RegTech has been the new big priority throughout 2017, and will continue to top key lists in 2018. However, it does come with huge challenges and hurdles, like any new and innovative sector. CEO Today spoke to Matt Smith, CEO of SteelEye, the regulatory tech and data analytics firm, on the proliferation of the RegTech sector and the top 5 battles it faces.
Last year was a banner year for regulatory technology or ‘RegTech’; according to research from FinTech Global, the global RegTech industry attracted $448m of investment in Q4 2017[i]. This was more than double the value of the previous quarter, making Q4 the strongest funding quarter ever, equating to 43.2% of the total capital invested in the whole year.[ii] While 2017 was an exceptionally strong year, investment in RegTech has been rising over the last few years, with capital invested in RegTech companies globally increasing steadily at a CAGR of 10.8% between 2014 and 2017 to reach a total of $1.04bn[iii].
For RegTech firms, this rise in investment is due to businesses having to cope with increasing levels of regulation that have come into force between 2012 and 2017, including Anti Money Laundering, Know Your Customer, the second Markets in Financial Instruments Directive (MiFID II), Basel III, the Second Payment Services Directive (PSD2). Beyond simply meeting regulatory requirements, many RegTech firms enable businesses to access the ‘big data’ that holds the potential to both address many compliance concerns and provide valuable insights into their business. RegTech solutions can also assist firms by enabling them to access their data in a cost-effective way and identify risks, predict compliance failures and enhance coordination across their business.
There are many types of RegTech firms, of course, some competing with long-established financial services firms, others facilitating digital transformation by incumbents. While helping existing firms to re-tool to comply with the avalanche of new regulations offers opportunities, there are also bigger strategic challenges facing RegTech firms as they steadily embed themselves across the entire financial services landscape.
1. Intensified market competition
The implementation of new directives such as MiFID II has undoubtedly been seen as an opportunity for many consultants, advisers and data providers. While a number of large management consultancy groups market expensive solutions to help companies comply, some large data providers are stalling on providing the access to post-trade transparency data that should now be freely accessible under the provisions of MiFID II and continue to impose hefty charges for releasing it.
Competition from big consultancies and a reluctance by data providers to comply, do pose challenges to the emerging cohort of RegTech businesses. However, the fast-paced growth of a number of RegTech firms and the fact that they are more nimble, cost-effective and can more easily adapt and drive the innovation that is sweeping the sector makes it likely that they can meet these challenges. It is also early days in MiFID II’s implementation and there is every expectation that regulators will abandon their initially lenient attitude and will bear down on the large data providers to comply, which will help RegTech firms create the new data products and solutions that will broadly benefit providers and users of capital right across the markets.
2. Looming uncertainty around Brexit
The lack of definition around Brexit has left RegTech firms, like firms in every sector, in a state of uncertainty when it comes to both policy and the regulatory technical standards that will apply during and after the transition period. While awaiting an agreed outcome, RegTech firms and their clients alike may delay investment decisions, commitments to new technology stacks, product development, etc. The final deal negotiated will determine any regulatory differences between how business is done in London and elsewhere in Europe, perhaps requiring firms to shift their business model.
For example, while the UK has enforced MiFID II in full, the key issue is whether, after Brexit, the UK and EU will operate financial services supervision under the same rules, known as ‘regulatory equivalence.’ For the UK, the risk lies in a hard Brexit where there is no agreement over regulatory technical standards, making the UK’s acceptance of these regulations open to debate and RegTech firms’ task of trying to have the right solutions for clients even harder. This is a challenge most should meet, as RegTech firms typically have the flexibility of approach and cloud-based services, which can be more easily adapted and updated than some of the bigger consultancies who, by virtue of their size, take longer to change their market offers. It should also be borne in mind that the FCA was the architect of many of the record-keeping and reporting principles embedded in MiFID II. With the aftermath of “light touch regulation” still fresh in memory, the national regulator is unlikely to favour watered-down standards that could see London regarded as a less safe or less transparent marketplace for global capital.
3. Cybersecurity and privacy
Cybersecurity is not a new challenge facing the RegTech industry but, as we enter a banner year for new regulations that demand increased levels of security around consumer data, issues surrounding privacy assume even greater importance.
This year, we will start to see regulators flex their muscles and begin to articulate clearer priorities for what firms need to do to prepare for cyber threats. Firms, including those in the RegTech space, must adjust how they manage any customer data, and how they use it for their own commercial purposes. They must also take additional steps to ensure that they are offering the appropriate training for clients to meet best practice on data requirements.
4. Global regulation
Following the 2008 global financial crisis, we have seen a harmonised approach to regulation being implemented across different financial centres, under initiatives championed by the Financial Stability Board. Dodd-Frank set the standard in the US, seeking to promote transparency and accountability and now MiFID II is the template to embed similar principles, affecting anyone doing business in the European financial marketplace, in an ambitious suite of regulations.
However, despite the aim of standardisation, undoubtedly there will be regional variations in interpreting and implementing the core principles of transparency and investor protection among various countries and jurisdictions, as we are already seeing with MiFID II across the EU. So for RegTech firms, the challenge is that they must now navigate and appreciate these nuances so they don’t fall foul of the various national regulatory bodies and also provide their clients with solutions that match each jurisdiction.
5. Inter-regulatory conflicts
In H1 2018 alone, MiFID II, PSD2 and the General Data Protection Regulation (GDPR) will all come into force and are set to have substantial cross-sector impact. These regulations impose significant changes and contain potential inter-regulatory conflicts, leaving RegTech firms with the unenviable task of helping their clients implement the new requirements while still lacking clarity as to what regulators expect of them. Without clarity or guidance on some key issues within these regulations, RegTech firms are left advising their clients on issues that may cause a conflict.
Conversely, these regulations will create improved databases that will allow companies not only make better sense of their data, but also enable them to gain valuable insights. This will pave the way for data-led innovation which can improve businesses’ data security and resilience, accelerating business initiatives and ultimately create new competitive strategies.