1

Analyst:  Richard  Johnson  TECHMARKETVIEW              

WWW.TECHMARKETVIEW.COM  

EMAIL:  RMJOHNSON@TECHMARKETVIEW.COM  

   

     

 FinancialServicesViews    REGTECH  –  A  BIG  NEW  OPPORTUNITY  

 MAY  2017  

FinancialServicesViews OPEN  BANKING  AND  PSD2  

 

 

OPEN  BANKING  AND  PSD2 | 2

©TechMarketView  2017  

     

RegTech  In   this   latest   report   in   TechMarketView’s   fintech   series,   we   delve   into   “regtech”   which   has   become   an  increasingly  hot  topic  over  the  past  18  months.  There  is  a  big  market  opportunity  here,  at  a  relatively  early  stage  of  development  and  this  therefore  represents  an  important  area  of  opportunity  for  SITS  providers.  

Introduction  –  the  problem  to  be  solved    Simply  stated,  regtech  means  the  application  of  technology  to  help  meet  regulatory  requirements.  Whilst  this  is  occurring   in  many  highly-­‐regulated  sectors  such  as  healthcare,  environmental  protection,  food  &  drug,  it   is  the  financial  services  sector  applications  with  which  the  term  is  primarily  associated.  

There   is   certainly   a   problem   to   be   solved   here.   The   Global   Financial   Crisis   showed   up  major   failings   in   the  regulation  of  the  globalised  financial  services  industry,  with  the  Basel  committee  a  leading  advocate  for  change.  They  determined  that  the  complexities  of  the  inter-­‐connectivity  between  banks  that  had  developed  over  the  previous   decade  meant   that   banks   had   been   unable   to   efficiently   quantify   their   exposure   to   the   collapsed  Lehman  Brothers.  This  has  led  to  a  major  global  regulatory  initiative  to  identify  “systemically  important”  financial  institutions  and  those  that  are  “too  big  to  fail”  at  a  national   level,  and  to  apply  thorough   stress  testing  and  monitoring  of  collateral,  exposure  and  risk.  At  the  same  time,  local  markets  have  taken  steps  such  as  the  UK  “ringfencing”  approach,  and  in  the  US  the  2,300-­‐page  Dodd-­‐Frank  Act,  to  limit  the  potential  knock-­‐ons  of  casino-­‐banking  failures  to  consumers.  

It  is  not  just  the  GFC-­‐fallout  that  is  driving  the  volume  of  regulation.  There  has  been  a  global  tightening  of  anti-­‐money-­‐laundering  (AML)  and  know-­‐your-­‐customer  (KYC)  activity  to  counteract  fraud  and  terrorist  financing.  In  Europe,  the  regulatory  agenda  also   involves  transformational  initiatives  aimed  at  promoting  competition  and  protecting   consumers,   in   the  areas  of  Open   Banking   (see   our   recent   report)  and  data  protection   (with   the  forthcoming  General  Data  Protection  Regulation).      

Business  Insider  estimated  that  from  the  2008  financial  crisis  through  to  2015,  the  annual  volume  of  regulatory  publications,  changes,  and  announcements  increased  a  staggering  492%.  The  result  is  that  financial  institutions  have  had  to   invest  significantly   in  systems  and  people:   in   the  UK,  KPMG  estimate  more  than  80%  of  banks’  technology  budgets  for  the  past  five  years  have  been  spent  on  addressing  regulatory  requirements,  mitigating  litigation  and  streamlining.  The  subject  of  regulatory  spending   crowding  out  other   important  transformation  initiatives  has  often  been  a  feature  of  FinancialServicesViews  research,  see  here  for  our  2016  Market  trends  and  Forecast  report.  

2016  macro  factors  such  as  Brexit  and  the  Trump  election  may  swing  the  pendulum  away  from  global  regulatory  co-­‐ordination,  but  there  is  no  sense  of  a  downturn  in  the  volume  of  regulation  for  banks  to  grapple  with.      

Banks  are  already  investing  heavily  in  transformation  programmes  to  reduce  costs  and  increase  efficiency  and  agility  to  adapt  to  the  digital  revolution,  which  is  also  seeing  revenue  streams  come  under  pressure  from  new  competition.      

Could  the  costs  of  regulation  (both  in  terms  of  direct  cost,  and  the  opportunity  cost  arising  from  the  diversion  of  planning  and  change  capability)  make  the  whole  business  model  look  unsustainable?          

The  technology  opportunity  The  post-­‐GFC  crisis  has  coincided  with  some  key  technology  trends  which  offer  the  potential  to  provide  solutions  to  the  regulatory  challenge:  

Digital  device  ubiquity:  connected,  biometrically-­‐capable,  powerful  portable  computers  in  most  consumers’  hands    

Cloud  and  the  API  economy:  data  can  be  stored  and  capability  rented  more  cost-­‐effectively  than  ever  before,  making   it   easier   for   specialists   to  develop  and  distribute   their  products,   and   for  banks   to   leverage   third  parties  

Data  analytics  and  machine  learning:  enables  insights  to  be  extracted  from  huge  volumes  of  both  structured  and  unstructured  data,  even  including  voice  and  images.  

FinancialServicesViews OPEN  BANKING  AND  PSD2  

 

 

OPEN  BANKING  AND  PSD2 | 3

©TechMarketView  2017  

     Fundamentally,   it   is   these  technology  trends  which  are  driving  the  regtech  sector,  creating  opportunities  for  

new  and  existing  SITS  providers.  

RegTech  in  action    The  traditional  regulatory  lifecycle  for  a  financial  institution  involves:  

Influencing:  Many  banks,  and  indeed  some  of  their  suppliers,  get  to  participate  in  the  shaping  of  forthcoming  regulation  through  working  parties  and  consultation  exercises.  It  is  a  major  challenge  to  represent  the  bank’s  position   holistically   in   deciding   what   to   submit,   because   the   commercial,   technology   and   strategic  dimensions   each   have   their   own   contexts   and   it   is   hard   to   orchestrate   key   parties   for   “hypothetical”  discussions.  

Interpretation:  What  do  these  new  regulations  mean  and  which  parts  of  the  business  do  they  apply  to?  This  can  be  extremely  complex  to  work  out,  as  products  and  processes  have  been  shaped  by  historical  regulations  and  the  new  ones  do  not  always  come  with  backwards  compatibility  guarantees!    

Internal  process  impact:  Which  processes  are  impacted  and  how?  

Implement  controls:    To  make  the  necessary  changes    

Reporting  internally  and  externally.  

In  working  through  these  stages,  multiple  problems  arise:  

Lack  of  expert  staff  capable  of  interpreting  and  analysing  the  regulation  

Constraints  on   IT/change  capacity   leading  to  spreadsheet  models,  manual  re-­‐keying  and  reporting,  rather  than  integrated  system  solutions  

Backwards  looking  view/post-­‐event  controls  

Tickbox  exercises  

Slow  and  inflexible  outcomes  

Poor  data  quality  and  architectures  

and  these  are  all  areas  where  regtech  innovators  are  emerging  with  solutions.    

Working  with  the  established  providers  of  regulatory  solutions  There   is   a   thriving   community   of   established   providers   of   regulatory   solutions,   despite  many   of   the   larger  financial  institutions  having  built  bespoke  systems  to  meet  their  individual  requirements.  

Among  the  specialist  providers  in  the  UK  market  we  have  written  extensively  about  Lombard  Risk  Management  and   its   portfolio   of   regulatory   reporting   and   collateral   management   tools   and   Fidessa,   which   provides  compliance   tools   in   a   broader   services-­‐based   offering   for   traders   in   equity   and   derivatives  markets.   Larger  companies  have  also   established  positions   in   terms  of   the  provision  of   regulatory  utilities   (DXC,  Accenture,  Capgemini,  etc.)  and  CGI  with  its  Protect  the  Bank  offering  to  provide  enterprise-­‐wide  services  to  manage  risk  and   fight   financial   crime   as   well   as   generating   cost   and   scale   efficiencies   by   consolidating   the   numerous  regulatory  activities  within  a  broadly-­‐based  financial  services  institution.  

Pure  business  process  outsourcing  organisations  also  provide  resources  for  the  larger  institutions  to  meet  their  regulatory  obligations,  although  this   is  generally  for  dealing  with   large  customer  populations  taking  standard  products  and  services  (e.g.  Capita,  Computershare,  Equiniti,  Genpact  etc.).  

Other  companies  have  worked  closely  with  the  regulatory  authorities  to  support  their  activities  and  to  enable  them  to  reduce  their  reliance  on  the  “rear-­‐view  mirror”  as  they  monitor  market  activities.  Notable  among  these  are   Sopra   Steria   (supporting   the   FCA   with   MiFID2)   and   Cognizant,   making   strong   recent   advances   with  institutions  such  as  the  FCA  and  the  Financial  Services  Compensation  scheme.  

 

FinancialServicesViews OPEN  BANKING  AND  PSD2  

 

 

OPEN  BANKING  AND  PSD2 | 4

©TechMarketView  2017  

       Start-­‐up  activity  targeting  several  areas  of  the  regtech  scene  

There  is  also  a  lot  of  start-­‐up  activity  in  regtech,  with  some  of  the  key  sub-­‐sectors  and  examples  of  businesses  (including  some  Little  British  Battlers  and  others  which  demonstrated  at  the  recent  Finovate  conference)  being:  

KYC/AML  compliance:  Use  of  new   techniques   for   remote   KYC   (Know   Your  Customer)  and  AML   (Anti-­‐Money  Laundering)  processes.  Traditional  methods  required  consumers  to  bring  key  documents  into  a  branch  location  where  they  would  be  subject  to   limited,   costly  and  error-­‐prone  manual  checks.  Regtech  firms  are   leveraging  smartphone  capability,  machine  learning  and  APIs  to  scan  documents  and  IDs  remotely,  extract  the  relevant  data  and  verify  it  –  which  could  range  from  checking  a  selfie  with  a  passport  photo  (for  example  Jumio,  iProov,  iCar),  to  instantly  checking  it  with  global  databases  (Trulioo,  ComplyAdvantage,  Sphonic)  or  via  unified  ID-­‐verification  platforms  (LBB  Contego).  This  approach  reduces  cost,  improves  customer  service  and  reduces  risk.    

Automated   Regulatory   Reporting   Software   automatically   provides   reporting   direct   to   regulators   (example  Ayasdi,  CrowdProcess).      

Communications   Monitoring   Monitor   voice,   social   media   messaging   platforms   for   potential   compliance  breaches.  Examples  include  Kyolab  and  PushFor.  

Robotics   Process   Automation   Replacing   manual   processes   with   integrated   software   (LBB   Web   Services  Integration).  

Big  data/analytics:  Spotting  risks,  such  as  in  payment  transactions,  earlier.  Trustev  and  FeatureSpace  are  in  this  field.  Any  ability  to  reduce   ‘false-­‐positives’   (which  cause  manual  review  of  transactions  which  are   in  fact  not  fraudulent)  has  a  very  tangible  ROI.  

Cognitive/AI:   Looking   to   replace   higher-­‐level   human   assessment   with   artificial   intelligence,   for   example   in  compliance  assessment.  Suade  and  Sybenetix  are  examples  in  this  longer-­‐term  category.  There  is  also  LBB  The  ai  Corporation  in  fraud  assessment  software.  

Data  management:  Help  FIs  manipulate  large  quantities  of  data,  such  as  for  stress  testing  (Symetrics,  EdgeLab),  keeping   stored   KYC   details   up-­‐to-­‐date   (Aqubix)   or   spotting   suspicious   connections   in   unstructured   data  (Ephesoft).  

Training  tools:  E-­‐learning  coming  up-­‐to-­‐date.  At  the  individual  level,  we  have  seen  examples  of  the  gamification  of  training  to  encourage  participation  and   skill  development  (Horizn).  At  an  organisational   level,   training  can  become  more  like  a  flight  simulator  to  test  individuals  and  teams  in  fully  realistic  scenarios.    

GDPR  The  EU’s  forthcoming  data  protection  regulation  requires  such  major  change  to  consumer  interfaces  and  data  management  that  it  seems  likely  to  spawn  a  whole  category  of  specialist  suppliers.  

RegTech  Outlook  Regtech  has  only  really  been  a  “thing”  for  18  months  or  so,  and  therefore  it  is  worth  considering  some  of  the  ways  in  which  it  might  evolve:  

Over-­‐time,   compliance,   like   audit,   will   become   something   that   is   embedded   in   software,   rather   than   a  retrospective  manual  exercise.    

Culture  change:  compliance  has  historically  been  a  classic  back-­‐office/overhead  function,  sometimes  styled  as   the   “business   prevention   department”!   Process   automation   and   the   adoption   of  machine   learning/AI  presents  the  opportunity  for  expert  human  attention  to  be  focussed  on  identifying  and  enabling  new  business  opportunities   and   the   pursuit   of   competitive   advantage.   There   will   be   greater   transparency   and   clearer  accountability.  This  will  require  major  shifts  in  culture,  skills,  resourcing  and  organisation  design.  

Predictive  regtech:  as  new  data  architectures  make  it  easier  to  extract,  compile  and  analyse  the  data  lakes  sitting  in  bank  systems,  and  overlay  with  real-­‐time  analysis  of  customer  and  market  activity  and  profiling  from  third  party  sources,  there  will  be  much  greater  opportunity  to  predict  and  prevent  problems  before  they  happen.      

 

FinancialServicesViews OPEN  BANKING  AND  PSD2  

 

 

OPEN  BANKING  AND  PSD2 | 5

©TechMarketView  2017  

   

Banks   can   become   suppliers,   as   well   as   consumers   of   regtech   solutions.   Their   vast   data   pools   regarding  consumers,  businesses  and  transactions  could  be  extremely  valuable  in  authentication,  identity  and  profiling  for  third  parties.    

Regulators  themselves  will  become  major  consumers  of  regtech.  As  supervised  Financial  institutions  become  more  technology  enabled  with  real-­‐time  access  to  system  data,  regulators  will  need  to  grapple  with  huge,  market-­‐level  and  complex  information  flows  to  identify  and  mitigate  emerging  risks.  They  will  also  need  new  techniques  to  assess  the  business  models  of  new  and  very  different  emerging  players.  For  example,  how  to  assess  the  algorithms  underlying  advanced  analytic  capabilities  (the  “fat  finger  algorithm”  problem)!  

There  is  a  lot  of  attention  in  the  market  on  the  whole  area  of  Blockchain,  and  Distributed  Ledger  Technologies  and  TechMarketView  will  return  to  this  subject  later  in  the  year.  There  is  an  argument  that  blockchain  really  belongs  in  the  regtech  category,  because  a  significant  proportion  of  its  claimed  market  potential  is  to  replace  legacy  central  ledgers,  the  source  of  so  much  operational  and  regulatory  angst,  with  an  alternative  design.    

Recommendations  and  opportunities  for  SITS  providers  This   is   definitely   a   promising   area   for  UK   SITS   providers   to   the   financial   services   sector,   because   regulatory  compliance  involves  a  huge  spend  by  Financial  Institutions.  It  is  also  given  a  very  high  priority  by  Board  members  who  are  keenly  aware  of  their   (personal  as  well  as  corporate)  responsibilities.   In  addition,  today’s  compliance  processes  still  involve  a  lot  of  manual  effort  where  technology  can  provide  much  better  solutions.  

Firstly,  vendors  will  want  to  work  out  where  regtech  can  enhance  their  own  product  offerings  –  for  example,  any  consumer  on-­‐boarding  process  is  likely  to  benefit  from  new-­‐model  remote  KYC  –  and  create  new  solutions.  

We  believe  this  is  also  a  sector  where  established  vendors  can  adopt  a  channel  strategy.  The  bewildering  number  of  strangely  named  regtech  innovators,  many  of  whom  have  limited  financial  strength  or  track  record,  makes  it  a  hard  sector  for  banks  and  other  financial  institutions  to  get  to  grips  with.  For  the  regtechs  themselves,  it  is  of  course  notoriously  difficult  to  sell  to  the  major  companies  in  the  financial  services  sector,  given  the  conservative  and  cautious  attitudes  of  purchasing  and  technology  departments.  Therefore,  there   can  be  opportunities  for  established  vendors  to  build  on  their  balance-­‐sheets  and  credibility  to  “match-­‐make”,  by  helping  their  clients  identify  potential  partners,  and  then  to  integrate  and  manage  them.    Some  larger  players  may  go  so  far  as  to  form  their  own  regtech  incubators  and  accelerators.  Regtech  “marketplaces”  are  likely  to  emerge,  but  financial  services  companies  would  be  better  placed  if  they  do  not  have  to  cope  with  the  complexity  of  managing  multiple  independent  relationships  with  regtechs.      

Because  most  banks’  current  compliance  systems  are  bespoke,  with  the  associated  problems  of  obsolescence  and   inflexibility,   there   will   be   an   important   role   for   consulting  work   to   optimise   processes   and   standardise  interfaces  to  enable  easier  connection  to  third  party  capability  and  new  functionality.    

The   strategic   opportunities   and   impacts   highlighted   in   the   Outlook   section   above   present   clear   advisory  opportunities:  in  the  same  way  that  there  is  generally  no  clear  “owner”  for  regtech  issues  within  a  bank  (in  part  because  the  implications  are  far  wider  than  just  compliance),  there  is  also  no  clear  place  to  turn  to  for  advice.  The   legal  experts  who  are  primary  advisors   into  compliance  functions  today  are  unlikely  to  have  the  range  of  necessary  tech-­‐related  skills.  This  means  that  suppliers  with  strong  domain  expertise  and  a  consulting  mindset,  such  as  the  “big  4”  advisory  companies,  will  undoubtedly  see  lots  of  potential  opportunities.      

Conclusions  New  technology  has  the  potential  to  transform  regulation  from  an  activity  characterised  by  manual  checking  and  historical  clean-­‐up,  to  one  where  software  automatically  assures  compliance  with  regulations  and  identifies  risks  before  they  become  serious  problems.  It  is  no  wonder  that  regulators  like  the  FCA  are  keen  to  encourage  the  development  of  regtech.  

As  with  all  technology  disruptions,  this  creates  opportunities  for  new  players  to  emerge,  but  also  for  existing  suppliers  to  leverage  their  brand,  capability  and  financial  assets  to  put  themselves  at  the  heart  of  this  movement.  

FinancialServicesViews OPEN  BANKING  AND  PSD2  

 

 

OPEN  BANKING  AND  PSD2 | 6

©TechMarketView  2017  

 

FinancialServicesViews   is   only   available   to   TechMarketView   Subscribers.   By   downloading   and   viewing  FinancialServicesViews,   Subscribers   agree   to   be   bound   by   TechMarketView’s   full   Terms  &   Conditions   as  supplied  and  available  for  viewing  on  www.TechMarketView.com.  

All   information   is   proprietary   to   TechMarketView   and   is   protected   by   U.K.   and   foreign   laws   governing  intellectual  property.  The  information  contained  in  the  services  is  the  copyright  of  TechMarketView  and  is  subject  to  international  copyright  laws.  Subscribers  may  use  information  contained  herein  for  the  research  purposes  only  of  the  Subscriber  or  its  employees.  The  Subscriber  may  not  sell,  resell  or  otherwise  make  the  information  available   in  any  manner  or  on  any  media  to  any  third  party  unless   it  has  been  granted  prior  written   consent   by   TechMarketView.   The   Subscriber   agrees   to   take   all   reasonable   steps   to   restrict   and  control   the   use   of   and   copying   of   TechMarketView's   services,   Subscribers   may   quote   from  FinancialServicesViews  provided  that  Source:  TechMarketView  is  appended  to  each  and  every  quote.  Any  such  quotes  should  be  limited  to  no  more  than  a  paragraph.  

The  responsibility  for  decisions  taken  on  the  basis  of  information  given  by  TechMarketView  will  remain  with  the  Subscriber.  TechMarketView  shall  have  no  liability  for  any  indirect  special  or  consequential  loss,  damage,  costs,  expenses  or  other  claims  including  (without  limitation)  those  for  loss  of  profit,  loss  of  savings,  loss  of  business  or  loss  of  interest  which  arise  whether  or  not  it  has  been  notified  of  the  possibility  of  such  damages  etc.