-‐Money Laundering) processes. Traditional methods required consumers to bring key documents into a branch location where they would be subject to limited, costly and error-‐prone manual checks. Regtech firms are leveraging smartphone capability, machine learning and APIs to scan documents and IDs remotely, extract the relevant data and verify it – which could range from checking a selfie with a passport photo (for example Jumio, iProov, iCar), to instantly checking it with global databases (Trulioo, ComplyAdvantage, Sphonic) or via unified ID-‐verification platforms (LBB Contego). This approach reduces cost, improves customer service and reduces risk.
Automated Regulatory Reporting Software automatically provides reporting direct to regulators (example Ayasdi, CrowdProcess).
Communications Monitoring Monitor voice, social media messaging platforms for potential compliance breaches. Examples include Kyolab and PushFor.
Robotics Process Automation Replacing manual processes with integrated software (LBB Web Services Integration).
Big data/analytics: Spotting risks, such as in payment transactions, earlier. Trustev and FeatureSpace are in this field. Any ability to reduce ‘false-‐positives’ (which cause manual review of transactions which are in fact not fraudulent) has a very tangible ROI.
Cognitive/AI: Looking to replace higher-‐level human assessment with artificial intelligence, for example in compliance assessment. Suade and Sybenetix are examples in this longer-‐term category. There is also LBB The ai Corporation in fraud assessment software.
Data management: Help FIs manipulate large quantities of data, such as for stress testing (Symetrics, EdgeLab), keeping stored KYC details up-‐to-‐date (Aqubix) or spotting suspicious connections in unstructured data (Ephesoft).
Training tools: E-‐learning coming up-‐to-‐date. At the individual level, we have seen examples of the gamification of training to encourage participation and skill development (Horizn). At an organisational level, training can become more like a flight simulator to test individuals and teams in fully realistic scenarios.
GDPR The EU’s forthcoming data protection regulation requires such major change to consumer interfaces and data management that it seems likely to spawn a whole category of specialist suppliers.
RegTech Outlook Regtech has only really been a “thing” for 18 months or so, and therefore it is worth considering some of the ways in which it might evolve:
Over-‐time, compliance, like audit, will become something that is embedded in software, rather than a retrospective manual exercise.
Culture change: compliance has historically been a classic back-‐office/overhead function, sometimes styled as the “business prevention department”! Process automation and the adoption of machine learning/AI presents the opportunity for expert human attention to be focussed on identifying and enabling new business opportunities and the pursuit of competitive advantage. There will be greater transparency and clearer accountability. This will require major shifts in culture, skills, resourcing and organisation design.
Predictive regtech: as new data architectures make it easier to extract, compile and analyse the data lakes sitting in bank systems, and overlay with real-‐time analysis of customer and market activity and profiling from third party sources, there will be much greater opportunity to predict and prevent problems before they happen.
FinancialServicesViews OPEN BANKING AND PSD2
OPEN BANKING AND PSD2 | 5
©TechMarketView 2017
Banks can become suppliers, as well as consumers of regtech solutions. Their vast data pools regarding consumers, businesses and transactions could be extremely valuable in authentication, identity and profiling for third parties.
Regulators themselves will become major consumers of regtech. As supervised Financial institutions become more technology enabled with real-‐time access to system data, regulators will need to grapple with huge, market-‐level and complex information flows to identify and mitigate emerging risks. They will also need new techniques to assess the business models of new and very different emerging players. For example, how to assess the algorithms underlying advanced analytic capabilities (the “fat finger algorithm” problem)!
There is a lot of attention in the market on the whole area of Blockchain, and Distributed Ledger Technologies and TechMarketView will return to this subject later in the year. There is an argument that blockchain really belongs in the regtech category, because a significant proportion of its claimed market potential is to replace legacy central ledgers, the source of so much operational and regulatory angst, with an alternative design.
Recommendations and opportunities for SITS providers This is definitely a promising area for UK SITS providers to the financial services sector, because regulatory compliance involves a huge spend by Financial Institutions. It is also given a very high priority by Board members who are keenly aware of their (personal as well as corporate) responsibilities. In addition, today’s compliance processes still involve a lot of manual effort where technology can provide much better solutions.
Firstly, vendors will want to work out where regtech can enhance their own product offerings – for example, any consumer on-‐boarding process is likely to benefit from new-‐model remote KYC – and create new solutions.
We believe this is also a sector where established vendors can adopt a channel strategy. The bewildering number of strangely named regtech innovators, many of whom have limited financial strength or track record, makes it a hard sector for banks and other financial institutions to get to grips with. For the regtechs themselves, it is of course notoriously difficult to sell to the major companies in the financial services sector, given the conservative and cautious attitudes of purchasing and technology departments. Therefore, there can be opportunities for established vendors to build on their balance-‐sheets and credibility to “match-‐make”, by helping their clients identify potential partners, and then to integrate and manage them. Some larger players may go so far as to form their own regtech incubators and accelerators. Regtech “marketplaces” are likely to emerge, but financial services companies would be better placed if they do not have to cope with the complexity of managing multiple independent relationships with regtechs.
Because most banks’ current compliance systems are bespoke, with the associated problems of obsolescence and inflexibility, there will be an important role for consulting work to optimise processes and standardise interfaces to enable easier connection to third party capability and new functionality.
The strategic opportunities and impacts highlighted in the Outlook section above present clear advisory opportunities: in the same way that there is generally no clear “owner” for regtech issues within a bank (in part because the implications are far wider than just compliance), there is also no clear place to turn to for advice. The legal experts who are primary advisors into compliance functions today are unlikely to have the range of necessary tech-‐related skills. This means that suppliers with strong domain expertise and a consulting mindset, such as the “big 4” advisory companies, will undoubtedly see lots of potential opportunities.
Conclusions New technology has the potential to transform regulation from an activity characterised by manual checking and historical clean-‐up, to one where software automatically assures compliance with regulations and identifies risks before they become serious problems. It is no wonder that regulators like the FCA are keen to encourage the development of regtech.
As with all technology disruptions, this creates opportunities for new players to emerge, but also for existing suppliers to leverage their brand, capability and financial assets to put themselves at the heart of this movement.
FinancialServicesViews OPEN BANKING AND PSD2
OPEN BANKING AND PSD2 | 6
©TechMarketView 2017
FinancialServicesViews is only available to TechMarketView Subscribers. By downloading and viewing FinancialServicesViews, Subscribers agree to be bound by TechMarketView’s full Terms & Conditions as supplied and available for viewing on www.TechMarketView.com.
All information is proprietary to TechMarketView and is protected by U.K. and foreign laws governing intellectual property. The information contained in the services is the copyright of TechMarketView and is subject to international copyright laws. Subscribers may use information contained herein for the research purposes only of the Subscriber or its employees. The Subscriber may not sell, resell or otherwise make the information available in any manner or on any media to any third party unless it has been granted prior written consent by TechMarketView. The Subscriber agrees to take all reasonable steps to restrict and control the use of and copying of TechMarketView's services, Subscribers may quote from FinancialServicesViews provided that Source: TechMarketView is appended to each and every quote. Any such quotes should be limited to no more than a paragraph.
The responsibility for decisions taken on the basis of information given by TechMarketView will remain with the Subscriber. TechMarketView shall have no liability for any indirect special or consequential loss, damage, costs, expenses or other claims including (without limitation) those for loss of profit, loss of savings, loss of business or loss of interest which arise whether or not it has been notified of the possibility of such damages etc.