Can Technology Ensure Compliance?

The evolving regulatory technology landscape is focused on providing financial institutions with better compliance, risk and reporting solutions and control over data. But what is it worth? And is it really new?

Return to Supplement

“Regulatory technology, or regtech as it is commonly known, is not a new phenomenon,” says Ruth Wandhofer, global head of regulatory and market strategy at Citi’s Treasury and Trade Solutions unit. “For decades, technology firms have provided solutions to address the financial industry’s regulatory requirements.”

Wandhofer, Citi: ihe UK is a hotbed of regtech firms, followed by the US.

But it is the combination of increasing regulation and the rise of the financial technology (fintech) sector, says Wandhofer, that has led to the emergence of a plethora of regtech start-ups.

Those start-ups include fast-maturing technology companies with new data-rich analytical capabilities like San Francisco–based Merlon Intelligence, which raised $7.65 million in seed financing this year from Data Collective venture capital fund and other venture capitalists to fight money laundering and improve Big Data analysis.

Regtech firms are trying to bring artificial intelligence (AI), machine learning and Big Data analytical techniques to bear on more stringent anti–money laundering, tax, sanction and financial crime controls, as well as cyber and other risks. They are also attempting to help financial institutions (FIs) master their structured internal data, so that it’s not stuck in silos, a legacy of banks’ existing IT environments.

Palantir Technologies is a Palo Alto–based company that specializes in Big Data analysis. Founded in 2004 by CEO Alex Karp and PayPal co-founder Peter Thiel, among others, it was valued at $20.33 billion in late 2015 when the firm closed a major $880 million round of financing. FIs know the company for its Palantir Metropolis software for data integration, information management and quantitative analytics. The software connects to commercial, proprietary and public datasets and discovers trends, relationships and anomalies by interrogating vast data lakes, producing predictive and pattern-spotting behavioral analytics, which can be useful in fraud prevention, for example, as well as many other tasks.


Rennie, IBM Watson Financial Services: The confluence of new cognitive technologies is causing a generational change in capabilities.

Simility is a younger Palo Alto fintech founded by ex-Google employees. It uses AI and machine learning to help fight fraud. The company’s chief technology officer and co-founder, Kedar Samant, admits that regtech isn’t a phrase he is that familiar with, but it is obvious, he says, what it refers to—helping FIs meet their regulatory obligations. Equally obvious, says Samant, is that regtech  is just a subset of the fintech approach to finance that looks to new technology to help with increasingly digital processes. “It’s a nice label,” he adds, “but just describes how analytics, AI and other technologies can combine to help FIs [or indeed their fintech challengers].”

“Connecting the dots is what matters,” continues Samant, adding that the trend is toward establishing data lakes for investigation. “This can include exported data from legacy IT or siloed systems and unstructured data from social media, news reports and so on. More data translates into better insights, but examining what you already have—and exposing structured data—is also important for FIs.”

Citi’s Wandhofer says the UK is a hotbed of regtech firms, followed by the US. “The market is still small,” she says, “but growth is also supported by several regulators around the world that offer regulatory sandboxes.” The Financial Conduct Authority in London provides a sandbox where start-ups can play with new technologies and methodologies in a safe environment, with mentor and regulatory assistance, before progressing to a final, approved solution at the end of their temporary, experimental license to operate. The Abu Dhabi Global Market regulatory laboratory (RegLab) is one such example in the United Arab Emirates; there is another in the Dubai International Financial Center.

The Association of Southeast Asian Nations trading bloc  established an ASEAN Financial Innovation Network this year, in partnership with the Monetary Authority of Singapore, which is considering a regional sandbox later this year. In the US, fintech charter discussions have debated whether state or federal regulators should take the lead in such initiatives.

Regtech relies on a more collaborative, rather than a displacement model—more so than the bank, insurance or loan provision segments in the overarching fintech market, where some players want to displace incumbent FIs. Displacement isn’t possible in regtech unless a firm obtains a banking license, rather than supplying its solutions to an established FI or indeed to a financial market infrastructure provider such as SWIFT. The latter has its own Know Your Customer (KYC) Registry and a suite of financial crime compliance software and watch lists. That demonstrates confidence in its own solutions and certified partners, who use aggregated data from bank members in noncompetitive areas where economies-of-scale are considered desirable.

It is better for banks to pay for one financial utility, in the case of the KYC Registry, rather than each have their own compliance dataset, although many rival vendors can and do aggregate data.

“Regtech offers a huge opportunity to simplify compliance operations and drive out cost from governance, risk and compliance,” says Andrew Yuille, head of risk business solutions at Thomson Reuters.


When launching its new IBM Watson regulatory compliance software earlier this year, IBM cited a global annual spending figure on regtech of $270 billion. The figure comes from an article on the regtech universe published by Deloitte Luxembourg. The same IBM Watson product launch cited a Boston Consulting Group report entitled Global Risk 2017: Staying the Course in Banking, that estimates FIs spend $18-$21 billion on anti-money laundering; $16-$19 billion on KYC requirements; and $11-$15 billion on conduct surveillance. It’s a big market for vendors to target. Cyberdefense risks, regulatory reporting and other utilities are also likely to grow the market further.

Ludwig, Promontory Financial Group: Monetary and reputational damage await any FIs that get it wrong.

Financial market trade surveillance applications and numerous other uses fall within the scope of regtech. The key defining characteristic is that data and customer intelligence can be more easily accessed, aggregated, controlled and exposed for regulatory scrutiny or customer protective purposes. “Regtech can also provide analysis tools to regulators themselves,” says Citi’s Wandhofer, helping them to digest the welter of data and information flowing from the stricter regulatory environment evident since the 2008 financial crisis.

Bipin Sahni, head of Innovation and R&D at Wells Fargo, confirms that the new focus on start-ups is what’s new about regtech, not the function itself. “The banking industry trend is to move away from internal FI-developed solutions or relying exclusively on governance, risk and compliance processing firms,” he explains. “These existed before fintech became a hashtag and associated with start-ups and are still operative, but the newcomers provide competition for FI contracts.” Sahni has seen an increase in regtech-focused companies applying to the Wells Fargo Startup Accelerator program in recent years, which he interprets as an indicator of its growing importance. 

But Alistair Rennie, general manager of IBM Watson Financial Services, believes regtech is a new phenomenon and cites AI, unstructured data and analytical capabilities emanating from today’s cheaper computing power—plus the availability of Cloud computing—as key technologies. “It is the confluence of these new cognitive technologies that are collectively causing a generational change in capabilities,” he says.

The key characteristics of cognitive technologies, in Rennie’s opinion, are:

  • Analytics, which can be deployed on all types of data to spot patterns;
  • Risk modeling that also relies on extensive data sources and AI;
  • Self-learning capabilities so that any developments can be applied to future procedures; and
  • Interactivity: The system should be able to interact with humans, flagging alerts and taking questions from them as required, as well as being linked to regulators and others in a standardized, approved manner.   

The idea here is that a platform will be created in which all data is accessible in the Cloud, and open to outside scrutiny when necessary. Any such system will have to be scalable, says Rennie, so that it can cope with new regulatory obligations, market norms or future technologies as they arise.


Bradford Cross, CEO of Merlon Intelligence, which applies AI to regulatory compliance, predicts that FIs will move over to software-as-a-service solutions in the Cloud, because they won’t want to manage point solutions and numerous vendors anymore. “Our bet is the future market will [be composed] of a small number of very large vendors that roll up a lot of functionality into platforms that allow the banks to simplify operations and cut a lot of risk from uncontrolled processes,” he explains. “It’ll be a very disruptive model,” he argues, adding that existing compliance-solution providers will have little or no market share within a decade.

Eugene Ludwig, a former US Comptroller of the Currency and founder and CEO of Promontory Financial Group, an IBM company, is clear that: “Technology must be a bigger part of banks’ compliance procedures as the world, including regulators, digitizes everything. Spreadsheets or paper-based compliance aren’t on anymore.” 

Sahni, Wells Fargo: The trend is to move away from internal FI developed solutions.

In the wake of numerous fines against FIs for non-compliance with regulations, stricter enforcement of capital and liquidity reporting, anti-money laundering oversight and tougher consumer protection duties, Ludwig says the boards at FIs are aware that compliance isn’t going away. “Monetary and reputational damage await any FIs that get it wrong,” he says, “with social media ballooning the latter risk.”

The fall in banks’ return on equity since the 2008 crash and the extra cost of compliance are factors driving FIs to seek improvement in their compliance functions. They hope new technologies can reduce operational expense and increase controls. But as with any new system or approach, aligning people, processes and technologies is a vital management component to any regtech implementation.