The financial services industry is nearing a regulatory crisis point; detailed rules are being written in huge volumes, by regulatory bodies struggling to keep up with their mandates.
The result: requirements that are habitually not well contextualised or articulated and often look unlikely to achieve the desired outcomes, but at the same time coming with enormous effort and cost. What to do!
RegTech could provide the platform that takes away the pain, but could well require revolutionising the way regulation is developed and implemented.
What is the problem?
Nearly 60,000 regulatory documents have been published by regulatory bodies in the G20 since 2009. These contain rules that are complex, overlapping, inconsistent and, in some cases, contradictory. For instance, if you look at the data validation rules under MiFID II, published by ESMA at the end of last year, you will see that the formats prescribed for the trader IDs required in a transaction report (a requirement that must be fulfilled in order to be able to trade on European markets) are directly contradictory with data protection rules in the US and Singapore – to name just two of many jurisdictions.
And then you come to how they are implemented; piecemeal with no realistic attempt to look for interdependencies. This story rarely ends well, and it won’t get any easier. Europe is wrestling with almost 20 implementation programmes this year alone and financial institutions are subject to scores of rulebooks.
The complexity of the overlay and interaction of the many regulatory initiatives makes it increasingly difficult to see the bigger picture and adopt common industry solutions. It’s almost impossible for one individual to be an expert in all operational disciplines, so few have a coherent view of the global banking infrastructure and, as a result, when faced with a series of changes, the markets are starved of the deep expertise that can draw the linkages, spot the deltas and explain what they mean.
This is, again, apparent when you look at MiFID II: a piece of regulation that impacts trading requirements, transparency and reporting, governance, conduct, client onboarding and management, record keeping, instrument classification, product governance … the list goes on. Indeed, you can identify 42 separate regulatory initiatives that are interlinked with MiFID II requirements, and these go far beyond PRIIPs, MAR, SFTR, Regulation AT and EMIR.
What this ultimately means is that implementing a piece of regulation in a considered manner is a virtual impossibility. The huge strain demands new and dynamic approaches. Old strategies of both regulator and regulated taking a project-by-project sticking plaster approach will be increasingly prone to failure. In this light, RegTech stimulated by the regulator offers a real opportunity of a path to safety.
What is good RegTech?
The RegTech definition in the UK Chief Scientific Advisor’s 2015 report, is “Technology that encompasses any technological innovation that can be applied to, or used in, regulation, typically to improve efficiency and transparency”. Essentially, RegTech provides a means for overburdened firms to provide regulators with the data they require in a way that is better, faster, cheaper and safer for all.
The challenge, of course, is to encourage innovation for a solution that, if executed poorly, could land you in jail, under the new FCA Senior Managers Regime in the UK. Given the complexities in specifying the requirements, good RegTech is only possible if you address it thematically and give yourself enough time to get it right.
And getting it right means making strategic investments in both the technology and the understanding of the regulatory requirements. Will the regulators ‘sign off’ on your requirements? Almost certainly not. Will one firm invest in a solution way ahead of its competitors? Rarely. Ergo, to have good RegTech, one needs good collaboration and robust, scalable solutions that can cope with the vast number of requirements which are constantly changing requirements.
What is preventing the development of RegTech?
The first issue is that the motive for market players to get involved in the formation of a common solution is, for various reasons, obscured. The majority of financial institutions, when facing fresh regulatory obligations, undertake cost/benefit analyses to locate the most efficient approach to compliance with each individual regulation. Yet the scope of such analysis is limited to any one firm’s individual operational response and does not reflect that of the entire industry.
This restricts firms’ ability to visualise and justify that common solution which would reduce costs for all, such as a broader scope impact assessment that maps requirements from multiple regulations to the different operational areas of a firm that would require change.
Despite efforts from even the largest vendors, time and time again we see that procurement strategies currently employed for handling requirements restrict the line of sight to the short-term. Clearly, this dampens the enthusiasm of technology vendors to invest either time or money in good RegTech.
This is compounded by the fact that firms and regulators alike are unwilling to set up the dialogue around common approaches and solutions. In this day and age, one would have thought that the regulatory community would recognise that they need to engage in the discussion of ‘how’ their requirements are met. The industry would not exist without the £400 billion annual spend on technology, yet far too many regulators relegate discussions of reporting, data, semantic modelling and the like to the basement while their ‘policy’ decisions are being made upstairs.
Overcoming this will require a neutral body to facilitate the dialogue and lead the crowdsourcing of the knowledge necessary for RegTech development. Despite the initial noise made by seven regulators, including the FCA (UK), BaFin (Germany), MAS (Singapore) and ASIC (Australia), about incubators and accelerators, the lack of a clear stance on the ‘how’ is promoting uncertainty. This is not only discouraging investment and venture capital but, more generally, holding back leadership on the RegTech agenda. A true market failure.
Of course, even if the stance were to be clear, the sheer number of reforms across the globe, from a local to a global scale, often results in multiple regulations sharing similar deadlines thus presenting firms with unrealistic timelines for compliance. The complex EU regulatory system inevitably leads to laws being implemented over varying schedules as different countries release their own specific regulations at their own pace. All this results in both regulators and regulated being in a continual state of reaction, leaving little time to focus on the long-term response and, instead, simply aiming for compliance with the next deadline.
Technology providers, firms and regulators all require time to build more efficient, automated, compliance processes yet, instead, the majority are ineffectively adopting a siloed approach rather than examining interlinkages between similar demands to increase efficiency in the long run. What we need is an alignment in timing of regulations using optimisation techniques, so the high costs currently incurred by dealing with regulations one-by-one would be recovered. This can easily be addressed by examining regulations holistically, and opening up the RegTech market through the easier visualisation of solutions. This would also benefit the technology providers, who struggle to keep their services up to date with new regulatory rules across multiple jurisdictions.
Ultimately, the obstacles are great and many. For RegTech to become the solution to the problems of volumes, inconsistency and insufficient infrastructure that engulf the regulatory community, we need a revolution of sorts – a revolution in the way that rules are developed, a revolution in the way that regulatory change is managed and a revolution in the way that regulatory change is supplied.
Long live RegTech
2016 was a big year for getting the industry up to speed on RegTech. Now that the seeds have been planted they require careful nurturing in order to blossom.
For RegTech to bear fruit, regulators need to engage in a meaningful way; the open sharing of code, data models, emerging practices and standards transformational solutions like the ‘robo rulebook’. Collaborative working groups – backed by the industry – will need to lay the best path forward for the development of technical and data standards and, most importantly, RegTech will need be sponsored by the top . The industry needs a Council to push this forwards.
It’s a big task, but the conditions are ripe. Get this right and harvest time will reap great rewards.
To help find fertile ground, JWG are launching a new series of RegTech special interest groups. The first RegTech SIG invites for Client Management – Accountability went out last week and this meeting will look at the conduct obligations of financial services professionals across the UK, EU and beyond. Please contact CMS@jwg-it.eu to get involved.