Share with your friends

Regtech beyond compliance

Regtech beyond compliance

While many sound regulations have been implemented since the global financial crisis, the pace of regulatory change continues to increase. For today’s financial institutions, regulatory technology (regtech) has never been more critical.


Also on

Set of traffic lights showing red

Even with a stabilised regulatory landscape, changes implemented since the financial crisis continue to have costly impacts on banks, asset managers, and insurers worldwide. Up to 15 percent of financial institutions’ staff now work on governance, risk management, and compliance – yet even with this investment, regulatory compliance is by no means assured. Financial institutions have paid well over US$340 billion in fines in the 10 years since the financial crisis, and one report estimates that the total is likely to top US$400 billion by 20201.

In the coming months and years, regulators around the world are expected to turn their focus to investigating how well financial institutions have integrated regulatory change into their businesses. Identification of breaches of anti-money laundering (AML) regulations and know-your-customer (KYC) non-compliance are also expected to grow. Nor is there any expectation that this level of regulatory rigour will be relaxed within the foreseeable future. This means that, in order for financial institutions to adapt to and excel in this new normal, regtech must be a critical part of the transformation agenda.

The rising need for regtech

To date, many institutions have been focused on using technology to help achieve compliance, while minimising risk from misconduct and regulatory investigations. Now that focus is shifting towards a greater focus on cost, especially as institutions look for ways to reduce the cost base and achieve meaningful profit growth in the face of increased demands from regulators and customers alike. However, regulators will want to see financial institutions continue to strengthen their core risk management governance, controls, practices, and reporting. In addition to cost savings and efficiency, the coming increase in both supervisory activity and associated expectations should push financial institutions to consider more robust regtech solutions.

In previous years, a primary consideration when pursuing innovation was whether to build, partner, or buy a regtech solution. As the quality and diversity of regtech offerings continue to rise, the conversation has changed, with a growing number of entities actively looking for alternative solution providers. A fourth option is also becoming far more viable, especially for smaller players challenged by lack of capability and capacity: that of a third-party managed regtech solution.

These models are excellent for managing current uncertainties and addressing immediate regulatory issues. However, over the long term, financial institutions will need to take a broader approach, using regtech as part of a wider technology transformation initiative designed to help the organisation weather increasing complexity. Financial institutions are facing pressures on multiple fronts, from political shifts and global financial changes, to the impacts of new market entrants, new products, and compressed margins. In order to seek solutions to these complex issues, some global investment banks are already pursuing a ‘reinvention’ strategy using technology to enable the transition into a data company. This type of transformation is the future, and financial institutions should look to take the early steps today.

Supervisory technology to exceed regtech?

While financial institutions grapple with where, when, and how to best use technology in their risk and compliance processes, many regulators are already pushing full steam ahead. Supervisory technology, or SupTech, is being used by more regulators to allow them to deliver faster and more effectively on their core mandate. For example, one growing area of SupTech is in the use of machine learning and AI to examine vast data sets to predict and identify breaches or cases of misconduct. Here, the potential risk to financial institutions is that if the regulator has access to technological capacity far in advance of the organisation itself, the regulator could predict risk areas that the institution does not see coming.

Regulators are also starting to push for the ability to gain direct access to financial institutions’ data, rather than relying only on data provided to them from reporting. For example, the UK’s Financial Conduct Authority has been working with the Bank of England and various other organisations to pilot a program to make regulatory reporting “machine readable and executable… creating the potential for automated, straight-through-processing of regulatory returns”.2 With the right technologies, regulators would not only be able to oversee a broad set of regulated entities and market activity as a whole, but also use analytics capabilities to identify systemic weaknesses and pinpoint areas for future focus.

Addressing complex needs

For banks, asset managers and insurers trying to determine the right regtech options for their needs, we recommend a few critical early steps:

1. Assess the organisation's needs

Too often organisations pursue specific technologies rather than addressing defined pain points or process gaps. In order to achieve the desired returns, you should approach regtech investment with both a clear understanding of the organisation’s needs and a strategic view of the issues that you are trying to solve. As a first step in this process, we recommend completing a full assessment of the organisation’s regulatory and risk management requirements. Next, create a heat map of the organisation’s ability to deliver against those requirements. Consider not only whether the organisation has the necessary capability and capacity, but also how effective, efficient and timely that delivery will be.

2. Understand your solution options

Once you are clear on the organisation’s needs and have discerned the pain points in your regulatory compliance or reporting process, the next step is to fully explore potential solutions. The regtech landscape has evolved considerably over the past few years, and there might be more options – and newer solutions – than you first realise. Some regtech solution options also create valuable customer benefits, such as removing friction in the customer onboarding process.

For organisations that have not kept up with the latest regtech trends, technologies, and third-party companies, seeking help with this process or getting advice on the best fit can be a good option. For example, KPMG Australia, through the KPMG Matchi Regtech portal, currently supports a regulator client with a research subscription and reporting service for fintech and regtech innovation, providing an online portal that delivers market-leading access to the latest analysis and data about local and global trends, developments and providers.

3. Accelerate remediation efforts

When issues arise – especially when it comes to a breach, vulnerability, or problem with non-compliance – the impulse can be to buckle down rather than seek help or new solutions. Yet speed and accuracy are critical when dealing with regulators, and third-party support can be the most effective route forward. For example, new remediation-related regtech solutions use optical scanning, OCR capabilities, and AI to extract data points to identify customer files for remediation. Such solutions can transform a difficult, time-consuming, and labour-intensive remediation process, and enable the organisation to move forward swiftly.

4. Design and implement an effective operating model for regtech

Ensure your organisation has clear and well-defined governance structures and operating models for engaging with, implementing, and managing regtech initiatives. This should include assigned ownership for each area. Also look to create a group that includes both domain (e.g. Financial Crime) and functional specialists (e.g. Data Analytics) to help identify and assess potential regtech solutions, as well as support the implementation process.

Many financial institutions are still reeling from the costs and other implications stemming from the massive regulatory changes implemented over the past 10 years. Regtech is the key to addressing these challenges. With the right automation and technology solutions, financial institutions can achieve sustainable change and meaningful cost savings while responding effectively to regulators’ demands and the imperative to prudently manage the evolving risk landscape for the benefit of all stakeholders.

KPMG Matchi helps financial institutions, regulators and others to engage productively with emerging technology providers.


  1. US EU fines on banks' misconduct to top $400 billion by 2020, Reuters Business News, 27 September 2017.
  2. Digital regulatory reporting, Financial Conduct Authority, 1 November 2017.

©2021 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.

Liability limited by a scheme approved under Professional Standards Legislation.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.

Sign up today