Is regulatory technology (Regtech) revolutionary?
Daniel Broby - Strathclyde Centre for Financial Regulation and Innovation, University of Strathclyde
-- The digital revolution has had a profound impact on all industries. The migration of services to the internet and the digitalisation of infrastructure and services has resulted in new business models and ways of doing business – as well as new ways of regulating businesses. While there has been significant attention from academic researchers on the digital economy, business models and data, there has been relatively scant attention paid to the use of technological solutions to implement and comply with regulatory frameworks, otherwise known as ‘RegTech’.
RegTech describes the practices and solutions of regulators using digital technology to enforce and implement legal and regulatory rules, and businesses using digital technologies to comply automatically with these rules. RegTech has hitherto receives little academic attention despite the fact that RegTech is being used in practice by different actors in different regulated sectors worldwide, raising questions about whether RegTech is fundamentally changing the nature of compliance and oversight? This question needs to be addressed because regulatory challenges have been magnified by a proliferation of new rules and oversight requirements along with the implementation of RegTech digital solutions.
There are two schools of thought. The first suggests that RegTech is simply a trendy buzzword for the automation of regulatory procedures, in terms of compliance, oversight and enforcement. The second, that regulatory technology facilities an enhanced level of compliance, oversight and enforcement, utilizing a brave new world of big data and predictive analytics. Both camps critique regulators for being slow to adopt innovative technology and lawmakers for being behind the curve in addressing the implications of a digitalized world. That said, the latter suggests something more fundamental is happening.
The use of artificial intelligence (AI) and machine learning are central to the case that regulation is fundamentally changing. These can enable regulators to move from big data to ‘smart data’. In combination with the automation of reporting, robotic process automation, cognitive computing, analysis of risk areas and greater reach, this may be a meaningful advance. The cost savings that such technology brings to industry have overshadowed the debate on how these are altering the very nature of compliance and oversight.
The complexity and diversity of RegTech solutions mean that there is no uniform approach to their adoption. Different industries in different parts of the world are at different levels of adoption. Indeed, there is no formal ontology to enable the identification of regulations, the construction of automated protocols for policies and to ensure internal compliance interfaces with external supervision. All industries are facing an increasing number of regulatory frameworks, so the importance of RegTech solutions are self-evident.
We conducted a systematic review of the literature (for which I am grateful to the Centre for Internet Law and Policy for editorial comments and for the background research contributions of Catalina Velandia Quimbayo and David Legg). This identified that there is no common definition of RegTech. Some see it as a subset of Strategic Fintech (cuhk.edu.hk). Others see it as a sector in its own right. We observe that although the financial sector is leading much of the innovation, RegTech can be applied more widely.
The academic focus has, to date, been on highlighting the benefits of RegTech in specific areas of regulation. For example, to identify Anti Money Laundering (AML) or to ensure financial prudence. The challenges are less well researched, but we believe are central to addressing the gap in the literature. These include an understanding of scope, legacy systems, competencies, and data analytics.
The literature highlights several ethical considerations with respect to the data and applications of RegTech. These are partially addressed in Introducing 'Good Data': Data, Ethics and Law for the 21st Century (cuhk.edu.hk). These are also relevant to answering the earlier question because it is central to the role of regulation. Supervisory bodies hold significant power, and they must exercise this fairly. That requires proportionately, due process, and accountability.
The impact of RegTech implementation depends on the level of support from regulators, the level of investment organizational acceptance and the tailwind from innovative commercial solutions. Academics have not quantified and/or classified these variables. Regulators like the Hong Kong Monetary Authority have, however, recognised the benefits to achieve regulatory compliance or better risk management.
The case that RegTech represents a fundamental change relies on several key innovations. These include blockchain identify verification, biometric checks and automated customer on boarding. The measurement and reporting of risk has changed dramatically. This has been facilitated by AI. The compliance function has widened to include data protection, adverse press screening using Natural language Processing (NPL) and integration of risk analytics with client reporting.
In summary, RegTech may well be a popular tag for all things that improve regulatory process, but it is also heralding some quite fundamental changes in the way that companies interact with regulators and oversee their specific risks. In that way, although evolutionary, it could be viewed as revolutionary. The nature of this change needs to be researched in the same way that academics have investigated disruptive innovation in industry.